2025-06-10 17:45:51 +00:00
73 changed files with 1491 additions and 121 deletions
@@ -2,8 +2,8 @@
 helmfile () {
 tier=$2
 name=$1
 tier=$2
 cat <<EOF
 bases:
@@ -38,30 +38,11 @@ releases:
    showlogs: true
    command: ../bin/helmify
    args:
-    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{\`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}\`}}'
-    - '{{`{{ .Release.Chart }}`}}'
+    - '{{\`{{ .Release.Chart }}\`}}'
-    - '{{`{{ .Environment.Name }}`}}'
+    - '{{\`{{ .Environment.Name }}\`}}'
    - ../values/$name/manifests
    - _$name-manifests
 - name: $name-app
  namespace: argocd
  chart: _$name-app
  condition: $name.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/$name/values.yaml.gotmpl
  - ../values/$name/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/$name/app.yaml
    - _$name-app
 EOF
 }
@@ -47,11 +47,11 @@ releases:
  namespace: argocd
  chart: _argo
  condition: argo.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/argo/values.yaml.gotmpl
  - ../values/argo/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  missingFileHandler: Info
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: sys
 releases:
 - name: cert-manager
  namespace: {{ .Environment.Name }}-cert-manager
  chart: ../charts/cert-manager
  condition: cert-manager.enabled
  values:
  - ../values/cert-manager/values/cert-manager.yaml.gotmpl
  - ../values/cert-manager/values/cert-manager-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/cert-manager/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: cert-manager-manifests
  namespace: {{ .Environment.Name }}-cert-manager
  chart: _cert-manager-manifests
  condition: cert-manager.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/cert-manager/values.yaml.gotmpl
  - ../values/cert-manager/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/cert-manager/manifests
    - _cert-manager-manifests
@@ -39,6 +39,7 @@ releases:
  namespace: cilium
  chart: _cilium-manifests
  condition: cilium.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/cilium/values.yaml.gotmpl
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: dapr
    url: 'https://dapr.github.io/helm-charts/'
 commonLabels:
  tier: aux
 releases:
 - name: dapr
  namespace: dapr-system
  chart: dapr/dapr
  version: 1.14.4
  condition: dapr.enabled
  values:
  - ../values/dapr/values/dapr.yaml.gotmpl
  - ../values/dapr/values/dapr-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/dapr/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: dapr-manifests
  namespace: dapr
  chart: _dapr-manifests
  condition: dapr.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/dapr/values.yaml.gotmpl
  - ../values/dapr/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/dapr/manifests
    - _dapr-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: aux
 releases:
 - name: geoserver
  namespace: {{ .Environment.Name }}-geoserver
  chart: ../charts/geoserver
  condition: geoserver.enabled
  values:
  - ../values/geoserver/values/geoserver.yaml.gotmpl
  - ../values/geoserver/values/geoserver-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/geoserver/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: geoserver-manifests
  namespace: {{ .Environment.Name }}-geoserver
  chart: _geoserver-manifests
  condition: geoserver.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/geoserver/values.yaml.gotmpl
  - ../values/geoserver/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/geoserver/manifests
    - _geoserver-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: aux
 releases:
 - name: headscale
  namespace: {{ .Environment.Name }}-headscale
  chart: ../charts/headscale
  condition: headscale.enabled
  values:
  - ../values/headscale/values/headscale.yaml.gotmpl
  - ../values/headscale/values/headscale-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/headscale/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: headscale-manifests
  namespace: {{ .Environment.Name }}-headscale
  chart: _headscale-manifests
  condition: headscale.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/headscale/values.yaml.gotmpl
  - ../values/headscale/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/headscale/manifests
