Compare commits
25 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f03eb6f651 | |||
| 296c569cc8 | |||
| c1d831176d | |||
| 1cefd3b78e | |||
| 842d774fc3 | |||
| 4c8827ce35 | |||
| 5e03215f4d | |||
| 02ee82da1e | |||
| 18c519f979 | |||
| dd0e297c14 | |||
| 6fb98d66b0 | |||
| bcea7df925 | |||
| f45194282b | |||
| 260b2d4364 | |||
| 156b545249 | |||
| 0883f327e9 | |||
| 04b7c04366 | |||
| 9914186fd5 | |||
| f55b7065f1 | |||
| 87a5a271c3 | |||
| 8e7bc289f6 | |||
| e156cd10bd | |||
| fe714694bf | |||
| 6138afb98b | |||
| 949ddb76e4 |
@@ -6,3 +6,13 @@ steps:
|
||||
image: git.unkin.net/unkin/almalinux9-kubetest:20260319
|
||||
commands:
|
||||
- make kubeconform
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
|
||||
@@ -6,3 +6,13 @@ steps:
|
||||
image: git.unkin.net/unkin/almalinux9-base:20260308
|
||||
commands:
|
||||
- uvx pre-commit run --all-files
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: 250m
|
||||
limits:
|
||||
memory: 1Gi
|
||||
cpu: 1
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: argocd-image-updater
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: default
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
allowedNamespaces:
|
||||
- argocd-image-updater
|
||||
kubernetes:
|
||||
audiences:
|
||||
- vault
|
||||
role: argocd-image-updater
|
||||
serviceAccount: argocd-image-updater
|
||||
tokenExpirationSeconds: 600
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
@@ -0,0 +1,40 @@
|
||||
---
|
||||
# Credentials for polling the git.unkin.net container registry.
|
||||
# Vault KV path: kv/service/argocd-image-updater/registry-creds
|
||||
# Required key: creds — value format: "<username>:<token>"
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: registry-creds
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: registry-creds
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: service/argocd-image-updater/registry-creds
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
---
|
||||
# ArgoCD API token for image updater to discover and update Applications.
|
||||
# Vault KV path: kv/service/argocd-image-updater/argocd-token
|
||||
# Required key: token — generate via: argocd account generate-token --account image-updater
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: argocd-token
|
||||
namespace: argocd-image-updater
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: argocd-token
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: service/argocd-image-updater/argocd-token
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
@@ -19,7 +19,7 @@ spec:
|
||||
automountServiceAccountToken: true
|
||||
containers:
|
||||
- name: artifactapi
|
||||
image: git.unkin.net/unkin/artifactapi:v2.7.1
|
||||
image: git.unkin.net/unkin/artifactapi:v2.7.2
|
||||
imagePullPolicy: IfNotPresent
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
|
||||
@@ -30,6 +30,7 @@ remotes:
|
||||
- "^hashicorp/vault-secrets-operator"
|
||||
- "^jfrog/"
|
||||
- "^rancher/"
|
||||
- "^traefik/"
|
||||
- "^ubi9/ubi-minimal"
|
||||
- "^victoriametrics/"
|
||||
- "^woodpeckerci/"
|
||||
|
||||
@@ -26,6 +26,7 @@ remotes:
|
||||
- "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$"
|
||||
- "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$"
|
||||
- "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$"
|
||||
- "kubernetes-sigs/gateway-api/.*/standard-install.yaml$"
|
||||
- "lxc/incus/.*.tar.gz$"
|
||||
- "mikefarah/yq/.*/yq_linux_amd64$"
|
||||
- "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$"
|
||||
|
||||
@@ -109,6 +109,17 @@ remotes:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
traefik:
|
||||
base_url: "https://traefik.github.io/charts"
|
||||
package: "helm"
|
||||
description: "Traefik Helm charts"
|
||||
check_mutable_updates: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
victoriametrics:
|
||||
base_url: "https://victoriametrics.github.io/helm-charts/"
|
||||
package: "helm"
|
||||
@@ -119,3 +130,14 @@ remotes:
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
argo-helm:
|
||||
base_url: "https://argoproj.github.io/argo-helm"
|
||||
package: "helm"
|
||||
description: "Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.)"
