From de5ce17f28cc8d51f8d0a8a404006480deec5a6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 13 Nov 2025 16:33:08 +0100 Subject: [PATCH 1/5] feat(sorcerer): Add beta instance --- .../sorcerer/kustomize/beta/appsettings.json | 76 ++++++++++++ .../beta/archives-backup-volume.yaml | 35 ++++++ .../kustomize/beta/configurations.yaml | 20 +++ values/sorcerer/kustomize/beta/default.env | 1 + .../kustomize/beta/deployment_patch.yaml | 13 ++ values/sorcerer/kustomize/beta/keyvault.yaml | 22 ++++ .../kustomize/beta/kustomization.yaml | 23 ++++ values/sorcerer/kustomize/beta/pv.yaml | 22 ++++ values/sorcerer/kustomize/beta/pvc.yaml | 18 +++ values/sorcerer/kustomize/beta/rbac.yaml | 39 ++++++ values/sorcerer/kustomize/beta/secrets.yaml | 15 +++ .../sorcerer/kustomize/beta/secretstore.yaml | 10 ++ .../sorcerer/kustomize/beta/statestore.yaml | 22 ++++ values/sorcerer/kustomize/beta/tracing.yaml | 11 ++ values/sorcerer/values/values-beta.yaml | 115 ++++++++++++++++++ 15 files changed, 442 insertions(+) create mode 100644 values/sorcerer/kustomize/beta/appsettings.json create mode 100644 values/sorcerer/kustomize/beta/archives-backup-volume.yaml create mode 100644 values/sorcerer/kustomize/beta/configurations.yaml create mode 100644 values/sorcerer/kustomize/beta/default.env create mode 100644 values/sorcerer/kustomize/beta/deployment_patch.yaml create mode 100644 values/sorcerer/kustomize/beta/keyvault.yaml create mode 100644 values/sorcerer/kustomize/beta/kustomization.yaml create mode 100644 values/sorcerer/kustomize/beta/pv.yaml create mode 100644 values/sorcerer/kustomize/beta/pvc.yaml create mode 100644 values/sorcerer/kustomize/beta/rbac.yaml create mode 100644 values/sorcerer/kustomize/beta/secrets.yaml create mode 100644 values/sorcerer/kustomize/beta/secretstore.yaml create mode 100644 values/sorcerer/kustomize/beta/statestore.yaml create mode 100644 values/sorcerer/kustomize/beta/tracing.yaml create mode 100644 values/sorcerer/values/values-beta.yaml diff --git a/values/sorcerer/kustomize/beta/appsettings.json b/values/sorcerer/kustomize/beta/appsettings.json new file mode 100644 index 00000000..2beddb28 --- /dev/null +++ b/values/sorcerer/kustomize/beta/appsettings.json @@ -0,0 +1,76 @@ +{ + "oidc": { + "issuer": "https://auth.oceanbox.io/realms/oceanbox", + "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", + "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", + "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", + "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", + "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", + "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", + "clientId": "sorcerer", + "clientSecret": "", + "scopes": [ + "openid", + "email", + "offline_access", + "profile" + ], + "audiences": [ + "atlantis", + "atlantis_dev", + "sorcerer", + "sorcerer_dev" + ] + }, + "sso": { + "cookieDomain": ".oceanbox.io", + "cookieName": ".obx.beta", + "ttl": 12.0, + "signedOutRedirectUri": "https://maps.beta.oceanbox.io", + "realm": "atlantis", + "environment": "beta", + "keyStore": { + "kind": "azure", + "uri": "https://atlantis.blob.core.windows.net", + "key": "dataprotection-keys" + }, + "keyVault": { + "kind": "azure", + "uri": "https://atlantisvault.vault.azure.net", + "key": "dataencryption-keys" + } + }, + "plainAuthUsers": [], + "fga": { + "apiUrl": "https://openfga.srv.oceanbox.io", + "apiKey": "", + "storeId": "01JKTZXMP7ANN4GG2P5W8Y56M6", + "modelId": "01JKTZYMCZZBVSBG66W27XMW0A" + }, + "sentryUrl": "https://5e6e3584098dc006de18038cf85d2cbe@o4509530141622272.ingest.de.sentry.io/4509547350065232", + "redis": "beta-sorcerer-redis:6379,user=default,password=secret", + "allowedOrigins": [ + "http://localhost:8085", + "http://localhost:8080", + "https://localhost:8080", + "https://sorcerer.data.oceanbox.io", + "https://sorcerer.ekman.oceanbox.io", + "https://sorcerer.local.oceanbox.io:8080", + "https://atlantis.local.oceanbox.io:8080", + "https://maps.oceanbox.io", + "https://maps.beta.oceanbox.io", + "https://atlantis.beta.oceanbox.io", + "https://jonas-atlantis.dev.oceanbox.io", + "https://stig-atlantis.dev.oceanbox.io", + "https://prod-sorcerer.ekman.oceanbox.io", + "http://prod-sorcerer.ekman.oceanbox.io" + ], + "appName": "sorcerer", + "appEnv": "beta", + "appNamespace": "beta-sorcerer", + "appVersion": "0.0.0", + "otelCollector": "http://10.255.241.12:4317", + "archiveSvc": "https://maps.beta.oceanbox.io", + "dataDir": "/data/archives", + "cacheDir": "/data/archives/cache" +} diff --git a/values/sorcerer/kustomize/beta/archives-backup-volume.yaml b/values/sorcerer/kustomize/beta/archives-backup-volume.yaml new file mode 100644 index 00000000..84e20b2c --- /dev/null +++ b/values/sorcerer/kustomize/beta/archives-backup-volume.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-beta-backup-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 400T + local: + path: /backup/archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - ekman +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: beta-oceanbox-backup-archives +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 400T + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-beta-backup-archives diff --git a/values/sorcerer/kustomize/beta/configurations.yaml b/values/sorcerer/kustomize/beta/configurations.yaml new file mode 100644 index 00000000..3131d2c8 --- /dev/null +++ b/values/sorcerer/kustomize/beta/configurations.yaml @@ -0,0 +1,20 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: configstore +spec: + type: configuration.redis + version: v1 + metadata: + - name: redisHost + value: beta-sorcerer-redis:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: beta-sorcerer-redis + key: redis-password + - name: redisDB + value: "1" +scopes: + - beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/default.env b/values/sorcerer/kustomize/beta/default.env new file mode 100644 index 00000000..2dfb0bd0 --- /dev/null +++ b/values/sorcerer/kustomize/beta/default.env @@ -0,0 +1 @@ +SEQ_APIKEY=7iIXHJukYjSLQDix6CnZ diff --git a/values/sorcerer/kustomize/beta/deployment_patch.yaml b/values/sorcerer/kustomize/beta/deployment_patch.yaml new file mode 100644 index 00000000..b5d99932 --- /dev/null +++ b/values/sorcerer/kustomize/beta/deployment_patch.yaml @@ -0,0 +1,13 @@ +- op: replace + path: /spec/template/spec/containers/0/volumeMounts/0/mountPath + value: /data +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: azure-keyvault +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: beta-sorcerer-env diff --git a/values/sorcerer/kustomize/beta/keyvault.yaml b/values/sorcerer/kustomize/beta/keyvault.yaml new file mode 100644 index 00000000..a8b2ce2a --- /dev/null +++ b/values/sorcerer/kustomize/beta/keyvault.