    - _headscale-manifests
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: ingress-nginx
    url: 'https://kubernetes.github.io/ingress-nginx'
 commonLabels:
  tier: sys
 releases:
 - name: ingress-nginx
  namespace: ingress-nginx
  chart: ingress-nginx/ingress-nginx
  version: 4.8.3
  condition: nginx.enabled
  values:
  - ../values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
  - ../values/ingress-nginx/values/ingress-nginx-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/ingress-nginx/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: ingress-nginx-manifests
  namespace: ingress-nginx
  chart: _ingress-nginx-manifests
  condition: nginx.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/ingress-nginx/values.yaml.gotmpl
  - ../values/ingress-nginx/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/ingress-nginx/manifests
    - _ingress-nginx-manifests
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: keycloak
    url: 'https://charts.bitnami.com/bitnami'
 commonLabels:
  tier: aux
 releases:
 - name: keycloak
  namespace: keycloak
  chart: keycloak/keycloak
  version: 24.0.2
  condition: keycloak.enabled
  values:
  - ../values/keycloak/values/keycloak.yaml.gotmpl
  - ../values/keycloak/values/keycloak-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/keycloak/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: keycloak-manifests
  namespace: keycloak
  chart: _keycloak-manifests
  condition: keycloak.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/keycloak/values.yaml.gotmpl
  - ../values/keycloak/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/keycloak/manifests
    - _keycloak-manifests
@@ -28,11 +28,11 @@ releases:
  namespace: kyverno
  chart: _kyverno-manifests
  condition: kyverno.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/kyverno/values.yaml.gotmpl
  - ../values/kyverno/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  missingFileHandler: Info
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: loki
    url: 'https://grafana.github.io/helm-charts'
 commonLabels:
  tier: sys
 releases:
 - name: loki
  namespace: loki
  chart: loki/loki
  version: 6.12.0
  condition: loki.enabled
  values:
  - ../values/loki/values/loki.yaml.gotmpl
  - ../values/loki/values/loki-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/loki/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: loki-manifests
  namespace: loki
  chart: _loki-manifests
  condition: loki.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/loki/values.yaml.gotmpl
  - ../values/loki/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/loki/manifests
    - _loki-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: sys
 releases:
 - name: metricsserver
  namespace: {{ .Environment.Name }}-metricsserver
  chart: ../charts/metricsserver
  condition: metricsserver.enabled
  values:
  - ../values/metricsserver/values/metricsserver.yaml.gotmpl
  - ../values/metricsserver/values/metricsserver-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/metricsserver/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: metricsserver-manifests
  namespace: {{ .Environment.Name }}-metricsserver
  chart: _metricsserver-manifests
  condition: metricsserver.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/metricsserver/values.yaml.gotmpl
  - ../values/metricsserver/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/metricsserver/manifests
    - _metricsserver-manifests
@@ -0,0 +1,41 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: openfga
    url: 'https://openfga.github.io/helm-charts'
 commonLabels:
  tier: aux
 releases:
 - name: openfga
  namespace: {{ .Environment.Name }}-openfga
  chart: openfga/openfga
  condition: openfga.enabled
  values:
  - ../values/openfga/values/openfga.yaml.gotmpl
  - ../values/openfga/values/openfga-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/openfga/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: openfga-manifests
  namespace: {{ .Environment.Name }}-openfga
  chart: _openfga-manifests
  condition: openfga.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/openfga/values.yaml.gotmpl