|
||||
check_mutable_updates: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
cache:
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
|
||||
@@ -13,4 +13,6 @@ virtuals:
|
||||
- purelb
|
||||
- rancher-stable
|
||||
- stakater
|
||||
- traefik
|
||||
- victoriametrics
|
||||
- argo-helm
|
||||
|
||||
@@ -7,12 +7,12 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: intel-device-plugins-operator
|
||||
repo: https://intel.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.35.0"
|
||||
releaseName: intel-device-plugins-operator
|
||||
namespace: inteldeviceplugins-system
|
||||
- name: intel-device-plugins-gpu
|
||||
repo: https://intel.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.34.1"
|
||||
releaseName: intel-gpu-plugin
|
||||
namespace: inteldeviceplugins-system
|
||||
|
||||
@@ -10,6 +10,8 @@ spec:
|
||||
app: litellm
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
labels:
|
||||
app: litellm
|
||||
spec:
|
||||
@@ -31,6 +33,8 @@ spec:
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: litellm-credentials
|
||||
- configMapRef:
|
||||
name: litellm-env
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health/liveliness
|
||||
@@ -51,11 +55,11 @@ spec:
|
||||
timeoutSeconds: 5
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 2Gi
|
||||
cpu: "2"
|
||||
memory: 6Gi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
memory: 2Gi
|
||||
volumeMounts:
|
||||
- mountPath: /app/config.yaml
|
||||
name: config
|
||||
|
||||
@@ -21,3 +21,8 @@ configMapGenerator:
|
||||
- config.yaml=resources/config.yaml
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
- name: litellm-env
|
||||
literals:
|
||||
- STORE_MODEL_IN_DB=True
|
||||
options:
|
||||
disableNameSuffixHash: true
|
||||
|
||||
@@ -0,0 +1,91 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: paperclip-postgres
|
||||
namespace: paperclip
|
||||
spec:
|
||||
affinity:
|
||||
podAntiAffinityType: preferred
|
||||
bootstrap:
|
||||
initdb:
|
||||
database: paperclip
|
||||
encoding: UTF8
|
||||
localeCType: C
|
||||
localeCollate: C
|
||||
owner: paperclip
|
||||
secret:
|
||||
name: postgres-credentials
|
||||
enablePDB: true
|
||||
enableSuperuserAccess: false
|
||||
failoverDelay: 0
|
||||
imageName: ghcr.io/cloudnative-pg/postgresql:17-minimal-trixie
|
||||
instances: 3
|
||||
logLevel: info
|
||||
maxSyncReplicas: 0
|
||||
minSyncReplicas: 0
|
||||
monitoring:
|
||||
customQueriesConfigMap:
|
||||
- key: queries
|
||||
name: cnpg-default-monitoring
|
||||
disableDefaultQueries: false
|
||||
enablePodMonitor: false
|
||||
postgresql:
|
||||
parameters:
|
||||
archive_mode: "on"
|
||||
archive_timeout: 5min
|
||||
dynamic_shared_memory_type: posix
|
||||
effective_cache_size: 256MB
|
||||
full_page_writes: "on"
|
||||
log_destination: csvlog
|
||||
log_directory: /controller/log
|
||||
log_filename: postgres
|
||||
log_rotation_age: "0"
|
||||
log_rotation_size: "0"
|
||||
log_truncate_on_rotation: "false"
|
||||
logging_collector: "on"
|
||||
max_connections: "200"
|
||||
max_parallel_workers: "16"
|
||||
max_replication_slots: "16"
|
||||
max_worker_processes: "16"
|
||||
shared_buffers: 128MB
|
||||
shared_memory_type: mmap
|
||||
ssl_max_protocol_version: TLSv1.3
|
||||
ssl_min_protocol_version: TLSv1.3
|
||||
wal_keep_size: 256MB
|
||||
wal_level: logical
|
||||
wal_log_hints: "on"
|
||||
wal_receiver_timeout: 5s
|
||||
wal_sender_timeout: 5s
|
||||
syncReplicaElectionConstraint:
|
||||
enabled: false
|
||||
primaryUpdateMethod: restart
|
||||
primaryUpdateStrategy: unsupervised
|
||||
probes:
|
||||
liveness:
|
||||