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azure-keyvault +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: atlantisvault + - name: azureTenantId + secretKeyRef: + name: azure-keyvault + key: AZURE_TENANT_ID + - name: azureClientId + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_ID + - name: azureClientSecret + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_SECRET \ No newline at end of file diff --git a/values/sorcerer/kustomize/beta/kustomization.yaml b/values/sorcerer/kustomize/beta/kustomization.yaml new file mode 100644 index 00000000..1bb40a9a --- /dev/null +++ b/values/sorcerer/kustomize/beta/kustomization.yaml @@ -0,0 +1,23 @@ +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: prod-sorcerer-appsettings + files: + - appsettings.json +patches: +- target: + group: apps + version: v1 + kind: Deployment + path: deployment_patch.yaml +resources: +- ../base +- pv.yaml +- pvc.yaml +- secrets.yaml +- configurations.yaml +- keyvault.yaml +- rbac.yaml +- secretstore.yaml +- statestore.yaml +- tracing.yaml \ No newline at end of file diff --git a/values/sorcerer/kustomize/beta/pv.yaml b/values/sorcerer/kustomize/beta/pv.yaml new file mode 100644 index 00000000..8ea2acf6 --- /dev/null +++ b/values/sorcerer/kustomize/beta/pv.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-beta-sorcerer-ceph-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + csi: + driver: rook-ceph.cephfs.csi.ceph.com + nodeStageSecretRef: + name: rook-csi-cephfs-node + namespace: rook-ceph + volumeAttributes: + clusterID: rook-ceph + fsName: data + rootPath: / + staticVolume: "true" + volumeHandle: pv-beta-sorcerer-ceph-archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem diff --git a/values/sorcerer/kustomize/beta/pvc.yaml b/values/sorcerer/kustomize/beta/pvc.yaml new file mode 100644 index 00000000..b949575b --- /dev/null +++ b/values/sorcerer/kustomize/beta/pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: beta-sorcerer-ceph-archives +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-beta-sorcerer-ceph-archives +status: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi diff --git a/values/sorcerer/kustomize/beta/rbac.yaml b/values/sorcerer/kustomize/beta/rbac.yaml new file mode 100644 index 00000000..188ce09a --- /dev/null +++ b/values/sorcerer/kustomize/beta/rbac.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: beta-sorcerer + namespace: beta-sorcerer +rules: +- apiGroups: + - "" + resourceNames: + - beta-sorcerer-appsettings + resources: + - configmaps + verbs: + - get + - watch +- apiGroups: + - "" + resourceNames: + - azure-keyvault + - beta-sorcerer-redis + resources: + - secrets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: beta-sorcerer + namespace: beta-sorcerer +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: beta-sorcerer +subjects: +- kind: ServiceAccount + name: beta-sorcerer + namespace: beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/secrets.yaml b/values/sorcerer/kustomize/beta/secrets.yaml new file mode 100644 index 00000000..7f187fd9 --- /dev/null +++ b/values/sorcerer/kustomize/beta/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: beta-sorcerer-env +type: Opaque +data: +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: azure-keyvault +type: Opaque +data: diff --git a/values/sorcerer/kustomize/beta/secretstore.yaml b/values/sorcerer/kustomize/beta/secretstore.yaml new file mode 100644 index 00000000..c23086e1 --- /dev/null +++ b/values/sorcerer/kustomize/beta/secretstore.yaml @@ -0,0 +1,10 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: secretstore +spec: + type: secretstores.kubernetes + version: v1 + metadata: + - name: defaultNamespace + value: beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/statestore.yaml b/values/sorcerer/kustomize/beta/statestore.yaml new file mode 100644 index 00000000..1a6f2853 --- /dev/null +++ b/values/sorcerer/kustomize/beta/statestore.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: statestore +spec: + type: state.redis + version: v1 + metadata: + - name: redisHost + value: beta-sorcerer-redis:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: beta-sorcerer-redis + key: redis-password + - name: actorStateStore + value: "true" + - name: redisDB + value: "0" +scopes: + - beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/tracing.yaml b/values/sorcerer/kustomize/beta/tracing.yaml new file mode 100644 index 00000000..4c4c318c --- /dev/null +++ b/values/sorcerer/kustomize/beta/tracing.yaml @@ -0,0 +1,11 @@ +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing +spec: + tracing: + samplingRate: "1" + otel: + endpointAddress: "10.255.241.12:4317" + protocol: grpc + isSecure: false diff --git a/values/sorcerer/values/values-beta.yaml b/values/sorcerer/values/values-beta.yaml new file mode 100644 index 00000000..c6d1c9c1 --- /dev/null +++ b/values/sorcerer/values/values-beta.yaml @@ -0,0 +1,115 @@ +replicaCount: 2 + +podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: "beta-sorcerer" + dapr.io/app-port: "8085" + dapr.io/api-token-secret: "dapr-api-token" + dapr.io/config: "tracing" + dapr.io/app-protocol: "http" + dapr.io/log-as-json: "true" + dapr.io/sidecar-cpu-request: "10m" + dapr.io/sidecar-memory-request: "50Mi" + # dapr.io/sidecar-cpu-limit: "300m" + # dapr.io/sidecar-memory-limit: "1000Mi" + +env: + - name: APP_VERSION + value: "4.16.3" + - name: LOG_LEVEL + value: "2" + - name: REDIS_USER + value: default + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: beta-sorcerer-redis + key: redis-password + - name: DAPR_API_TOKEN + valueFrom: + secretKeyRef: + name: dapr-api-token + key: token + +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-betauction + nginx.ingress.kubernetes.io/affinity: "cookie" + nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity" + nginx.ingress.kubernetes.io/session-cookie-expires: "86400" + nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" + hosts: + - host: sorcerer.beta.oceanbox.io + paths: + paths: + - path: / + pathType: ImplementationSpecific + internal: + - path: /internal + pathType: ImplementationSpecific + - path: /dapr + pathType: ImplementationSpecific + - path: /actors + pathType: ImplementationSpecific + - path: /job + pathType: ImplementationSpecific + - path: /events + pathType: ImplementationSpecific + - path: /metrics + pathType: ImplementationSpecific + tls: + - hosts: + - sorcerer.beta.oceanbox.io + secretName: beta-sorcerer-tls + +persistence: + enabled: true + existingClaim: beta-sorcerer-ceph-archives + # existingClaim: beta-oceanbox-backup-archives + +# nodeSelector: +# node-role.kubernetes.io/srv: "" +# kubernetes.io/hostname: fs-backup +# node-role.kubernetes.io/worker: c1-1 + +# tolerations: +# - key: workload +# operator: Equal +# value: compute +# effect: NoSchedule +redis: + enabled: true + replicas: 3 + size: 2Gi + backup: + enabled: true + secret: + name: "beta-sorcerer-redis" + key: "redis-password" + resources: + cpu: 150m + memory: 256Mi + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "topology.kubernetes.io/group" + operator: In + values: + - srv + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/name" + operator: In + values: + - sorcerer + - key: "app.kubernetes.io/instance" + operator: In + values: + - beta-sorcerer + topologyKey: "kubernetes.io/hostname" -- 2.52.0 From 7057806e01a9872d241c2a88ecdae3935cd5f265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 13 Nov 2025 16:47:56 +0100 Subject: [PATCH 2/5] feat(atlantis): Add beta and switch staging to maps.dev --- .../atlantis/kustomize/beta/appsettings.json | 96 +++++++++++++++++++ .../kustomize/beta/barentswatch-api.env | 2 + values/atlantis/kustomize/beta/bindings.yaml | 22 +++++ .../kustomize/beta/configurations.yaml | 20 ++++ values/atlantis/kustomize/beta/default.env | 1 + .../kustomize/beta/deployment_patch.yaml | 10 ++ values/atlantis/kustomize/beta/keyvault.yaml | 22 +++++ .../kustomize/beta/kustomization.yaml | 24 +++++ values/atlantis/kustomize/beta/pubsub.yaml | 52 ++++++++++ values/atlantis/kustomize/beta/rbac.yaml | 40 ++++++++ values/atlantis/kustomize/beta/secrets.yaml | 9 ++ .../atlantis/kustomize/beta/secretstore.yaml | 10 ++ .../atlantis/kustomize/beta/statestore.yaml | 22 +++++ .../kustomize/beta/subscriptions.yaml | 27 ++++++ values/atlantis/kustomize/beta/tracing.yaml | 11 +++ 15 files changed, 368 insertions(+) create mode 100644 values/atlantis/kustomize/beta/appsettings.json create mode 100644 values/atlantis/kustomize/beta/barentswatch-api.env create mode 100644 values/atlantis/kustomize/beta/bindings.yaml create mode 100644 values/atlantis/kustomize/beta/configurations.yaml create mode 100644 values/atlantis/kustomize/beta/default.env create mode 100644 values/atlantis/kustomize/beta/deployment_patch.yaml create mode 100644 values/atlantis/kustomize/beta/keyvault.yaml create mode 100644 values/atlantis/kustomize/beta/kustomization.yaml create mode 100644 values/atlantis/kustomize/beta/pubsub.yaml create mode 100644 values/atlantis/kustomize/beta/rbac.yaml create mode 100644 values/atlantis/kustomize/beta/secrets.yaml create mode 100644 values/atlantis/kustomize/beta/secretstore.yaml create mode 100644 values/atlantis/kustomize/beta/statestore.yaml create mode 100644 values/atlantis/kustomize/beta/subscriptions.yaml create mode 100644 values/atlantis/kustomize/beta/tracing.yaml diff --git a/values/atlantis/kustomize/beta/appsettings.json b/values/atlantis/kustomize/beta/appsettings.json new file mode 100644 index 00000000..7309f8d2 --- /dev/null +++ b/values/atlantis/kustomize/beta/appsettings.json @@ -0,0 +1,96 @@ +{ + "oidc": { + "issuer": "https://auth.oceanbox.io/realms/oceanbox", + "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", + "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", + "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", + "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", + "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", + "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", + "clientId": "atlantis", + "clientSecret": "", + "scopes": [ + "openid", + "email", + "offline_access", + "profile" + ], + "audiences": [ + "atlantis", + "atlantis_dev", + "sorcerer", + "sorcerer_dev" + ] + }, + "sso": { + "cookieDomain": ".oceanbox.io", + "cookieName": ".obx.beta", + "ttl": 12.0, + "signedOutRedirectUri": "https://maps.oceanbox.io", + "realm": "atlantis", + "environment": "prod", + "keyStore": { + "kind": "azure", + "uri": "https://atlantis.blob.core.windows.net", + "key": "dataprotection-keys" + }, + "keyVault": { + "kind": "azure", + "uri": "https://atlantisvault.vault.azure.net", + "key": "dataencryption-keys" + } + }, + "fga": { + "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080", + "apiKey": "", + "storeId": "01JKTZXMP7ANN4GG2P5W8Y56M6", + "modelId": "01JKTZYMCZZBVSBG66W27XMW0A" + }, + "sentryUrl": "https://b6e03cfc8e247297b89217b09341b4cb@o4509530141622272.ingest.de.sentry.io/4509530195492944", + "plainAuthUsers": [ + { + "username": "admin", + "password": "en-to-tre-fire", + "groups": [ "/oceanbox" ], + "roles": [ "admin" ] + }, + { + "username": "sorcerer", + "password": "fire tre to en", + "groups": [ "/oceanbox" ], + "roles": [ "admin" ] + }, + { + "username": "archivist", + "password": "en-to-tre-fire", + "groups": [ "/oceanbox" ], + "roles": [ "admin" ] + } + ], + "plume": "plume.data.oceanbox.io", + "redis": "prod-atlantis-redis-master:6379", + "objectStore": "https://atlantis.blob.core.windows.net", + "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", + "sorcerer" : "https://sorcerer.beta.oceanbox.io", + "allowedOrigins": [ + "https://maps.beta.oceanbox.io", + ], + "appName": "atlantis", + "appEnv": "beta", + "appNamespace": "atlantis", + "appVersion": "2.95.1", + "otelCollector": "http://opentelemetry-collector.otel.svc:4317", + "pubsubName": "pubsub", + "pubsubTopic": "hipster-atlantis", + "slurm": { + "baseUrl": "https://slurmrestd.ekman.oceanbox.io/", + "slurmApi": "slurm/v0.0.42/", + "dbdApi": "slurmdbd/v0.0.42/", + "accessToken": "" + }, + "amqp": { + "auth": "user:hunny-bunny", + "host": "10.255.241.201:30673" + }, + "fenceRadius": 1250.0 +} diff --git a/values/atlantis/kustomize/beta/barentswatch-api.env b/values/atlantis/kustomize/beta/barentswatch-api.env new file mode 100644 index 00000000..fc399a85 --- /dev/null +++ b/values/atlantis/kustomize/beta/barentswatch-api.env @@ -0,0 +1,2 @@ +client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis +secret=d9tInZ1XpeDAxD.DySv'*SB=P \ No newline at end of file diff --git a/values/atlantis/kustomize/beta/bindings.yaml b/values/atlantis/kustomize/beta/bindings.yaml new file mode 100644 index 00000000..8a95c563 --- /dev/null +++ b/values/atlantis/kustomize/beta/bindings.