diff --git a/apps/base/artifactapi/artifactapi-deployment.yaml b/apps/base/artifactapi/artifactapi-deployment.yaml deleted file mode 100644 index ef1fce5..0000000 --- a/apps/base/artifactapi/artifactapi-deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: artifactapi-deployment - namespace: artifactapi - annotations: - reloader.stakater.com/auto: "true" -spec: - selector: - matchLabels: - app: artifactapi - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - spec: - automountServiceAccountToken: true - containers: - - name: artifactapi - image: git.unkin.net/unkin/artifactapi:v2.7.2 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8000 - name: http - protocol: TCP - envFrom: - - configMapRef: - name: artifactapi-env - optional: false - - secretRef: - name: environment - optional: false - livenessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /health - port: http - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "1" - memory: 4Gi - requests: - cpu: 100m - memory: 256Mi - volumeMounts: - - mountPath: /etc/artifactapi/conf.d/config.yaml - name: remotes-config - subPath: config.yaml - - mountPath: /etc/artifactapi/conf.d/local-generic.yaml - name: remotes-config - subPath: local-generic.yaml - - mountPath: /etc/artifactapi/conf.d/remote-alpine.yaml - name: remotes-config - subPath: remote-alpine.yaml - - mountPath: /etc/artifactapi/conf.d/remote-docker.yaml - name: remotes-config - subPath: remote-docker.yaml - - mountPath: /etc/artifactapi/conf.d/remote-generic.yaml - name: remotes-config - subPath: remote-generic.yaml - - mountPath: /etc/artifactapi/conf.d/remote-helm.yaml - name: remotes-config - subPath: remote-helm.yaml - - mountPath: /etc/artifactapi/conf.d/remote-rpm.yaml - name: remotes-config - subPath: remote-rpm.yaml - - mountPath: /etc/artifactapi/conf.d/virtual-helm.yaml - name: remotes-config - subPath: virtual-helm.yaml - restartPolicy: Always - volumes: - - configMap: - name: remotes-config - optional: false - name: remotes-config diff --git a/apps/base/artifactapi/artifactapi-hpa.yaml b/apps/base/artifactapi/artifactapi-hpa.yaml deleted file mode 100644 index 4627fae..0000000 --- a/apps/base/artifactapi/artifactapi-hpa.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: artifactapi-hpa - namespace: artifactapi -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: artifactapi-deployment - minReplicas: 2 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 60 - behavior: - scaleUp: - stabilizationWindowSeconds: 0 - selectPolicy: Max - policies: - - type: Percent - value: 100 - periodSeconds: 30 - - type: Pods - value: 4 - periodSeconds: 30 - scaleDown: - stabilizationWindowSeconds: 300 - selectPolicy: Min - policies: - - type: Percent - value: 10 - periodSeconds: 60 - - type: Pods - value: 2 - periodSeconds: 60 diff --git a/apps/base/artifactapi/configmap.yaml b/apps/base/artifactapi/configmap.yaml index 6552dcb..5a3f814 100644 --- a/apps/base/artifactapi/configmap.yaml +++ b/apps/base/artifactapi/configmap.yaml @@ -1,34 +1,6 @@ --- apiVersion: v1 kind: ConfigMap -metadata: - name: artifactapi-env - namespace: artifactapi -data: - CONFIG_PATH: /etc/artifactapi/conf.d/ - DBHOST: postgres-service - DBNAME: artifacts - DBPORT: "5432" - DBUSER: artifacts - MINIO_BUCKET: artifactapi - MINIO_ENDPOINT: radosgw.service.consul - MINIO_SECURE: "true" - REDIS_URL: redis://redis-service:6379 - REQUESTS_CA_BUNDLE: /etc/pki/tls/certs/ca-bundle.crt - SSL_CERT_FILE: /etc/pki/tls/certs/ca-bundle.crt ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgres-env - namespace: artifactapi -data: - POSTGRES_DB: artifacts - POSTGRES_USER: artifacts -### ---- -apiVersion: v1 -kind: ConfigMap metadata: name: api-env namespace: artifactapi diff --git a/apps/base/artifactapi/httproute.yaml b/apps/base/artifactapi/httproute.yaml index d5e5b08..0dfae49 100644 --- a/apps/base/artifactapi/httproute.yaml +++ b/apps/base/artifactapi/httproute.yaml @@ -2,7 +2,7 @@ apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: artifactapi-http-redirect + name: http-redirect namespace: artifactapi spec: hostnames: @@ -26,7 +26,7 @@ spec: apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: artifactapi + name: api-route namespace: artifactapi spec: hostnames: @@ -40,7 +40,17 @@ spec: - backendRefs: - group: "" kind: Service - name: artifactapi-api + name: artifactapi + port: 80 + weight: 1 + matches: + - path: + type: PathPrefix + value: /api + - backendRefs: + - group: "" + kind: Service + name: ui port: 80 weight: 1 matches: diff --git a/apps/base/artifactapi/kustomization.yaml b/apps/base/artifactapi/kustomization.yaml index afdb406..918d19d 100644 --- a/apps/base/artifactapi/kustomization.yaml +++ b/apps/base/artifactapi/kustomization.yaml @@ -3,41 +3,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - artifactapi-deployment.yaml - - artifactapi-hpa.yaml - - httproute.yaml - - postgres-deployment.yaml - - redis-deployment.yaml - - pvc.yaml - # shared - - configmap.yaml - - services.yaml - - gateway.yaml - - namespace.yaml - - vaultauth.yaml - - vaultstaticsecret.yaml - # new - api-deployment.yaml - api-hpa.yaml + - configmap.yaml - cnpg_cluster.yaml - cnpg_pooler.yaml + - gateway.yaml + - httproute.yaml + - namespace.yaml + - redis-deployment.yaml + - services.yaml - ui-deployment.yaml - ui-hpa.yaml - # to copy still - # - httproute.yaml - # - redis-deployment.yaml - - -configMapGenerator: - - name: remotes-config - files: - - resources/conf.d/config.yaml - - resources/conf.d/local-generic.yaml - - resources/conf.d/remote-generic.yaml - - resources/conf.d/remote-alpine.yaml - - resources/conf.d/remote-rpm.yaml - - resources/conf.d/remote-docker.yaml - - resources/conf.d/remote-helm.yaml - - resources/conf.d/virtual-helm.yaml - options: - disableNameSuffixHash: true + - vaultauth.yaml + - vaultstaticsecret.yaml diff --git a/apps/base/artifactapi/postgres-deployment.yaml b/apps/base/artifactapi/postgres-deployment.yaml deleted file mode 100644 index ab81b4b..0000000 --- a/apps/base/artifactapi/postgres-deployment.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: postgres-deployment - namespace: artifactapi - annotations: - reloader.stakater.com/auto: "true" -spec: - replicas: 1 - selector: - matchLabels: - app: postgres - strategy: - type: Recreate - template: - spec: - automountServiceAccountToken: true - containers: - - name: postgres - image: postgres:15-alpine - imagePullPolicy: IfNotPresent - ports: - - containerPort: 5432 - name: postgres - protocol: TCP - envFrom: - - configMapRef: - name: postgres-env - optional: false - - secretRef: - name: postgres-password - optional: false - readinessProbe: - exec: - command: - - pg_isready - - -U - - artifacts - - -d - - artifacts - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - livenessProbe: - exec: - command: - - pg_isready - - -U - - artifacts - - -d - - artifacts - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 50m - memory: 128Mi - volumeMounts: - - mountPath: /var/lib/postgresql/data - mountPropagation: None - name: pgdata - subPath: pgdata - restartPolicy: Always - volumes: - - name: pgdata - persistentVolumeClaim: - claimName: artifactapi-postgres-pgdata diff --git a/apps/base/artifactapi/pvc.yaml b/apps/base/artifactapi/pvc.yaml deleted file mode 100644 index c5b2a1e..0000000 --- a/apps/base/artifactapi/pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: artifactapi-postgres-pgdata - namespace: artifactapi -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi - storageClassName: cephrbd-fast-delete - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: artifactapi-redis-data - namespace: artifactapi -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: cephrbd-fast-delete - volumeMode: Filesystem diff --git a/apps/base/artifactapi/redis-deployment.yaml b/apps/base/artifactapi/redis-deployment.yaml index d01c188..c14a555 100644 --- a/apps/base/artifactapi/redis-deployment.yaml +++ b/apps/base/artifactapi/redis-deployment.yaml @@ -2,23 +2,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - annotations: - deployment.kubernetes.io/revision: "1" - name: redis-deployment + name: redis namespace: artifactapi spec: replicas: 1 selector: matchLabels: app: redis - strategy: - type: Recreate template: + metadata: + labels: + app: redis spec: containers: - name: redis image: redis:7-alpine - imagePullPolicy: IfNotPresent command: - redis-server - --save @@ -28,6 +26,13 @@ spec: - containerPort: 6379 name: redis protocol: TCP + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 50m + memory: 128Mi livenessProbe: exec: command: @@ -48,19 +53,4 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 50m - memory: 128Mi - volumeMounts: - - mountPath: /data - mountPropagation: None - name: data restartPolicy: Always - volumes: - - name: data - persistentVolumeClaim: - claimName: artifactapi-redis-data diff --git a/apps/base/artifactapi/resources/conf.d/config.yaml b/apps/base/artifactapi/resources/conf.d/config.yaml deleted file mode 100644 index 167e954..0000000 --- a/apps/base/artifactapi/resources/conf.d/config.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Global artifactapi configuration. -# S3, Redis, and database connection settings are injected via environment variables. -# Add any top-level overrides here if needed. diff --git a/apps/base/artifactapi/resources/conf.d/local-generic.yaml b/apps/base/artifactapi/resources/conf.d/local-generic.yaml deleted file mode 100644 index 2bc3928..0000000 --- a/apps/base/artifactapi/resources/conf.d/local-generic.yaml +++ /dev/null @@ -1,7 +0,0 @@ -locals: - local-generic: - package: "generic" - description: "Local generic file repository" - cache: - immutable_ttl: 0 - mutable_ttl: 0 diff --git a/apps/base/artifactapi/resources/conf.d/remote-alpine.yaml b/apps/base/artifactapi/resources/conf.d/remote-alpine.yaml deleted file mode 100644 index 55f8c65..0000000 --- a/apps/base/artifactapi/resources/conf.d/remote-alpine.yaml +++ /dev/null @@ -1,10 +0,0 @@ -remotes: - alpine: - base_url: "https://dl-cdn.alpinelinux.org" - package: "alpine" - description: "Alpine Linux APK package repository" - immutable_patterns: - - ".*/x86_64/.*\\.apk$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 diff --git a/apps/base/artifactapi/resources/conf.d/remote-docker.yaml b/apps/base/artifactapi/resources/conf.d/remote-docker.yaml deleted file mode 100644 index 6ed384f..0000000 --- a/apps/base/artifactapi/resources/conf.d/remote-docker.yaml +++ /dev/null @@ -1,103 +0,0 @@ -remotes: - ghcr: - base_url: "https://ghcr.io" - package: "docker" - description: "GitHub Container Registry" - immutable_patterns: - - "^cloudnative-pg/cloudnative-pg" - - "^emberstack/helm-charts" - - "^open-webui/open-webui" - - "^openvoxproject/" - - "^stakater/reloader" - - "^stalwartlabs/stalwart" - - "^voxpupuli/puppetboard" - - "^woodpecker-ci/helm" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - dockerhub: - base_url: "https://registry-1.docker.io" - package: "docker" - description: "Docker Hub registry" - immutable_patterns: - - "^library/almalinux" - - "^library/busybox" - - "^library/debian" - - "^library/fedora" - - "^library/nginx" - - "^library/postgres" - - "^library/redis" - - "^beats/filebeat" - - "^bitnami/" - - "^curlimages/curl" - - "^emberstack/kubernetes-reflector" - - "^hashicorp/consul" - - "^hashicorp/vault" - - "^jfrog/" - - "^kanidm/" - - "^rancher/" - - "^rspamd/rspamd" - - "^tozd/postfix" - - "^traefik/" - - "^valkey/valkey" - - "^ubi9/ubi-minimal" - - "^victoriametrics/" - - "^woodpeckerci/" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - quay: - base_url: "https://quay.io" - package: "docker" - description: "Quay.io container registry" - immutable_patterns: - - "^brancz/kube-rbac-proxy" - - "^cephcsi/cephcsi" - - "^jetstack/cert-manager-" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - k8s-registry: - base_url: "https://registry.k8s.io" - package: "docker" - description: "Kubernetes container registry" - immutable_patterns: - - "^external-dns/external-dns" - - "^sig-storage/" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - gitlab: - base_url: "https://registry.gitlab.com" - package: "docker" - description: "GitLab container registry" - immutable_patterns: - - "^purelb/purelb" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - elastic: - base_url: "https://docker.elastic.co" - package: "docker" - description: "Elastic container registry" - immutable_patterns: - - "^eck/eck-operator" - cache: - immutable_ttl: 0 - mutable_ttl: 300 - - gcr: - base_url: "https://gcr.io" - package: "docker" - description: "Google Container Registry" - immutable_patterns: - - "^k8s-staging-nfd/charts" - - "^k8s-staging-nfd/node-feature-discovery" - cache: - immutable_ttl: 0 - mutable_ttl: 300 diff --git a/apps/base/artifactapi/resources/conf.d/remote-generic.yaml b/apps/base/artifactapi/resources/conf.d/remote-generic.yaml deleted file mode 100644 index 05196ba..0000000 --- a/apps/base/artifactapi/resources/conf.d/remote-generic.yaml +++ /dev/null @@ -1,134 +0,0 @@ -remotes: - github: - base_url: "https://github.com" - package: "generic" - description: "GitHub releases and files" - mutable_patterns: - - ".*/archive/refs/heads/.*.tar.gz$" - - "stalwartlabs/webadmin/releases/latest/download/webadmin.zip$" - immutable_patterns: - - ".*/archive/refs/tags/.*.tar.gz$" - - "ahmetb/kubectx/.*/kubectx_.*_linux_x86_64.tar.gz$" - - "ahmetb/kubectx/.*/kubens_.*_linux_x86_64.tar.gz$" - - "apple/foundationdb/.*/libfdb_c.x86_64.so$" - - "astral-sh/ruff/.*/ruff-x86_64-unknown-linux-gnu.tar.gz$" - - "astral-sh/uv/.*/uv-x86_64-unknown-linux-gnu.tar.gz$" - - "camptocamp/prometheus-puppetdb-exporter/.*/prometheus-puppetdb-exporter-.*.linux-amd64.tar.gz$" - - "coder/code-server/.*/code-server-.*-amd64.rpm$" - - "containernetworking/plugins/.*/cni-plugins-linux-amd64-.*.tgz" - - "dandavison/delta/.*/delta-.*-x86_64-unknown-linux-musl.tar.gz$" - - "ducaale/xh/.*/xh-.*-x86_64-unknown-linux-musl.tar.gz$" - - "etcd-io/etcd/.*/etcd-.*-linux-amd64.tar.gz$" - - "getsops/sops/.*/sops-v.*\\.linux\\.amd64$" - - "grafana/jsonnet-language-server/.*/jsonnet-language-server_.*_linux_amd64$" - - "gruntwork-io/boilerplate/.*/boilerplate_linux_amd64$" - - "gruntwork-io/terragrunt/.*terragrunt_linux_amd64.*" - - "hadolint/hadolint/.*/hadolint-linux-x86_64$" - - "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$" - - "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$" - - "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$" - - "kubecolor/kubecolor/.*/kubecolor_.*_linux_amd64.tar.gz$" - - "kubernetes-sigs/gateway-api/.