isolationCheck:
|
||||
connectionTimeout: 1000
|
||||
enabled: true
|
||||
requestTimeout: 1000
|
||||
replicationSlots:
|
||||
highAvailability:
|
||||
enabled: true
|
||||
slotPrefix: _cnpg_
|
||||
synchronizeReplicas:
|
||||
enabled: true
|
||||
updateInterval: 30
|
||||
resources:
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 512Mi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
smartShutdownTimeout: 180
|
||||
startDelay: 3600
|
||||
stopDelay: 1800
|
||||
storage:
|
||||
resizeInUseVolumes: true
|
||||
size: 10Gi
|
||||
storageClass: cephrbd-fast-delete
|
||||
switchoverDelay: 3600
|
||||
@@ -0,0 +1,33 @@
|
||||
---
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Pooler
|
||||
metadata:
|
||||
name: paperclip-pooler-rw
|
||||
namespace: paperclip
|
||||
spec:
|
||||
cluster:
|
||||
name: paperclip-postgres
|
||||
instances: 2
|
||||
pgbouncer:
|
||||
parameters:
|
||||
default_pool_size: "100"
|
||||
max_client_conn: "400"
|
||||
paused: false
|
||||
poolMode: session
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pooler
|
||||
spec:
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- pooler
|
||||
topologyKey: kubernetes.io/hostname
|
||||
containers: []
|
||||
type: rw
|
||||
@@ -0,0 +1,108 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: paperclip
|
||||
namespace: paperclip
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: paperclip
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: paperclip
|
||||
spec:
|
||||
containers:
|
||||
- name: paperclip
|
||||
image: ghcr.io/paperclipai/paperclip:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 3100
|
||||
name: http
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: PORT
|
||||
value: "3100"
|
||||
- name: PAPERCLIP_BIND
|
||||
value: custom
|
||||
- name: PAPERCLIP_BIND_HOST
|
||||
value: 0.0.0.0
|
||||
- name: PAPERCLIP_API_URL
|
||||
value: https://paperclip.k8s.syd1.au.unkin.net
|
||||
- name: BETTER_AUTH_BASE_URL
|
||||
value: https://paperclip.k8s.syd1.au.unkin.net
|
||||
- name: PAPERCLIP_ALLOWED_HOSTNAMES
|
||||
value: paperclip.k8s.syd1.au.unkin.net,localhost
|
||||
- name: PAPERCLIP_HOME
|
||||
value: /paperclip
|
||||
- name: PAPERCLIP_INSTANCE_ID
|
||||
value: default
|
||||
- name: PAPERCLIP_DEPLOYMENT_MODE
|
||||
value: authenticated
|
||||
- name: PAPERCLIP_DEPLOYMENT_EXPOSURE
|
||||
value: private
|
||||
- name: SERVE_UI
|
||||
value: "true"
|
||||
- name: HEARTBEAT_SCHEDULER_ENABLED
|
||||
value: "true"
|
||||
- name: PAPERCLIP_MIGRATION_AUTO_APPLY
|
||||
value: "true"
|
||||
- name: PAPERCLIP_STORAGE_PROVIDER
|
||||
value: s3
|
||||
- name: PAPERCLIP_STORAGE_S3_BUCKET
|
||||
value: paperclip
|
||||
- name: PAPERCLIP_STORAGE_S3_REGION
|
||||
value: us-east-1
|
||||
- name: PAPERCLIP_STORAGE_S3_ENDPOINT
|
||||
value: https://radosgw.service.consul
|
||||
- name: PAPERCLIP_STORAGE_S3_FORCE_PATH_STYLE
|
||||
value: "true"
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: /etc/ssl/paperclip/ca.crt
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: paperclip-credentials
|
||||
volumeMounts:
|
||||
- name: vault-ca-cert
|
||||
mountPath: /etc/ssl/paperclip
|
||||
readOnly: true
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: 3100
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: localhost
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 30
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /api/health
|
||||
port: 3100
|
||||
httpHeaders:
|
||||
- name: Host
|
||||
value: localhost
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
resources:
|
||||
limits:
|
||||
cpu: "1"
|
||||
