chore(deps): setup renovate bot

* chore(deps): add renovate.json * chore(renovate): add argocd apps Signed-off-by: Vojtech Mares <iam@vojtechmares.com> * chore(renovate): naive path matching to regex Signed-off-by: Vojtech Mares <iam@vojtechmares.com> --------- Signed-off-by: Vojtech Mares <iam@vojtechmares.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vojtech Mares <iam@vojtechmares.com>
feat(cluster-infrastructure): add hetzner-ccm
2024-01-01 10:19:57 +01:00 · 2023-12-31 11:12:45 +01:00 · 2023-12-30 22:46:01 +01:00 · 2023-12-13 16:32:56 +01:00 · 2023-12-13 16:23:43 +01:00 · 2023-12-13 16:19:41 +01:00
7 changed files with 190 additions and 38 deletions
--- a/apps/cluster-infrastructure/cilium.yaml
+++ b/apps/cluster-infrastructure/cilium.yaml
@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cilium
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1000"
+spec:
+  project: cluster-infrastructure
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  source:
+    chart: cilium
+    repoURL: https://helm.cilium.io/
+    targetRevision: 1.14.4
+    helm:
+      releaseName: cilium
+      valuesObject:
+        kubeProxyReplacement: true
+        k8sServiceHost: cthulhu.k8s.vxm.cz
+        k8sServicePort: 6443
+        hubble:
+          relay:
+            enabled: true
+          ui:
+            enabled: true
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
--- a/apps/cluster-infrastructure/hetzner-ccm.yaml
+++ b/apps/cluster-infrastructure/hetzner-ccm.yaml
@ -0,0 +1,44 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: hetzner-ccm
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  project: cluster-infrastructure
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+  source:
+    chart: hcloud-cloud-controller-manager
+    repoURL: https://charts.hetzner.cloud
+    targetRevision: 1.19.0
+    helm:
+      releaseName: hetzner-ccm
+      valuesObject:
+        nameOverride: hetzner-ccm
+        replicaCount: 2
+        # Since version 1.19.0, the CCM supports also Hetzner Robot (bare metal)
+        robot:
+          enabled: true
+        env:
+          HCLOUD_TOKEN:
+            valueFrom:
+              secretKeyRef:
+                name: hetzner-cloud-token
+                key: cloud-token
+          ROBOT_USER:
+            valueFrom:
+              secretKeyRef:
+                name: hetzner-robot-credentials
+                key: robot-user
+          ROBOT_PASSWORD:
+            valueFrom:
+              secretKeyRef:
+                name: hetzner-robot-credentials
+                key: robot-password
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: kube-system
--- a/apps/cluster-infrastructure/ingress-nginx.yaml
+++ b/apps/cluster-infrastructure/ingress-nginx.yaml
@ -0,0 +1,48 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-nginx
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1000"
+spec:
+  project: cluster-infrastructure
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    chart: ingress-nginx
+    repoURL: https://kubernetes.github.io/ingress-nginx
+    targetRevision: 4.8.4
+    helm:
+      releaseName: ingress-nginx
+      valuesObject:
+        ingressClassResource:
+          default: true
+        controller:
+          kind: DaemonSet
+          updateStrategy:
+            type: RollingUpdate
+            rollingUpdate:
+              maxUnavailable: 1
+          service:
+            type: NodePort
+            nodePorts:
+              http: 32080
+              https: 32443
+          hostPort:
+            enabled: true
+          metrics:
+            enabled: true
+            serviceMonitor:
+              enabled: false
+          config:
+            allow-snippet-annotations: "true"
+            generate-request-id: "true"
+            use-proxy-protocol: "true"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: ingress-nginx
--- a/apps/cluster-infrastructure/minio-operator.yaml
+++ b/apps/cluster-infrastructure/minio-operator.yaml
@ -1,37 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: minio-operator
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-wave: "10"
-spec:
-  project: cluster-infrastructure
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-  source:
-    chart: operator
-    repoURL: https://operator.min.io
-    targetRevision: 5.0.10
-    helm:
-      releaseName: minio-operator
-      valuesObject:
-        console:
-          replicaCount: 2
-          ingress:
-            enabled: true
-            ingressClassName: nginx
-            annotations:
-              cert-manager.io/cluster-issuer: letsencrypt-prod
-            host: console.minio.cthulhunetes.net
-            tls:
-              - hosts:
-                  - console.minio.ops.cthulhunetes.net
-                secretName: minio-console-ingress-tls
-  destination:
-    server: "https://kubernetes.default.svc"
-    namespace: minio-operator
--- a/apps/shared-resources/redis.yaml
+++ b/apps/shared-resources/redis.yaml
@ -0,0 +1,55 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: redis
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+spec:
+  project: shared-resources
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  source:
+    chart: redis-ha
+    repoURL: https://dandydeveloper.github.io/charts
+    targetRevision: 4.23.0
+    helm:
+      releaseName: redis
+      valuesObject:
+        fullnameOverride: redis
+        replicas: 3
+        hardAntiAffinity: true
+        persistentVolume:
+          enabled: true
+          size: 10Gi
+          accessModes:
+            - ReadWriteOnce
+          storageClass: longhorn-static
+        redis:
+          resources:
+            limits:
+              cpu: 500m
+              memory: 4Gi
+            requests:
+              cpu: 200m
+              memory: 4Gi
+        haproxy:
+          enabled: true
+          replicas: 3
+          hardAntiAffinity: true
+          resources:
+            limits:
+              cpu: 400m
+              memory: 1Gi
+            requests:
+              cpu: 200m
+              memory: 1Gi
+        exporter:
+          enabled: true
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: redis
--- a/manifests/postgres/postgres.yaml
+++ b/manifests/postgres/postgres.yaml
@ -37,4 +37,4 @@ spec:
  affinity:
    enablePodAntiAffinity: true
    topologyKey: topology.kubernetes.io/zone # default: kubernetes.io/hostname
-    podAntiAffinityType: required
+    podAntiAffinityType: preferred
--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,11 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>vojtechmares/renovate-config"
+  ],
+  "argocd": {
+    "fileMatch": [
+      "apps\/.+\\.yaml$"
+    ]
+  }
+}
Author	SHA1	Message	Date
renovate[bot]	a6c78aa4d7	chore(deps): setup renovate bot * chore(deps): add renovate.json * chore(renovate): add argocd apps Signed-off-by: Vojtech Mares <iam@vojtechmares.com> * chore(renovate): naive path matching to regex Signed-off-by: Vojtech Mares <iam@vojtechmares.com> --------- Signed-off-by: Vojtech Mares <iam@vojtechmares.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Vojtech Mares <iam@vojtechmares.com>	2024-01-01 10:19:57 +01:00
Vojtech Mares	6d381fed6d	feat(cluster-infrastructure): add hetzner-ccm - allows for provisioning of Services, type=LoadBalancer Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-31 11:12:45 +01:00
Vojtech Mares	2effae21fd	refactor(cluster-infrastructure): remove minio-operator Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-30 22:46:01 +01:00
Vojtech Mares	551ff7ce1e	chore(deps): bump ingress-nginx to 4.8.4 Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-13 16:32:56 +01:00
Vojtech Mares	2ed2c69a33	feat(apps): add ingress-nginx Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-13 16:23:43 +01:00
Vojtech Mares	0ed95db434	chore(deps): bump cilium to 1.14.4 Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-13 16:19:41 +01:00
Vojtech Mares	b68309f66f	feat(apps): add cilium app Signed-off-by: Vojtech Mares <iam@vojtechmares.com>	2023-12-13 16:17:48 +01:00
Vojtech Mares	2208c1ebdd	feat(redis): add fullnameOverride=redis	2023-11-25 10:10:37 +01:00
Vojtech Mares	5147b845a3	feat(apps): add shared-resource redis	2023-11-25 10:05:50 +01:00
Vojtech Mares	599a939792	revert: "refactor(manifests/postgres): podAntiAffinity is required, not preferred anymore" This reverts commit `8ad13a63af`.	2023-11-23 10:13:35 +01:00