*/standard-install.yaml$" - - "kubernetes-sigs/kustomize/.*/kustomize_.*_linux_amd64.tar.gz$" - - "lxc/incus/.*.tar.gz$" - - "mikefarah/yq/.*/yq_linux_amd64$" - - "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$" - - "neovim/neovim/.*/nvim-linux-x86_64.tar.gz$" - - "nzbgetcom/nzbget/.*/nzbget-.*.x86_64.rpm$" - - "onedr0p/exportarr/.*/exportarr_.*_linux_amd64.tar.gz$" - - "open-policy-agent/conftest/.*/conftest_.*_Linux_x86_64.tar.gz$" - - "openbao/openbao-plugins/.*/openbao-plugin-secrets-consul_linux_amd64_.*.tar.gz$" - - "openbao/openbao-plugins/.*/openbao-plugin-secrets-nomad_linux_amd64_.*.tar.gz$" - - "prometheus-community/bind_exporter/.*/bind_exporter-.*.linux-amd64.tar.gz$" - - "prometheus-community/pgbouncer_exporter/.*/pgbouncer_exporter-.*.linux-amd64.tar.gz$" - - "prometheus-community/postgres_exporter/.*/postgres_exporter-.*.linux-amd64.tar.gz$" - - "prometheus/node_exporter/.*/node_exporter-.*.linux-amd64.tar.gz$" - - "rancher/rke2/.*/rke2-images.linux-amd64.tar.zst$" - - "stalwartlabs/stalwart/.*/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz$" - - "stalwartlabs/stalwart/.*/stalwart-foundationdb-x86_64-unknown-linux-gnu.tar.gz$" - - "stalwartlabs/stalwart/.*/stalwart-x86_64-unknown-linux-gnu.tar.gz$" - - "starship/starship/.*/starship-x86_64-unknown-linux-musl.tar.gz$" - - "stern/stern/.*/stern_.*_linux_amd64.tar.gz$" - - "terraform-linters/tflint/.*/tflint_linux_amd64.zip$" - - "tynany/frr_exporter/.*/frr_exporter-.*.linux-amd64.tar.gz$" - - "VictoriaMetrics/VictoriaLogs/.*/victoria-logs-linux-amd64-.*.tar.gz$" - - "VictoriaMetrics/VictoriaLogs/.*/vlutils-linux-amd64-.*.tar.gz$" - - "VictoriaMetrics/VictoriaMetrics/.*/victoria-logs-linux-amd64-.*.tar.gz$" - - "VictoriaMetrics/VictoriaMetrics/.*/victoria-metrics-linux-amd64-.*-cluster.tar.gz$" - - "VictoriaMetrics/VictoriaMetrics/.*/vlutils-linux-amd64-.*.tar.gz$" - - "VictoriaMetrics/VictoriaMetrics/.*/vmutils-linux-amd64-.*.tar.gz$" - - "xorpaul/g10k/.*/g10k-.*-linux-amd64.zip$" - - "yannh/kubeconform/.*/kubeconform-linux-amd64.tar.gz$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - github_user: - base_url: "https://raw.githubusercontent.com" - package: "generic" - description: "GitHub User Content" - immutable_patterns: - - "argoproj/argo-cd/.*.yaml$" - - "yannh/kubernetes-json-schema/master/.*.json$" - - "datreeio/CRDs-catalog/main/.*.json$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - gitea-dl: - base_url: "https://dl.gitea.com" - package: "generic" - description: "Gitea download site" - immutable_patterns: - - "act_runner/.*/act_runner-.*-linux-amd64$" - - "gitea/.*/gitea-.*-linux-amd64$" - - "gitea/.*/gitea-.*-linux-amd64.xz$" - - "tea/.*/tea-.*-linux-amd64$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - hashicorp-releases: - base_url: "https://releases.hashicorp.com" - package: "generic" - description: "HashiCorp product releases" - immutable_patterns: - - "terraform/.*terraform_.*_linux_amd64\\.zip$" - - "terraform/.*terraform_.*_windows_amd64\\.zip$" - - "terraform/.*terraform_.*_darwin_amd64\\.zip$" - - "vault/.*vault_.*_linux_amd64\\.zip$" - - "vault/.*vault_.*_windows_amd64\\.zip$" - - "vault/.*vault_.*_darwin_amd64\\.zip$" - - "consul-cni/.*/consul-cni_.*_linux_amd64\\.zip$" - - "consul/.*/consul_.*_linux_amd64\\.zip$" - - "nomad-autoscaler/.*/nomad-autoscaler_.*_linux_amd64\\.zip$" - - "nomad/.*/nomad_.*_linux_amd64\\.zip$" - - "packer/.*/packer_.*_linux_amd64\\.zip$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - rarlab: - base_url: "https://www.rarlab.com" - package: "generic" - description: "RARLab" - immutable_patterns: - - "rar/rarlinux-x64-.