feat: add stub sonatype-nexus helmfile

fix(sorcere/plume): Update cacheDir for prod/staging
fix(sorcerer): Create staging cacheDir
2025-12-16 20:11:20 +01:00 · 2025-12-16 17:39:36 +01:00 · 2025-12-16 17:27:25 +01:00 · 2025-12-16 15:13:57 +00:00 · 2025-12-16 11:23:15 +00:00 · 2025-12-16 08:42:04 +00:00
139 changed files with 2546 additions and 172 deletions
@@ -5,5 +5,8 @@ watch_file nix/sources.json
 # Load .env file if it exists
 dotenv_if_exists
 # Set npins dir
 export NPINS_DIRECTORY="nix"
 # Activate development shell
 use nix
@@ -4,7 +4,7 @@ description: Atlantis map and simulation service
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: v1.33.0
+version: v1.35.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v1.33.0
+appVersion: v1.35.2
@@ -4,7 +4,7 @@
 replicaCount: 1
 image:
  repository: registry.gitlab.com/oceanbox/poseidon/atlantis
-  tag: v1.33.0
+  tag: v1.35.2
  pullPolicy: IfNotPresent
 init:
  enabled: false
@@ -1,7 +1,6 @@
 apiVersion: v2
 name: codex
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,14 +10,12 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: v1.35.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.0.0-alpha.1"
+appVersion: "v1.35.2"
@@ -4,22 +4,19 @@
 # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
 replicaCount: 1
 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
 image:
  repository: registry.gitlab.com/oceanbox/poseidon/codex
  # This sets the pull policy for images.
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
-  tag: v1.33.2
+  tag: v1.35.2
 # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets:
  - name: gitlab-pull-secret
 # This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""
 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
  # Specifies whether a service account should be created
@@ -31,47 +28,41 @@ serviceAccount:
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # This is for setting Kubernetes Annotations to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # This is for setting Kubernetes Labels to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 podLabels: {}
 podSecurityContext:
  fsGroup: 2000
 securityContext:
  capabilities:
    drop:
-    - ALL
+      - ALL
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 1000
 # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
 service:
  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  type: ClusterIP
  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
  port: 8085
 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: false
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
+# We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
+# choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
+# limits:
-  #   cpu: 100m
+#   cpu: 100m
-  #   memory: 128Mi
+#   memory: 128Mi
-  # requests:
+# requests:
-  #   cpu: 100m
+#   cpu: 100m
-  #   memory: 128Mi
+#   memory: 128Mi
 # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 livenessProbe:
@@ -82,7 +73,6 @@ readinessProbe:
  httpGet:
    path: /
    port: http
 # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
 autoscaling:
  enabled: false
@@ -90,7 +80,6 @@ autoscaling:
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 # Additional volumes on the output Deployment definition.
 volumes: []
 # - name: foo
@@ -105,7 +94,5 @@ volumeMounts: []
 #   readOnly: true
 nodeSelector: {}
 tolerations: []
 affinity: {}
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
@@ -0,0 +1,24 @@
 apiVersion: v2
 name: diagrid-dashboard
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
@@ -0,0 +1,35 @@
 1. Get the application URL by running these commands:
 {{- if .Values.httpRoute.enabled }}
 {{- if .Values.httpRoute.hostnames }}
    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
 {{- else }}
    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
  {{- end }}
 {{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
    The rules can be set for path, method, header and query parameters.
    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
 {{- end }}
 {{- else if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "diagrid-dashboard.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "diagrid-dashboard.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "diagrid-dashboard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "diagrid-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
@@ -0,0 +1,62 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "diagrid-dashboard.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "diagrid-dashboard.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "diagrid-dashboard.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "diagrid-dashboard.labels" -}}
 helm.sh/chart: {{ include "diagrid-dashboard.chart" . }}
 {{ include "diagrid-dashboard.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "diagrid-dashboard.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "diagrid-dashboard.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "diagrid-dashboard.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "diagrid-dashboard.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,81 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "diagrid-dashboard.fullname" . }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
 spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "diagrid-dashboard.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "diagrid-dashboard.labels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "diagrid-dashboard.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
            - name: COMPONENT_FILE
              value: /app/components/statestore.yaml
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          {{- with .Values.livenessProbe }}
          livenessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.readinessProbe }}
          readinessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- with .Values.volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
@@ -0,0 +1,32 @@
 {{- if .Values.autoscaling.enabled }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "diagrid-dashboard.fullname" . }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
 spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: {{ include "diagrid-dashboard.fullname" . }}
  minReplicas: {{ .Values.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
  metrics:
    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
    {{- end }}
    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
    {{- end }}
 {{- end }}
@@ -0,0 +1,38 @@
 {{- if .Values.httpRoute.enabled -}}
 {{- $fullName := include "diagrid-dashboard.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
  {{- with .Values.httpRoute.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  parentRefs:
    {{- with .Values.httpRoute.parentRefs }}
      {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.httpRoute.hostnames }}
  hostnames:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  rules:
    {{- range .Values.httpRoute.rules }}
    {{- with .matches }}
    - matches:
      {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .filters }}
      filters:
      {{- toYaml . | nindent 8 }}
    {{- end }}
      backendRefs:
        - name: {{ $fullName }}
          port: {{ $svcPort }}
          weight: 1
    {{- end }}
 {{- end }}
@@ -0,0 +1,43 @@
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "diagrid-dashboard.fullname" . }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            {{- with .pathType }}
            pathType: {{ . }}
            {{- end }}
            backend:
              service:
                name: {{ include "diagrid-dashboard.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
 {{- end }}
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "diagrid-dashboard.fullname" . }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "diagrid-dashboard.selectorLabels" . | nindent 4 }}
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "diagrid-dashboard.serviceAccountName" . }}
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
@@ -0,0 +1,29 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: diadash-statestore
 data:
  statestore.yaml: |
    apiVersion: dapr.io/v1alpha1
    kind: Component
    metadata:
      name: statestore
    scopes:
      - {{ .Values.statestore.scope }}
    spec:
      metadata:
        - name: redisHost
          value: {{ .Values.statestore.redis }}:6379
        - name: redisUsername
          value: default
        - name: redisPassword
          value: mrtz-password
          # secretKeyRef:
          #   key: redis-password
          #   name: {{ .Values.statestore.redis }}
        - name: actorStateStore
          value: "true"
        - name: redisDB
          value: "1"
      type: state.redis
      version: v1
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "diagrid-dashboard.fullname" . }}-test-connection"
  labels:
    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "diagrid-dashboard.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
@@ -0,0 +1,166 @@
 # Default values for diagrid-dashboard.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
 replicaCount: 1
 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
 image:
  repository: ghcr.io/diagridio/diagrid-dashboard
  # This sets the pull policy for images.
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: "latest"
 # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 # This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""
 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # This is for setting Kubernetes Annotations to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # This is for setting Kubernetes Labels to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 podLabels: {}
 podSecurityContext: {}
  # fsGroup: 2000
 securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000
 # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
 service:
  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  type: ClusterIP
  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
  port: 8080
 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    oceanbox.io/expose: internal
  hosts:
    - host: diadash.dev.vtn.obx
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - secretName: diadash-tls
      hosts:
        - diadash.dev.vtn.obx
 # -- Expose the service via gateway-api HTTPRoute
 # Requires Gateway API resources and suitable controller installed within the cluster
 # (see: https://gateway-api.sigs.k8s.io/guides/)
 httpRoute:
  # HTTPRoute enabled.
  enabled: false
  # HTTPRoute annotations.
  annotations: {}
  # Which Gateways this Route is attached to.
  parentRefs:
    - name: gateway
      sectionName: http
      # namespace: default
  # Hostnames matching HTTP header.
  hostnames:
    - chart-example.local
  # List of rules and filters applied.
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /headers
  #   filters:
  #   - type: RequestHeaderModifier
  #     requestHeaderModifier:
  #       set:
  #       - name: My-Overwrite-Header
  #         value: this-is-the-only-value
  #       remove:
  #       - User-Agent
  # - matches:
  #   - path:
  #       type: PathPrefix
  #       value: /echo
  #     headers:
  #     - name: version
  #       value: v2
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #   cpu: 100m
  #   memory: 128Mi
  # requests:
  #   cpu: 100m
  #   memory: 128Mi
 # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 # livenessProbe:
 #   httpGet:
 #     path: /
 #     port: http
 # readinessProbe:
 #   httpGet:
 #     path: /
 #     port: http
 # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 # Additional volumes on the output Deployment definition.
