diff --git a/apps/base/artifactapi/cnpg_cluster.yaml b/apps/base/artifactapi/cnpg_cluster.yaml deleted file mode 100644 index 9404b7c..0000000 --- a/apps/base/artifactapi/cnpg_cluster.yaml +++ /dev/null @@ -1,91 +0,0 @@ ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: artifactapi-postgres - namespace: artifactapi -spec: - affinity: - podAntiAffinityType: preferred - bootstrap: - initdb: - database: artifacts3 - encoding: UTF8 - localeCType: C - localeCollate: C - owner: artifacts - secret: - name: postgres-credentials - enablePDB: true - enableSuperuserAccess: false - failoverDelay: 0 - imageName: ghcr.io/cloudnative-pg/postgresql:17-minimal-trixie - instances: 3 - logLevel: info - maxSyncReplicas: 0 - minSyncReplicas: 0 - monitoring: - customQueriesConfigMap: - - key: queries - name: cnpg-default-monitoring - disableDefaultQueries: false - enablePodMonitor: false - postgresql: - parameters: - archive_mode: "on" - archive_timeout: 5min - dynamic_shared_memory_type: posix - effective_cache_size: 256MB - full_page_writes: "on" - log_destination: csvlog - log_directory: /controller/log - log_filename: postgres - log_rotation_age: "0" - log_rotation_size: "0" - log_truncate_on_rotation: "false" - logging_collector: "on" - max_connections: "200" - max_parallel_workers: "16" - max_replication_slots: "16" - max_worker_processes: "16" - shared_buffers: 128MB - shared_memory_type: mmap - ssl_max_protocol_version: TLSv1.3 - ssl_min_protocol_version: TLSv1.3 - wal_keep_size: 256MB - wal_level: logical - wal_log_hints: "on" - wal_receiver_timeout: 5s - wal_sender_timeout: 5s - syncReplicaElectionConstraint: - enabled: false - primaryUpdateMethod: restart - primaryUpdateStrategy: unsupervised - probes: - liveness: - isolationCheck: - connectionTimeout: 1000 - enabled: true - requestTimeout: 1000 - replicationSlots: - highAvailability: - enabled: true - slotPrefix: _cnpg_ - synchronizeReplicas: - enabled: true - updateInterval: 30 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - smartShutdownTimeout: 180 - startDelay: 3600 - stopDelay: 1800 - storage: - resizeInUseVolumes: true - size: 10Gi - storageClass: cephrbd-fast-delete - switchoverDelay: 3600 diff --git a/apps/base/artifactapi/cnpg_pooler.yaml b/apps/base/artifactapi/cnpg_pooler.yaml deleted file mode 100644 index 3f7a789..0000000 --- a/apps/base/artifactapi/cnpg_pooler.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: postgresql.cnpg.io/v1 -kind: Pooler -metadata: - name: artifactapi-postgres-pooler - namespace: artifactapi -spec: - cluster: - name: artifactapi-postgres - instances: 2 - pgbouncer: - parameters: - default_pool_size: "100" - max_client_conn: "400" - paused: false - poolMode: session - template: - metadata: - labels: - app: artifactapi-pooler - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - artifactapi-pooler - topologyKey: kubernetes.io/hostname - containers: [] - type: rw diff --git a/apps/base/artifactapi/configmap_v3.yaml b/apps/base/artifactapi/configmap_v3.yaml deleted file mode 100644 index 807e5a7..0000000 --- a/apps/base/artifactapi/configmap_v3.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: artifactapi-v3-env - namespace: artifactapi -data: - DBHOST: artifactapi-postgres-pooler - DBNAME: artifacts3 - DBPORT: "5432" - DBUSER: artifacts - MINIO_BUCKET: artifactapi-prod-k8s-syd1-au - MINIO_ENDPOINT: radosgw.service.consul - MINIO_SECURE: "true" - REDIS_URL: redis://redis-v3-service:6379 - REQUESTS_CA_BUNDLE: /etc/pki/tls/certs/ca-bundle.crt - SSL_CERT_FILE: /etc/pki/tls/certs/ca-bundle.crt diff --git a/apps/base/artifactapi/deployment_api.yaml b/apps/base/artifactapi/deployment_api.yaml deleted file mode 100644 index 1c4cefc..0000000 --- a/apps/base/artifactapi/deployment_api.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: artifactapi-api - namespace: artifactapi - annotations: - reloader.stakater.com/auto: "true" -spec: - selector: - matchLabels: - app: artifactapi-api - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: artifactapi-api - spec: - automountServiceAccountToken: true - containers: - - name: artifactapi - image: git.unkin.net/unkin/artifactapi:v3.0.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8000 - name: http - protocol: TCP - envFrom: - - configMapRef: - name: artifactapi-v3-env - optional: false - - secretRef: - name: environment - optional: false - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "1" - memory: 4Gi - requests: - cpu: 100m - memory: 256Mi - restartPolicy: Always diff --git a/apps/base/artifactapi/deployment_redis.yaml b/apps/base/artifactapi/deployment_redis.yaml deleted file mode 100644 index 2b6996b..0000000 --- a/apps/base/artifactapi/deployment_redis.