*.tar.gz" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - claude-ai: - base_url: "https://downloads.claude.ai" - package: "generic" - description: "Anthropic Claude Code binary releases" - mutable_patterns: - - "claude-code-releases/.*/manifest.json$" - immutable_patterns: - - "claude-code-releases/.*/linux-x64/claude$" - - "claude-code-releases/.*/linux-arm64/claude$" - - "claude-code-releases/.*/linux-x64-musl/claude$" - - "claude-code-releases/.*/linux-arm64-musl/claude$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 diff --git a/apps/base/artifactapi/resources/conf.d/remote-helm.yaml b/apps/base/artifactapi/resources/conf.d/remote-helm.yaml deleted file mode 100644 index 3ad507f..0000000 --- a/apps/base/artifactapi/resources/conf.d/remote-helm.yaml +++ /dev/null @@ -1,143 +0,0 @@ -remotes: - ceph-csi: - base_url: "https://ceph.github.io/csi-charts" - package: "helm" - description: "Ceph CSI driver Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - cnpg: - base_url: "https://cloudnative-pg.github.io/charts" - package: "helm" - description: "CloudNativePG operator Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - elastic-helm: - base_url: "https://helm.elastic.co" - package: "helm" - description: "Elastic stack Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - external-dns: - base_url: "https://kubernetes-sigs.github.io/external-dns/" - package: "helm" - description: "ExternalDNS Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - hashicorp-helm: - base_url: "https://helm.releases.hashicorp.com" - package: "helm" - description: "HashiCorp Helm charts (Vault Secrets Operator, etc.)" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - intel-helm: - base_url: "https://intel.github.io/helm-charts/" - package: "helm" - description: "Intel Helm charts (device plugins)" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - jetstack: - base_url: "https://charts.jetstack.io" - package: "helm" - description: "Jetstack Helm charts (cert-manager)" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - purelb: - base_url: "https://gitlab.com/api/v4/projects/20400619/packages/helm/stable" - package: "helm" - description: "PureLB load balancer Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - rancher-stable: - base_url: "https://releases.rancher.com/server-charts/stable" - package: "helm" - description: "Rancher stable Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - stakater: - base_url: "https://stakater.github.io/stakater-charts" - package: "helm" - description: "Stakater Helm charts (Reloader)" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - traefik: - base_url: "https://traefik.github.io/charts" - package: "helm" - description: "Traefik Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - victoriametrics: - base_url: "https://victoriametrics.github.io/helm-charts/" - package: "helm" - description: "VictoriaMetrics observability Helm charts" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 - - argo-helm: - base_url: "https://argoproj.github.io/argo-helm" - package: "helm" - description: "Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.)" - check_mutable_updates: true - immutable_patterns: - - "\\.tgz$" - cache: - immutable_ttl: 0 - mutable_ttl: 3600 diff --git a/apps/base/artifactapi/resources/conf.d/remote-rpm.yaml b/apps/base/artifactapi/resources/conf.d/remote-rpm.yaml deleted file mode 100644 index 45ea497..0000000 --- a/apps/base/artifactapi/resources/conf.d/remote-rpm.yaml +++ /dev/null @@ -1,172 +0,0 @@ -remotes: - almalinux: - base_url: "https://gsl-syd.mm.fcix.net/almalinux" - package: "rpm" - description: "AlmaLinux RPM package repository" - immutable_patterns: - - ".