 volumes:
  - name: statestore
    configMap:
      name: diadash-statestore
 # Additional volumeMounts on the output Deployment definition.
 volumeMounts:
  - name: statestore
    mountPath: /app/components/statestore.yaml
    subPath: statestore.yaml
 nodeSelector: {}
 tolerations: []
 affinity: {}
 statestore:
  scope: mrtz-sorcerer
  redis: mrtz-sorcerer-redis
@@ -0,0 +1,23 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *.orig
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
@@ -0,0 +1,21 @@
 apiVersion: v2
 name: fornix
 description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
 # to be deployed.
 #
 # Library charts provide useful utilities or functions for the chart developer. They're included as
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: v1.2.4
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "v1.2.4"
@@ -0,0 +1,22 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fornix.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fornix.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fornix.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fornix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
@@ -0,0 +1,62 @@
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "fornix.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "fornix.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- $name := default .Chart.Name .Values.nameOverride }}
 {{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- else }}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "fornix.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{/*
 Common labels
 */}}
 {{- define "fornix.labels" -}}
 helm.sh/chart: {{ include "fornix.chart" . }}
 {{ include "fornix.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 {{/*
 Selector labels
 */}}
 {{- define "fornix.selectorLabels" -}}
 app.kubernetes.io/name: {{ include "fornix.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "fornix.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "fornix.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,83 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "fornix.fullname" . }}
  labels:
    {{- include "fornix.labels" . | nindent 4 }}
 spec:
  {{- if not .Values.autoscaling.enabled }}
  replicas: {{ .Values.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      {{- include "fornix.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "fornix.labels" . | nindent 8 }}
        {{- with .Values.podLabels }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "fornix.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          ports:
            - name: http
              containerPort: {{ .Values.service.port }}
              protocol: TCP
          env:
          - name: DRUPAL_URL
            value: {{ .Values.drupalUrl }}
          - name: BASE_URL
            value: {{ .Values.baseUrl }}
          {{- with .Values.livenessProbe }}
          livenessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.readinessProbe }}
          readinessProbe:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.volumeMounts }}
          volumeMounts:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- with .Values.volumes }}
      volumes:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
@@ -0,0 +1,43 @@
 {{- if .Values.ingress.enabled -}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ include "fornix.fullname" . }}
  labels:
    {{- include "fornix.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
  {{- with .Values.ingress.className }}
  ingressClassName: {{ . }}
  {{- end }}
  {{- if .Values.ingress.tls }}
  tls:
    {{- range .Values.ingress.tls }}
    - hosts:
        {{- range .hosts }}
        - {{ . | quote }}
        {{- end }}
      secretName: {{ .secretName }}
    {{- end }}
  {{- end }}
  rules:
    {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
          {{- range .paths }}
          - path: {{ .path }}
            {{- with .pathType }}
            pathType: {{ . }}
            {{- end }}
            backend:
              service:
                name: {{ include "fornix.fullname" $ }}
                port:
                  number: {{ $.Values.service.port }}
          {{- end }}
    {{- end }}
 {{- end }}
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "fornix.fullname" . }}
  labels:
    {{- include "fornix.labels" . | nindent 4 }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: http
  selector:
    {{- include "fornix.selectorLabels" . | nindent 4 }}
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "fornix.serviceAccountName" . }}
  labels:
    {{- include "fornix.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
@@ -0,0 +1,15 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ include "fornix.fullname" . }}-test-connection"
  labels:
    {{- include "fornix.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test
 spec:
  containers:
    - name: wget
      image: busybox
      command: ['wget']
      args: ['{{ include "fornix.fullname" . }}:{{ .Values.service.port }}']
  restartPolicy: Never
@@ -0,0 +1,100 @@
 # Default values for fornix.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 drupalUrl: http://drupal
 baseUrl: https://oceanbox.io
 # This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
 replicaCount: 1
 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
 image:
  repository: registry.gitlab.com/oceanbox/fornix
  # This sets the pull policy for images.
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: v1.2.4
 # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets:
  - name: gitlab-pull-secret
 # This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""
 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
  # Specifies whether a service account should be created
  create: true
  # Automatically mount a ServiceAccount's API credentials?
  automount: true
  # Annotations to add to the service account
  annotations: {}
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
 # This is for setting Kubernetes Annotations to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
 # This is for setting Kubernetes Labels to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 podLabels: {}
 podSecurityContext:
  fsGroup: 2000
 securityContext:
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 1000
 # This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
 service:
  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
  type: ClusterIP
  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
  port: 8085
 # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: false
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little
 # resources, such as Minikube. If you do want to specify resources, uncomment the following
 # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
 # limits:
 #   cpu: 100m
 #   memory: 128Mi
 # requests:
 #   cpu: 100m
 #   memory: 128Mi
 # This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
 livenessProbe:
  httpGet:
    path: /
    port: http
 readinessProbe:
  httpGet:
    path: /
    port: http
 # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
 autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
 # Additional volumes on the output Deployment definition.
 volumes: []
 # - name: foo
 #   secret:
 #     secretName: mysecret
 #     optional: false
 # Additional volumeMounts on the output Deployment definition.
 volumeMounts: []
 # - name: foo
 #   mountPath: "/etc/foo"
 #   readOnly: true
 nodeSelector: {}
 tolerations: []
 affinity: {}
@@ -45,6 +45,7 @@ spec:
    persistentVolumeClaimSpec:
      accessModes:
      - ReadWriteOnce
      storageClass: {{ .Values.redis.storageClass | default "managed-nfs-storage" }}
      resources:
        requests:
          storage: {{ .Values.redis.size | default "1Gi" }}
@@ -3,7 +3,7 @@
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
-  repository: registry.gitlab.com/oceanbox/plume/plume
+  repository: registry.gitlab.com/oceanbox/plume
  tag: v1.6.7
  pullPolicy: IfNotPresent
 init:
@@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: v1.33.0
+version: v1.35.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v1.33.0
+appVersion: v1.35.2
@@ -5,7 +5,7 @@
 replicaCount: 1
 image:
  repository: registry.gitlab.com/oceanbox/poseidon/sorcerer
-  tag: v1.33.0
+  tag: v1.35.2
  pullPolicy: IfNotPresent
 init:
  enabled: false
@@ -13,7 +13,7 @@ releases:
 - name: dragonfly
  namespace: dragonfly
  chart: dragonfly/dragonfly-operator
-  version: v1.3.0
+  version: v1.3.1
  condition: dragonfly.enabled
  values:
  - ../values/dragonfly/values/dragonfly.yaml.gotmpl
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: oceanbox
 releases:
 - name: fornix
  namespace: fornix
  chart: ../charts/fornix
  condition: fornix.enabled
  values:
  - ../values/fornix/values/values.yaml
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/fornix/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: manifests
  namespace: fornix
  chart: manifests
  condition: fornix.enabled
  missingFileHandler: Info
  values:
  - ../values/env.yaml
  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  - ../values/fornix/env.yaml.gotmpl
  - ../values/fornix/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/fornix/manifests
    - manifests
@@ -0,0 +1,40 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: system
 releases:
 - name: kueue
  namespace: kueue-system
  chart: oci://registry.k8s.io/kueue/charts/kueue
  version: 0.15.0
  condition: kueue.enabled
  values:
  - ../values/kueue/values/values.yaml
  - ../values/kueue/values/values-{{ .Environment.Name }}.yaml
  - ../values/kueue/values/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/kueue/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: manifests
  namespace: kueue-system
  chart: manifests
  condition: kueue.enabled
  missingFileHandler: Info
  values:
  - ../values/env.yaml
  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  - ../values/kueue/env.yaml.gotmpl
  - ../values/kueue/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/kueue/manifests
    - manifests
@@ -0,0 +1,43 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: stevehipwell
    url: 'https://stevehipwell.github.io/helm-charts/'
 commonLabels:
  tier: system
 releases:
 - name: nexus3
  namespace: nexus
  chart: stevehipwell/nexus3
  version: 5.9.0
  condition: nexus.enabled
  values:
  - ../values/nexus/values/nexus.yaml.gotmpl
  - ../values/nexus/values/nexus-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/nexus/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: manifests
  namespace: nexus
  chart: manifests
  condition: nexus.enabled
  missingFileHandler: Info
  values:
  - ../values/env.yaml
  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  - ../values/nexus/env.yaml.gotmpl
  - ../values/nexus/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/nexus/manifests
    - manifests
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: sonatype-nexus
    url: git+https://github.com/sonatype/helm3-charts@deploy?ref=master
 commonLabels:
  tier: system
 releases:
 - name: sonatype-nexus
  namespace: sonatype-nexus
  chart: sonatype-nexus/sonatype-nexus
  condition: sonatype-nexus.enabled
  values:
  - ../values/sonatype-nexus/values/values.yaml
  - ../values/sonatype-nexus/values/values-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/sonatype-nexus/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: manifests
  namespace: sonatype-nexus
  chart: manifests
  condition: nsonatype-nexus.enabled
  missingFileHandler: Info
  values:
  - ../values/env.yaml
  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  - ../values/sonatype-nexus/env.yaml.gotmpl
  - ../values/sonatype-nexus/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/sonatype-nexus/manifests
    - manifests
@@ -11,15 +11,15 @@ commonLabels:
 releases:
 - name: {{ .Environment.Name }}-sorcerer
  namespace: {{ .Environment.Name }}-sorcerer
  #chart: oceanbox/sorcerer
  chart: ../charts/sorcerer
  condition: sorcerer.enabled
  values:
  - ../values/sorcerer/values/values.yaml
  - ../values/sorcerer/values/values-{{ .Environment.Name }}.yaml
  - ../values/sorcerer/values/values-{{ .Environment.Name }}-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  postRenderer: ../bin/kustomizer
  postRendererArgs:
-  - ../values/sorcerer/kustomize/{{ .Environment.Name }}
+  - ../values/sorcerer/kustomize/{{ .Environment.Name }}-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}
  missingFileHandler: Info
 - name: manifests
  namespace: {{ .Environment.Name }}-sorcerer
@@ -3,8 +3,8 @@
    "nixpkgs": {
      "type": "Channel",
      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre883899.02f2cb8e0feb/nixexprs.tar.xz",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre903996.59b6c96beacc/nixexprs.tar.xz",
-      "hash": "0k4n6f873a4ls1mff6wck6z31kglgg8irwc5s3xsprrwbxdv7p58"
+      "hash": "0b0yr9d1xyfwgpaj68bimsbjjbj7yis4whjvkrfdycfnasdf0gf0"
    }
  },
  "version": 5
@@ -25,17 +25,16 @@ pkgs.mkShellNoCC {
    kubelogin-oidc
    kubectl-rook-ceph
-    # linkerd
+    # other tools
    step-cli
    linkerd
    # velero
    velero
    cmctl
    # dapr
    dapr-cli
  ];
-  ARGOCD_ENV_CLUSTER_NAME = "ekman";
+  ARGOCD_ENV_CLUSTER_NAME = "rossby";
  HELM_GIT_ACCESS_TOKEN = "glpat-xxx";
 }
@@ -72,6 +72,8 @@ spec:
    server: https://kubernetes.default.svc
  - namespace: headscale
    server: https://kubernetes.default.svc
  - namespace: drupal
    server: https://kubernetes.default.svc
  - namespace: otel
    server: https://kubernetes.default.svc
  - namespace: opentelemetry
@@ -75,7 +75,8 @@
    "allowedOrigins": [
        "https://atlantis.beta.oceanbox.io",
        "https://atlantis.dev.oceanbox.io",
-        "https://atlantis.local.oceanbox.io:8080"
+        "https://atlantis.local.oceanbox.io:8080",
        "https://maps.dev.oceanbox.io"
    ],
    "appName": "atlantis",
    "appEnv": "staging",
@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: 4d9e78cd-debug
+  tag: faa0a853-debug
 podAnnotations:
  dapr.io/app-id: "staging-atlantis"
 env:
@@ -66,6 +66,23 @@ ingress:
          pathType: ImplementationSpecific
        - path: /metrics
          pathType: ImplementationSpecific
    - host: maps.dev.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
      internal:
        - path: /internal
          pathType: ImplementationSpecific
        - path: /dapr
          pathType: ImplementationSpecific
        - path: /actors
          pathType: ImplementationSpecific
        - path: /job
          pathType: ImplementationSpecific
        - path: /events
          pathType: ImplementationSpecific
        - path: /metrics
          pathType: ImplementationSpecific
    - host: atlas.oceanbox.io
      paths:
        - path: /
@@ -87,6 +104,7 @@ ingress:
    - hosts:
        - atlantis.beta.oceanbox.io
        - atlas.oceanbox.io
        - maps.dev.oceanbox.io
      secretName: staging-atlantis-tls
 cluster:
  instances: 1
@@ -1,5 +1,65 @@
 - op: add
-  path: /spec/template/spec/containers/0/envFrom/-
+  path: /spec/template/spec/containers/0/envFrom
  value:
-    secretRef:
+    - secretRef:
-      name: azure-keyvault
+        name: azure-keyvault
 - op: add
  path: /spec/template/spec/containers/0/env
  value:
    - name: APP_NAMESPACE
      value: staging-atlantis
    - name: DOTNET_ENVIRONMENT
      value: Development
    - name: ASPNETCORE_ENVIRONMENT
      value: Development
    - name: DB_HOST
      valueFrom:
        secretKeyRef:
          name: staging-atlantis-db-app
          key: host
    - name: DB_PORT
      valueFrom:
        secretKeyRef:
          name: staging-atlantis-db-app
          key: port
    - name: DB_DATABASE
      valueFrom:
        secretKeyRef:
          name: staging-atlantis-db-app
          key: dbname
    - name: DB_USER
      valueFrom:
        secretKeyRef:
          name: staging-atlantis-db-app
          key: user
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: staging-atlantis-db-app
          key: password
    - name: FGA_DB_HOST
      valueFrom:
        secretKeyRef:
          name: staging-openfga-db-app
          key: host
    - name: FGA_DB_PORT
      valueFrom:
        secretKeyRef:
          name: staging-openfga-db-app
          key: port
    - name: FGA_DB_DATABASE
      valueFrom:
        secretKeyRef:
          name: staging-openfga-db-app
          key: dbname
    - name: FGA_DB_USER
      valueFrom:
        secretKeyRef:
          name: staging-openfga-db-app
          key: user
    - name: FGA_DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: staging-openfga-db-app
          key: password
  name: azure-keyvault
@@ -1,82 +0,0 @@
 # env.patch.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: staging-codex
  labels:
    app.kubernetes.io/name: codex
    app.kubernetes.io/instance: staging-codex
 spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/name: codex
        app.kubernetes.io/instance: staging-codex
    spec:
      containers:
        - name: codex
          env:
          - name: APP_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: APP_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: APP_NAMESPACE
            value: prod-atlantis
          - name: DOTNET_ENVIRONMENT
            value: Development
          - name: ASPNETCORE_ENVIRONMENT
            value: Development
          - name: DB_HOST
            valueFrom:
              secretKeyRef:
                name: staging-atlantis-db-app
                key: host
          - name: DB_PORT
            valueFrom:
              secretKeyRef:
                name: staging-atlantis-db-app
                key: port
          - name: DB_DATABASE
            valueFrom:
              secretKeyRef:
                name: staging-atlantis-db-app
                key: dbname
          - name: DB_USER
            valueFrom:
              secretKeyRef:
                name: staging-atlantis-db-app
                key: user
          - name: DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: staging-atlantis-db-app
                key: password
          - name: FGA_DB_HOST
            valueFrom:
              secretKeyRef:
                name: staging-openfga-db-app
                key: host
          - name: FGA_DB_PORT
            valueFrom:
              secretKeyRef:
                name: staging-openfga-db-app
                key: port
          - name: FGA_DB_DATABASE
            valueFrom:
              secretKeyRef:
                name: staging-openfga-db-app
                key: dbname
          - name: FGA_DB_USER
            valueFrom:
              secretKeyRef:
                name: staging-openfga-db-app
                key: user
          - name: FGA_DB_PASSWORD
            valueFrom:
              secretKeyRef:
                name: staging-openfga-db-app
                key: password
@@ -10,7 +10,5 @@ patches:
      version: v1
      kind: Deployment
    path: deployment_patch.yaml
-  - path: env.patch.yaml
+resources:
-    target:
+  - ../base
      labelSelector: "app.kubernetes.io/name=codex"
@@ -13,7 +13,7 @@ spec:
  destination:
    namespace: {{ .Values.codex.env }}-atlantis
    server: https://kubernetes.default.svc
-  project: default
+  project: atlantis
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
@@ -27,6 +27,9 @@ spec:
        value: {{ .Values.codex.env }}
      - name: HELMFILE_FILE_PATH
        value: codex.yaml.gotmpl
  - repoURL: https://gitlab.com/oceanbox/manifests.git
    targetRevision: main
    ref: values
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
@@ -1,13 +1,11 @@
 replicaCount: 1
 image:
-  tag: 028945bf-debug
+  tag: 70878e14-debug
 ingress:
  enabled: true
  className: "nginx"
  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
+    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    oceanbox.io/expose: internal
@@ -16,16 +14,19 @@ ingress:
      paths:
        - path: /
          pathType: ImplementationSpecific
    - host: codex.dev.tos.obx
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - hosts:
        - codex.dev.oceanbox.io
        - codex.dev.tos.obx
      secretName: staging-codex-tls
 volumes:
  - name: appsettings
    configMap:
      name: staging-codex-appsettings
 volumeMounts:
  - name: appsettings
    mountPath: "/app/appsettings.Development.json"
@@ -14,7 +14,7 @@ metadata:
 spec:
  ingressClassName: nginx
  rules:
-  - host: dapr.{{ .Values.clusterConfig.cluster }}.oceanbox.io
+  - host: dapr.adm.oceanbox.io
    http:
      paths:
      - backend:
@@ -26,6 +26,6 @@ spec:
        pathType: ImplementationSpecific
  tls:
  - hosts:
-    - dapr.{{ .Values.clusterConfig.cluster }}.oceanbox.io
+    - dapr.adm.oceanbox.io
    secretName: dapr-dashboard-tls
 {{- end }}
@@ -0,0 +1,2 @@
 drupal:
  enabled: true
@@ -0,0 +1,3 @@
 drupal:
  enabled: false
  autosync: false
@@ -0,0 +1,13 @@
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-external-services
  namespace: fornix
 spec:
  egress:
    - toFQDNs:
        - matchPattern: "cache.nixos.org"
        - matchPattern: "nix-community.cachix.org"
  endpointSelector:
    matchLabels:
      app: drupal
@@ -0,0 +1,11 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: drupal-db
 spec:
  instances: 1
  primaryUpdateStrategy: unsupervised
  storage:
    size: 2Gi
  monitoring:
    enablePodMonitor: true
@@ -0,0 +1,75 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: drupal
  labels:
    app: drupal
 spec:
  selector:
    matchLabels:
      app: drupal
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: drupal
    spec:
      initContainers:
        - name: init-volumes
          image: drupal
          command: ["/bin/bash", "-c"]
          args:
            [
              "mkdir -p /web/{modules/patches,profiles,themes,sites/default}; chown -R www-data:www-data /web/{sites,modules,profiles,themes}; touch /web/modules/composer.json; echo done.",
            ]
          volumeMounts:
            - mountPath: /web
              name: drupal
      containers:
        - name: drupal
          image: drupal
          ports:
            - containerPort: 80
              name: http
              protocol: TCP
          env:
            - name: DRUPAL_DATABASE_HOST
              value: drupal-db-rw
            - name: DRUPAL_DATABASE_PREFIX
              value: ""
            - name: DRUPAL_DATABASE_NAME
              value: app
            - name: DRUPAL_DATABASE_USERNAME
              valueFrom:
                secretKeyRef:
                  name: drupal-db-app
                  key: username
            - name: DRUPAL_DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: drupal-db-app
                  key: password
          volumeMounts:
            - mountPath: /opt/drupal/web/modules
              name: drupal
              subPath: modules
            - mountPath: /opt/drupal/web/profiles
              name: drupal
              subPath: profiles
            - mountPath: /opt/drupal/web/themes
              name: drupal
              subPath: themes
            - mountPath: /opt/drupal/web/sites
              name: drupal
              subPath: sites
            - mountPath: /opt/drupal/composer.json
              name: drupal
              subPath: modules/composer.json
            - mountPath: /opt/drupal/patches
              name: drupal
              subPath: modules/patches
      volumes:
        - name: drupal
          persistentVolumeClaim:
            claimName: drupal
@@ -0,0 +1,22 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: drupal
  namespace: argocd
 spec:
  destination:
    namespace: fornix
    server: "https://kubernetes.default.svc"
  sources:
    - repoURL: https://gitlab.com/oceanbox/manifests.git
      targetRevision: HEAD
      path: values/drupal/manifests
  project: default
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    automated:
      prune: true
      # selfHeal: false
@@ -0,0 +1,32 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
  labels:
    app.kubernetes.io/component: drupal
  name: drupal
  namespace: fornix
 spec:
  ingressClassName: nginx
  rules:
    - host: drupal.hel1.oceanbox.io
      http:
        paths:
          - backend:
              service:
                name: drupal
                port:
                  number: 80
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - drupal.hel1.oceanbox.io
      secretName: drupal-tls
@@ -0,0 +1,26 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: drupal
  labels:
    app: drupal
 spec:
  ports:
    - port: 80
      name: http
      targetPort: http
  selector:
    app: drupal
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: drupal
  labels:
    app: drupal
 spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
@@ -0,0 +1,35 @@
 # Default values for Example Single Node.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 drupal:
  persistence:
    enabled: true
    ## A manually managed Persistent Volume and Claim
    ## Requires persistence.enabled: true
    ## If defined, PVC must be created manually before volume will be bound
    # existingClaim:
    ## Drupal data Persistent Volume Storage Class
