From 599a93979216b197c57daf3d8ae000b425b4e3d1 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Thu, 23 Nov 2023 10:13:35 +0100 Subject: [PATCH 01/10] revert: "refactor(manifests/postgres): podAntiAffinity is required, not preferred anymore" This reverts commit 8ad13a63af09bc425235c2f6d59f71ebc59b2b59. --- manifests/postgres/postgres.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/postgres/postgres.yaml b/manifests/postgres/postgres.yaml index 7b89e71..c044d08 100644 --- a/manifests/postgres/postgres.yaml +++ b/manifests/postgres/postgres.yaml @@ -37,4 +37,4 @@ spec: affinity: enablePodAntiAffinity: true topologyKey: topology.kubernetes.io/zone # default: kubernetes.io/hostname - podAntiAffinityType: required + podAntiAffinityType: preferred From 5147b845a3e0f4eee20097e93b5dcbd64dfb6655 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 25 Nov 2023 10:05:50 +0100 Subject: [PATCH 02/10] feat(apps): add shared-resource redis --- apps/shared-resources/redis.yaml | 54 ++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 apps/shared-resources/redis.yaml diff --git a/apps/shared-resources/redis.yaml b/apps/shared-resources/redis.yaml new file mode 100644 index 0000000..724dac6 --- /dev/null +++ b/apps/shared-resources/redis.yaml @@ -0,0 +1,54 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: redis + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "20" +spec: + project: shared-resources + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + chart: redis-ha + repoURL: https://dandydeveloper.github.io/charts + targetRevision: 4.23.0 + helm: + releaseName: redis + valuesObject: + replicas: 3 + hardAntiAffinity: true + persistentVolume: + enabled: true + size: 10Gi + accessModes: + - ReadWriteOnce + storageClass: longhorn-static + redis: + resources: + limits: + cpu: 500m + memory: 4Gi + requests: + cpu: 200m + memory: 4Gi + haproxy: + enabled: true + replicas: 3 + hardAntiAffinity: true + resources: + limits: + cpu: 400m + memory: 1Gi + requests: + cpu: 200m + memory: 1Gi + exporter: + enabled: true + destination: + server: "https://kubernetes.default.svc" + namespace: redis From 2208c1ebdd3a587593100e6a0e408c06318676d6 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 25 Nov 2023 10:10:37 +0100 Subject: [PATCH 03/10] feat(redis): add fullnameOverride=redis --- apps/shared-resources/redis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/shared-resources/redis.yaml b/apps/shared-resources/redis.yaml index 724dac6..3397f1d 100644 --- a/apps/shared-resources/redis.yaml +++ b/apps/shared-resources/redis.yaml @@ -20,6 +20,7 @@ spec: helm: releaseName: redis valuesObject: + fullnameOverride: redis replicas: 3 hardAntiAffinity: true persistentVolume: From b68309f66fb49a4e8100219c327a0d4c7d26ca41 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 13 Dec 2023 16:17:48 +0100 Subject: [PATCH 04/10] feat(apps): add cilium app Signed-off-by: Vojtech Mares --- apps/cluster-infrastructure/cilium.yaml | 31 +++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 apps/cluster-infrastructure/cilium.yaml diff --git a/apps/cluster-infrastructure/cilium.yaml b/apps/cluster-infrastructure/cilium.yaml new file mode 100644 index 0000000..d026e65 --- /dev/null +++ b/apps/cluster-infrastructure/cilium.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cilium + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1000" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + source: + chart: cilium + repoURL: https://helm.cilium.io/ + targetRevision: 1.14.3 + helm: + releaseName: cilium + valuesObject: + kubeProxyReplacement: true + k8sServiceHost: cthulhu.k8s.vxm.cz + k8sServicePort: 6443 + hubble: + relay: + enabled: true + ui: + enabled: true + destination: + server: "https://kubernetes.default.svc" + namespace: kube-system From 0ed95db4342c7e112ea067dff8ad87c2b0bb7fbe Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 13 Dec 2023 16:19:41 +0100 Subject: [PATCH 05/10] chore(deps): bump cilium to 1.14.4 Signed-off-by: Vojtech Mares --- apps/cluster-infrastructure/cilium.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cluster-infrastructure/cilium.yaml b/apps/cluster-infrastructure/cilium.yaml index d026e65..7bc2ca5 100644 --- a/apps/cluster-infrastructure/cilium.yaml +++ b/apps/cluster-infrastructure/cilium.yaml @@ -14,7 +14,7 @@ spec: source: chart: cilium repoURL: https://helm.cilium.io/ - targetRevision: 1.14.3 + targetRevision: 1.14.4 helm: releaseName: cilium valuesObject: From 2ed2c69a33e33efd41d2c8b43ba948be0da17799 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 13 Dec 2023 16:23:43 +0100 Subject: [PATCH 06/10] feat(apps): add ingress-nginx Signed-off-by: Vojtech Mares --- .../cluster-infrastructure/ingress-nginx.yaml | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 apps/cluster-infrastructure/ingress-nginx.yaml diff --git a/apps/cluster-infrastructure/ingress-nginx.yaml b/apps/cluster-infrastructure/ingress-nginx.yaml new file mode 100644 index 0000000..eace7cd --- /dev/null +++ b/apps/cluster-infrastructure/ingress-nginx.yaml @@ -0,0 +1,48 