*/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.sqlite.*$" - - ".*/repodata/.*\\.xml.*$" - - ".*/repodata/.*\\.yaml.*$" - - ".*/install.img" - - ".*/squashfs.img" - - ".*/updates.img" - - ".*/RPM-GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - almalinux-vault: - base_url: "https://vault.almalinux.org" - package: "rpm" - description: "AlmaLinux Vault RPM package repository" - immutable_patterns: - - ".*/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.sqlite.*$" - - ".*/repodata/.*\\.xml.*$" - - ".*/repodata/.*\\.yaml.*$" - - ".*/install.img" - - ".*/squashfs.img" - - ".*/updates.img" - - ".*/RPM-GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - ceph-reef: - base_url: "https://download.ceph.com/rpm-reef/" - package: "rpm" - description: "Ceph Reef 18" - immutable_patterns: - - ".*/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - ceph-squid: - base_url: "https://download.ceph.com/rpm-squid/" - package: "rpm" - description: "Ceph Squid 19" - immutable_patterns: - - ".*/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - ceph-tentacle: - base_url: "https://download.ceph.com/rpm-tentacle/" - package: "rpm" - description: "Ceph Tentacle 20" - immutable_patterns: - - ".*/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - epel: - base_url: "https://gsl-syd.mm.fcix.net/epel" - package: "rpm" - description: "EPEL (Extra Packages for Enterprise Linux)" - immutable_patterns: - - ".*/Everything/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.sqlite.*$" - - ".*/repodata/.*\\.xml.*$" - - ".*/repodata/.*\\.yaml.*$" - - "RPM-GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - fedora: - base_url: "https://gsl-syd.mm.fcix.net/fedora/linux" - package: "rpm" - description: "Fedora Linux RPM package repository" - immutable_patterns: - - "releases/.*/Everything/x86_64/.*\\.rpm$" - - "updates/.*/Everything/x86_64/.*\\.rpm$" - - "development/.*/Everything/x86_64/.*\\.rpm$" - - ".*/noarch/.*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - frr: - base_url: "https://rpm.frrouting.org/repo" - package: "rpm" - description: "FRR RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - mariadb: - base_url: "http://mariadb.mirror.digitalpacific.com.au/yum" - package: "rpm" - description: "MariaDB RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - - ".*/RPM-GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - openvox: - base_url: "https://yum.voxpupuli.org" - package: "rpm" - description: "OpenVox RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - - "GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - postgresql: - base_url: "https://download.postgresql.org/pub/repos/yum" - package: "rpm" - description: "PostgreSQL RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - - ".*/RPM-GPG-KEY-.*$" - - ".*/PGDG-RPM-GPG-KEY-.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - rke2: - base_url: "https://rpm.rancher.io" - package: "rpm" - description: "RKE2 RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - - "public.key$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 - - zfs: - base_url: "http://download.zfsonlinux.org" - package: "rpm" - description: "ZFS RPM package repository" - immutable_patterns: - - ".*\\.rpm$" - - ".*/repodata/.*\\.xml.