From 5da9805e31971e472f21c667c98b77a5cbd90716 Mon Sep 17 00:00:00 2001 From: David Fry Date: Tue, 12 Nov 2024 10:03:46 +0000 Subject: [PATCH 01/48] first draft --- .../base/zitadel/kustomization.yaml | 13 +++ .../applications/base/zitadel/testvsjob.yaml | 18 +++ .../base/zitadel/virtual-services.yaml | 19 +++ .../base/zitadel/zitadel-values.yaml | 45 ++++++++ .../zitadel-pre/cockroach-db-values.yaml | 10 ++ .../cockroach/zitadel-pre/kustomization.yaml | 20 ++++ .../zitadel-pre/zitadel-cert-job.yaml | 108 ++++++++++++++++++ .../percona/zitadel-pre/kustomization.yaml | 12 ++ .../zitadel-pre/zitadel-config-secrets.yaml | 48 ++++++++ .../zitadel-pre/zitadel-db-values.yaml | 54 +++++++++ .../rds/zitadel-pre/aws-rds-ca-job.yaml | 67 +++++++++++ .../rds/zitadel-pre/kustomization.yaml | 16 +++ .../rds/zitadel-pre/zitadel-db-secrets.yaml | 72 ++++++++++++ .../rds/zitadel-pre/zitadel-db-values.yaml | 19 +++ .../rds/zitadel/kustomization.yaml | 6 + .../xplane-kubernetes-provider-config.yaml | 7 ++ .../zitadel-external-name-service.yaml | 23 ++++ gitops/argo-apps/base/zitadel-pre.yaml | 83 ++++++++------ gitops/argo-apps/base/zitadel.yaml | 73 ++++++++++++ 19 files changed, 676 insertions(+), 37 deletions(-) create mode 100644 gitops/applications/base/zitadel/kustomization.yaml create mode 100644 gitops/applications/base/zitadel/testvsjob.yaml create mode 100644 gitops/applications/base/zitadel/virtual-services.yaml create mode 100644 gitops/applications/base/zitadel/zitadel-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/cockroach-db-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/zitadel-cert-job.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-db-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/aws-rds-ca-job.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-secrets.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/xplane-kubernetes-provider-config.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-external-name-service.yaml create mode 100644 gitops/argo-apps/base/zitadel.yaml diff --git a/gitops/applications/base/zitadel/kustomization.yaml b/gitops/applications/base/zitadel/kustomization.yaml new file mode 100644 index 000000000..ab4fba4bb --- /dev/null +++ b/gitops/applications/base/zitadel/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - virtual-services.yaml + - testvsjob.yaml + +helmCharts: + - name: zitadel + releaseName: zitadel + version: ${ARGOCD_ENV_zitadel_helm_version} + repo: https://charts.zitadel.com + valuesFile: zitadel-values.yaml + namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/base/zitadel/testvsjob.yaml b/gitops/applications/base/zitadel/testvsjob.yaml new file mode 100644 index 000000000..5c42624f0 --- /dev/null +++ b/gitops/applications/base/zitadel/testvsjob.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: curl-test-zitadel-vs +spec: + template: + spec: + containers: + - name: curl-test + image: curlimages/curl:latest + command: ["sh"] + args: + [ + "-c", + "exit_status=$(curl -v -o /dev/null -w '%{http_code}' https://zitadel.${ARGOCD_ENV_zitadel_dns_subdomain}); if [ $exit_status -ne 200 ] && [ $exit_status -ne 302 ]; then exit 1; fi;", + ] + restartPolicy: OnFailure + backoffLimit: 10 diff --git a/gitops/applications/base/zitadel/virtual-services.yaml b/gitops/applications/base/zitadel/virtual-services.yaml new file mode 100644 index 000000000..a644405c9 --- /dev/null +++ b/gitops/applications/base/zitadel/virtual-services.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: zitadel-vs + namespace: ${ARGOCD_ENV_zitadel_namespace} +spec: + gateways: + - ${ARGOCD_ENV_zitadel_istio_gateway_namespace}/${ARGOCD_ENV_zitadel_istio_wildcard_gateway_name} + hosts: + - "zitadel.${ARGOCD_ENV_zitadel_dns_subdomain}" + http: + - match: + - uri: + prefix: / + route: + - destination: + host: zitadel + port: + number: 8080 diff --git a/gitops/applications/base/zitadel/zitadel-values.yaml b/gitops/applications/base/zitadel/zitadel-values.yaml new file mode 100644 index 000000000..3de9c9367 --- /dev/null +++ b/gitops/applications/base/zitadel/zitadel-values.yaml @@ -0,0 +1,45 @@ +replicaCount: ${ARGOCD_ENV_zitadel_replicas} +zitadel: + masterkeySecretName: masterkey + debug: + enabled: false + configmapConfig: + Log: + Level: ${ARGOCD_ENV_zitadel_log_level} + ExternalPort: 443 + ExternalSecure: true + ExternalDomain: zitadel.${ARGOCD_ENV_zitadel_dns_subdomain} + TLS: + Enabled: false + FirstInstance: + Org: + Machine: + Machine: + Username: zitadel-admin-sa + Name: Admin + MachineKey: + ExpirationDate: "2028-01-01T00:00:00Z" + # Type: 1 means JSON. This is currently the only supported machine key type. + Type: 1 + Database: + Postgres: + Port: 5432 + Database: ${ARGOCD_ENV_zitadel_db_name} + MaxOpenConns: 20 + MaxIdleConns: 10 + MaxConnLifetime: 30m + MaxConnIdleTime: 5m + User: + Username: ${ARGOCD_ENV_zitadel_db_user} + SSL: + Mode: verify-full + Admin: + Username: ${ARGOCD_ENV_zitadel_db_user} + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} + SSL: + Mode: verify-full + dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" + configSecretKey: config.yaml diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/cockroach-db-values.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/cockroach-db-values.yaml new file mode 100644 index 000000000..4236a7d2e --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/cockroach-db-values.yaml @@ -0,0 +1,10 @@ +tls: + enabled: true +storage: + persistentVolume: + size: ${ARGOCD_ENV_cockroachdb_pvc_size} +init: + provisioning: + enabled: true + jobAnnotations: + argocd.argoproj.io/hook: Sync diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml new file mode 100644 index 000000000..0ead75c20 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - zitadel-config-secrets.yaml + +helmCharts: + - name: cockroachdb + releaseName: zitadel-db + version: ${ARGOCD_ENV_cockroachdb_helm_version} + repo: https://charts.cockroachdb.com/ + valuesFile: cockroach-db-values.yaml + namespace: ${ARGOCD_ENV_zitadel_namespace} + +patches: + - target: + kind: CronJob + patch: | + - op: replace + path: /apiVersion + value: batch/v1 diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/zitadel-cert-job.