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: slurm-events +spec: + type: bindings.rabbitmq + version: v1 + metadata: + - name: host + secretKeyRef: + name: prod-atlantis-rabbitmq + key: connString + - name: queueName + value: prod-slurm-job-events + - name: durable + value: true + - name: contentType + value: "application/json" + - name: route + value: /events/slurm +scopes: + - prod-atlantis diff --git a/values/atlantis/kustomize/beta/configurations.yaml b/values/atlantis/kustomize/beta/configurations.yaml new file mode 100644 index 00000000..705e1b48 --- /dev/null +++ b/values/atlantis/kustomize/beta/configurations.yaml @@ -0,0 +1,20 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: configstore +spec: + type: configuration.redis + version: v1 + metadata: + - name: redisHost + value: prod-atlantis-redis-master:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: prod-atlantis-redis + key: redis-password + - name: redisDB + value: "1" +scopes: + - prod-atlantis diff --git a/values/atlantis/kustomize/beta/default.env b/values/atlantis/kustomize/beta/default.env new file mode 100644 index 00000000..85c5abe3 --- /dev/null +++ b/values/atlantis/kustomize/beta/default.env @@ -0,0 +1 @@ +OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm diff --git a/values/atlantis/kustomize/beta/deployment_patch.yaml b/values/atlantis/kustomize/beta/deployment_patch.yaml new file mode 100644 index 00000000..dd4c92da --- /dev/null +++ b/values/atlantis/kustomize/beta/deployment_patch.yaml @@ -0,0 +1,10 @@ +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: azure-keyvault +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: prod-atlantis-env \ No newline at end of file diff --git a/values/atlantis/kustomize/beta/keyvault.yaml b/values/atlantis/kustomize/beta/keyvault.yaml new file mode 100644 index 00000000..145adf98 --- /dev/null +++ b/values/atlantis/kustomize/beta/keyvault.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azure-keyvault +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: atlantisvault + - name: azureTenantId + secretKeyRef: + name: azure-keyvault + key: AZURE_TENANT_ID + - name: azureClientId + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_ID + - name: azureClientSecret + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_SECRET diff --git a/values/atlantis/kustomize/beta/kustomization.yaml b/values/atlantis/kustomize/beta/kustomization.yaml new file mode 100644 index 00000000..f0e148c2 --- /dev/null +++ b/values/atlantis/kustomize/beta/kustomization.yaml @@ -0,0 +1,24 @@ +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: prod-atlantis-appsettings + files: + - appsettings.json +patches: + - target: + group: apps + version: v1 + kind: Deployment + path: deployment_patch.yaml +resources: + - ../base + - secrets.yaml + - rbac.yaml + - tracing.yaml + - bindings.yaml + - pubsub.yaml + - statestore.yaml + - subscriptions.yaml + - configurations.yaml + - secretstore.yaml + - keyvault.yaml diff --git a/values/atlantis/kustomize/beta/pubsub.yaml b/values/atlantis/kustomize/beta/pubsub.yaml new file mode 100644 index 00000000..b7aeda01 --- /dev/null +++ b/values/atlantis/kustomize/beta/pubsub.yaml @@ -0,0 +1,52 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: pubsub +spec: + version: v1 + type: pubsub.rabbitmq + metadata: + - name: hostname + value: prod-rabbitmq.rabbitmq + - name: username + value: user + - name: password + secretKeyRef: + name: prod-atlantis-rabbitmq + key: rabbitmq-password + - name: protocol + value: amqp + - name: durable + value: true + - name: deletedWhenUnused + value: false + - name: autoAck + value: false + - name: deliveryMode + value: 1 + - name: requeueInFailure + value: false + - name: prefetchCount + value: 0 + - name: reconnectWait + value: 0 + - name: concurrencyMode + value: parallel + - name: publisherConfirm + value: false + - name: backOffPolicy + value: exponential + - name: backOffInitialInterval + value: 100 + - name: backOffMaxRetries + value: 16 + - name: enableDeadLetter # Optional enable dead Letter or not + value: true + - name: maxLen # Optional max message count in a queue + value: 3000 + - name: maxLenBytes # Optional maximum length in bytes of a queue. + value: 10485760 + - name: exchangeKind + value: fanout + - name: clientName + value: "{appID}" diff --git a/values/atlantis/kustomize/beta/rbac.yaml b/values/atlantis/kustomize/beta/rbac.yaml new file mode 100644 index 00000000..6d13b929 --- /dev/null +++ b/values/atlantis/kustomize/beta/rbac.yaml @@ -0,0 +1,40 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: prod-atlantis + namespace: prod-atlantis +rules: +- apiGroups: + - "" + resourceNames: + - prod-atlantis-appsettings + resources: + - configmaps + verbs: + - get + - watch +- apiGroups: + - "" + resourceNames: + - azure-keyvault + - prod-atlantis-redis + - slurm-access-token + resources: + - secrets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: prod-atlantis + namespace: prod-atlantis +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prod-atlantis +subjects: +- kind: ServiceAccount + name: prod-atlantis + namespace: prod-atlantis diff --git a/values/atlantis/kustomize/beta/secrets.yaml b/values/atlantis/kustomize/beta/secrets.yaml new file mode 100644 index 00000000..a956c207 --- /dev/null +++ b/values/atlantis/kustomize/beta/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + kyverno/env: "prod" + name: prod-atlantis-rabbitmq +type: Opaque +data: diff --git a/values/atlantis/kustomize/beta/secretstore.yaml b/values/atlantis/kustomize/beta/secretstore.yaml new file mode 100644 index 00000000..afa9a4cd --- /dev/null +++ b/values/atlantis/kustomize/beta/secretstore.yaml @@ -0,0 +1,10 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: secretstore +spec: + type: secretstores.kubernetes + version: v1 + metadata: + - name: defaultNamespace + value: prod-atlantis \ No newline at end of file diff --git a/values/atlantis/kustomize/beta/statestore.yaml b/values/atlantis/kustomize/beta/statestore.yaml new file mode 100644 index 00000000..beb6ee64 --- /dev/null +++ b/values/atlantis/kustomize/beta/statestore.