diff --git a/apps/cluster-infrastructure/cilium.yaml b/apps/cluster-infrastructure/cilium.yaml new file mode 100644 index 0000000..7bc2ca5 --- /dev/null +++ b/apps/cluster-infrastructure/cilium.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cilium + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1000" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + source: + chart: cilium + repoURL: https://helm.cilium.io/ + targetRevision: 1.14.4 + helm: + releaseName: cilium + valuesObject: + kubeProxyReplacement: true + k8sServiceHost: cthulhu.k8s.vxm.cz + k8sServicePort: 6443 + hubble: + relay: + enabled: true + ui: + enabled: true + destination: + server: "https://kubernetes.default.svc" + namespace: kube-system diff --git a/apps/cluster-infrastructure/hetzner-ccm.yaml b/apps/cluster-infrastructure/hetzner-ccm.yaml new file mode 100644 index 0000000..3a0c74e --- /dev/null +++ b/apps/cluster-infrastructure/hetzner-ccm.yaml @@ -0,0 +1,44 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hetzner-ccm + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "10" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + source: + chart: hcloud-cloud-controller-manager + repoURL: https://charts.hetzner.cloud + targetRevision: 1.19.0 + helm: + releaseName: hetzner-ccm + valuesObject: + nameOverride: hetzner-ccm + replicaCount: 2 + # Since version 1.19.0, the CCM supports also Hetzner Robot (bare metal) + robot: + enabled: true + env: + HCLOUD_TOKEN: + valueFrom: + secretKeyRef: + name: hetzner-cloud-token + key: cloud-token + ROBOT_USER: + valueFrom: + secretKeyRef: + name: hetzner-robot-credentials + key: robot-user + ROBOT_PASSWORD: + valueFrom: + secretKeyRef: + name: hetzner-robot-credentials + key: robot-password + destination: + server: "https://kubernetes.default.svc" + namespace: kube-system diff --git a/apps/cluster-infrastructure/ingress-nginx.yaml b/apps/cluster-infrastructure/ingress-nginx.yaml new file mode 100644 index 0000000..5593a34 --- /dev/null +++ b/apps/cluster-infrastructure/ingress-nginx.yaml @@ -0,0 +1,48 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1000" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + chart: ingress-nginx + repoURL: https://kubernetes.github.io/ingress-nginx + targetRevision: 4.8.4 + helm: + releaseName: ingress-nginx + valuesObject: + ingressClassResource: + default: true + controller: + kind: DaemonSet + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + service: + type: NodePort + nodePorts: + http: 32080 + https: 32443 + hostPort: + enabled: true + metrics: + enabled: true + serviceMonitor: + enabled: false + config: + allow-snippet-annotations: "true" + generate-request-id: "true" + use-proxy-protocol: "true" + destination: + server: "https://kubernetes.default.svc" + namespace: ingress-nginx diff --git a/apps/cluster-infrastructure/minio-operator.yaml b/apps/cluster-infrastructure/minio-operator.yaml deleted file mode 100644 index 5959875..0000000 --- a/apps/cluster-infrastructure/minio-operator.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: minio-operator - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "10" -spec: - project: cluster-infrastructure - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - source: - chart: operator - repoURL: https://operator.min.io - targetRevision: 5.0.10 - helm: - releaseName: minio-operator - valuesObject: - console: - replicaCount: 2 - ingress: - enabled: true - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - host: console.minio.cthulhunetes.net - tls: - - hosts: - - console.minio.ops.cthulhunetes.net - secretName: minio-console-ingress-tls - destination: - server: "https://kubernetes.default.svc" - namespace: minio-operator diff --git a/apps/shared-resources/redis.yaml b/apps/shared-resources/redis.yaml new file mode 100644 index 0000000..3397f1d --- /dev/null +++ b/apps/shared-resources/redis.yaml @@ -0,0 +1,55 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "20" +spec: + project: shared-resources + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + chart: redis-ha + repoURL: https://dandydeveloper.github.io/charts + targetRevision: 4.23.0 + helm: + releaseName: redis + valuesObject: + fullnameOverride: redis + replicas: 3 + hardAntiAffinity: true + persistentVolume: + enabled: true + size: 10Gi + accessModes: + - ReadWriteOnce + storageClass: longhorn-static + redis: + resources: + limits: + cpu: 500m + memory: 4Gi + requests: + cpu: 200m + memory: 4Gi + haproxy: + enabled: true + replicas: 3 + hardAntiAffinity: true + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + exporter: + enabled: true + destination: + server: "https://kubernetes.default.svc" + namespace: redis diff --git a/manifests/postgres/postgres.yaml b/manifests/postgres/postgres.yaml index 7b89e71..c044d08 100644 --- a/manifests/postgres/postgres.yaml +++ b/manifests/postgres/postgres.yaml @@ -37,4 +37,4 @@ spec: affinity: enablePodAntiAffinity: true topologyKey: topology.kubernetes.io/zone # default: kubernetes.io/hostname - podAntiAffinityType: required + podAntiAffinityType: preferred diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..fcde6e5 --- /dev/null +++ b/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "local>vojtechmares/renovate-config" + ], + "argocd": { + "fileMatch": [ + "apps\/.+\\.yaml$" + ] + } +}