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/zitadel-cert-job.yaml new file mode 100644 index 000000000..55f548e6d --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/zitadel-cert-job.yaml @@ -0,0 +1,108 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: zitadel-cert-creator + namespace: ${ARGOCD_ENV_zitadel_namespace} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: secret-creator + namespace: ${ARGOCD_ENV_zitadel_namespace} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: zitadel-cert-creator + namespace: ${ARGOCD_ENV_zitadel_namespace} +subjects: + - kind: ServiceAccount + name: zitadel-cert-creator +roleRef: + kind: Role + name: secret-creator + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: create-zitadel-cert + namespace: ${ARGOCD_ENV_zitadel_namespace} +spec: + template: + spec: + restartPolicy: OnFailure + serviceAccountName: zitadel-cert-creator + containers: + - command: + - /bin/bash + - -ecx + - | + cockroach cert create-client \ + --certs-dir /cockroach/cockroach-certs \ + --ca-key /cockroach/cockroach-certs/ca.key \ + --lifetime 8760h \ + zitadel + export SECRET=$(cat < Date: Wed, 13 Nov 2024 09:49:34 +0000 Subject: [PATCH 02/48] wip for db modules --- .../db-external-name-service.yaml} | 0 .../rdbms_provider/percona/db/db-values.yaml | 512 ++++++++++++++++++ .../percona/db/kustomization.yaml | 13 + .../percona/gitlab-pre/gitlab-db-values.yaml | 512 ------------------ .../percona/gitlab-pre/kustomization.yaml | 17 - .../gitlab-pre/praefect-db-values.yaml | 511 ----------------- .../percona/gitlab/kustomization.yaml | 6 - .../praefect-external-name-service.yaml | 9 - .../db-external-name-service.yaml} | 6 +- .../db-secrets.yaml} | 10 +- .../db-values.yaml} | 0 .../rdbms_provider/rds/db/kustomization.yaml | 14 + .../xplane-kubernetes-provider-config.yaml | 0 .../rds/gitlab-pre/kustomization.yaml | 22 - .../rds/gitlab-pre/praefect-db-secrets.yaml | 73 --- .../rds/gitlab-pre/praefect-db-values.yaml | 22 - .../rds/gitlab/kustomization.yaml | 7 - .../praefect-external-name-service.yaml | 23 - .../rds/zitadel-pre/aws-rds-ca-job.yaml | 67 --- .../rds/zitadel-pre/kustomization.yaml | 16 - .../rds/zitadel-pre/zitadel-db-secrets.yaml | 72 --- .../rds/zitadel-pre/zitadel-db-values.yaml | 19 - .../rds/zitadel/kustomization.yaml | 6 - .../xplane-kubernetes-provider-config.yaml | 7 - .../zitadel-external-name-service.yaml | 23 - gitops/argo-apps/base/gitlab-pre.yaml | 457 +++++++++------- gitops/argo-apps/base/zitadel-pre.yaml | 73 ++- 27 files changed, 877 insertions(+), 1620 deletions(-) rename gitops/applications/overlays/rdbms_provider/percona/{gitlab/gitlab-external-name-service.yaml => db/db-external-name-service.yaml} (100%) create mode 100644 gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/gitlab-db-values.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/praefect-db-values.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/gitlab/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/gitlab/praefect-external-name-service.yaml rename gitops/applications/overlays/rdbms_provider/rds/{gitlab/gitlab-external-name-service.yaml => db/db-external-name-service.yaml} (71%) rename gitops/applications/overlays/rdbms_provider/rds/{gitlab-pre/gitlab-db-secrets.yaml => db/db-secrets.yaml} (90%) rename gitops/applications/overlays/rdbms_provider/rds/{gitlab-pre/gitlab-db-values.yaml => db/db-values.yaml} (100%) create mode 100644 gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml rename gitops/applications/overlays/rdbms_provider/rds/{gitlab => db}/xplane-kubernetes-provider-config.yaml (100%) delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-secrets.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-values.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/gitlab/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/gitlab/praefect-external-name-service.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/aws-rds-ca-job.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-secrets.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-values.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/xplane-kubernetes-provider-config.yaml delete mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-external-name-service.yaml diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab/gitlab-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml similarity index 100% rename from gitops/applications/overlays/rdbms_provider/percona/gitlab/gitlab-external-name-service.yaml rename to gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml new file mode 100644 index 000000000..3bc72d499 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml @@ -0,0 +1,512 @@ +# Default values for pg-cluster. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +fullnameOverride: ${ARGOCD_ENV_dbdeploy_name_prefix} + +finalizers: +# Set this if you want that operator deletes the PVCs on cluster deletion +# - percona.com/delete-pvc +# Set this if you want that operator deletes the ssl objects on cluster deletion +# - percona.com/delete-ssl + +crVersion: 2.4.0 +repository: percona/percona-postgresql-operator +image: percona/percona-postgresql-operator:2.4.0-ppg16.3-postgres +imagePullPolicy: Always +postgresVersion: 16 +# port: 5432 +pause: false +unmanaged: false +standby: + enabled: false + # host: "" + # port: "" + # repoName: repo1 + +customTLSSecret: + name: "" +customReplicationTLSSecret: + name: "" + +# openshift: true + +users: + - name: ${ARGOCD_ENV_db_username} + databases: + - ${ARGOCD_ENV_db_name} + options: "SUPERUSER" + password: + type: ASCII + secretName: "${ARGOCD_ENV_db_secret}" + +# databaseInitSQL: +# key: init.sql +# name: gitlab-init-db + +# dataSource: +# postgresCluster: +# clusterName: cluster1 +# repoName: repo1 +# options: +# - --type=time +# - --target="2021-06-09 14:15:11-04" +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers +# pgbackrest: +# stanza: db +# configuration: +# - secret: +# name: pgo-s3-creds +# global: +# repo1-path: /pgbackrest/postgres-operator/hippo/repo1 +# options: +# - --type=time +# - --target="2021-06-09 14:15:11-04" +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers +# repo: +# name: repo1 +# s3: +# bucket: "my-bucket" +# endpoint: "s3.ca-central-1.amazonaws.com" +# region: "ca-central-1" +# gcs: +# bucket: "my-bucket" +# azure: +# container: "my-container" + +# volumes: +# pgDataVolume: +# pvcName: cluster1 +# directory: cluster1 +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers +# annotations: +# test-annotation: value +# labels: +# test-label: value +# pgWALVolume: +# pvcName: cluster1-pvc-name +# directory: some-dir +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers +# annotations: +# test-annotation: value +# labels: +# test-label: value +# pgBackRestVolume: +# pvcName: cluster1-pgbr-repo +# directory: cluster1-backrest-shared-repo +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers +# annotations: +# test-annotation: value +# labels: +# test-label: value + +# expose: +# annotations: +# my-annotation: value1 +# labels: +# my-label: value2 +# type: LoadBalancer +# loadBalancerSourceRanges: +# - 10.0.0.0/8 +# exposeReplicas: +# annotations: +# my-annotation: value1 +# labels: +# my-label: value2 +# type: LoadBalancer +# loadBalancerSourceRanges: +# - 10.0.0.0/8 + +instances: + - name: instance1 + replicas: ${ARGOCD_ENV_postgres_replicas} + + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/data: postgres + topologyKey: kubernetes.io/hostname + + # resources: + # requests: + # cpu: 2.0 + # memory: 4Gi + # limits: + # cpu: 2.0 + # memory: 4Gi + # containers: + # replicaCertCopy: + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + # + # sidecars: + # - name: testcontainer + # image: mycontainer1:latest + # - name: testcontainer2 + # image: mycontainer1:latest + # + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: my-node-label + # whenUnsatisfiable: DoNotSchedule + # labelSelector: + # matchLabels: + # postgres-operator.crunchydata.com/instance-set: instance1 + # + # tolerations: + # - effect: NoSchedule + # key: role + # operator: Equal + # value: connection-poolers + # + # priorityClassName: high-priority + # + # securityContext: + # fsGroup: 1001 + # runAsUser: 1001 + # runAsNonRoot: true + # fsGroupChangePolicy: "OnRootMismatch" + # runAsGroup: 1001 + # seLinuxOptions: + # type: spc_t + # level: s0:c123,c456 + # seccompProfile: + # type: Localhost + # localhostProfile: localhost/profile.json + # supplementalGroups: + # - 1001 + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "600" + # - name: net.ipv4.tcp_keepalive_intvl + # value: "60" + # + # walVolumeClaimSpec: + # storageClassName: standard + # accessModes: + # - ReadWriteOnce + # resources: + # requests: + # storage: 1Gi + # + dataVolumeClaimSpec: + # storageClassName: standard + accessModes: + - ReadWriteOnce + resources: + requests: + storage: ${ARGOCD_ENV_postgres_storage_size} + +proxy: + pgBouncer: + replicas: ${ARGOCD_ENV_postgres_proxy_replicas} + image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbouncer1.22.1 + # exposeSuperusers: true + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + # containers: + # pgbouncerConfig: + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + + # expose: + # annotations: + # my-annotation: value1 + # labels: + # my-label: value2 + # type: LoadBalancer + # loadBalancerSourceRanges: + # - 10.0.0.0/8 + + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/role: pgbouncer + topologyKey: kubernetes.io/hostname + + # tolerations: + # - effect: NoSchedule + # key: role + # operator: Equal + # value: connection-poolers + # + # securityContext: + # fsGroup: 1001 + # runAsUser: 1001 + # runAsNonRoot: true + # fsGroupChangePolicy: "OnRootMismatch" + # runAsGroup: 1001 + # seLinuxOptions: + # type: spc_t + # level: s0:c123,c456 + # seccompProfile: + # type: Localhost + # localhostProfile: localhost/profile.json + # supplementalGroups: + # - 1001 + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "600" + # - name: net.ipv4.tcp_keepalive_intvl + # value: "60" + # + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: my-node-label + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # postgres-operator.crunchydata.com/role: pgbouncer + # + # sidecars: + # - name: bouncertestcontainer1 + # image: mycontainer1:latest + # + # customTLSSecret: + # name: keycloakdb-pgbouncer.tls + # + config: + global: + pool_mode: transaction + query_wait_timeout: "600" + +backups: + pgbackrest: + # metadata: + # labels: + image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbackrest2.51-1 + # containers: + # pgbackrest: + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + # pgbackrestConfig: + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + # + # configuration: + # - secret: + # name: cluster1-pgbackrest-secrets + # jobs: + # priorityClassName: high-priority + # resources: + # limits: + # cpu: 200m + # memory: 128Mi + # tolerations: + # - effect: NoSchedule + # key: role + # operator: Equal + # value: connection-poolers + # + # securityContext: + # fsGroup: 1001 + # runAsUser: 1001 + # runAsNonRoot: true + # fsGroupChangePolicy: "OnRootMismatch" + # runAsGroup: 1001 + # seLinuxOptions: + # type: spc_t + # level: s0:c123,c456 + # seccompProfile: + # type: Localhost + # localhostProfile: localhost/profile.json + # supplementalGroups: + # - 1001 + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "600" + # - name: net.ipv4.tcp_keepalive_intvl + # value: "60" + # + # global: + # repo1-retention-full: "14" + # repo1-retention-full-type: time + # repo1-path: /pgbackrest/postgres-operator/cluster1/repo1 + # repo1-cipher-type: aes-256-cbc + # repo1-s3-uri-style: path + # repo2-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo2 + # repo3-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo3 + # repo4-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo4 + + repoHost: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchLabels: + postgres-operator.crunchydata.com/data: pgbackrest + topologyKey: kubernetes.io/hostname + + # tolerations: + # - effect: NoSchedule + # key: role + # operator: Equal + # value: connection-poolers + # priorityClassName: high-priority + # + # topologySpreadConstraints: + # - maxSkew: 1 + # topologyKey: my-node-label + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # postgres-operator.crunchydata.com/pgbackrest: "" + # + # securityContext: + # fsGroup: 1001 + # runAsUser: 1001 + # runAsNonRoot: true + # fsGroupChangePolicy: "OnRootMismatch" + # runAsGroup: 1001 + # seLinuxOptions: + # type: spc_t + # level: s0:c123,c456 + # seccompProfile: + # type: Localhost + # localhostProfile: localhost/profile.json + # supplementalGroups: + # - 1001 + # sysctls: + # - name: net.ipv4.tcp_keepalive_time + # value: "600" + # - name: net.ipv4.tcp_keepalive_intvl + # value: "60" + + manual: + repoName: repo1 + options: + - --type=full + repos: + - name: repo1 + schedules: + full: "0 0 * * 6" + # differential: "0 1 * * 1-6" + # incremental: "0 1 * * 1-6" + volume: + volumeClaimSpec: + # storageClassName: "" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +# - name: repo2 +# s3: +# bucket: "" +# endpoint: "" +# region: "" +# - name: repo3 +# gcs: +# bucket: "" +# - name: repo4 +# azure: +# container: "" +# +# restore: +# repoName: repo1 +# tolerations: +# - effect: NoSchedule +# key: role +# operator: Equal +# value: connection-poolers + +pmm: + enabled: false + image: + repository: percona/pmm-client + tag: 2.42.0 + # imagePullPolicy: IfNotPresent + secret: cluster1-pmm-secret + serverHost: monitoring-service +# resources: +# requests: +# memory: 200M +# cpu: 500m + +# patroni: +# # Some values of the Liveness/Readiness probes of the patroni container are calulated using syncPeriodSeconds by the following formulas: +# # - timeoutSeconds: syncPeriodSeconds / 2; +# # - periodSeconds: syncPeriodSeconds; +# # - failureThreshold: leaderLeaseDurationSeconds / syncPeriodSeconds. +# syncPeriodSeconds: 10 +# leaderLeaseDurationSeconds: 30 +# dynamicConfiguration: +# postgresql: +# parameters: +# max_parallel_workers: 2 +# max_worker_processes: 2 +# shared_buffers: 1GB +# work_mem: 2MB +# pg_hba: +# - host all mytest 123.123.123.123/32 reject +# switchover: +# enabled: "true" +# targetInstance: "" + +# extensions: +# image: percona/percona-postgresql-operator:2.4.0 +# imagePullPolicy: Always +# storage: +# type: s3 +# bucket: pg-extensions +# region: eu-central-1 +# endpoint: s3.eu-central-1.amazonaws.com +# secret: +# name: cluster1-extensions-secret +# builtin: +# pg_stat_monitor: true +# pg_audit: true +# custom: +# - name: pg_cron +# version: 1.6.1 + +secrets: + name: + # replication user password + primaryuser: + # superuser password + postgres: + # pgbouncer user password + pgbouncer: + # pguser user password + pguser: diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml new file mode 100644 index 000000000..6fa1d4c3c --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - db-external-name-service.yaml + +helmCharts: + - name: pg-db + releaseName: ${ARGOCD_ENV_app_name} + version: ${ARGOCD_ENV_pgdb_helm_version} + repo: https://percona.github.io/percona-helm-charts/ + valuesFile: db-values.yaml + namespace: ${ARGOCD_ENV_db_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/gitlab-db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/gitlab-db-values.yaml deleted file mode 100644 index e9ac334c7..