  - ../values/openfga/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/openfga/manifests
    - _openfga-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: sys
 releases:
 - name: otel-collector
  namespace: {{ .Environment.Name }}-otel-collector
  chart: ../charts/otel-collector
  condition: otel-collector.enabled
  values:
  - ../values/otel-collector/values/otel-collector.yaml.gotmpl
  - ../values/otel-collector/values/otel-collector-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/otel-collector/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: otel-collector-manifests
  namespace: {{ .Environment.Name }}-otel-collector
  chart: _otel-collector-manifests
  condition: otel-collector.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/otel-collector/values.yaml.gotmpl
  - ../values/otel-collector/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/otel-collector/manifests
    - _otel-collector-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: aux
 releases:
 - name: plausible
  namespace: {{ .Environment.Name }}-plausible
  chart: ../charts/plausible
  condition: plausible.enabled
  values:
  - ../values/plausible/values/plausible.yaml.gotmpl
  - ../values/plausible/values/plausible-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/plausible/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: plausible-manifests
  namespace: {{ .Environment.Name }}-plausible
  chart: _plausible-manifests
  condition: plausible.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/plausible/values.yaml.gotmpl
  - ../values/plausible/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/plausible/manifests
    - _plausible-manifests
@@ -28,11 +28,11 @@ releases:
  namespace: cnpg
  chart: _postgres-operator-manifests
  condition: postgres_operator.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/postgres-operator/values.yaml.gotmpl
  - ../values/postgres-operator/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  missingFileHandler: Info
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
@@ -25,6 +25,7 @@ releases:
  namespace: prometheus
  chart: _prometheus-manifests
  condition: prometheus.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/prometheus/values.yaml.gotmpl
@@ -37,6 +38,6 @@ releases:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
-    - ../values/prometheus/prometheus-manifests
+    - ../values/prometheus/manifests
    - _prometheus-manifests
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: rabbitmq
    url: 'https://charts.bitnami.com/bitnami'
 commonLabels:
  tier: aux
 releases:
 - name: rabbitmq
  namespace: {{ .Environment.Name }}-rabbitmq
  chart: rabbitmq/rabbitmq
  version: 12.9.0
  condition: rabbitmq.enabled
  values:
  - ../values/rabbitmq/values/rabbitmq.yaml.gotmpl
  - ../values/rabbitmq/values/rabbitmq-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/rabbitmq/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: rabbitmq-manifests
  namespace: {{ .Environment.Name }}-rabbitmq
  chart: _rabbitmq-manifests
  condition: rabbitmq.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/rabbitmq/values.yaml.gotmpl
  - ../values/rabbitmq/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/rabbitmq/manifests
    - _rabbitmq-manifests
@@ -0,0 +1,42 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
  - name: redis
    url: 'https://charts.bitnami.com/bitnami'
 commonLabels:
  tier: aux
 releases:
 - name: redis
  namespace: {{ .Environment.Name }}-redis
  chart: redis/redis
  condition: redis.enabled
  version: 19.5.2
  values:
  - ../values/redis/values/redis.yaml.gotmpl
  - ../values/redis/values/redis-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/redis/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: redis-manifests
  namespace: {{ .Environment.Name }}-redis
  chart: _redis-manifests
  condition: redis.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/redis/values.yaml.gotmpl
  - ../values/redis/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/redis/manifests
    - _redis-manifests
@@ -0,0 +1,43 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 repositories:
 - name: tempo