memory: 2Gi
|
||||
requests:
|
||||
cpu: 250m
|
||||
memory: 512Mi
|
||||
volumes:
|
||||
- name: vault-ca-cert
|
||||
secret:
|
||||
secretName: vault-ca-cert
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
restartPolicy: Always
|
||||
@@ -0,0 +1,29 @@
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
external-dns.alpha.kubernetes.io/hostname: paperclip.k8s.syd1.au.unkin.net
|
||||
external-dns.alpha.kubernetes.io/target: 198.18.200.0
|
||||
cert-manager.io/cluster-issuer: vault-issuer
|
||||
cert-manager.io/common-name: paperclip.k8s.syd1.au.unkin.net
|
||||
cert-manager.io/private-key-size: "4096"
|
||||
name: paperclip
|
||||
namespace: paperclip
|
||||
spec:
|
||||
rules:
|
||||
- host: paperclip.k8s.syd1.au.unkin.net
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: paperclip
|
||||
port:
|
||||
number: 3100
|
||||
path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- paperclip.k8s.syd1.au.unkin.net
|
||||
secretName: paperclip-tls
|
||||
@@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- cnpg_cluster.yaml
|
||||
- cnpg_pooler.yaml
|
||||
- deployment.yaml
|
||||
- ingress.yaml
|
||||
- namespace.yaml
|
||||
- services.yaml
|
||||
- vaultauth.yaml
|
||||
- vaultstaticsecret.yaml
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: paperclip
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: paperclip
|
||||
namespace: paperclip
|
||||
spec:
|
||||
internalTrafficPolicy: Cluster
|
||||
ports:
|
||||
- name: http
|
||||
port: 3100
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app: paperclip
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
||||
@@ -0,0 +1,18 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultAuth
|
||||
metadata:
|
||||
name: default
|
||||
namespace: paperclip
|
||||
spec:
|
||||
allowedNamespaces:
|
||||
- paperclip
|
||||
kubernetes:
|
||||
audiences:
|
||||
- vault
|
||||
role: default
|
||||
serviceAccount: default
|
||||
tokenExpirationSeconds: 600
|
||||
method: kubernetes
|
||||
mount: k8s/au/syd1
|
||||
vaultConnectionRef: vso-system/default
|
||||
@@ -0,0 +1,34 @@
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: postgres-credentials
|
||||
namespace: paperclip
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: postgres-credentials
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: kubernetes/namespace/paperclip/default/postgres-credentials
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
---
|
||||
apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: paperclip-credentials
|
||||
namespace: paperclip
|
||||
spec:
|
||||
destination:
|
||||
create: true
|
||||
name: paperclip-credentials
|
||||
overwrite: true
|
||||
hmacSecretData: true
|
||||
mount: kv
|
||||
path: kubernetes/namespace/paperclip/default/paperclip-credentials
|
||||
refreshAfter: 5m
|
||||
type: kv-v2
|
||||
vaultAuthRef: default
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/argocd-image-updater
|
||||
|
||||
helmCharts:
|
||||
- name: argocd-image-updater
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.10.3"
|
||||
releaseName: argocd-image-updater
|
||||
namespace: argocd-image-updater
|
||||
valuesFile: values.yaml
|
||||
@@ -0,0 +1,33 @@
|
||||
config:
|
||||
argocd:
|
||||
grpcWeb: false
|
||||
serverAddress: argocd-server.argocd
|
||||
insecure: true
|
||||
plaintext: false
|
||||
|
||||
registries:
|
||||
- name: git.unkin.net
|
||||
api_url: https://git.unkin.net
|
||||
prefix: git.unkin.net
|
||||
credentials: secret:argocd-image-updater/registry-creds#creds
|
||||
insecure: false
|
||||
|
||||
authScripts:
|
||||
enabled: false
|
||||
|
||||