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/gitlab-db-values.yaml +++ /dev/null @@ -1,512 +0,0 @@ -# Default values for pg-cluster. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -fullnameOverride: ${ARGOCD_ENV_gitlab_dbdeploy_name_prefix} - -finalizers: -# Set this if you want that operator deletes the PVCs on cluster deletion -# - percona.com/delete-pvc -# Set this if you want that operator deletes the ssl objects on cluster deletion -# - percona.com/delete-ssl - -crVersion: 2.4.0 -repository: percona/percona-postgresql-operator -image: percona/percona-postgresql-operator:2.4.0-ppg16.3-postgres -imagePullPolicy: Always -postgresVersion: 16 -# port: 5432 -pause: false -unmanaged: false -standby: - enabled: false - # host: "" - # port: "" - # repoName: repo1 - -customTLSSecret: - name: "" -customReplicationTLSSecret: - name: "" - -# openshift: true - -users: - - name: ${ARGOCD_ENV_gitlab_db_username} - databases: - - ${ARGOCD_ENV_gitlab_db_name} - options: "SUPERUSER" - password: - type: ASCII - secretName: "${ARGOCD_ENV_gitlab_db_secret}" - -# databaseInitSQL: -# key: init.sql -# name: gitlab-init-db - -# dataSource: -# postgresCluster: -# clusterName: cluster1 -# repoName: repo1 -# options: -# - --type=time -# - --target="2021-06-09 14:15:11-04" -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# pgbackrest: -# stanza: db -# configuration: -# - secret: -# name: pgo-s3-creds -# global: -# repo1-path: /pgbackrest/postgres-operator/hippo/repo1 -# options: -# - --type=time -# - --target="2021-06-09 14:15:11-04" -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# repo: -# name: repo1 -# s3: -# bucket: "my-bucket" -# endpoint: "s3.ca-central-1.amazonaws.com" -# region: "ca-central-1" -# gcs: -# bucket: "my-bucket" -# azure: -# container: "my-container" - -# volumes: -# pgDataVolume: -# pvcName: cluster1 -# directory: cluster1 -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value -# pgWALVolume: -# pvcName: cluster1-pvc-name -# directory: some-dir -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value -# pgBackRestVolume: -# pvcName: cluster1-pgbr-repo -# directory: cluster1-backrest-shared-repo -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value - -# expose: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 -# exposeReplicas: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 - -instances: -- name: instance1 - replicas: ${ARGOCD_ENV_postgres_replicas} - - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/data: postgres - topologyKey: kubernetes.io/hostname - -# resources: -# requests: -# cpu: 2.0 -# memory: 4Gi -# limits: -# cpu: 2.0 -# memory: 4Gi -# containers: -# replicaCertCopy: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# -# sidecars: -# - name: testcontainer -# image: mycontainer1:latest -# - name: testcontainer2 -# image: mycontainer1:latest -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: DoNotSchedule -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/instance-set: instance1 -# -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# priorityClassName: high-priority -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# walVolumeClaimSpec: -# storageClassName: standard -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 1Gi -# - dataVolumeClaimSpec: -# storageClassName: standard - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${ARGOCD_ENV_postgres_storage_size} - -proxy: - pgBouncer: - replicas: ${ARGOCD_ENV_postgres_proxy_replicas} - image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbouncer1.22.1 -# exposeSuperusers: true -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# containers: -# pgbouncerConfig: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi - -# expose: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 - - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/role: pgbouncer - topologyKey: kubernetes.io/hostname - -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: ScheduleAnyway -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/role: pgbouncer -# -# sidecars: -# - name: bouncertestcontainer1 -# image: mycontainer1:latest -# -# customTLSSecret: -# name: keycloakdb-pgbouncer.tls -# - config: - global: - pool_mode: transaction - query_wait_timeout: "600" - -backups: - pgbackrest: -# metadata: -# labels: - image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbackrest2.51-1 -# containers: -# pgbackrest: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# pgbackrestConfig: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# -# configuration: -# - secret: -# name: cluster1-pgbackrest-secrets -# jobs: -# priorityClassName: high-priority -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# global: -# repo1-retention-full: "14" -# repo1-retention-full-type: time -# repo1-path: /pgbackrest/postgres-operator/cluster1/repo1 -# repo1-cipher-type: aes-256-cbc -# repo1-s3-uri-style: path -# repo2-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo2 -# repo3-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo3 -# repo4-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo4 - - repoHost: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/data: pgbackrest - topologyKey: kubernetes.io/hostname - -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# priorityClassName: high-priority -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: ScheduleAnyway -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/pgbackrest: "" -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" - - manual: - repoName: repo1 - options: - - --type=full - repos: - - name: repo1 - schedules: - full: "0 0 * * 6" -# differential: "0 1 * * 1-6" -# incremental: "0 1 * * 1-6" - volume: - volumeClaimSpec: -# storageClassName: "" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -# - name: repo2 -# s3: -# bucket: "" -# endpoint: "" -# region: "" -# - name: repo3 -# gcs: -# bucket: "" -# - name: repo4 -# azure: -# container: "" -# -# restore: -# repoName: repo1 -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers - -pmm: - enabled: false - image: - repository: percona/pmm-client - tag: 2.42.0 -# imagePullPolicy: IfNotPresent - secret: cluster1-pmm-secret - serverHost: monitoring-service -# resources: -# requests: -# memory: 200M -# cpu: 500m - -# patroni: -# # Some values of the Liveness/Readiness probes of the patroni container are calulated using syncPeriodSeconds by the following formulas: -# # - timeoutSeconds: syncPeriodSeconds / 2; -# # - periodSeconds: syncPeriodSeconds; -# # - failureThreshold: leaderLeaseDurationSeconds / syncPeriodSeconds. -# syncPeriodSeconds: 10 -# leaderLeaseDurationSeconds: 30 -# dynamicConfiguration: -# postgresql: -# parameters: -# max_parallel_workers: 2 -# max_worker_processes: 2 -# shared_buffers: 1GB -# work_mem: 2MB -# pg_hba: -# - host all mytest 123.123.123.123/32 reject -# switchover: -# enabled: "true" -# targetInstance: "" - -# extensions: -# image: percona/percona-postgresql-operator:2.4.0 -# imagePullPolicy: Always -# storage: -# type: s3 -# bucket: pg-extensions -# region: eu-central-1 -# endpoint: s3.eu-central-1.amazonaws.com -# secret: -# name: cluster1-extensions-secret -# builtin: -# pg_stat_monitor: true -# pg_audit: true -# custom: -# - name: pg_cron -# version: 1.6.1 - -secrets: - name: - # replication user password - primaryuser: - # superuser password - postgres: - # pgbouncer user password - pgbouncer: - # pguser user password - pguser: \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/kustomization.yaml deleted file mode 100644 index 5d9d1c1af..