  url: 'https://grafana.github.io/helm-charts'
 commonLabels:
  tier: sys
 releases:
 - name: tempo
  namespace: tempo
  chart: tempo/tempo
  version: 0.14.0
  condition: tempo.enabled
  values:
  - ../values/tempo/values/tempo.yaml.gotmpl
  - ../values/tempo/values/tempo-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/tempo/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: tempo-manifests
  namespace: tempo
  chart: _tempo-manifests
  condition: tempo.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/tempo/values.yaml.gotmpl
  - ../values/tempo/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/tempo/manifests
    - _tempo-manifests
@@ -25,11 +25,11 @@ releases:
  namespace: velero
  chart: _velero-manifests
  condition: velero.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/velero/values.yaml.gotmpl
  - ../values/velero/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  missingFileHandler: Info
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: sys
 releases:
 - name: wordpress
  namespace: {{ .Environment.Name }}-wordpress
  chart: ../charts/wordpress
  condition: wordpress.enabled
  values:
  - ../values/wordpress/values/wordpress.yaml.gotmpl
  - ../values/wordpress/values/wordpress-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/wordpress/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: wordpress-manifests
  namespace: {{ .Environment.Name }}-wordpress
  chart: _wordpress-manifests
  condition: wordpress.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/wordpress/values.yaml.gotmpl
  - ../values/wordpress/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/wordpress/manifests
    - _wordpress-manifests
@@ -0,0 +1,37 @@
 bases:
 - ../envs/environments.yaml.gotmpl
 commonLabels:
  tier: sys
 releases:
 - name: x509-exporter
  namespace: {{ .Environment.Name }}-x509-exporter
  chart: ../charts/x509-exporter
  condition: x509-exporter.enabled
  values:
  - ../values/x509-exporter/values/x509-exporter.yaml.gotmpl
  - ../values/x509-exporter/values/x509-exporter-{{ .Environment.Name }}.yaml.gotmpl
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/x509-exporter/kustomize/{{ .Environment.Name }}
  missingFileHandler: Info
 - name: x509-exporter-manifests
  namespace: {{ .Environment.Name }}-x509-exporter
  chart: _x509-exporter-manifests
  condition: x509-exporter.enabled
  missingFileHandler: Info
  values:
  - ../values/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml
  - ../values/x509-exporter/values.yaml.gotmpl
  - ../values/x509-exporter/values-{{ requiredEnv "CLUSTER_NAME" }}.yaml.gotmpl
  hooks:
  - events: [ prepare, cleanup ]
    showlogs: true
    command: ../bin/helmify
    args:
    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
    - '{{`{{ .Release.Chart }}`}}'
    - '{{`{{ .Environment.Name }}`}}'
    - ../values/x509-exporter/manifests
    - _x509-exporter-manifests
@@ -2,11 +2,12 @@
 default:
  just --list -u
-# NOTE: Render a specifc helm chart
+# Lint a specifc helm chart
-r HELMFILE ENV:
+l HELMFILE ENV="default":
  # helmfile --environment={{ENV}} lint --args --quiet --skip-deps --skip-refresh -f helmfile.d/{{HELMFILE}}.yaml.gotmpl
  helmfile --environment={{ENV}} lint --args --quiet -f helmfile.d/{{HELMFILE}}.yaml.gotmpl
-#
+
-# NOTE: Render charts for one environment
+# NOTE: Render a specifc helm chart
-# render ENV="staging":
+r HELMFILE ENV="default":
  helmfile --environment={{ENV}} template -q -f helmfile.d/{{HELMFILE}}.yaml.gotmpl --output-dir-template="../_manifests/{{HELMFILE}}/{{ENV}}/{{{{.Release.Name }}"
@@ -0,0 +1,38 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: dapr
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: dapr-system
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/dapr
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: default
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.dapr.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,2 @@
 dapr:
    enabled: true
@@ -0,0 +1,3 @@
 global:
  ha:
   enabled: true
@@ -0,0 +1,31 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: ingress-nginx
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 spec:
  destination:
    namespace: ingress-nginx