extraEnv:
|
||||
- name: ARGOCD_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: argocd-token
|
||||
key: token
|
||||
|
||||
gitCommitUser: "ArgoCD Image Updater"
|
||||
gitCommitEmail: "argocd-image-updater@unkin.net"
|
||||
|
||||
rbac:
|
||||
enabled: true
|
||||
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: argocd-image-updater
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: rancher
|
||||
repo: https://releases.rancher.com/server-charts/stable
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "2.13.1"
|
||||
releaseName: rancher
|
||||
namespace: cattle-system
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: cert-manager
|
||||
repo: https://charts.jetstack.io
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "v1.19.2"
|
||||
releaseName: cert-manager
|
||||
namespace: cert-manager
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: cloudnative-pg
|
||||
repo: https://cloudnative-pg.github.io/charts
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.27.0"
|
||||
releaseName: cloudnative-pg-operator
|
||||
namespace: cnpg-system
|
||||
|
||||
@@ -9,7 +9,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: eck-operator
|
||||
repo: https://helm.elastic.co
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "3.2.0"
|
||||
releaseName: elastic-operator
|
||||
namespace: elastic-system
|
||||
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: external-dns
|
||||
repo: https://kubernetes-sigs.github.io/external-dns/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "1.19.0"
|
||||
releaseName: externaldns
|
||||
namespace: externaldns
|
||||
|
||||
@@ -9,13 +9,13 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: victoria-metrics-cluster
|
||||
repo: https://victoriametrics.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.33.0"
|
||||
releaseName: victoria-metrics-cluster
|
||||
namespace: observability
|
||||
valuesFile: values-vmcluster.yaml
|
||||
- name: victoria-metrics-agent
|
||||
repo: https://victoriametrics.github.io/helm-charts/
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "0.30.0"
|
||||
releaseName: victoria-metrics-agent
|
||||
namespace: observability
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
---
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- ../../../base/paperclip
|
||||
@@ -7,7 +7,7 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: reloader
|
||||
repo: https://stakater.github.io/stakater-charts
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "2.2.8"
|
||||
releaseName: reloader
|
||||
namespace: reloader-system
|
||||
|
||||
@@ -9,8 +9,8 @@ resources:
|
||||
|
||||
helmCharts:
|
||||
- name: vault-secrets-operator
|
||||
repo: https://helm.releases.hashicorp.com
|
||||
version: "1.2.0"
|
||||
repo: https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
version: "1.3.0"
|
||||
releaseName: vault-secrets-operator
|
||||
namespace: vso-system
|
||||
valuesFile: values.yaml
|
||||
|
||||
@@ -11,6 +11,7 @@ spec:
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/litellm
|
||||
- path: apps/overlays/*/paperclip
|
||||
template:
|
||||
metadata:
|
||||
name: 'aitooling-{{path[3]}}'
|
||||
|
||||
@@ -0,0 +1,36 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: ApplicationSet
|
||||
metadata:
|
||||
name: image-updater-apps
|
||||
namespace: argocd
|
||||
spec:
|
||||
generators:
|
||||
- git:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/artifactapi
|
||||
template:
|
||||
metadata:
|
||||
name: 'platform-{{path[3]}}'
|
||||
annotations:
|
||||
argocd-image-updater.argoproj.io/image-list: "artifactapi=git.unkin.net/unkin/artifactapi"