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -helmCharts: -- name: pg-db - releaseName: ${ARGOCD_ENV_gitlab_app_name} - version: ${ARGOCD_ENV_pgdb_helm_version} - repo: https://percona.github.io/percona-helm-charts/ - valuesFile: gitlab-db-values.yaml - namespace: ${ARGOCD_ENV_gitlab_namespace} - -- name: pg-db - releaseName: praefect - version: ${ARGOCD_ENV_pgdb_helm_version} - repo: https://percona.github.io/percona-helm-charts/ - valuesFile: praefect-db-values.yaml - namespace: ${ARGOCD_ENV_gitlab_namespace} \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/praefect-db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/praefect-db-values.yaml deleted file mode 100644 index f28e3ce5c..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/gitlab-pre/praefect-db-values.yaml +++ /dev/null @@ -1,511 +0,0 @@ -# Default values for pg-cluster. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -fullnameOverride: ${ARGOCD_ENV_praefect_dbdeploy_name_prefix} - -finalizers: -# Set this if you want that operator deletes the PVCs on cluster deletion -# - percona.com/delete-pvc -# Set this if you want that operator deletes the ssl objects on cluster deletion -# - percona.com/delete-ssl - -crVersion: 2.4.0 -repository: percona/percona-postgresql-operator -image: percona/percona-postgresql-operator:2.4.0-ppg16.3-postgres -imagePullPolicy: Always -postgresVersion: 16 -# port: 5432 -pause: false -unmanaged: false -standby: - enabled: false - # host: "" - # port: "" - # repoName: repo1 - -customTLSSecret: - name: "" -customReplicationTLSSecret: - name: "" - -# openshift: true - -users: - - name: ${ARGOCD_ENV_praefect_db_name} - databases: - - ${ARGOCD_ENV_praefect_db_username} - options: "SUPERUSER" - password: - type: ASCII - secretName: "${ARGOCD_ENV_praefect_db_secret}" - -# databaseInitSQL: -# key: init.sql -# name: praefect-init-db - -# dataSource: -# postgresCluster: -# clusterName: cluster1 -# repoName: repo1 -# options: -# - --type=time -# - --target="2021-06-09 14:15:11-04" -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# pgbackrest: -# stanza: db -# configuration: -# - secret: -# name: pgo-s3-creds -# global: -# repo1-path: /pgbackrest/postgres-operator/hippo/repo1 -# options: -# - --type=time -# - --target="2021-06-09 14:15:11-04" -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# repo: -# name: repo1 -# s3: -# bucket: "my-bucket" -# endpoint: "s3.ca-central-1.amazonaws.com" -# region: "ca-central-1" -# gcs: -# bucket: "my-bucket" -# azure: -# container: "my-container" - -# volumes: -# pgDataVolume: -# pvcName: cluster1 -# directory: cluster1 -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value -# pgWALVolume: -# pvcName: cluster1-pvc-name -# directory: some-dir -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value -# pgBackRestVolume: -# pvcName: cluster1-pgbr-repo -# directory: cluster1-backrest-shared-repo -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# annotations: -# test-annotation: value -# labels: -# test-label: value - -# expose: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 -# exposeReplicas: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 - -instances: -- name: instance1 - replicas: ${ARGOCD_ENV_praefect_postgres_replicas} - - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/data: postgres - topologyKey: kubernetes.io/hostname - -# resources: -# requests: -# cpu: 2.0 -# memory: 4Gi -# limits: -# cpu: 2.0 -# memory: 4Gi -# containers: -# replicaCertCopy: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# -# sidecars: -# - name: testcontainer -# image: mycontainer1:latest -# - name: testcontainer2 -# image: mycontainer1:latest -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: DoNotSchedule -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/instance-set: instance1 -# -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# priorityClassName: high-priority -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# walVolumeClaimSpec: -# storageClassName: standard -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 1Gi -# - dataVolumeClaimSpec: -# storageClassName: standard - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${ARGOCD_ENV_praefect_postgres_storage_size} - -proxy: - pgBouncer: - replicas: ${ARGOCD_ENV_praefect_postgres_proxy_replicas} - image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbouncer1.22.1 -# exposeSuperusers: true -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# containers: -# pgbouncerConfig: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi - -# expose: -# annotations: -# my-annotation: value1 -# labels: -# my-label: value2 -# type: LoadBalancer -# loadBalancerSourceRanges: -# - 10.0.0.0/8 - - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/role: pgbouncer - topologyKey: kubernetes.io/hostname - -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: ScheduleAnyway -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/role: pgbouncer -# -# sidecars: -# - name: bouncertestcontainer1 -# image: mycontainer1:latest -# -# customTLSSecret: -# name: keycloakdb-pgbouncer.tls -# - config: - global: - pool_mode: transaction - query_wait_timeout: "600" - -backups: - pgbackrest: -# metadata: -# labels: - image: percona/percona-postgresql-operator:2.4.0-ppg16.3-pgbackrest2.51-1 -# containers: -# pgbackrest: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# pgbackrestConfig: -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# -# configuration: -# - secret: -# name: cluster1-pgbackrest-secrets -# jobs: -# priorityClassName: high-priority -# resources: -# limits: -# cpu: 200m -# memory: 128Mi -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" -# -# global: -# repo1-retention-full: "14" -# repo1-retention-full-type: time -# repo1-path: /pgbackrest/postgres-operator/cluster1/repo1 -# repo1-cipher-type: aes-256-cbc -# repo1-s3-uri-style: path -# repo2-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo2 -# repo3-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo3 -# repo4-path: /pgbackrest/postgres-operator/cluster1-multi-repo/repo4 - - repoHost: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/data: pgbackrest - topologyKey: kubernetes.io/hostname - -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers -# priorityClassName: high-priority -# -# topologySpreadConstraints: -# - maxSkew: 1 -# topologyKey: my-node-label -# whenUnsatisfiable: ScheduleAnyway -# labelSelector: -# matchLabels: -# postgres-operator.crunchydata.com/pgbackrest: "" -# -# securityContext: -# fsGroup: 1001 -# runAsUser: 1001 -# runAsNonRoot: true -# fsGroupChangePolicy: "OnRootMismatch" -# runAsGroup: 1001 -# seLinuxOptions: -# type: spc_t -# level: s0:c123,c456 -# seccompProfile: -# type: Localhost -# localhostProfile: localhost/profile.json -# supplementalGroups: -# - 1001 -# sysctls: -# - name: net.ipv4.tcp_keepalive_time -# value: "600" -# - name: net.ipv4.tcp_keepalive_intvl -# value: "60" - - manual: - repoName: repo1 - options: - - --type=full - repos: - - name: repo1 - schedules: - full: "0 0 * * 6" -# differential: "0 1 * * 1-6" -# incremental: "0 1 * * 1-6" - volume: - volumeClaimSpec: -# storageClassName: "" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -# - name: repo2 -# s3: -# bucket: "" -# endpoint: "" -# region: "" -# - name: repo3 -# gcs: -# bucket: "" -# - name: repo4 -# azure: -# container: "" -# -# restore: -# repoName: repo1 -# tolerations: -# - effect: NoSchedule -# key: role -# operator: Equal -# value: connection-poolers - -pmm: - enabled: false - image: - repository: percona/pmm-client - tag: 2.42.0 -# imagePullPolicy: IfNotPresent - secret: cluster1-pmm-secret - serverHost: monitoring-service -# resources: -# requests: -# memory: 200M -# cpu: 500m - -# patroni: -# # Some values of the Liveness/Readiness probes of the patroni container are calulated using syncPeriodSeconds by the following formulas: -# # - timeoutSeconds: syncPeriodSeconds / 2; -# # - periodSeconds: syncPeriodSeconds; -# # - failureThreshold: leaderLeaseDurationSeconds / syncPeriodSeconds. -# syncPeriodSeconds: 10 -# leaderLeaseDurationSeconds: 30 -# dynamicConfiguration: -# postgresql: -# parameters: -# max_parallel_workers: 2 -# max_worker_processes: 2 -# shared_buffers: 1GB -# work_mem: 2MB -# pg_hba: -# - host all mytest 123.123.123.123/32 reject -# switchover: -# enabled: "true" -# targetInstance: "" - -# extensions: -# image: percona/percona-postgresql-operator:2.4.0 -# imagePullPolicy: Always -# storage: -# type: s3 -# bucket: pg-extensions -# region: eu-central-1 -# endpoint: s3.eu-central-1.amazonaws.com -# secret: -# name: cluster1-extensions-secret -# builtin: -# pg_stat_monitor: true -# pg_audit: true -# custom: -# - name: pg_cron -# version: 1.6.1 - -secrets: - name: - # replication user password - primaryuser: - # superuser password - postgres: - # pgbouncer user password - pgbouncer: - # pguser user password - pguser: \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/gitlab/kustomization.yaml deleted file mode 100644 index 099c03432..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/gitlab/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - gitlab-external-name-service.yaml - - praefect-external-name-service.yaml diff --git a/gitops/applications/overlays/rdbms_provider/percona/gitlab/praefect-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/percona/gitlab/praefect-external-name-service.yaml deleted file mode 100644 index 92b2554b4..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/gitlab/praefect-external-name-service.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ${ARGOCD_ENV_praefect_externalservice_name} - namespace: "${ARGOCD_ENV_gitlab_namespace}" -spec: - externalName: ${ARGOCD_ENV_praefect_dbdeploy_name_prefix}-pgbouncer.${ARGOCD_ENV_gitlab_namespace}.svc.cluster.local - sessionAffinity: None - type: ExternalName diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab/gitlab-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml similarity index 71% rename from gitops/applications/overlays/rdbms_provider/rds/gitlab/gitlab-external-name-service.yaml rename to gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml index aaa397829..3ad37ce85 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab/gitlab-external-name-service.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml @@ -1,7 +1,7 @@ apiVersion: kubernetes.crossplane.io/v1alpha2 kind: Object metadata: - name: ${ARGOCD_ENV_gitlab_externalservice_name} + name: ${ARGOCD_ENV_externalservice_name} spec: forProvider: manifest: @@ -11,7 +11,7 @@ spec: externalName: sample kind: Service metadata: - namespace: "${ARGOCD_ENV_gitlab_namespace}" + namespace: "${ARGOCD_ENV_externalservice_namespace}" providerConfigRef: name: kubernetes-provider references: @@ -19,5 +19,5 @@ spec: apiVersion: rds.aws.crossplane.io/v1alpha1 fieldPath: status.atProvider.endpoint kind: DBCluster - name: ${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_gitlab_dbdeploy_name_prefix} + name: ${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} toFieldPath: spec.externalName diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/gitlab-db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml similarity index 90% rename from gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/gitlab-db-secrets.yaml rename to gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index 733d41865..8fc9f49a3 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/gitlab-db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -1,7 +1,7 @@ apiVersion: redhatcop.redhat.io/v1alpha1 kind: PasswordPolicy metadata: - name: gitlabdb-password-policy + name: rdsdb-password-policy namespace: ${ARGOCD_ENV_vault_namespace} spec: # Add fields here @@ -32,7 +32,7 @@ spec: apiVersion: redhatcop.redhat.io/v1alpha1 kind: RandomSecret metadata: - name: gitlabdb-password + name: rdsdb-password namespace: ${ARGOCD_ENV_vault_namespace} spec: authentication: @@ -41,10 +41,10 @@ spec: serviceAccount: name: default isKVSecretsEngineV2: true - path: /secret/data/gitlabdb + path: /secret/data/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} secretKey: password secretFormat: - passwordPolicyName: gitlabdb-password-policy + passwordPolicyName: rdsdb-password-policy --- apiVersion: redhatcop.redhat.io/v1alpha1 kind: VaultSecret @@ -70,4 +70,4 @@ spec: reflector.v1.k8s.emberstack.com/reflection-allowed: "true" reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "${ARGOCD_ENV_gitlab_namespace}" reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces - reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_gitlab_namespace}" \ No newline at end of file + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_gitlab_namespace}" diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/gitlab-db-values.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml similarity index 100% rename from gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/gitlab-db-values.yaml rename to gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml new file mode 100644 index 000000000..363af4f1f --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmGlobals: + chartHome: ../helmcharts + +helmCharts: + - name: dbmr + releaseName: ${ARGOCD_ENV_release} + version: 0.1.0 + valuesFile: db-values.yaml + namespace: ${ARGOCD_ENV_namespace} +resources: + - xplane-kubernetes-provider-config.yaml + - db-external-name-service.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab/xplane-kubernetes-provider-config.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml similarity index 100% rename from gitops/applications/overlays/rdbms_provider/rds/gitlab/xplane-kubernetes-provider-config.yaml rename to gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/kustomization.yaml deleted file mode 100644 index e39410f9e..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/kustomization.