*$" - cache: - immutable_ttl: 0 - mutable_ttl: 7200 diff --git a/apps/base/artifactapi/resources/conf.d/virtual-helm.yaml b/apps/base/artifactapi/resources/conf.d/virtual-helm.yaml deleted file mode 100644 index 53035e9..0000000 --- a/apps/base/artifactapi/resources/conf.d/virtual-helm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -virtuals: - helm: - package: "helm" - description: "Virtual repository merging all helm remotes — member order is priority order for duplicate chart+version" - members: - - ceph-csi - - cnpg - - elastic-helm - - external-dns - - hashicorp-helm - - intel-helm - - jetstack - - purelb - - rancher-stable - - stakater - - traefik - - victoriametrics - - argo-helm diff --git a/apps/base/artifactapi/services.yaml b/apps/base/artifactapi/services.yaml index aaa05fd..13aa628 100644 --- a/apps/base/artifactapi/services.yaml +++ b/apps/base/artifactapi/services.yaml @@ -1,58 +1,6 @@ --- apiVersion: v1 kind: Service -metadata: - name: artifactapi-api - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: artifactapi - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: postgres-service - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: postgres - port: 5432 - protocol: TCP - targetPort: postgres - selector: - app: postgres - sessionAffinity: None - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: redis-service - namespace: artifactapi -spec: - internalTrafficPolicy: Cluster - ports: - - name: redis - port: 6379 - protocol: TCP - targetPort: redis - selector: - app: redis - sessionAffinity: None - type: ClusterIP -#### ---- -apiVersion: v1 -kind: Service metadata: name: artifactapi namespace: artifactapi diff --git a/apps/base/artifactapi/vaultauth.yaml b/apps/base/artifactapi/vaultauth.yaml index 6714f4a..12669fc 100644 --- a/apps/base/artifactapi/vaultauth.yaml +++ b/apps/base/artifactapi/vaultauth.yaml @@ -4,25 +4,6 @@ kind: VaultAuth metadata: name: default namespace: artifactapi -spec: - allowedNamespaces: - - artifactapi - kubernetes: - audiences: - - vault - role: artifactapi - serviceAccount: default - tokenExpirationSeconds: 600 - method: kubernetes - mount: k8s/au/syd1 - vaultConnectionRef: vso-system/default -### change to default from default1 ---- -apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultAuth -metadata: - name: default1 - namespace: artifactapi spec: allowedNamespaces: - artifactapi diff --git a/apps/base/artifactapi/vaultstaticsecret.yaml b/apps/base/artifactapi/vaultstaticsecret.yaml index 695e1a6..6c92999 100644 --- a/apps/base/artifactapi/vaultstaticsecret.yaml +++ b/apps/base/artifactapi/vaultstaticsecret.yaml @@ -1,41 +1,6 @@ --- apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultStaticSecret -metadata: - name: environment - namespace: artifactapi -spec: - destination: - create: true - name: environment - overwrite: false - hmacSecretData: true - mount: kv - path: service/artifactapi/environment - refreshAfter: 5m - type: kv-v2 - vaultAuthRef: default ---- -apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultStaticSecret -metadata: - name: postgres-password - namespace: artifactapi -spec: - destination: - create: true - name: postgres-password - overwrite: true - hmacSecretData: true - mount: kv - path: service/artifactapi/postgres-password - refreshAfter: 5m - type: kv-v2 - vaultAuthRef: default -### change auth ref to default from default1 ---- -apiVersion: secrets.hashicorp.com/v1beta1 -kind: VaultStaticSecret metadata: name: postgres-credentials namespace: artifactapi @@ -49,12 +14,12 @@ spec: path: kubernetes/namespace/artifactapi/default/postgres-credentials refreshAfter: 5m type: kv-v2 - vaultAuthRef: default1 + vaultAuthRef: default --- apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultStaticSecret metadata: - name: environment2 + name: environment namespace: artifactapi spec: destination: @@ -66,4 +31,4 @@ spec: path: kubernetes/namespace/artifactapi/default/environment refreshAfter: 5m type: kv-v2 - vaultAuthRef: default1 + vaultAuthRef: default