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: statestore +spec: + type: state.redis + version: v1 + metadata: + - name: redisHost + value: prod-atlantis-redis-master:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: prod-atlantis-redis + key: redis-password + - name: actorStateStore + value: "true" + - name: redisDB + value: "0" +scopes: + - prod-atlantis diff --git a/values/atlantis/kustomize/beta/subscriptions.yaml b/values/atlantis/kustomize/beta/subscriptions.yaml new file mode 100644 index 00000000..d0d0dcce --- /dev/null +++ b/values/atlantis/kustomize/beta/subscriptions.yaml @@ -0,0 +1,27 @@ +apiVersion: dapr.io/v2alpha1 +kind: Subscription +metadata: + name: hipster-events +spec: + topic: hipster + routes: + default: /events/hipster + pubsubname: pubsub + metadata: + queueType: quorum +scopes: +- prod-atlantis +--- +apiVersion: dapr.io/v2alpha1 +kind: Subscription +metadata: + name: inbox-events +spec: + topic: inbox + routes: + default: /events/inbox + pubsubname: pubsub + metadata: + queueType: quorum +scopes: +- prod-atlantis diff --git a/values/atlantis/kustomize/beta/tracing.yaml b/values/atlantis/kustomize/beta/tracing.yaml new file mode 100644 index 00000000..5d9bffd1 --- /dev/null +++ b/values/atlantis/kustomize/beta/tracing.yaml @@ -0,0 +1,11 @@ +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing +spec: + tracing: + samplingRate: "1" + otel: + endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317" + protocol: grpc + isSecure: false -- 2.52.0 From f9504c95e3af11764b28a49345c84c7912864459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 13 Nov 2025 16:55:01 +0100 Subject: [PATCH 3/5] fix(sorcerer/atlantis): Remove beta-sorcerer --- .../atlantis/values/values-beta.yaml.gotmpl | 81 ++++++++++++ values/atlantis/values/values.yaml.gotmpl | 1 - .../sorcerer/kustomize/beta/appsettings.json | 76 ------------ .../beta/archives-backup-volume.yaml | 35 ------ .../kustomize/beta/configurations.yaml | 20 --- values/sorcerer/kustomize/beta/default.env | 1 - .../kustomize/beta/deployment_patch.yaml | 13 -- values/sorcerer/kustomize/beta/keyvault.yaml | 22 ---- .../kustomize/beta/kustomization.yaml | 23 ---- values/sorcerer/kustomize/beta/pv.yaml | 22 ---- values/sorcerer/kustomize/beta/pvc.yaml | 18 --- values/sorcerer/kustomize/beta/rbac.yaml | 39 ------ values/sorcerer/kustomize/beta/secrets.yaml | 15 --- .../sorcerer/kustomize/beta/secretstore.yaml | 10 -- .../sorcerer/kustomize/beta/statestore.yaml | 22 ---- values/sorcerer/kustomize/beta/tracing.yaml | 11 -- values/sorcerer/values/values-beta.yaml | 115 ------------------ 17 files changed, 81 insertions(+), 443 deletions(-) create mode 100644 values/atlantis/values/values-beta.yaml.gotmpl delete mode 100644 values/sorcerer/kustomize/beta/appsettings.json delete mode 100644 values/sorcerer/kustomize/beta/archives-backup-volume.yaml delete mode 100644 values/sorcerer/kustomize/beta/configurations.yaml delete mode 100644 values/sorcerer/kustomize/beta/default.env delete mode 100644 values/sorcerer/kustomize/beta/deployment_patch.yaml delete mode 100644 values/sorcerer/kustomize/beta/keyvault.yaml delete mode 100644 values/sorcerer/kustomize/beta/kustomization.yaml delete mode 100644 values/sorcerer/kustomize/beta/pv.yaml delete mode 100644 values/sorcerer/kustomize/beta/pvc.yaml delete mode 100644 values/sorcerer/kustomize/beta/rbac.yaml delete mode 100644 values/sorcerer/kustomize/beta/secrets.yaml delete mode 100644 values/sorcerer/kustomize/beta/secretstore.yaml delete mode 100644 values/sorcerer/kustomize/beta/statestore.yaml delete mode 100644 values/sorcerer/kustomize/beta/tracing.yaml delete mode 100644 values/sorcerer/values/values-beta.yaml diff --git a/values/atlantis/values/values-beta.yaml.gotmpl b/values/atlantis/values/values-beta.yaml.gotmpl new file mode 100644 index 00000000..b2d5a1af --- /dev/null +++ b/values/atlantis/values/values-beta.yaml.gotmpl @@ -0,0 +1,81 @@ +replicaCount: 1 + +podAnnotations: + dapr.io/app-id: "beta-atlantis" + +env: + - name: APP_NAMESPACE + value: beta-atlantis + - name: APP_VERSION + value: "2.97.4" + - name: LOG_LEVEL + value: "2" + - name: ANALYTICS_WEB_ID + value: "16e7d807-4db5-45fd-92a9-27393445a153" + - name: REDIS_USER + value: default + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: beta-atlantis-redis + key: redis-password + - name: DB_HOST + value: beta-atlantis-db-rw + - name: DB_PORT + value: "5432" + - name: DB_USER + valueFrom: + secretKeyRef: + name: beta-atlantis-db-superuser + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: beta-atlantis-db-superuser + key: password + - name: DAPR_API_TOKEN + valueFrom: + secretKeyRef: + name: dapr-api-token + key: token + +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + hosts: + - host: maps.beta.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + internal: + - path: /internal + pathType: ImplementationSpecific + - path: /dapr + pathType: ImplementationSpecific + - path: /actors + pathType: ImplementationSpecific + - path: /job + pathType: ImplementationSpecific + - path: /events + pathType: ImplementationSpecific + - path: /metrics + pathType: ImplementationSpecific + tls: + - hosts: + - maps.beta.oceanbox.io + secretName: beta-atlantis-tls + +cluster: + instances: 2 + bootstrap: + enabled: false + +resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 500m + memory: 1Gi diff --git a/values/atlantis/values/values.yaml.gotmpl b/values/atlantis/values/values.yaml.gotmpl index d13d6170..598c1ef0 100644 --- a/values/atlantis/values/values.yaml.gotmpl +++ b/values/atlantis/values/values.yaml.gotmpl @@ -1,4 +1,3 @@ - podAnnotations: dapr.io/enabled: "true" dapr.io/app-port: "8085" diff --git a/values/sorcerer/kustomize/beta/appsettings.json b/values/sorcerer/kustomize/beta/appsettings.json deleted file mode 100644 index 2beddb28..00000000 --- a/values/sorcerer/kustomize/beta/appsettings.