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -helmGlobals: - chartHome: ../helmcharts - -helmCharts: - - name: dbmr - releaseName: gitlabdb - version: 0.1.0 - valuesFile: gitlab-db-values.yaml - namespace: ${ARGOCD_ENV_gitlab_namespace} - - - name: dbmr - releaseName: praefectdb - version: 0.1.0 - valuesFile: praefect-db-values.yaml - namespace: ${ARGOCD_ENV_gitlab_namespace} - -resources: - - gitlab-db-secrets.yaml - - praefect-db-secrets.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-secrets.yaml deleted file mode 100644 index b49296649..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-secrets.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: PasswordPolicy -metadata: - name: praefectdb-password-policy - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - # Add fields here - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - passwordPolicy: | - length = 20 - rule "charset" { - charset = "abcdefghijklmnopqrstuvwxyz" - min-chars = 1 - } - rule "charset" { - charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - min-chars = 1 - } - rule "charset" { - charset = "0123456789" - min-chars = 1 - } - rule "charset" { - charset = "_" - min-chars = 1 - } ---- -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: RandomSecret -metadata: - name: praefectdb-password - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - isKVSecretsEngineV2: true - path: /secret/data/praefectdb - secretKey: password - secretFormat: - passwordPolicyName: praefectdb-password-policy ---- -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: VaultSecret -metadata: - name: gitlab-praefectdb-secret - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - refreshPeriod: 1m0s - vaultSecretDefinitions: - - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - name: dynamicsecret_praefectdb_password - path: /secret/data/praefectdb/praefectdb-password - output: - name: ${ARGOCD_ENV_praefect_db_secret} - stringData: - password: "{{ .dynamicsecret_praefectdb_password.password }}" - type: Opaque - annotations: - reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "${ARGOCD_ENV_gitlab_namespace}" - reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces - reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_gitlab_namespace}" diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-values.yaml b/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-values.yaml deleted file mode 100644 index 5b54f5216..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab-pre/praefect-db-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: ${ARGOCD_ENV_praefect_dbdeploy_name_prefix} -namePrefix: ${ARGOCD_ENV_cluster_name} -namespace: "${ARGOCD_ENV_gitlab_namespace}" -region: ${ARGOCD_ENV_cloud_region} -engineVersion: "16" -size: ${ARGOCD_ENV_rds_praefect_postgres_instance_size} -storageGB: ${ARGOCD_ENV_rds_praefect_postgres_storage_size} -vpcId: ${ARGOCD_ENV_rds_vpc_id} -vpcCidr: ${ARGOCD_ENV_vpc_cidr} -subnets: ${ARGOCD_ENV_rds_subnet_list} -dbName: ${ARGOCD_ENV_praefect_db_name} -userName: ${ARGOCD_ENV_praefect_db_username} -allowMajorVersionUpgrade: false -autoMinorVersionUpgrade: false -applyImmediately: true -backupRetentionPeriod: ${ARGOCD_ENV_praefect_db_backup_retention_period} -preferredBackupWindow: ${ARGOCD_ENV_praefect_db_preferred_backup_window} -passwordSecret: - key: password - name: ${ARGOCD_ENV_praefect_db_secret} -storageType: ${ARGOCD_ENV_praefect_db_storage_type} -storageIops: ${ARGOCD_ENV_praefect_db_storage_iops} \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/gitlab/kustomization.yaml deleted file mode 100644 index 724368e86..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - xplane-kubernetes-provider-config.yaml - - gitlab-external-name-service.yaml - - praefect-external-name-service.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/gitlab/praefect-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/rds/gitlab/praefect-external-name-service.yaml deleted file mode 100644 index 19ddae362..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/gitlab/praefect-external-name-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kubernetes.crossplane.io/v1alpha2 -kind: Object -metadata: - name: ${ARGOCD_ENV_praefect_externalservice_name} -spec: - forProvider: - manifest: - apiVersion: v1 - spec: - type: ExternalName - externalName: sample - kind: Service - metadata: - namespace: "${ARGOCD_ENV_gitlab_namespace}" - providerConfigRef: - name: kubernetes-provider - references: - - patchesFrom: - apiVersion: rds.aws.crossplane.io/v1alpha1 - fieldPath: status.atProvider.endpoint - kind: DBCluster - name: ${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_praefect_dbdeploy_name_prefix} - toFieldPath: spec.externalName \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/aws-rds-ca-job.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/aws-rds-ca-job.yaml deleted file mode 100644 index 777b8b5dd..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/aws-rds-ca-job.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ca-bundle-sa - namespace: ${ARGOCD_ENV_zitadel_namespace} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: ${ARGOCD_ENV_zitadel_namespace} - name: secret-manager -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["create", "get", "list", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: secret-manager-binding - namespace: ${ARGOCD_ENV_zitadel_namespace} -subjects: -- kind: ServiceAccount - name: ca-bundle-sa - namespace: ${ARGOCD_ENV_zitadel_namespace} -roleRef: - kind: Role - name: secret-manager - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: download-rds-ca-bundle - namespace: ${ARGOCD_ENV_zitadel_namespace} -spec: - template: - spec: - serviceAccountName: ca-bundle-sa - containers: - - name: downloader - image: curlimages/curl - command: - - "sh" - - "-c" - - "curl -o /tmp/rds-ca-bundle.pem https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem" - volumeMounts: - - name: ca-bundle - mountPath: /tmp - - - name: kubectl - image: bitnami/kubectl - command: - - "sh" - - "-c" - - "kubectl create secret generic rds-ca-bundle --from-file=/tmp/rds-ca-bundle.pem -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -" - env: - - name: NAMESPACE - value: ${ARGOCD_ENV_zitadel_namespace} - volumeMounts: - - name: ca-bundle - mountPath: /tmp - - restartPolicy: OnFailure - volumes: - - name: ca-bundle - emptyDir: {} \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml deleted file mode 100644 index e1c63788b..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -helmGlobals: - chartHome: ../helmcharts - -helmCharts: - - name: dbmr - releaseName: zitadel - version: 0.1.0 - valuesFile: zitadel-db-values.yaml - namespace: ${ARGOCD_ENV_zitadel_namespace} - -resources: - - aws-rds-ca-job.yaml - - zitadel-db-secrets.yaml \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-secrets.yaml deleted file mode 100644 index ca5c0f01f..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-secrets.