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/ingress-nginx
    plugin:
      name: helmfile
      env:
        - name: CLUSTER_NAME
          value: {{ .Values.clusterConfig.cluster }}
  project: sys
  syncPolicy:
    syncOptions:
    - ServerSideApply=true
    {{- if .Values.nginx.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,9 @@
 nginx:
  enabled: true
  autosync: true
  pdb:
    minAvailable: 1
  resources:
    controller:
      cpu: "100m"
      memory: "100Mi"
@@ -0,0 +1,98 @@
 ## nginx configuration
 ## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
 ##
 ## Overrides for generated resource names
 # See templates/_helpers.tpl
 # nameOverride:
 fullnameOverride: main-ingress-nginx
 controller:
  resources:
    limits:
      memory: {{ .Values.nginx.resources.controller.memory }}
    requests:
      cpu: {{ .Values.nginx.resources.controller.cpu }}
      memory: {{ .Values.nginx.resources.controller.memory }}
  ingressClassResource:
    default: true
  tolerations:
   - key: unschedulable
     operator: Exists
     effect: NoSchedule
   - key: node-role.kubernetes.io/control-plane
     operator: Exists
     effect: NoSchedule
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: kubernetes.io/hostname
            operator: In
            values: {{ .Values.clusterConfig.ingress_nodes }}
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: app.kubernetes.io/instance
            operator: In
            values:
            - ingress-nginx
          - key: app.kubernetes.io/component
            operator: In
            values:
            - controller
        topologyKey: "kubernetes.io/hostname"
  podAnnotations:
    config.linkerd.io/skip-inbound-ports: 80,443
  replicaCount: {{ .Values.clusterConfig.ingress_replica_count }}
  minAvailable: {{ .Values.nginx.pdb.minAvailable }}
  service:
    externalTrafficPolicy: Local
    # type: ClusterIP
    type: NodePort
    # nodePorts:
    #   http: 32080
    #   https: 32443
    #   tcp:
    #     8080: 32808
    nodePorts:
      http: 30080
      https: 30443
      tcp: {}
      udp: {}
  metrics:
    enabled: true
    service:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "10254"
      servicePort: 9913
      type: ClusterIP
    serviceMonitor:
      enabled: true
  admissionWebhooks:
    enabled: false
 ## Default 404 backend
 ##
 defaultBackend:
  enabled: true
  tolerations:
   - key: unschedulable
     operator: Exists
     effect: NoSchedule
@@ -0,0 +1,40 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 {{- range .Values.keycloak.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ . }}-keycloak 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: keycloak
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/keycloak
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: aux
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.keycloak.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,2 @@
 keycloak:
    enabled: true
@@ -0,0 +1,38 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: loki 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: loki
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/loki
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.loki.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,16 @@
 loki:
  enabled: true
  autosync: true
  compactor: false
  s3:
    endpoint: ""
    region: ""
    insecure_skip_verify: false
  secret:
    name: ""
    access_key: ""
    access_secret: ""
  buckets:
    chunks: ""
    ruler: ""
    admin: ""
@@ -0,0 +1,103 @@
 loki:
  auth_enabled: false
  storage:
    bucketNames:
      chunks: {{ .Values.loki.buckets.chunks }}
      ruler: {{ .Values.loki.buckets.ruler }}
      admin: {{ .Values.loki.buckets.admin }}
    s3:
      endpoint: {{ .Values.loki.s3.endpoint | default "https://s3.production.itpartner.no" }}
      region: {{ .Values.loki.s3.region | default "us-east-1" }}
      secretAccessKey: ${S3SECRET}
      accessKeyId: ${S3KEY}
      s3ForcePathStyle: true
      {{- if .Values.loki.s3.insecure_skip_verify }}
      http_config:
        insecure_skip_verify: true
      {{- end }}
  schemaConfig:
    configs:
    - from: "2022-09-28"
      index:
        period: 24h
        prefix: loki_index_
      object_store: s3
      schema: v13
      store: tsdb
  {{- if .Values.loki.compactor }}
  compactor:
    compaction_interval: 10m
    working_directory: /tmp/loki/compactor
    retention_enabled: true
    retention_delete_delay: 2h
    retention_delete_worker_count: 150
    delete_request_store: s3
  {{- end }}
 write:
  extraArgs:
    - -config.expand-env=true
  extraEnv:
  - name: S3KEY
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_key" }}
  - name: S3SECRET
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
  tolerations:
  - effect: "NoSchedule"
    operator: "Equal"
    key: "unschedulable"
    value: "true"
 read:
  extraArgs:
    - -config.expand-env=true
  extraEnv:
  - name: S3KEY
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_key" }}
  - name: S3SECRET
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
  tolerations:
  - effect: "NoSchedule"
    operator: "Equal"
    key: "unschedulable"
    value: "true"
 {{- if .Values.loki.compactor }}
 compactor:
  extraArgs:
    - -config.expand-env=true
  extraEnv:
  - name: S3KEY
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_key" }}
  - name: S3SECRET
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
 {{- end }}
 backend:
  extraArgs:
    - -config.expand-env=true
  extraEnv:
  - name: S3KEY
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_key" }}
  - name: S3SECRET
    valueFrom:
      secretKeyRef:
        name: {{ .Values.loki.secret.name | default "s3-credentials"}}
        key: {{ .Values.loki.secret.access_key | default "access_secret" }}
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - _manifest.yaml
@@ -0,0 +1,40 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 {{- range .Values.openfga.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ . }}-openfga 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: openfga
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/openfga
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.openfga.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,5 @@
 openfga:
  enabled: true
  envs:
  - prod
  - staging
@@ -5,23 +5,23 @@ datastore:
  uriSecret: prod-openfga-db-superuser
  migrationType: initContainer
-postgresql:
+#postgresql:
-  enabled: false
+#  enabled: false
-
+#
-playground:
+#playground:
-  enabled: false
+#  enabled: false
-
+#
-telemetry:
+#telemetry:
-  metrics:
+#  metrics:
-    enabled: true
+#    enabled: true
-    serviceMonitor:
+#    serviceMonitor:
-      enabled: true
+#      enabled: true
-    enableRPCHistograms: true
+#    enableRPCHistograms: true
-  trace:
+#  trace:
-    enabled: true
+#    enabled: true
-    otlp:
+#    otlp:
-      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+#      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
-    sampleRatio: 0.1
+#    sampleRatio: 0.1
 ingress:
  enabled: true
@@ -55,3 +55,4 @@ extraObjects:
     backup:
       retentionPolicy: 60d
       target: prefer-standby
@@ -5,23 +5,23 @@ datastore:
  uriSecret: staging-openfga-db-superuser
  migrationType: initContainer
-postgresql:
+#postgresql:
-  enabled: false
+#  enabled: false
-
+#
-playground:
+#playground:
-  enabled: false
+#  enabled: false
-
+#
-telemetry:
+#telemetry:
-  metrics:
+#  metrics:
-    enabled: true
+#    enabled: true
-    serviceMonitor:
+#    serviceMonitor:
-      enabled: true
+#      enabled: true
-    enableRPCHistograms: true
+#    enableRPCHistograms: true
-  trace:
+#  trace:
-    enabled: true
+#    enabled: true
-    otlp:
+#    otlp:
-      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
+#      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
-    sampleRatio: 0.1
+#    sampleRatio: 0.1
 ingress:
  enabled: true
@@ -76,3 +76,4 @@ extraObjects:
        sslRootCert:
          key: ca.crt
          name: prod-openfga-db-ca
@@ -0,0 +1,17 @@
 postgresql:
  enabled: false
 playground:
  enabled: false
 telemetry:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
    enableRPCHistograms: true
  trace:
    enabled: true
    otlp:
      endpoint: opentelemetry-collector.otel.svc.cluster.local:4317
    sampleRatio: 0.1