    ## If defined, storageClassName: <storageClass>
    ## If set to "-", storageClassName: "", which disables dynamic provisioning
    ## If undefined (the default) or set to null, no storageClassName spec is
    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
    ##   GKE, AWS & OpenStack)
    ##
    # storageClass: "-"
    annotations: {}
    accessMode: ReadWriteOnce
    size: 2Gi
 varnish:
  enabled: false
 redis:
  enabled: false
 mysql:
  enabled: false
 proxysql:
  enabled: false
@@ -0,0 +1,2 @@
 fornix:
  enabled: true
@@ -0,0 +1,4 @@
 fornix:
  enabled: false
  autosync: false
  env: {{ .Environment.Name }}
@@ -0,0 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - _manifest.yaml
@@ -0,0 +1,40 @@
 {
  "oidc": {
    "issuer": "https://idp.app.local/dex",
    "authorization_endpoint": "https://idp.app.local/dex/auth",
    "token_endpoint": "https://idp.app.local/dex/token",
    "jwks_uri": "https://idp.app.local/dex/keys",
    "userinfo_endpoint": "https://idp.app.local/dex/userinfo",
    "device_authorization_endpoint": "https://idp.app.local/dex/device/code",
    "clientId": "app",
    "clientSecret": "secret",
    "scopes": [
      "openid",
      "email",
      "offline_access",
      "profile"
    ]
  },
  "redis": "localhost:6379,user=default,password=secret",
  "sso": {
    "cookieDomain": "localhost",
    "signedOutRedirectUri": "https://idp.app.local/dex/static/logout.html",
    "appDomain": "app",
    "dataProtectionKeys": "DataProtection-Keys"
  },
  "allowedOrigins": [
    "https://fornix.hel1.oceanbox.io"
  ],
  "plainAuthUsers": [
    {
      "username": "",
      "password": "",
      "groups": [
        ""
      ],
      "roles": [
        ""
      ]
    }
  ]
 }
@@ -0,0 +1,8 @@
 generatorOptions:
  disableNameSuffixHash: true
 configMapGenerator:
  - name: fornix-appsettings
    files:
      - appsettings.json
 resources:
  - ../base
@@ -0,0 +1,43 @@
 {{ if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: fornix
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
    argocd.argoproj.io/compare-options: ServerSideDiff=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: fornix
    server: https://kubernetes.default.svc
  project: default
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
      - name: HELMFILE_ENVIRONMENT
        value: {{ .Values.fornix.env }}
      - name: HELMFILE_FILE_PATH
        value: fornix.yaml.gotmpl
  - repoURL: https://gitlab.com/oceanbox/manifests.git
    targetRevision: main
    ref: values
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
    {{- if .Values.fornix.autosync }}
    automated:
      prune: true
      selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,30 @@
 baseUrl: https://fornix.hel1.oceanbox.io
 drupalUrl: http://drupal
 replicaCount: 1
 ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    oceanbox.io/expose: internal
  hosts:
    - host: fornix.hel1.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
    - hosts:
        - fornix.hel1.oceanbox.io
      secretName: fornix-tls
 volumes:
  - name: appsettings
    configMap:
      name: fornix-appsettings
 volumeMounts:
  - name: appsettings
    mountPath: "/app/appsettings.json"
    readOnly: true
    subPath: appsettings.json
@@ -79,21 +79,28 @@ config:
      - "[RESPONSE_TIME] <= 1000"
  endpoints:
-    - name: Atlantis
+    - name: Atlantis TOS
      <<: *https-endpoint
      group: "Primary Services"
      url: https://maps.oceanbox.io/healthz
      alerts:
      - type: custom
-    - name: Sorcerer
+    - name: Sorcerer TOS
      <<: *https-endpoint
      group: "Primary Services"
      url: https://sorcerer.data.oceanbox.io/healthz
      alerts:
      - type: custom
-    - name: Plume
+    - name: Sorcerer VTN
      <<: *https-endpoint
      group: "Primary Services"
      url: https://sorcerer.vtn.oceanbox.io/healthz
      # alerts:
      # - type: custom
    - name: Plume TOS
      <<: *https-endpoint
      group: "Secondary Services"
      url: https://plume.data.oceanbox.io/healthz
@@ -1,7 +1,7 @@
 image:
  repository: ghcr.io/juanfont/headscale
  pullPolicy: IfNotPresent
-  tag: v0.26.1
+  tag: v0.27.1
 args: [ "serve" ]
@@ -1,7 +1,7 @@
 image:
  repository: ghcr.io/juanfont/headscale
  pullPolicy: IfNotPresent
-  tag: v0.26.1
+  tag: v0.27.1
 args: ["serve"]
@@ -107,6 +107,7 @@ configMaps:
            "group:devops": [
              "radovan.bast@oceanbox.io",
              "ole.tytlandsvik@oceanbox.io",
              "ismael.abujadur@oceanbox.io",
            ],
            "group:oceanographer": [
              "frank.gaardsted@oceanbox.io",
@@ -209,7 +210,7 @@ configMaps:
                 "group:marketing",
              ],
              "dst": [
-                 "tag:mumindalen:0",
+                 "tag:mumindalen:*",
                 "tag:hpc:22,80,443",
                 "dc.tos.net:22,80,443",
                 "dc.hel1.net:443",
@@ -243,14 +244,11 @@ configMaps:
    data:
      records: |
        [
           { "name": "ekman.oceanbox.io", "type": "A", "value": "10.255.241.100" },
           { "name": "ekman-manage.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "rossby.oceanbox.io", "type": "A", "value": "172.16.239.222" },
           { "name": "rossby-manage.oceanbox.io", "type": "A", "value": "172.16.239.221" },
           { "name": "maps.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "maps.beta.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "maps.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "atlantis.beta.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "codex.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "auth.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "auth.adm.oceanbox.io", "type": "A", "value": "10.255.241.11" },
@@ -284,6 +282,8 @@ configMaps:
           { "name": "plume.data.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "slurm-agent.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "kueue.dev.tos.obx", "type": "A", "value": "10.255.241.99" },
           { "name": "slurm-agent.rossby.oceanbox.io", "type": "A", "value": "172.16.239.222" },
           { "name": "argocd.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
@@ -292,6 +292,8 @@ configMaps:
           { "name": "alertmanager.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "slurm-agent.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "kueue.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "dashboard.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
           { "name": "grafana.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
           { "name": "s3.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
@@ -299,6 +301,8 @@ configMaps:
           { "name": "alertmanager.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
           { "name": "hubble.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
           { "name": "codex.dev.tos.obx", "type": "A", "value": "10.255.241.11" },
           { "name": "dashboard.ceph.tos.obx", "type": "A", "value": "10.255.241.10" },
           { "name": "grafana.ceph.tos.obx", "type": "A", "value": "10.255.241.10" },
           { "name": "s3.ceph.tos.obx", "type": "A", "value": "10.255.241.10" },
@@ -317,18 +321,18 @@ configMaps:
           { "name": "jonas-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "stig-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "stig-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "stig-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "stig-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "stig-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "radovan-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "radovan-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "mrtz-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "mrtz-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "mrtz-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "mrtz-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "mrtz-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "simkir-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
-           { "name": "simkir-user-portal.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
+           { "name": "simkir-codex.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "simkir-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "simkir-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "simkir-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
           { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
           { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
           { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
@@ -0,0 +1,3 @@
 kueue:
  enabled: true
  autosync: false
@@ -0,0 +1,3 @@
 kueue:
  enabled: true
  autosync: false
@@ -0,0 +1,4 @@
 kueue:
  enabled: false
  autosync: false
  env: {{ .Environment.Name }}
@@ -0,0 +1,51 @@
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: ResourceFlavor
 metadata:
 name: compute # Just needs to exist, can be managed with tains/tolerations
 ---
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: ClusterQueue
 metadata:
   name: jobs
 spec:
  cohort: general
  namespaceSelector: {} # Accept workloads from any namespace
  preemption:
    withinClusterQueue: "LowerPriority" # Allow higher priority to preempt lower
  resourceGroups:
   - coveredResources: ["cpu", "memory"] # Cover both memory and cpu resources
     flavors:
       - name: compute
         resources:
           - name: "cpu"
             nominalQuota: '4'
           - name: "memory"
             nominalQuota: 8Gi
 ---
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: LocalQueue
 metadata:
  name: prod-queue
  namespace: prod-sorcerer
 spec:
  clusterQueue: jobs
 ---
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: LocalQueue
 metadata:
  name: staging-queue
  namespace: staging-sorcerer
 spec:
  clusterQueue: jobs
 ---
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: WorkloadPriorityClass
 metadata:
  name: "normal"
 value: 100
 ---
 apiVersion: kueue.x-k8s.io/v1beta1
 kind: WorkloadPriorityClass
 metadata:
  name: "high"
 value: 200 # Higher value = higher priority
@@ -0,0 +1,89 @@
 {{- if eq .Values.clusterConfig.cluster "ekman"}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: kueueviz-ingress
  namespace: kueue-system
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/backend-protocol: HTTP
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
 spec:
  rules:
    - host: kueue.dev.tos.obx
      http:
        paths:
          - path: /ws
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-backend
                port:
                  number: 8080
          - path: /api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-backend
                port:
                  number: 8080
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-frontend
                port:
                  number: 8080
  tls:
    - hosts:
        - kueue.dev.tos.obx
      secretName: kueueviz-tls
 {{- end}}
 ---
 {{- if eq .Values.clusterConfig.cluster "rossby"}}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: kueueviz-ingress
  namespace: kueue-system
  annotations:
    cert-manager.io/cluster-issuer: ca-issuer
    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
 spec:
  rules:
    - host: kueue.dev.vtn.obx
      http:
        paths:
          - path: /ws
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-backend
                port:
                  number: 8080
          - path: /api(/|$)(.*)
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-backend
                port:
                  number: 8080
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kueue-kueueviz-frontend
                port:
                  number: 8080
  tls:
    - hosts:
        - kueue.dev.vtn.obx
      secretName: kueueviz-tls
 {{- end}}
@@ -0,0 +1,44 @@
 {{ if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: kueue
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
    argocd.argoproj.io/compare-options: ServerSideDiff=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: kueue-system
    server: https://kubernetes.default.svc
  project: default
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
      - name: HELMFILE_ENVIRONMENT
        value: {{ .Values.kueue.env }}
      - name: HELMFILE_FILE_PATH
        value: kueue.yaml.gotmpl
  - repoURL: https://gitlab.com/oceanbox/manifests.git
    targetRevision: main
    ref: values
  syncPolicy:
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    {{- if .Values.kueue.autosync }}
    automated:
      prune: true
      selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,9 @@
 kueueViz:
  backend:
    env:
      - name: KUEUEVIZ_ALLOWED_ORIGINS
        value: "https://kueue.dev.tos.obx"
  frontend:
    env:
      - name: REACT_APP_WEBSOCKET_URL
        value: "wss://kueue.dev.tos.obx"
@@ -0,0 +1,9 @@
 kueueViz:
  backend:
    env:
      - name: KUEUEVIZ_ALLOWED_ORIGINS
        value: "https://kueue.dev.vtn.obx"
  frontend:
    env:
      - name: REACT_APP_WEBSOCKET_URL
        value: "wss://kueue.dev.vtn.obx"
@@ -0,0 +1,21 @@
 controllerManager:
  featureGates:
    - name: TopologyAwareScheduling
      enabled: true
    - name: LocalQueueMetrics
      enabled: true
  managerConfig:
    controllerManagerConfigYaml: |
      apiVersion: config.kueue.x-k8s.io/v1beta1
      kind: Configuration
      integrations:
        frameworks:
          - batch/job
          - jobset.x-k8s.io/jobset
      internalCertManagement:
        enable: true
 enableCertManager: false
 enablePrometheus: true
 metrics:
  prometheusNamespace: prometheus
 enableKueueViz: true
@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: "f2d0f9ad-debug"
+  tag: "01ac1d47-debug"
 env:
  - name: APP_VERSION
    value: "0.0.0-staging"
@@ -0,0 +1,3 @@
 mariadb_operator:
  enabled: false
  autosync: false
@@ -0,0 +1,3 @@
 nexus:
 enabled: true
 autosync: true
@@ -0,0 +1,3 @@
 nexus:
 enabled: false
 autosync: false
@@ -0,0 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: nexus-admin-password
  namespace: nexus
 type: Opaque
 stringData:
  password: "changeme-admin-password-here"
@@ -0,0 +1,37 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: nexus
  namespace: argocd
 spec:
  destination:
    namespace: nexus
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
      - name: HELMFILE_ENVIRONMENT
        value: default
      - name: HELMFILE_FILE_PATH
        value: nexus.yaml.gotmpl
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    {{- if .Values.nexus.autosync }}
    automated:
      prune: true
    {{- end }}
 {{- end }}
@@ -0,0 +1,60 @@
 image:
  tag: 3.74.0
 ingress:
  enabled: true
  ingressClassName: nginx
  hosts:
    - host: mochi.tos.oceanbox.io
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: nexus-tls
      hosts:
        - mochi.tos.oceanbox.io
 persistence:
  enabled: true
  storageClass: "ceph-rbd"
  size: 8Gi
 env:
  - name: INSTALL4J_ADD_VM_PARAMS
    value: "-Xms1024m -Xmx1024m -XX:MaxDirectMemorySize=1024m -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
 resources:
  requests:
    cpu: 200m
    memory: 1Gi
  limits:
    memory: 1Gi
 config:
  enabled: true
  data:
    nexus.properties: |
      nexus.s3.blobstore.enabled=true
  rootPassword:
    secret: nexus-admin-password
    key: password
 serviceAccount:
  create: true
 additionalConfigMaps:
  - name: nexus-s3-config
    data:
      s3-blobstore.json: |
        {
          "name": "s3-nuget",
          "type": "S3",
          "attributes": {
            "s3": {
              "bucket": "nexus-nuget-registry",
              "region": "us-east-1",
              "prefix": "nuget/",
              "expiration": -1
            }
          }
        }
@@ -1,5 +1,5 @@
 nfs_provisioner:
-  enabled: true
+  enabled: false
  autosync: true
  archiveOnDelete: true
  defaultClass: true
@@ -4,7 +4,7 @@
    "appEnv": "prod",
    "appNamespace": "prod-plume",
    "appVersion": "1.0.0",
-    "cacheDir": "/data/archives/cache",
+    "cacheDir": "/data/archives/cache/prod",
    "otelCollector": "http://10.255.241.12:4317",
    "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456",
 }
@@ -4,7 +4,7 @@
    "appEnv": "staging",
    "appNamespace": "staging-plume",
    "appVersion": "0.0.0",
-    "cacheDir": "/data/archives/cache",
+    "cacheDir": "/data/archives/cache/staging",
    "otelCollector": "http://10.255.241.12:4317",
    "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456"
 }
@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: 121f49c9-debug
+  tag: e5015d5d-debug
 podAnnotations:
  dapr.io/enabled: "true"
  dapr.io/app-id: "staging-plume"
@@ -0,0 +1,3 @@
 sonatype-nexus:
 enabled: true
 autosync: true
@@ -0,0 +1,45 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: sonatype-nexus