|
||||
argocd-image-updater.argoproj.io/artifactapi.update-strategy: semver
|
||||
argocd-image-updater.argoproj.io/write-back-method: git
|
||||
argocd-image-updater.argoproj.io/git-branch: main
|
||||
spec:
|
||||
project: platform
|
||||
source:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
targetRevision: HEAD
|
||||
path: '{{path}}'
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: '{{path[3]}}'
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
@@ -4,6 +4,7 @@ kind: Kustomization
|
||||
|
||||
resources:
|
||||
- aitooling.yaml
|
||||
- imageupdater.yaml
|
||||
- observability.yaml
|
||||
- platform.yaml
|
||||
- storage.yaml
|
||||
|
||||
@@ -10,7 +10,7 @@ spec:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
revision: HEAD
|
||||
directories:
|
||||
- path: apps/overlays/*/artifactapi
|
||||
- path: apps/overlays/*/argocd-image-updater
|
||||
- path: apps/overlays/*/cattle-system
|
||||
- path: apps/overlays/*/cert-manager
|
||||
- path: apps/overlays/*/certificates
|
||||
|
||||
@@ -11,6 +11,8 @@ spec:
|
||||
destinations:
|
||||
- namespace: 'litellm'
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: 'paperclip'
|
||||
server: https://kubernetes.default.svc
|
||||
clusterResourceWhitelist:
|
||||
- group: ''
|
||||
kind: Namespace
|
||||
|
||||
@@ -8,7 +8,6 @@ spec:
|
||||
description: Observability stack (metrics, monitoring)
|
||||
sourceRepos:
|
||||
- https://git.unkin.net/unkin/argocd-apps
|
||||
- https://victoriametrics.github.io/helm-charts/
|
||||
destinations:
|
||||
- namespace: 'observability'
|
||||
server: https://kubernetes.default.svc
|
||||
|
||||
@@ -8,17 +8,9 @@ spec:
|
||||
description: Platform infrastructure and core services
|
||||
sourceRepos:
|
||||
- https://git.unkin.net/unkin/argocd-apps
|
||||
- https://charts.jetstack.io
|
||||
- https://cloudnative-pg.github.io/charts
|
||||
- https://helm.elastic.co
|
||||
- https://helm.releases.hashicorp.com
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/virtual/helm
|
||||
- https://purelb.github.io/purelb/charts
|
||||
- https://intel.github.io/helm-charts/
|
||||
- https://kubernetes-sigs.github.io/external-dns/
|
||||
- https://releases.rancher.com/server-charts/stable
|
||||
- https://victoriametrics.github.io/helm-charts/
|
||||
- oci://gcr.io/k8s-staging-nfd/charts
|
||||
- oci://ghcr.io/emberstack/helm-charts
|
||||
- oci://ghcr.io/woodpecker-ci/helm/woodpecker
|
||||
destinations:
|
||||
- namespace: '*-system'
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: argocd-repo-server
|
||||
namespace: argocd
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
volumes:
|
||||
- name: vault-ca-cert
|
||||
secret:
|
||||
secretName: vault-ca-cert
|
||||
items:
|
||||
- key: ca.crt
|
||||
path: ca.crt
|
||||
containers:
|
||||
- name: argocd-repo-server
|
||||
env:
|
||||
- name: SSL_CERT_DIR
|
||||
value: /etc/ssl/certs:/custom-certs
|
||||
volumeMounts:
|
||||
- name: vault-ca-cert
|
||||
mountPath: /custom-certs
|
||||
readOnly: true
|
||||
@@ -0,0 +1,21 @@
|
||||
---
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: argocd
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://git.unkin.net/unkin/argocd-apps
|
||||
targetRevision: HEAD
|
||||
path: clusters/au-syd1/bootstrap
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: false
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
@@ -0,0 +1,50 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: argocd-tls-certs-cm
|
||||
namespace: argocd
|
||||
data:
|
||||