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "oidc": { - "issuer": "https://auth.oceanbox.io/realms/oceanbox", - "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", - "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", - "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", - "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", - "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", - "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", - "clientId": "sorcerer", - "clientSecret": "", - "scopes": [ - "openid", - "email", - "offline_access", - "profile" - ], - "audiences": [ - "atlantis", - "atlantis_dev", - "sorcerer", - "sorcerer_dev" - ] - }, - "sso": { - "cookieDomain": ".oceanbox.io", - "cookieName": ".obx.beta", - "ttl": 12.0, - "signedOutRedirectUri": "https://maps.beta.oceanbox.io", - "realm": "atlantis", - "environment": "beta", - "keyStore": { - "kind": "azure", - "uri": "https://atlantis.blob.core.windows.net", - "key": "dataprotection-keys" - }, - "keyVault": { - "kind": "azure", - "uri": "https://atlantisvault.vault.azure.net", - "key": "dataencryption-keys" - } - }, - "plainAuthUsers": [], - "fga": { - "apiUrl": "https://openfga.srv.oceanbox.io", - "apiKey": "", - "storeId": "01JKTZXMP7ANN4GG2P5W8Y56M6", - "modelId": "01JKTZYMCZZBVSBG66W27XMW0A" - }, - "sentryUrl": "https://5e6e3584098dc006de18038cf85d2cbe@o4509530141622272.ingest.de.sentry.io/4509547350065232", - "redis": "beta-sorcerer-redis:6379,user=default,password=secret", - "allowedOrigins": [ - "http://localhost:8085", - "http://localhost:8080", - "https://localhost:8080", - "https://sorcerer.data.oceanbox.io", - "https://sorcerer.ekman.oceanbox.io", - "https://sorcerer.local.oceanbox.io:8080", - "https://atlantis.local.oceanbox.io:8080", - "https://maps.oceanbox.io", - "https://maps.beta.oceanbox.io", - "https://atlantis.beta.oceanbox.io", - "https://jonas-atlantis.dev.oceanbox.io", - "https://stig-atlantis.dev.oceanbox.io", - "https://prod-sorcerer.ekman.oceanbox.io", - "http://prod-sorcerer.ekman.oceanbox.io" - ], - "appName": "sorcerer", - "appEnv": "beta", - "appNamespace": "beta-sorcerer", - "appVersion": "0.0.0", - "otelCollector": "http://10.255.241.12:4317", - "archiveSvc": "https://maps.beta.oceanbox.io", - "dataDir": "/data/archives", - "cacheDir": "/data/archives/cache" -} diff --git a/values/sorcerer/kustomize/beta/archives-backup-volume.yaml b/values/sorcerer/kustomize/beta/archives-backup-volume.yaml deleted file mode 100644 index 84e20b2c..00000000 --- a/values/sorcerer/kustomize/beta/archives-backup-volume.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-beta-backup-archives -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 400T - local: - path: /backup/archives - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - ekman ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: beta-oceanbox-backup-archives -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 400T - storageClassName: "" - volumeMode: Filesystem - volumeName: pv-beta-backup-archives diff --git a/values/sorcerer/kustomize/beta/configurations.yaml b/values/sorcerer/kustomize/beta/configurations.yaml deleted file mode 100644 index 3131d2c8..00000000 --- a/values/sorcerer/kustomize/beta/configurations.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: configstore -spec: - type: configuration.redis - version: v1 - metadata: - - name: redisHost - value: beta-sorcerer-redis:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: beta-sorcerer-redis - key: redis-password - - name: redisDB - value: "1" -scopes: - - beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/default.env b/values/sorcerer/kustomize/beta/default.env deleted file mode 100644 index 2dfb0bd0..00000000 --- a/values/sorcerer/kustomize/beta/default.env +++ /dev/null @@ -1 +0,0 @@ -SEQ_APIKEY=7iIXHJukYjSLQDix6CnZ diff --git a/values/sorcerer/kustomize/beta/deployment_patch.yaml b/values/sorcerer/kustomize/beta/deployment_patch.yaml deleted file mode 100644 index b5d99932..00000000 --- a/values/sorcerer/kustomize/beta/deployment_patch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -- op: replace - path: /spec/template/spec/containers/0/volumeMounts/0/mountPath - value: /data -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: azure-keyvault -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: beta-sorcerer-env diff --git a/values/sorcerer/kustomize/beta/keyvault.yaml b/values/sorcerer/kustomize/beta/keyvault.yaml deleted file mode 100644 index a8b2ce2a..00000000 --- a/values/sorcerer/kustomize/beta/keyvault.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: azure-keyvault -spec: - type: secretstores.azure.keyvault - version: v1 - metadata: - - name: vaultName - value: atlantisvault - - name: azureTenantId - secretKeyRef: - name: azure-keyvault - key: AZURE_TENANT_ID - - name: azureClientId - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_ID - - name: azureClientSecret - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_SECRET \ No newline at end of file diff --git a/values/sorcerer/kustomize/beta/kustomization.yaml b/values/sorcerer/kustomize/beta/kustomization.yaml deleted file mode 100644 index 1bb40a9a..00000000 --- a/values/sorcerer/kustomize/beta/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- name: prod-sorcerer-appsettings - files: - - appsettings.json -patches: -- target: - group: apps - version: v1 - kind: Deployment - path: deployment_patch.yaml -resources: -- ../base -- pv.yaml -- pvc.yaml -- secrets.yaml -- configurations.yaml -- keyvault.yaml -- rbac.yaml -- secretstore.yaml -- statestore.yaml -- tracing.yaml \ No newline at end of file diff --git a/values/sorcerer/kustomize/beta/pv.yaml b/values/sorcerer/kustomize/beta/pv.yaml deleted file mode 100644 index 8ea2acf6..00000000 --- a/values/sorcerer/kustomize/beta/pv.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-beta-sorcerer-ceph-archives -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 1Gi - csi: - driver: rook-ceph.cephfs.csi.ceph.com - nodeStageSecretRef: - name: rook-csi-cephfs-node - namespace: rook-ceph - volumeAttributes: - clusterID: rook-ceph - fsName: data - rootPath: / - staticVolume: "true" - volumeHandle: pv-beta-sorcerer-ceph-archives - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem diff --git a/values/sorcerer/kustomize/beta/pvc.yaml b/values/sorcerer/kustomize/beta/pvc.yaml deleted file mode 100644 index b949575b..00000000 --- a/values/sorcerer/kustomize/beta/pvc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: beta-sorcerer-ceph-archives -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - storageClassName: "" - volumeMode: Filesystem - volumeName: pv-beta-sorcerer-ceph-archives -status: - accessModes: - - ReadWriteMany - capacity: - storage: 1Gi diff --git a/values/sorcerer/kustomize/beta/rbac.yaml b/values/sorcerer/kustomize/beta/rbac.yaml deleted file mode 100644 index 188ce09a..00000000 --- a/values/sorcerer/kustomize/beta/rbac.