  namespace: argocd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: cert-manager
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
      - name: HELMFILE_ENVIRONMENT
        value: default
      - name: HELMFILE_FILE_PATH
        value: sonatype-nexus.yaml.gotmpl
  project: sys
  ignoreDifferences:
    - group: cert-manager.io
      kind: Certificate
      jqPathExpressions:
        - '.spec.duration'
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    {{- if .Values.sonatype-nexus.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -1,3 +1,2 @@
 sorcerer:
  enabled: true
@@ -0,0 +1,2 @@
 sorcerer:
  enabled: true
@@ -72,5 +72,5 @@
    "otelCollector": "http://10.255.241.12:4317",
    "archiveSvc": "https://maps.oceanbox.io",
    "dataDir": "/data/archives",
-    "cacheDir": "/data/archives/cache"
+    "cacheDir": "/data/archives/cache/prod"
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
juselius	6e9b1c8f29	feat: add stub sonatype-nexus helmfile	2025-12-16 20:11:20 +01:00
mrtz	dab6716033	fix(sorcere/plume): Update cacheDir for prod/staging	2025-12-16 17:39:36 +01:00
mrtz	23bedaa370	fix(sorcerer): Create staging cacheDir	2025-12-16 17:27:25 +01:00
Radovan Bast	e578f06d36	ci: makai	2025-12-16 15:13:57 +00:00
Radovan Bast	2e6559e6ad	ci: makai	2025-12-16 11:23:15 +00:00
Radovan Bast	7f21f3632d	ci: makai	2025-12-16 08:42:04 +00:00
juselius	03ea94648f	ci: fornix	2025-12-16 08:28:57 +00:00
juselius	cfe034bad0	fix: fix fornix base and drupal urls	2025-12-16 08:50:19 +01:00
juselius	87edc012d4	fix: add values for fornix drupalUrl and baseUrl	2025-12-16 08:48:42 +01:00
Radovan Bast	e64207fc08	ci: makai	2025-12-16 07:14:47 +00:00
juselius	1de43ded88	ci: fornix	2025-12-15 18:16:43 +00:00
juselius	e82cfe22bd	ci: fornix	2025-12-15 16:19:06 +00:00
Radovan Bast	be78113f20	ci: makai	2025-12-15 15:34:01 +00:00
juselius	9c48deef78	ci: fornix	2025-12-15 15:16:12 +00:00
mrtz	590541c0e1	chore(umami): Bump to latest	2025-12-15 15:07:24 +01:00
mrtz	fc63ae640c	fix(kueue): Move ingress	2025-12-15 14:08:21 +01:00
mrtz	26a5fc683e	fix(kueue): Value naming	2025-12-15 14:06:18 +01:00
mrtz	10fa7835ae	fix(kueue): Per cluster ingress	2025-12-15 14:03:29 +01:00
mrtz	d99bb6547d	fix(kueue): Add ws ingress	2025-12-15 13:45:32 +01:00
mrtz	5e5ebad9ad	fix(kueue): Reset allowed origins	2025-12-15 13:23:46 +01:00
mrtz	5519d67ccc	fix(kueue): Add prioriry classes and fix ingress	2025-12-15 12:10:17 +01:00
Radovan Bast	98b34deea2	ci: makai	2025-12-15 07:57:47 +00:00
Radovan Bast	123b23d337	ci: makai	2025-12-14 14:39:58 +00:00
juselius	e7e37c8adc	Merge branch 'main' of gitlab.com:oceanbox/manifests	2025-12-14 11:41:47 +01:00
juselius	771decaf2b	fix: fix diagrid-dashboard service port	2025-12-14 11:41:34 +01:00
Radovan Bast	a3609c4072	ci: makai	2025-12-14 10:14:15 +00:00
Radovan Bast	f7e4b100e1	ci: makai	2025-12-13 18:02:57 +00:00
Radovan Bast	3ab4a94bb2	ci: makai	2025-12-13 17:52:57 +00:00
mrtz	083cd50d6a	fix(kueue): Undo certs	2025-12-13 13:23:59 +01:00
juselius	33395c5051	wip: add rudimentary diagrid dashboard chart. needs work.	2025-12-13 12:31:07 +01:00
mrtz	0b634744da	fix(kueue): Lets try again	2025-12-12 16:10:45 +01:00
mrtz	3d423a8111	fix(kueue): Disable internal	2025-12-12 16:09:06 +01:00
mrtz	fb71102049	fix(kueue): Check prom	2025-12-12 16:08:14 +01:00
mrtz	07cfd8013d	fix(kueue): I'm stupid	2025-12-12 16:05:47 +01:00
mrtz	dbb17345b6	fix(kueue): Disable internal certs	2025-12-12 16:02:56 +01:00
mrtz	dc5fbb49ca	fix(hs): Use dev.x.obx	2025-12-12 15:56:15 +01:00
mrtz	3c9f2e4c4a	fix(kueue): Use ca-issuer	2025-12-12 15:55:29 +01:00
mrtz	9f922a494d	fix(kueue): Correct yaml	2025-12-12 15:53:35 +01:00
mrtz	a4e5901c76	fix(kueue): Correct ingress	2025-12-12 15:49:19 +01:00
mrtz	de19337d2c	fix(headscale): Add kueue ing	2025-12-12 15:46:33 +01:00
mrtz	bb3586b7c5	fix(kueue): Add ingress	2025-12-12 15:45:11 +01:00
mrtz	dbf1e73f79	fix(kueue): Enable metrics	2025-12-12 15:39:39 +01:00
mrtz	b22d29c4ff	minor(kueue): Add localQueue for prod/staging	2025-12-12 15:32:07 +01:00
mrtz	abe145e29e	fix(kueue): Formatting	2025-12-12 15:26:32 +01:00
mrtz	5f935ebbb9	fix(kueue): Add a default clusterqueue and add support for batch/jobsets	2025-12-12 15:18:29 +01:00
mrtz	c25f6f07a6	ci: plume	2025-12-12 14:13:46 +00:00
Radovan Bast	5ca4fd830f	ci: makai	2025-12-12 14:05:51 +00:00
mrtz	75aca0ab33	fix(plume): Correct image	2025-12-12 15:02:52 +01:00
mrtz	c512b6b402	ci: plume	2025-12-12 14:00:22 +00:00
juselius	95b419ce09	ci: fornix	2025-12-12 13:53:33 +00:00
mrtz	2da99db2a1	ci: plume	2025-12-12 12:57:58 +00:00
mrtz	1b0c49e17f	fix(kueue): Use websockets	2025-12-12 11:22:40 +01:00
mrtz	5738b0fd0e	fix(kueue): Switch to svc for backend	2025-12-12 11:21:35 +01:00
mrtz	847efcde83	fix(kueue): Correct syntax	2025-12-12 11:11:51 +01:00
mrtz	ebcf791fee	fix(kueue): Enable dasbboard	2025-12-12 11:10:13 +01:00
Radovan Bast	74e5196c90	ci: makai	2025-12-12 09:30:40 +00:00
juselius	323aca63ac	ci: fornix	2025-12-12 08:38:38 +00:00
Radovan Bast	6b9479bdcf	ci: makai	2025-12-12 07:17:57 +00:00
juselius	4387d147ed	fix: move drupal configs to modules rather than sites	2025-12-11 18:08:17 +01:00
juselius	c72c35f905	ci: fornix	2025-12-11 16:52:54 +00:00
juselius	e54a374387	fix: fix fornix domain (again)	2025-12-11 15:58:14 +01:00
juselius	c3939e6359	fix: add Kueue ServerSideApply=true	2025-12-11 15:53:55 +01:00
juselius	04f41d5dc4	fix: fix fornix dev domain	2025-12-11 15:51:55 +01:00
juselius	b5aca9a830	Merge branch 'main' of gitlab.com:oceanbox/manifests	2025-12-11 15:49:13 +01:00
juselius	7b85e30954	fix: fix fornix certificate	2025-12-11 15:49:03 +01:00
juselius	751d371d19	ci: fornix	2025-12-11 14:44:36 +00:00
juselius	ea65c4581c	feat: add kueue	2025-12-11 15:26:18 +01:00
juselius	1b19734b6e	ci: fornix	2025-12-11 12:38:22 +00:00
juselius	d69ce7d104	Merge branch 'main' of gitlab.com:oceanbox/manifests	2025-12-11 13:33:33 +01:00
juselius	8a051c10af	fix: move drupal to fornix	2025-12-11 13:33:24 +01:00
Radovan Bast	351116d3a8	ci: makai	2025-12-11 11:59:21 +00:00
Radovan Bast	f4f0476177	ci: makai	2025-12-11 11:41:53 +00:00
juselius	9a29c2dd5f	fix: move drupal to default argo project	2025-12-11 12:28:05 +01:00
juselius	e73e060e6d	fix: move drupal to fornix ns	2025-12-11 12:22:26 +01:00
juselius	0467528683	fix: fix fornix image tag	2025-12-10 21:43:13 +01:00
juselius	54485c0554	ci: fornix	2025-12-10 20:26:45 +00:00
juselius	7063f68a28	ci: fornix	2025-12-10 18:53:53 +00:00
juselius	a3cb3ba335	ci: fornix	2025-12-10 18:43:55 +00:00
Radovan Bast	5b8cc451c2	ci: makai	2025-12-10 15:29:47 +00:00
juselius	86240afd82	fix: update fornix	2025-12-10 16:06:30 +01:00
juselius	ee4417aee2	fix: fix fornix registry	2025-12-10 15:52:20 +01:00
juselius	9269d9c026	fix: fix fornix namespace	2025-12-10 15:45:28 +01:00
juselius	6ea0811d74	Merge branch 'main' of gitlab.com:oceanbox/manifests	2025-12-10 15:42:40 +01:00
juselius	0779d405c6	feat: add fornix	2025-12-10 15:42:31 +01:00
Radovan Bast	6626654df6	ci: makai	2025-12-10 14:26:47 +00:00
Radovan Bast	df231941c0	ci: makai	2025-12-10 11:23:11 +00:00
mrtz	7002dcd14d	fix(mdb): Disable on hel1	2025-12-10 09:03:19 +01:00
juselius	b323c48c18	fix: split and fix drupal manifests	2025-12-10 08:51:01 +01:00
mrtz	c344a26f5c	Run mariadb-operatore on hel1	2025-12-09 13:37:06 +01:00
mrtz	5741568d02	fix: Persist hs	2025-12-09 13:03:28 +01:00
mrtz	480c44a82d	ci: codex	2025-12-09 12:02:31 +00:00
Radovan Bast	13a5f16810	ci: makai	2025-12-09 11:28:39 +00:00
Radovan Bast	c906bb7136	ci: makai	2025-12-09 07:32:51 +00:00
Radovan Bast	e9d6315656	ci: makai	2025-12-09 07:19:18 +00:00
Radovan Bast	bb7916b155	ci: makai	2025-12-08 13:52:33 +00:00
Radovan Bast	14554b6dae	ci: makai	2025-12-08 13:30:26 +00:00
Radovan Bast	a5364d3c16	ci: makai	2025-12-08 11:44:48 +00:00
juselius	3368517f3a	ci: sorcerer	2025-12-06 10:37:41 +00:00
juselius	5eee9e90a8	ci: atlantis	2025-12-06 10:37:38 +00:00
Radovan Bast	dc52b49da7	ci: makai	2025-12-05 17:21:52 +00:00
Radovan Bast	ff5a4e0a2a	ci: makai	2025-12-05 17:19:29 +00:00
Radovan Bast	e19b240f1f	ci: makai	2025-12-05 13:00:06 +00:00
Radovan Bast	a47cf689fb	ci: makai	2025-12-04 13:53:55 +00:00
Radovan Bast	888daa7f1e	ci: makai	2025-12-04 12:05:13 +00:00
Radovan Bast	eaeb988aab	ci: makai	2025-12-03 15:28:28 +00:00
Radovan Bast	edd3df84e5	ci: makai	2025-12-03 14:43:38 +00:00
Radovan Bast	526e24cc66	ci: makai	2025-12-03 14:19:37 +00:00