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "-1000" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + source: + chart: ingress-nginx + repoURL: https://kubernetes.github.io/ingress-nginx + targetRevision: 4.8.3 + helm: + releaseName: ingress-nginx + valuesObject: + ingressClassResource: + default: true + controller: + kind: DaemonSet + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + service: + type: NodePort + nodePorts: + http: 32080 + https: 32443 + hostPort: + enabled: true + metrics: + enabled: true + serviceMonitor: + enabled: false + config: + allow-snippet-annotations: "true" + generate-request-id: "true" + use-proxy-protocol: "true" + destination: + server: "https://kubernetes.default.svc" + namespace: ingress-nginx From 551ff7ce1e375923ce29e11cfe0574e7c9378267 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 13 Dec 2023 16:32:56 +0100 Subject: [PATCH 07/10] chore(deps): bump ingress-nginx to 4.8.4 Signed-off-by: Vojtech Mares --- apps/cluster-infrastructure/ingress-nginx.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/cluster-infrastructure/ingress-nginx.yaml b/apps/cluster-infrastructure/ingress-nginx.yaml index eace7cd..5593a34 100644 --- a/apps/cluster-infrastructure/ingress-nginx.yaml +++ b/apps/cluster-infrastructure/ingress-nginx.yaml @@ -16,7 +16,7 @@ spec: source: chart: ingress-nginx repoURL: https://kubernetes.github.io/ingress-nginx - targetRevision: 4.8.3 + targetRevision: 4.8.4 helm: releaseName: ingress-nginx valuesObject: From 2effae21fd128b976a3bfe39d52dee418bab9d27 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 30 Dec 2023 22:46:01 +0100 Subject: [PATCH 08/10] refactor(cluster-infrastructure): remove minio-operator Signed-off-by: Vojtech Mares --- .../minio-operator.yaml | 37 ------------------- 1 file changed, 37 deletions(-) delete mode 100644 apps/cluster-infrastructure/minio-operator.yaml diff --git a/apps/cluster-infrastructure/minio-operator.yaml b/apps/cluster-infrastructure/minio-operator.yaml deleted file mode 100644 index 5959875..0000000 --- a/apps/cluster-infrastructure/minio-operator.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: minio-operator - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "10" -spec: - project: cluster-infrastructure - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - source: - chart: operator - repoURL: https://operator.min.io - targetRevision: 5.0.10 - helm: - releaseName: minio-operator - valuesObject: - console: - replicaCount: 2 - ingress: - enabled: true - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - host: console.minio.cthulhunetes.net - tls: - - hosts: - - console.minio.ops.cthulhunetes.net - secretName: minio-console-ingress-tls - destination: - server: "https://kubernetes.default.svc" - namespace: minio-operator From 6d381fed6d20a211c513fc2e0cf75f8b8f4c9c84 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sun, 31 Dec 2023 11:12:45 +0100 Subject: [PATCH 09/10] feat(cluster-infrastructure): add hetzner-ccm - allows for provisioning of Services, type=LoadBalancer Signed-off-by: Vojtech Mares --- apps/cluster-infrastructure/hetzner-ccm.yaml | 44 ++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 apps/cluster-infrastructure/hetzner-ccm.yaml diff --git a/apps/cluster-infrastructure/hetzner-ccm.yaml b/apps/cluster-infrastructure/hetzner-ccm.yaml new file mode 100644 index 0000000..3a0c74e --- /dev/null +++ b/apps/cluster-infrastructure/hetzner-ccm.yaml @@ -0,0 +1,44 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: hetzner-ccm + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "10" +spec: + project: cluster-infrastructure + syncPolicy: + automated: + prune: true + selfHeal: true + source: + chart: hcloud-cloud-controller-manager + repoURL: https://charts.hetzner.cloud + targetRevision: 1.19.0 + helm: + releaseName: hetzner-ccm + valuesObject: + nameOverride: hetzner-ccm + replicaCount: 2 + # Since version 1.19.0, the CCM supports also Hetzner Robot (bare metal) + robot: + enabled: true + env: + HCLOUD_TOKEN: + valueFrom: + secretKeyRef: + name: hetzner-cloud-token + key: cloud-token + ROBOT_USER: + valueFrom: + secretKeyRef: + name: hetzner-robot-credentials + key: robot-user + ROBOT_PASSWORD: + valueFrom: + secretKeyRef: + name: hetzner-robot-credentials + key: robot-password + destination: + server: "https://kubernetes.default.svc" + namespace: kube-system From a6c78aa4d765a886f5b57a334dd544506dd9d853 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 10:19:57 +0100 Subject: [PATCH 10/10] chore(deps): setup renovate bot * chore(deps): add renovate.json * chore(renovate): add argocd apps Signed-off-by: Vojtech Mares * chore(renovate): naive path matching to regex Signed-off-by: Vojtech Mares --------- Signed-off-by: Vojtech Mares Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vojtech Mares --- renovate.json | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..fcde6e5 --- /dev/null +++ b/renovate.json @@ -0,0 +1,11 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "local>vojtechmares/renovate-config" + ], + "argocd": { + "fileMatch": [ + "apps\/.+\\.yaml$" + ] + } +}