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: beta-sorcerer - namespace: beta-sorcerer -rules: -- apiGroups: - - "" - resourceNames: - - beta-sorcerer-appsettings - resources: - - configmaps - verbs: - - get - - watch -- apiGroups: - - "" - resourceNames: - - azure-keyvault - - beta-sorcerer-redis - resources: - - secrets - verbs: - - get - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: beta-sorcerer - namespace: beta-sorcerer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: beta-sorcerer -subjects: -- kind: ServiceAccount - name: beta-sorcerer - namespace: beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/secrets.yaml b/values/sorcerer/kustomize/beta/secrets.yaml deleted file mode 100644 index 7f187fd9..00000000 --- a/values/sorcerer/kustomize/beta/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: beta-sorcerer-env -type: Opaque -data: ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - kyverno/clone: "true" - name: azure-keyvault -type: Opaque -data: diff --git a/values/sorcerer/kustomize/beta/secretstore.yaml b/values/sorcerer/kustomize/beta/secretstore.yaml deleted file mode 100644 index c23086e1..00000000 --- a/values/sorcerer/kustomize/beta/secretstore.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: secretstore -spec: - type: secretstores.kubernetes - version: v1 - metadata: - - name: defaultNamespace - value: beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/statestore.yaml b/values/sorcerer/kustomize/beta/statestore.yaml deleted file mode 100644 index 1a6f2853..00000000 --- a/values/sorcerer/kustomize/beta/statestore.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: statestore -spec: - type: state.redis - version: v1 - metadata: - - name: redisHost - value: beta-sorcerer-redis:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: beta-sorcerer-redis - key: redis-password - - name: actorStateStore - value: "true" - - name: redisDB - value: "0" -scopes: - - beta-sorcerer diff --git a/values/sorcerer/kustomize/beta/tracing.yaml b/values/sorcerer/kustomize/beta/tracing.yaml deleted file mode 100644 index 4c4c318c..00000000 --- a/values/sorcerer/kustomize/beta/tracing.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: tracing -spec: - tracing: - samplingRate: "1" - otel: - endpointAddress: "10.255.241.12:4317" - protocol: grpc - isSecure: false diff --git a/values/sorcerer/values/values-beta.yaml b/values/sorcerer/values/values-beta.yaml deleted file mode 100644 index c6d1c9c1..00000000 --- a/values/sorcerer/values/values-beta.yaml +++ /dev/null @@ -1,115 +0,0 @@ -replicaCount: 2 - -podAnnotations: - dapr.io/enabled: "true" - dapr.io/app-id: "beta-sorcerer" - dapr.io/app-port: "8085" - dapr.io/api-token-secret: "dapr-api-token" - dapr.io/config: "tracing" - dapr.io/app-protocol: "http" - dapr.io/log-as-json: "true" - dapr.io/sidecar-cpu-request: "10m" - dapr.io/sidecar-memory-request: "50Mi" - # dapr.io/sidecar-cpu-limit: "300m" - # dapr.io/sidecar-memory-limit: "1000Mi" - -env: - - name: APP_VERSION - value: "4.16.3" - - name: LOG_LEVEL - value: "2" - - name: REDIS_USER - value: default - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: beta-sorcerer-redis - key: redis-password - - name: DAPR_API_TOKEN - valueFrom: - secretKeyRef: - name: dapr-api-token - key: token - -ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-betauction - nginx.ingress.kubernetes.io/affinity: "cookie" - nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity" - nginx.ingress.kubernetes.io/session-cookie-expires: "86400" - nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" - hosts: - - host: sorcerer.beta.oceanbox.io - paths: - paths: - - path: / - pathType: ImplementationSpecific - internal: - - path: /internal - pathType: ImplementationSpecific - - path: /dapr - pathType: ImplementationSpecific - - path: /actors - pathType: ImplementationSpecific - - path: /job - pathType: ImplementationSpecific - - path: /events - pathType: ImplementationSpecific - - path: /metrics - pathType: ImplementationSpecific - tls: - - hosts: - - sorcerer.beta.oceanbox.io - secretName: beta-sorcerer-tls - -persistence: - enabled: true - existingClaim: beta-sorcerer-ceph-archives - # existingClaim: beta-oceanbox-backup-archives - -# nodeSelector: -# node-role.kubernetes.io/srv: "" -# kubernetes.io/hostname: fs-backup -# node-role.kubernetes.io/worker: c1-1 - -# tolerations: -# - key: workload -# operator: Equal -# value: compute -# effect: NoSchedule -redis: - enabled: true - replicas: 3 - size: 2Gi - backup: - enabled: true - secret: - name: "beta-sorcerer-redis" - key: "redis-password" - resources: - cpu: 150m - memory: 256Mi - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "topology.kubernetes.io/group" - operator: In - values: - - srv - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/name" - operator: In - values: - - sorcerer - - key: "app.kubernetes.io/instance" - operator: In - values: - - beta-sorcerer - topologyKey: "kubernetes.io/hostname" -- 2.52.0 From bcbb04d1f7d7d23e0bcb1fa5ab77249eca91470b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 13 Nov 2025 17:02:05 +0100 Subject: [PATCH 4/5] fix(atlantis/sorcerer): Update atlantis.beta -> maps.dev for staging --- values/atlantis/kustomize/staging/appsettings.json | 4 ++-- values/atlantis/values/values-staging.yaml.gotmpl | 4 ++-- values/sorcerer/kustomize/staging-ekman/appsettings.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/values/atlantis/kustomize/staging/appsettings.json b/values/atlantis/kustomize/staging/appsettings.json index 75576b58..96ae7c94 100644 --- a/values/atlantis/kustomize/staging/appsettings.json +++ b/values/atlantis/kustomize/staging/appsettings.json @@ -26,7 +26,7 @@ "cookieDomain": ".oceanbox.io", "cookieName": ".obx.staging", "ttl": 12.0, - "signedOutRedirectUri": "https://atlantis.beta.oceanbox.io", + "signedOutRedirectUri": "https://maps.dev.oceanbox.io", "realm": "atlantis", "environment": "staging", "keyStore": { @@ -73,7 +73,7 @@ "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", "sorcerer" : "https://sorcerer.ekman.oceanbox.io", "allowedOrigins": [ - "https://atlantis.beta.oceanbox.io", + "https://maps.dev.oceanbox.io", "https://atlantis.dev.oceanbox.io", "https://atlantis.local.oceanbox.io:8080", "https://maps.dev.oceanbox.io" diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 51aea067..012bc4e1 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -49,7 +49,7 @@ ingress: # nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" # oceanbox.io/expose: internal hosts: - - host: atlantis.beta.oceanbox.io + - host: maps.dev.oceanbox.io paths: - path: / pathType: ImplementationSpecific @@ -102,7 +102,7 @@ ingress: pathType: ImplementationSpecific tls: - hosts: - - atlantis.beta.oceanbox.io + - maps.dev.oceanbox.io - atlas.oceanbox.io - maps.dev.oceanbox.io secretName: staging-atlantis-tls diff --git a/values/sorcerer/kustomize/staging-ekman/appsettings.json b/values/sorcerer/kustomize/staging-ekman/appsettings.json index 09adbe20..8b778138 100644 --- a/values/sorcerer/kustomize/staging-ekman/appsettings.json +++ b/values/sorcerer/kustomize/staging-ekman/appsettings.json @@ -26,7 +26,7 @@ "cookieDomain": ".oceanbox.io", "cookieName": ".obx.staging", "ttl": 12.0, - "signedOutRedirectUri": "https://atlantis.beta.oceanbox.io", + "signedOutRedirectUri": "https://maps.dev.oceanbox.io", "realm": "atlantis", "environment": "staging", "keyStore": { @@ -72,7 +72,7 @@ "appNamespace": "staging-sorcerer", "appVersion": "0.0.0", "otelCollector": "http://10.255.241.12:4317", - "archiveSvc": "https://atlantis.beta.oceanbox.io", + "archiveSvc": "https://maps.dev.oceanbox.io", "dataDir": "/data/archives", "cacheDir": "/data/archives/cache" } -- 2.52.0 From 8de6e7964710c0d34150a02e1512c1428bcc7ea4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 13 Nov 2025 17:15:53 +0100 Subject: [PATCH 5/5] fix(atlantis): Use prod-openfga, prod-rabbitmq, staging-sorcerer and staging-plume --- .../atlantis/kustomize/beta/appsettings.json | 10 +++++----- values/atlantis/kustomize/beta/bindings.yaml | 2 +- .../kustomize/beta/configurations.yaml | 6 +++--- .../atlantis/kustomize/beta/kustomization.yaml | 2 +- values/atlantis/kustomize/beta/rbac.yaml | 18 +++++++++--------- values/atlantis/kustomize/beta/statestore.yaml | 6 +++--- .../atlantis/kustomize/beta/subscriptions.yaml | 4 ++-- 7 files changed, 24 insertions(+), 24 deletions(-) diff --git a/values/atlantis/kustomize/beta/appsettings.json b/values/atlantis/kustomize/beta/appsettings.json index 7309f8d2..7380dabf 100644 --- a/values/atlantis/kustomize/beta/appsettings.json +++ b/values/atlantis/kustomize/beta/appsettings.json @@ -26,9 +26,9 @@ "cookieDomain": ".oceanbox.io", "cookieName": ".obx.beta", "ttl": 12.0, - "signedOutRedirectUri": "https://maps.oceanbox.io", + "signedOutRedirectUri": "https://maps.beta.oceanbox.io", "realm": "atlantis", - "environment": "prod", + "environment": "beta", "keyStore": { "kind": "azure", "uri": "https://atlantis.blob.core.windows.net", @@ -67,13 +67,13 @@ "roles": [ "admin" ] } ], - "plume": "plume.data.oceanbox.io", + "plume": "plume.ekman.oceanbox.io", "redis": "prod-atlantis-redis-master:6379", "objectStore": "https://atlantis.blob.core.windows.net", "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", - "sorcerer" : "https://sorcerer.beta.oceanbox.io", + "sorcerer" : "https://sorcerer.ekman.oceanbox.io", "allowedOrigins": [ - "https://maps.beta.oceanbox.io", + "https://maps.dev.oceanbox.io", ], "appName": "atlantis", "appEnv": "beta", diff --git a/values/atlantis/kustomize/beta/bindings.yaml b/values/atlantis/kustomize/beta/bindings.yaml index 8a95c563..927ad791 100644 --- a/values/atlantis/kustomize/beta/bindings.yaml +++ b/values/atlantis/kustomize/beta/bindings.yaml @@ -19,4 +19,4 @@ spec: - name: route value: /events/slurm scopes: - - prod-atlantis + - beta-atlantis diff --git a/values/atlantis/kustomize/beta/configurations.yaml b/values/atlantis/kustomize/beta/configurations.yaml index 705e1b48..f75197e4 100644 --- a/values/atlantis/kustomize/beta/configurations.yaml +++ b/values/atlantis/kustomize/beta/configurations.yaml @@ -7,14 +7,14 @@ spec: version: v1 metadata: - name: redisHost - value: prod-atlantis-redis-master:6379 + value: beta-atlantis-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: prod-atlantis-redis + name: beta-atlantis-redis key: redis-password - name: redisDB value: "1" scopes: - - prod-atlantis + - beta-atlantis diff --git a/values/atlantis/kustomize/beta/kustomization.yaml b/values/atlantis/kustomize/beta/kustomization.yaml index f0e148c2..be8fe50c 100644 --- a/values/atlantis/kustomize/beta/kustomization.yaml +++ b/values/atlantis/kustomize/beta/kustomization.yaml @@ -1,7 +1,7 @@ generatorOptions: disableNameSuffixHash: true configMapGenerator: -- name: prod-atlantis-appsettings +- name: beta-atlantis-appsettings files: - appsettings.json patches: diff --git a/values/atlantis/kustomize/beta/rbac.yaml b/values/atlantis/kustomize/beta/rbac.yaml index 6d13b929..7f341253 100644 --- a/values/atlantis/kustomize/beta/rbac.yaml +++ b/values/atlantis/kustomize/beta/rbac.yaml @@ -1,13 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: prod-atlantis - namespace: prod-atlantis + name: beta-atlantis + namespace: beta-atlantis rules: - apiGroups: - "" resourceNames: - - prod-atlantis-appsettings + - beta-atlantis-appsettings resources: - configmaps verbs: @@ -17,7 +17,7 @@ rules: - "" resourceNames: - azure-keyvault - - prod-atlantis-redis + - beta-atlantis-redis - slurm-access-token resources: - secrets @@ -28,13 +28,13 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: prod-atlantis - namespace: prod-atlantis + name: beta-atlantis + namespace: beta-atlantis roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: prod-atlantis + name: beta-atlantis subjects: - kind: ServiceAccount - name: prod-atlantis - namespace: prod-atlantis + name: beta-atlantis + namespace: beta-atlantis diff --git a/values/atlantis/kustomize/beta/statestore.yaml b/values/atlantis/kustomize/beta/statestore.yaml index beb6ee64..b26a87cb 100644 --- a/values/atlantis/kustomize/beta/statestore.yaml +++ b/values/atlantis/kustomize/beta/statestore.yaml @@ -7,16 +7,16 @@ spec: version: v1 metadata: - name: redisHost - value: prod-atlantis-redis-master:6379 + value: beta-atlantis-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: prod-atlantis-redis + name: beta-atlantis-redis key: redis-password - name: actorStateStore value: "true" - name: redisDB value: "0" scopes: - - prod-atlantis + - beta-atlantis diff --git a/values/atlantis/kustomize/beta/subscriptions.yaml b/values/atlantis/kustomize/beta/subscriptions.yaml index d0d0dcce..73c982e5 100644 --- a/values/atlantis/kustomize/beta/subscriptions.yaml +++ b/values/atlantis/kustomize/beta/subscriptions.yaml @@ -10,7 +10,7 @@ spec: metadata: queueType: quorum scopes: -- prod-atlantis +- beta-atlantis --- apiVersion: dapr.io/v2alpha1 kind: Subscription @@ -24,4 +24,4 @@ spec: metadata: queueType: quorum scopes: -- prod-atlantis +- beta-atlantis -- 2.52.0