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-v3-deployment - namespace: artifactapi -spec: - replicas: 1 - selector: - matchLabels: - app: redis-v3 - strategy: - type: Recreate - template: - spec: - containers: - - name: redis - image: redis:7-alpine - imagePullPolicy: IfNotPresent - command: - - redis-server - - --save - - "20" - - "1" - ports: - - containerPort: 6379 - name: redis - protocol: TCP - livenessProbe: - exec: - command: - - redis-cli - - ping - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - exec: - command: - - redis-cli - - ping - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - volumeMounts: - - mountPath: /data - mountPropagation: None - name: data - restartPolicy: Always - volumes: - - name: data - persistentVolumeClaim: - claimName: artifactapi-v3-redis-data diff --git a/apps/base/artifactapi/deployment_ui.yaml b/apps/base/artifactapi/deployment_ui.yaml deleted file mode 100644 index 7f8462a..0000000 --- a/apps/base/artifactapi/deployment_ui.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: artifactapi-ui - namespace: artifactapi -spec: - selector: - matchLabels: - app: artifactapi-ui - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - app: artifactapi-ui - spec: - containers: - - name: ui - image: git.unkin.net/unkin/artifactapi-ui:v3.0.0 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 80 - name: http - protocol: TCP - livenessProbe: - failureThreshold: 3 - httpGet: - path: / - port: http - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 3 - httpGet: - path: / - port: http - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 500m - memory: 256Mi - requests: - cpu: 50m - memory: 64Mi - restartPolicy: Always diff --git a/apps/base/artifactapi/gateway_v3.yaml b/apps/base/artifactapi/gateway_v3.yaml deleted file mode 100644 index 7e567af..0000000 --- a/apps/base/artifactapi/gateway_v3.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - labels: - traefik.io/instance: internal - annotations: - cert-manager.io/cluster-issuer: vault-issuer - cert-manager.io/common-name: artifactapi3.k8s.syd1.au.unkin.net - cert-manager.io/private-key-size: "4096" - external-dns.alpha.kubernetes.io/hostname: artifactapi3.k8s.syd1.au.unkin.net - external-dns.alpha.kubernetes.io/target: 198.18.200.4 - name: artifactapi3 - namespace: artifactapi -spec: - gatewayClassName: traefik-internal - listeners: - - allowedRoutes: - namespaces: - from: Same - hostname: artifactapi3.k8s.syd1.au.unkin.net - name: http - port: 80 - protocol: HTTP - - allowedRoutes: - namespaces: - from: Same - hostname: artifactapi3.k8s.syd1.au.unkin.net - name: https - port: 443 - protocol: HTTPS - tls: - certificateRefs: - - group: "" - kind: Secret - name: artifactapi3-tls - mode: Terminate diff --git a/apps/base/artifactapi/hpa_api.yaml b/apps/base/artifactapi/hpa_api.yaml deleted file mode 100644 index 242f952..0000000 --- a/apps/base/artifactapi/hpa_api.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: artifactapi-api-hpa - namespace: artifactapi -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: artifactapi-api - minReplicas: 2 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - behavior: - scaleUp: - stabilizationWindowSeconds: 0 - selectPolicy: Max - policies: - - type: Percent - value: 100 - periodSeconds: 30 - - type: Pods - value: 4 - periodSeconds: 30 - scaleDown: - stabilizationWindowSeconds: 300 - selectPolicy: Min - policies: - - type: Percent - value: 10 - periodSeconds: 60 - - type: Pods - value: 2 - periodSeconds: 60 diff --git a/apps/base/artifactapi/hpa_ui.yaml b/apps/base/artifactapi/hpa_ui.yaml deleted file mode 100644 index 3f61c07..0000000 --- a/apps/base/artifactapi/hpa_ui.