artifactapi.k8s.syd1.au.unkin.net: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDujCCAqKgAwIBAgIULZAR/QcvAnxdi04S6bXhNeazozYwDQYJKoZIhvcNAQEL
|
||||
BQAwFDESMBAGA1UEAxMJdW5raW4ubmV0MB4XDTI0MDQyNzExMzcyMloXDTI5MDQy
|
||||
NjExMzc1MlowKzEpMCcGA1UEAxMgdW5raW4ubmV0IEludGVybWVkaWF0ZSBBdXRo
|
||||
b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDq0ZU2DnuYW5s
|
||||
E3lPjVe2Ns6cPu64yx1GLVqB5VbOUs71ThRjPjvEwE98YtGMza8ok0CQSqS2qX8z
|
||||
vnMbnVCaWKjCnem/dtQtB+8WCu5uQuNHhwqxgw1tD/klAkVLWGgTPDEgasvjDMkc
|
||||
sW8in/BhtrV9YA/lQGpge+j9/MFXhlnvaLCPybFifPRX9Yc5CcnhSzLSzFPO4PJx
|
||||
VH4Qu9eByyKHMTvgcCy6p9qjjzz+8dtAlxeIsgfTEdvtfCPowsF+v2XooutTsJt0
|
||||
xUDvUDu4xV6tVCEOYRA2cZHkLRBhV289M0hocHrsGqMmA1+j0skwwt/6UkVHqlCT
|
||||
mitItX+RAgMBAAGjgewwgekwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
|
||||
Af8wHQYDVR0OBBYEFEp/+grAdVqRSeb9xJjSeZYNW32MMB8GA1UdIwQYMBaAFBqc
|
||||
v6Y+hfHt4EjgKa/uoQGEHTknMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAoYr
|
||||
aHR0cHM6Ly92YXVsdC5zZXJ2aWNlLmNvbnN1bC92MS9wa2lfcm9vdC9jYTA9BgNV
|
||||
HR8ENjA0MDKgMKAuhixodHRwczovL3ZhdWx0LnNlcnZpY2UuY29uc3VsL3YxL3Br
|
||||
aV9yb290L2NybDANBgkqhkiG9w0BAQsFAAOCAQEAM0FS8tscZe7yly/gM7jO6lx5
|
||||
muMFusifjUIrcQGnZBkoECeuUVPNTs3e/Th+XaxjCnmSpqSNT3z9Irr6Hhxf7n03
|
||||
4+hpF3G0bf1yh4DRex/0ua3szvgo91RwyKVQM1BHIA1PwdF8csO+LT4FTMILzo4U
|
||||
DdSVvDEIaxYYQCDNfAD81n+8lmFbabupfsKbkSTR+sNTS+TMnLpN8YwSXdB0e+RU
|
||||
eEZRNVu0jKmbE8U/66Sc33YLe6cxbCclHA+G4giGwEP+lYZk+rFjmr6ci9bj5yyN
|
||||
Sznr7xdW0ofOdACAQFFy5KTZqCDjIrvk12vUn4bSsXmWVIQEd+jPx6wuxD/rSw==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDLzCCAhegAwIBAgIUIDADwsHIrQ8dfncpechBdIUCQdIwDQYJKoZIhvcNAQEL
|
||||
BQAwFDESMBAGA1UEAxMJdW5raW4ubmV0MB4XDTI0MDQyNzExMjcwMloXDTM0MDQy
|
||||
NTExMjczMlowFDESMBAGA1UEAxMJdW5raW4ubmV0MIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEA3ENPv7R7gCUJAg8Q4hB2LEZSdvbK155YbcrguLDDnu6m
|
||||
2fkJn8jYMMW3Z6/+Y04ouGwi6sKup8ggTb217sY+dC4IUZjotDPAhruxfXVQAh0v
|
||||
Yr3RYoxVDrm4nRSFLo1RA4Qt+1KK299mHGQf9iAiwbsFp5mDrJT9uz15FE2uWmbK
|
||||
8/onMyJC4fnkMihVN6NIgTtjpHYNm5aAJwxoWldTopgF0ucb7X3XVPNbKAmd3Avd
|
||||
lsOo6m751zSZ0HvJOxgRSy7lvPzMuUfCQsOcmI4O4+Z2FL4Y7p+T9DvWkciC7L3i
|
||||
tBiK30fPfGKNpWaof1ONCcPQNjMwWcEFXqSiWUOXkwIDAQABo3kwdzAOBgNVHQ8B
|
||||
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGpy/pj6F8e3gSOAp
|
||||
r+6hAYQdOScwHwYDVR0jBBgwFoAUGpy/pj6F8e3gSOApr+6hAYQdOScwFAYDVR0R
|
||||
BA0wC4IJdW5raW4ubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQA5xocILzuvD+R2Iub1
|
||||
UnTdcVpgNcxJmESz0eX4UrkcBmddtuFINXvDTv5//XTFs78LsVVSf00xZ+2C62Xe
|
||||
xRdCdluHN8VDCAKulP4XJY1BiZ7im0v+iMgPDKhq4OXb86WFYI/8J6uRm7oIAwj1
|
||||
zhhKxMimkzli+yHB8ipL15W7l68CMUgmOjFA+EG6sbfadFpQTX/h6TVj3FQPkU/p
|
||||
UJEm2XjlGNAKGJrNRU47PM4vRDv5Joyowp9zv/pHFXvUJladaJupMKRJQVWQz1US
|
||||
EXE67rawG79s3vm8dDolnbli/IhPHtjDRIprxAwrMs5tt9cY0xsRkFBZVcAOjrpb
|
||||
4gqd
|
||||
-----END CERTIFICATE-----
|
||||
@@ -3,11 +3,21 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github_user/argoproj/argo-cd/refs/tags/v3.3.2/manifests/ha/install.yaml
|
||||
- https://artifactapi.k8s.syd1.au.unkin.net/api/v1/remote/github/kubernetes-sigs/gateway-api/releases/download/v1.5.1/standard-install.yaml
|
||||
- au-syd1-apps.yaml
|
||||
- argocd-self-app.yaml
|
||||
|
||||
patches:
|
||||
- path: argocd-cm-patch.yaml
|
||||
target:
|
||||
kind: ConfigMap
|
||||
name: argocd-cm
|
||||
- path: argocd-tls-certs-patch.yaml
|
||||
target:
|
||||
kind: ConfigMap
|
||||
name: argocd-tls-certs-cm
|
||||
- path: argocd-repo-server-vault-ca-patch.yaml
|
||||
target:
|
||||
kind: Deployment
|
||||
name: argocd-repo-server
|
||||
|
||||
Reference in New Issue
Block a user