@@ -0,0 +1,40 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 {{- range .Values.rabbitmq.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ . }}-rabbitmq 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: {{ . }}-rabbitmq
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/rabbitmq
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: aux
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.rabbitmq.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
 {{- end }}
@@ -0,0 +1,2 @@
 rabbitmq:
 enabled: true
@@ -5,7 +5,7 @@ auth:
  existingPasswordSecret: prod-rabbitmq
  password: ""
  username: user
-clusterDomain: cluster.local
+#clusterDomain: cluster.local
 ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
@@ -22,11 +22,10 @@ ingress:
  secrets: []
  selfSigned: false
  tls: true
-persistence:
+#persistence:
-  accessModes:
+#  accessModes:
-  - ReadWriteOnce
+#  - ReadWriteOnce
-  enabled: true
+#  enabled: true
-  existingClaim: ""
+#  existingClaim: ""
-  size: 8Gi
+#  size: 8Gi
-  storageClass: ""
+#  storageClass: ""
@@ -5,7 +5,7 @@ auth:
  existingPasswordSecret: staging-rabbitmq
  password: ""
  username: user
-clusterDomain: cluster.local
+#clusterDomain: cluster.local
 ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
@@ -28,11 +28,11 @@ ingress:
  secrets: []
  selfSigned: false
  tls: true
-persistence:
+#persistence:
-  accessModes:
+#  accessModes:
-  - ReadWriteOnce
+#  - ReadWriteOnce
-  enabled: true
+#  enabled: true
-  existingClaim: ""
+#  existingClaim: ""
-  size: 8Gi
+#  size: 8Gi
-  storageClass: ""
+#  storageClass: ""
@@ -0,0 +1,8 @@
 clusterDomain: cluster.local
 persistence:
  accessModes:
  - ReadWriteOnce
  enabled: true
  existingClaim: ""
  size: 8Gi
  storageClass: ""
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - _manifest.yaml
@@ -0,0 +1,5 @@
 generatorOptions:
  disableNameSuffixHash: true
 resources:
  - ../base
  - nodeport.yaml
@@ -0,0 +1,6 @@
 generatorOptions:
  disableNameSuffixHash: true
 resources:
  - ../base
  - nodeport.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: stagin-redis-nodeport
+  name: staging-redis-nodeport
 spec:
  externalTrafficPolicy: Cluster
  ports:
@@ -0,0 +1,45 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 {{- range .Values.redis.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: {{ . }}-redis 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: {{ . }}-redis
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/redis
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: aux
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: aux
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.redis.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
  ignoreDifferences:
    - group: apps
      kind: StatefulSet
      jqPathExpressions:
        - '.spec.template.spec.containers[].resources.limits.cpu'
 {{- end }}
 {{- end }}
@@ -0,0 +1,5 @@
 redis:
  enabled: true 
  envs:
  - prod
  - staging
@@ -17,21 +17,20 @@ replica:
  #   - "--loadmodule"
  #   - "/opt/redis-stack/lib/rejson.so"
-auth:
+#auth:
-  enabled: true
+#  enabled: true
-  sentinel: true
+#  sentinel: true
-  password: ""
+#  password: ""
-  usePasswordFiles: false
+#  usePasswordFiles: false
-  existingSecretPasswordKey: ""
+#  existingSecretPasswordKey: ""
-  # existingSecret: staging-redis
+#  # existingSecret: prod-redis
 master:
  resources:
    limits:
      ephemeral-storage: 1024Mi
      memory: 192Mi
    requests:
      cpu: 150m
      ephemeral-storage: 50Mi
      memory: 128Mi
 #master:
 #  resources:
 #    limits:
 #      ephemeral-storage: 1024Mi
 #      memory: 192Mi
 #    requests:
 #      cpu: 150m
 #      ephemeral-storage: 50Mi
 #      memory: 128Mi
@@ -17,21 +17,20 @@ replica:
  #   - "--loadmodule"
  #   - "/opt/redis-stack/lib/rejson.so"
-auth:
+#auth:
-  enabled: true
+#  enabled: true
-  sentinel: true
+#  sentinel: true
-  password: ""
+#  password: ""
-  usePasswordFiles: false
+#  usePasswordFiles: false
-  existingSecretPasswordKey: ""
+#  existingSecretPasswordKey: ""
-  # existingSecret: staging-redis
+#  # existingSecret: staging-redis
 master:
  resources:
    limits:
      ephemeral-storage: 1024Mi
      memory: 192Mi