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: artifactapi-ui-hpa - namespace: artifactapi -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: artifactapi-ui - minReplicas: 1 - maxReplicas: 4 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 70 - behavior: - scaleUp: - stabilizationWindowSeconds: 0 - selectPolicy: Max - policies: - - type: Percent - value: 100 - periodSeconds: 30 - - type: Pods - value: 2 - periodSeconds: 30 - scaleDown: - stabilizationWindowSeconds: 300 - selectPolicy: Min - policies: - - type: Percent - value: 25 - periodSeconds: 60 - - type: Pods - value: 1 - periodSeconds: 60 diff --git a/apps/base/artifactapi/httproute_v3.yaml b/apps/base/artifactapi/httproute_v3.yaml deleted file mode 100644 index c191fc8..0000000 --- a/apps/base/artifactapi/httproute_v3.yaml +++ /dev/null @@ -1,112 +0,0 @@ ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: artifactapi3-http-redirect - namespace: artifactapi -spec: - hostnames: - - artifactapi3.k8s.syd1.au.unkin.net - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: artifactapi3 - sectionName: http - rules: - - filters: - - type: RequestRedirect - requestRedirect: - scheme: https - statusCode: 301 - matches: - - path: - type: PathPrefix - value: / ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: artifactapi3-ui - namespace: artifactapi -spec: - hostnames: - - artifactapi3.k8s.syd1.au.unkin.net - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: artifactapi3 - sectionName: https - rules: - - backendRefs: - - group: "" - kind: Service - name: artifactapi-v3-ui - port: 80 - weight: 1 - matches: - - path: - type: PathPrefix - value: /ui ---- -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: artifactapi3-api - namespace: artifactapi -spec: - hostnames: - - artifactapi3.k8s.syd1.au.unkin.net - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: artifactapi3 - sectionName: https - rules: - - backendRefs: - - group: "" - kind: Service - name: artifactapi-v3-api - port: 80 - weight: 1 - filters: - - type: ExtensionRef - extensionRef: - group: traefik.io - kind: Middleware - name: api-ipallowlist - matches: - - path: - type: PathPrefix - value: /api - - backendRefs: - - group: "" - kind: Service - name: artifactapi-v3-api - port: 80 - weight: 1 - filters: - - type: ExtensionRef - extensionRef: - group: traefik.io - kind: Middleware - name: api-ipallowlist - matches: - - path: - type: PathPrefix - value: /config - - backendRefs: - - group: "" - kind: Service - name: artifactapi-v3-api - port: 80 - weight: 1 - filters: - - type: ExtensionRef - extensionRef: - group: traefik.io - kind: Middleware - name: api-ipallowlist - matches: - - path: - type: PathPrefix - value: /health diff --git a/apps/base/artifactapi/kustomization.yaml b/apps/base/artifactapi/kustomization.yaml index 7a416ce..f17827b 100644 --- a/apps/base/artifactapi/kustomization.yaml +++ b/apps/base/artifactapi/kustomization.yaml @@ -3,26 +3,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - # v2 (existing) - artifactapi-deployment.yaml - artifactapi-hpa.yaml - configmap.yaml - httproute.yaml - services.yaml - # v3 (new) - - cnpg_cluster.yaml - - cnpg_pooler.yaml - - configmap_v3.yaml - - deployment_api.yaml - - deployment_redis.yaml - - deployment_ui.yaml - - gateway_v3.yaml - - hpa_api.yaml - - hpa_ui.yaml - - httproute_v3.yaml - - pvc_v3.yaml - - services_v3.yaml - # shared - gateway.yaml - namespace.yaml - postgres-deployment.yaml diff --git a/apps/base/artifactapi/pvc_v3.yaml b/apps/base/artifactapi/pvc_v3.yaml deleted file mode 100644 index 2daf955..0000000 --- a/apps/base/artifactapi/pvc_v3.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: artifactapi-v3-redis-data - namespace: artifactapi -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: cephrbd-fast-delete - volumeMode: Filesystem diff --git a/apps/base/artifactapi/services_v3.yaml b/apps/base/artifactapi/services_v3.yaml deleted file mode 100644 index 473ea61..0000000 --- a/apps/base/artifactapi/services_v3.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: artifactapi-v3-api - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: artifactapi-api - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: artifactapi-v3-ui - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: artifactapi-ui - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: redis-v3-service - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis-v3 - sessionAffinity: None - type: ClusterIP diff --git a/apps/base/artifactapi/vaultstaticsecret.yaml b/apps/base/artifactapi/vaultstaticsecret.yaml index 034f40f..68c1af5 100644 --- a/apps/base/artifactapi/vaultstaticsecret.yaml +++ b/apps/base/artifactapi/vaultstaticsecret.yaml @@ -32,20 +32,3 @@ spec: refreshAfter: 5m type: kv-v2 vaultAuthRef: default ---- -apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultStaticSecret -metadata: - name: postgres-credentials - namespace: artifactapi -spec: - destination: - create: true - name: postgres-credentials - overwrite: true - hmacSecretData: true - mount: kv - path: service/artifactapi/postgres-credentials - refreshAfter: 5m - type: kv-v2 - vaultAuthRef: default