Radovan Bast	11d4b37f4d	ci: makai	2025-12-03 13:30:34 +00:00
Radovan Bast	cabfceadd1	ci: makai	2025-12-03 10:48:44 +00:00
Radovan Bast	2bfeaf7d67	ci: makai	2025-12-03 10:35:37 +00:00
mrtz	1e1669fcd6	fix(drupal): Use dev image	2025-12-03 11:08:07 +01:00
simkir	3f3a4255b5	Add codex.dev.tos.obx to cert	2025-12-03 10:12:04 +01:00
simkir	877cc612a0	umami: View umami submit events from 2025-09-01 To see more submits in our dashboard	2025-12-03 08:54:46 +01:00
mrtz	a18e7d2e23	fix: Add inital nexus and update drupal image	2025-12-02 21:27:05 +01:00
Radovan Bast	de9388691a	ci: makai	2025-12-02 15:12:40 +00:00
Radovan Bast	9c6a7e01f4	ci: makai	2025-12-02 14:05:41 +00:00
simkir	ae4c7f3bb4	Add maps.dev.oceanbox.io to allowedOrigin For sorcerer and itself, I guess	2025-12-02 14:36:45 +01:00
Moritz Jörg	4442bc923a	fix(drupal): Persist whitelist	2025-12-02 14:34:30 +01:00
Moritz Jörg	ddfd36fb3a	fix(drupal): Switch image	2025-12-02 14:34:07 +01:00
juselius	46820439e9	fix: add ismael to headscale acl	2025-12-02 14:31:54 +01:00
simkir	64c081f629	Add maps.dev.oceanbox.io ing for staging Doesn't hurt having it while we wait for the proper beta instance.	2025-12-02 14:29:00 +01:00
Radovan Bast	c7958cbc6b	ci: makai	2025-12-02 13:28:10 +00:00
Radovan Bast	730b84e469	ci: makai	2025-12-02 12:37:45 +00:00
Radovan Bast	2785bf7907	ci: makai	2025-12-02 12:28:18 +00:00
mrtz	72079fe81b	fix(drupal): Correct ing	2025-12-02 12:01:15 +01:00
mrtz	b58d457d90	fix(drupal): Fixup	2025-12-02 12:00:14 +01:00
mrtz	86d2d58c3c	fix(drupal): Intial setup	2025-12-02 11:57:22 +01:00
Radovan Bast	5030b4b8c5	ci: makai	2025-12-02 10:08:42 +00:00
Radovan Bast	7f39e2baf7	ci: makai	2025-12-02 09:54:02 +00:00
Radovan Bast	052edfa4e4	ci: makai	2025-12-02 08:28:01 +00:00
juselius	9349978f6e	ci: atlantis	2025-12-01 18:31:07 +00:00
juselius	7cf6cf1a55	ci: sorcerer	2025-12-01 18:31:04 +00:00
juselius	97d398c637	ci: codex	2025-12-01 18:31:02 +00:00
mrtz	297d998c96	ci: atlantis	2025-12-01 18:28:09 +00:00
Radovan Bast	14524fb308	ci: makai	2025-12-01 14:51:18 +00:00
Radovan Bast	b4970a8550	ci: makai	2025-12-01 13:49:55 +00:00
juselius	7705fc228c	ci: atlantis	2025-12-01 13:37:23 +00:00
juselius	12d2587e9b	ci: sorcerer	2025-12-01 13:37:21 +00:00
juselius	f030045694	ci: codex	2025-12-01 13:37:19 +00:00
stigrj	4898676dc5	ci: atlantis	2025-12-01 13:34:36 +00:00
juselius	21ffb79401	ci: codex	2025-12-01 13:15:40 +00:00
juselius	e30bdc54be	ci: sorcerer	2025-12-01 13:15:38 +00:00
juselius	677c37a6f7	ci: atlantis	2025-12-01 13:15:35 +00:00
mrtz	fb19b12f08	ci: atlantis	2025-12-01 13:13:35 +00:00
Radovan Bast	22dadc5f98	ci: makai	2025-12-01 12:50:32 +00:00
Radovan Bast	01b9d06509	ci: makai	2025-12-01 12:27:30 +00:00
juselius	cfd1d1b25d	ci: codex	2025-11-30 11:39:52 +00:00
juselius	b347410856	ci: sorcerer	2025-11-30 11:39:49 +00:00
juselius	5bcd21db11	ci: atlantis	2025-11-30 11:39:46 +00:00
juselius	86520433ea	ci: atlantis	2025-11-30 11:37:00 +00:00
mrtz	6ec1c19f80	Merge branch 'renovate/dragonfly-operator-1.x' into 'main' Update dragonfly-operator Docker tag to v1.3.1 See merge request oceanbox/manifests!51	2025-11-30 10:10:15 +01:00
Renovate Bot	fa0123336e	Update dragonfly-operator Docker tag to v1.3.1	2025-11-30 08:57:43 +00:00
mrtz	7f476a4650	fix(gatus): Don't remove url	2025-11-29 18:16:46 +01:00
mrtz	90469dbf85	fix(gatus): No alters for vtn	2025-11-29 18:15:31 +01:00
mrtz	d7bd0d50b5	fix(hs): Bump router version too	2025-11-29 16:40:24 +01:00
juselius	abb3203eea	ci: codex	2025-11-29 15:37:53 +00:00
juselius	ad10efd78e	ci: atlantis	2025-11-29 15:37:49 +00:00
juselius	fdc4702fbd	ci: sorcerer	2025-11-29 15:37:46 +00:00
simkir	b2c41a7b0e	ci: sorcerer	2025-11-29 15:34:02 +00:00
simkir	5e1024160a	ci: codex	2025-11-29 15:33:58 +00:00
simkir	06bd4f3e80	ci: atlantis	2025-11-29 15:33:52 +00:00
mrtz	12360be8ba	fix(sorcerer): Bump mem	2025-11-29 15:40:34 +01:00
mrtz	38b13658a9	fix(sorcerer): Change ingress	2025-11-29 15:37:42 +01:00
mrtz	bb0256ff3d	fix(sorcerer): Specify sc	2025-11-29 15:30:06 +01:00
mrtz	02497db6b2	fix(sorcerer): Correct pv secret	2025-11-29 15:25:23 +01:00
mrtz	9040a373a6	fix(sorcerer): No annotation on rossby	2025-11-29 15:24:20 +01:00
mrtz	51bb191001	fix(sorcerer): sorcerer.oceanbox.io isntead of adm.vtn.obx	2025-11-29 15:20:25 +01:00
mrtz	da271376ba	fix(sorcerer): Remove affinity for rossby	2025-11-29 15:18:42 +01:00
mrtz	62b13cbaa9	fix(sorcerer): Kustomize per cluster	2025-11-29 14:59:05 +01:00
mrtz	77a5af1c37	feat(sorcerer): Add prod for rossby	2025-11-29 14:56:28 +01:00
mrtz	4ef99c0ae4	fix(sorcerer): Typo	2025-11-29 14:49:26 +01:00
mrtz	654bf18126	fix(nfs): Disable on ekman	2025-11-29 14:46:16 +01:00
mrtz	39e393e222	fix(sorcerer): Add prod rossby	2025-11-29 14:34:05 +01:00
juselius	71d9109a7b	ci: sorcerer	2025-11-29 11:47:33 +00:00
juselius	f09ef6fe77	ci: codex	2025-11-29 11:47:30 +00:00
juselius	2c6d303ba3	ci: atlantis	2025-11-29 11:47:27 +00:00
stigrj	902cb061af	ci: atlantis	2025-11-29 11:41:56 +00:00
Radovan Bast	db4e3ce144	ci: makai	2025-11-28 14:34:32 +00:00
Radovan Bast	1301ce012f	ci: makai	2025-11-28 13:13:17 +00:00
juselius	9554e8694a	ci: sorcerer	2025-11-28 12:19:21 +00:00
juselius	6623c4557e	ci: codex	2025-11-28 12:19:18 +00:00
juselius	4f176674ac	ci: atlantis	2025-11-28 12:19:14 +00:00
mrtz	e093484918	ci: atlantis	2025-11-28 12:14:56 +00:00
mrtz	5541565c4b	ci: sorcerer	2025-11-28 11:53:43 +00:00
mrtz	ed531af09a	ci: atlantis	2025-11-28 11:53:40 +00:00
mrtz	cb5abae670	ci: codex	2025-11-28 11:12:13 +00:00
juselius	28f3c853a4	ci: codex	2025-11-28 09:25:16 +00:00
juselius	36d4305317	ci: sorcerer	2025-11-28 09:25:13 +00:00
juselius	bea2855df2	ci: atlantis	2025-11-28 09:25:10 +00:00
simkir	fff895eb64	ci: atlantis	2025-11-28 09:22:19 +00:00
juselius	b1bfe88fc7	ci: sorcerer	2025-11-27 17:57:39 +00:00
juselius	fe1e97d484	ci: atlantis	2025-11-27 17:57:37 +00:00
juselius	0d68590639	ci: codex	2025-11-27 17:57:34 +00:00
stigrj	bc2f2012b0	ci: atlantis	2025-11-27 17:51:44 +00:00
stigrj	0b32b0261c	ci: sorcerer	2025-11-27 17:51:41 +00:00
simkir	6d1758ca52	ci: codex	2025-11-27 14:07:03 +00:00
simkir	7a87a49108	Codex: Set correct ingress cluster-issuer	2025-11-27 14:48:38 +01:00
simkir	817e9ba478	Switch codex ingress issuer to cluster-ca	2025-11-27 14:35:27 +01:00
juselius	513f78d444	ci: atlantis	2025-11-27 13:19:14 +00:00
juselius	dbd0ae7b72	ci: sorcerer	2025-11-27 13:19:11 +00:00
juselius	e86436d4c7	ci: codex	2025-11-27 13:19:09 +00:00
mrtz	01c3c3880d	ci: atlantis	2025-11-27 13:12:08 +00:00
simkir	f8e18cfc41	Remove tailscale dns from codex tls hosts	2025-11-27 13:54:08 +01:00
simkir	163452b8c6	Try adding tailscale dns hostname for codex	2025-11-27 13:50:30 +01:00
simkir	24977a9a77	Add codex.dev.oceanbox.io to headscale dns	2025-11-27 13:50:30 +01:00
Radovan Bast	955fcfc073	ci: makai	2025-11-27 12:40:14 +00:00
simkir	2520f06b3b	ci: codex	2025-11-27 12:34:44 +00:00
juselius	32b991e8e4	ci: sorcerer	2025-11-27 12:25:38 +00:00
juselius	2d9318ce9d	ci: atlantis	2025-11-27 12:25:35 +00:00
juselius	5f24664961	ci: codex	2025-11-27 12:25:31 +00:00
mrtz	4303b7c29f	ci: atlantis	2025-11-27 12:22:30 +00:00
mrtz	bdc618cf50	ci: sorcerer	2025-11-27 12:22:27 +00:00
simkir	5ddb1a0f8c	Codex: Remove env vars	2025-11-27 13:16:48 +01:00
simkir	838c7f6b9d	Codex: Fix kustomize staging deployment patch	2025-11-27 13:15:00 +01:00
Moritz Jörg	24ccf8ab1a	fix(dapr): Undo dashboard ingress change	2025-11-27 12:55:20 +01:00
Moritz Jörg	17fd471973	chore(hs): Bump to next major stable	2025-11-27 12:54:04 +01:00
simkir	5089fb441b	Codex: Fix kustomize staging patches	2025-11-27 12:44:18 +01:00
simkir	5a2954cc6a	Codex: Fix kustomize staging deployment patch Add envFrom key as whole, I guess	2025-11-27 12:20:12 +01:00
simkir	80c2c82e32	Codex: Include base in staging kustomize	2025-11-27 12:13:45 +01:00
simkir	fd50da5b62	Set codex argo app project to atlantis	2025-11-27 11:11:04 +01:00
simkir	b07cf0f6c8	Add manifests source to codex argo app	2025-11-27 11:07:58 +01:00
simkir	27218a7970	Merge branch 'simkir/codex'	2025-11-27 11:01:17 +01:00
simkir	c007e2d796	ci: atlantis	2025-11-26 15:16:33 +00:00
simkir	67312b950c	ci: sorcerer	2025-11-26 15:16:30 +00:00
Radovan Bast	67d46b0bda	ci: makai	2025-11-26 11:46:49 +00:00
juselius	8f2233a608	fix: remove ekman/rossby.oceanbox.io from headscale dns. favor magicdns	2025-11-26 12:37:18 +01:00
Radovan Bast	43d4ad90d6	ci: makai	2025-11-26 10:52:30 +00:00
`@@ -1,3 +1,2 @@`
	`sorcerer:`	`sorcerer:`
	`enabled: true`	`enabled: true`