    requests:
      cpu: 150m
      ephemeral-storage: 50Mi
      memory: 128Mi
 #master:
 #  resources:
 #    limits:
 #      ephemeral-storage: 1024Mi
 #      memory: 192Mi
 #    requests:
 #      cpu: 150m
 #      ephemeral-storage: 50Mi
 #      memory: 128Mi
@@ -0,0 +1,17 @@
 auth:
  enabled: true
  sentinel: true
  password: ""
  usePasswordFiles: false
  existingSecretPasswordKey: ""
  # existingSecret: prod-redis
 master:
  resources:
    limits:
      ephemeral-storage: 1024Mi
      memory: 192Mi
    requests:
      cpu: 150m
      ephemeral-storage: 50Mi
      memory: 128Mi
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - _manifest.yaml
@@ -0,0 +1,4 @@
 generatorOptions:
  disableNameSuffixHash: true
 resources:
  - ../base
@@ -0,0 +1,38 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: tempo 
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: tempo
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/tempo
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.tempo.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,12 @@
 tempo:
  enabled: true
  autosync: true
  s3:
    endpoint: ""
    region: ""
    insecure_skip_verify: false
  secret:
    name: ""
    access_key: ""
    access_secret: ""
  bucketName: ""
@@ -0,0 +1,53 @@
 tempo:
    reportingEnabled: false
    storage:
    trace:
        backend: s3
        s3:
        bucket: {{ .Values.tempo.bucketName | default "tempo-traces" }}
        endpoint: {{ .Values.tempo.s3.endpoint | default "https://s3.production.itpartner.no" }}
        prefix: traces
        access_key: ${S3KEY}
        secret_key: ${S3SECRET}
        forcepathstyle: true
        region: us-east-1
        {{- if .Values.tempo.s3.insecure_skip_verify }}
        tls_insecure_skip_verify: true
        {{- end }}
        local:
        path: /var/tempo/traces
        wal:
        path: /var/tempo/wal
    metricsGenerator:
    enabled: true
    remoteWriteUrl: "http://prom-prometheus.prometheus:9090/api/v1/write"
    extraArgs: { config.expand-env=true }
    extraEnv:
    - name: S3KEY
    valueFrom:
        secretKeyRef:
        name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
        key: {{ .Values.tempo.secret.access_key | default "access_key" }}
    - name: S3SECRET
    valueFrom:
        secretKeyRef:
        name: {{ .Values.tempo.secret.name | default "s3-credentials"}}
        key: {{ .Values.tempo.secret.access_key | default "access_secret" }}
 tempoQuery:
    ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
        cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }}
        nginx.ingress.kubernetes.io/ssl-redirect: "true"
        {{- with .Values.cluster_config.ingress_whitelist_ips }}
        nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }}
        {{- end }}
    path: /
    pathType: Prefix
    hosts:
        - query.tempo.{{ .Values.cluster_config.domain }}
    tls:
        - secretName: tempo-query-tls
        hosts:
            - query.tempo.{{ .Values.cluster_config.domain }}
@@ -0,0 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - _manifest.yaml
@@ -0,0 +1,4 @@
 generatorOptions:
  disableNameSuffixHash: true
 resources:
  - ../base
@@ -0,0 +1,38 @@
 {{- if .Values.clusterConfig.argo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: x509-exporter
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  destination:
    namespace: x509-exporter
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfiles/x509-exporter
    plugin:
      name: helmfile
      env:
      - name: CLUSTER_NAME
        value: {{ .Values.clusterConfig.cluster }}
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      # - ServerSideApply=true
    {{- if .Values.x509_exporter.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
 {{- end }}
@@ -0,0 +1,4 @@
 x509_exporter:
  enabled: true
  autosync: true
  alerts: true
@@ -0,0 +1,16 @@
 secretsExporter:
    excludeNamespaces:
    - sealed-secrets
    excludeLabels:
    - cert-manager.io/*
    resources:
    limits:
        memory: 100Mi
    requests:
        cpu: 20m
        memory: 100Mi
 prometheusServiceMonitor:
    extraLabels:
    k8s-app: x509-exporter
 prometheusRules:
    create: false