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: PasswordPolicy -metadata: - name: zitadeldb-password-policy - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - passwordPolicy: | - length = 20 - rule "charset" { - charset = "abcdefghijklmnopqrstuvwxyz" - min-chars = 1 - } - rule "charset" { - charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - min-chars = 1 - } - rule "charset" { - charset = "0123456789" - min-chars = 1 - } - rule "charset" { - charset = "_" - min-chars = 1 - } ---- -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: RandomSecret -metadata: - name: zitadeldb-password - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - isKVSecretsEngineV2: true - path: /secret/data/zitadeldb - secretKey: password - secretFormat: - passwordPolicyName: zitadeldb-password-policy ---- -apiVersion: redhatcop.redhat.io/v1alpha1 -kind: VaultSecret -metadata: - name: zitadel-zitadeldb-secret - namespace: ${ARGOCD_ENV_vault_namespace} -spec: - refreshPeriod: 1m0s - vaultSecretDefinitions: - - authentication: - path: ${ARGOCD_ENV_vault_k8s_admin_auth_path} - role: ${ARGOCD_ENV_vault_k8s_admin_role_name} - serviceAccount: - name: default - name: dynamicsecret_zitadeldb_password - path: /secret/data/zitadeldb/zitadeldb-password - output: - name: ${ARGOCD_ENV_zitadel_db_secret_name} - stringData: - password: "{{ .dynamicsecret_zitadeldb_password.password }}" - type: Opaque - annotations: - reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "${ARGOCD_ENV_zitadel_namespace}" - reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces - reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_zitadel_namespace}" \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-values.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-values.yaml deleted file mode 100644 index a3bcb1050..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-db-values.yaml +++ /dev/null @@ -1,19 +0,0 @@ -name: ${ARGOCD_ENV_zitadel_dbdeploy_name_prefix} -namespace: "${ARGOCD_ENV_zitadel_namespace}" -region: ${ARGOCD_ENV_cloud_region} -engineVersion: "16" -size: ${ARGOCD_ENV_rds_postgres_instance_size} -storageGB: ${ARGOCD_ENV_rds_postgres_storage_size} -vpcId: ${ARGOCD_ENV_rds_vpc_id} -vpcCidr: ${ARGOCD_ENV_vpc_cidr} -subnets: ${ARGOCD_ENV_rds_subnet_list} -dbName: ${ARGOCD_ENV_zitadel_db_name} -userName: ${ARGOCD_ENV_zitadel_db_user} -allowMajorVersionUpgrade: false -autoMinorVersionUpgrade: false -applyImmediately: true -backupRetentionPeriod: ${ARGOCD_ENV_zitadel_db_backup_retention_period} -preferredBackupWindow: ${ARGOCD_ENV_zitadel_db_preferred_backup_window} -passwordSecret: - key: password - name: ${ARGOCD_ENV_zitadel_db_secret} \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml deleted file mode 100644 index 30b809f34..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - xplane-kubernetes-provider-config.yaml - - zitadel-external-name-service.yaml \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel/xplane-kubernetes-provider-config.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel/xplane-kubernetes-provider-config.yaml deleted file mode 100644 index 721ebf812..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel/xplane-kubernetes-provider-config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kubernetes.crossplane.io/v1alpha1 -kind: ProviderConfig -metadata: - name: kubernetes-provider -spec: - credentials: - source: InjectedIdentity \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-external-name-service.yaml deleted file mode 100644 index 9772e7be1..000000000 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-external-name-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kubernetes.crossplane.io/v1alpha2 -kind: Object -metadata: - name: ${ARGOCD_ENV_zitadel_externalservice_name} -spec: - forProvider: - manifest: - apiVersion: v1 - spec: - type: ExternalName - externalName: sample - kind: Service - metadata: - namespace: "${ARGOCD_ENV_zitadel_namespace}" - providerConfigRef: - name: kubernetes-provider - references: - - patchesFrom: - apiVersion: rds.aws.crossplane.io/v1alpha1 - fieldPath: status.atProvider.endpoint - kind: DBCluster - name: ${ARGOCD_ENV_zitadel_dbdeploy_name_prefix} - toFieldPath: spec.externalName \ No newline at end of file diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index e37555389..57fa7293e 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -30,278 +30,357 @@ spec: namespace: ${ARGOCD_ENV_gitlab_gitlab_namespace} sources: - - repoURL: ${ARGOCD_ENV_argocd_repo_url} - targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} - path: gitops/applications/base/gitlab-pre - plugin: - name: envsubst - env: - - name: "cluster_name" - value: "${ARGOCD_ENV_cluster_name}" + - repoURL: ${ARGOCD_ENV_argocd_repo_url} + targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} + path: gitops/applications/base/gitlab-pre + plugin: + name: envsubst + env: + - name: "cluster_name" + value: "${ARGOCD_ENV_cluster_name}" - - name: "gitlab_namespace" - value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" + - name: "gitlab_namespace" + value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - - name: "redis_cluster_size" - value: "${ARGOCD_ENV_gitlab_pre_redis_cluster_size}" + - name: "redis_cluster_size" + value: "${ARGOCD_ENV_gitlab_pre_redis_cluster_size}" - - name: "redis_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_redis_storage_size}" + - name: "redis_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_redis_storage_size}" - - name: "gitlab_app_name" - value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" + - name: "gitlab_app_name" + value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" - - name: "vault_k8s_admin_auth_path" - value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" + - name: "vault_k8s_admin_auth_path" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" - - name: "vault_k8s_admin_role_name" - value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" + - name: "vault_k8s_admin_role_name" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" - - name: "vault_namespace" - value: "${ARGOCD_ENV_vault_vault_namespace}" + - name: "vault_namespace" + value: "${ARGOCD_ENV_vault_vault_namespace}" - - name: "git_lfs_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_git_lfs_max_objects}" + - name: "git_lfs_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_git_lfs_max_objects}" - - name: "git_lfs_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_git_lfs_storage_size}" + - name: "git_lfs_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_git_lfs_storage_size}" - - name: "gitlab_artifacts_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_artifacts_max_objects}" + - name: "gitlab_artifacts_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_artifacts_max_objects}" - - name: "gitlab_artifacts_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_artifacts_storage_size}" + - name: "gitlab_artifacts_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_artifacts_storage_size}" - - name: "gitlab_uploads_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_uploads_max_objects}" + - name: "gitlab_uploads_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_uploads_max_objects}" - - name: "gitlab_uploads_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_uploads_storage_size}" + - name: "gitlab_uploads_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_uploads_storage_size}" - - name: "gitlab_packages_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_packages_max_objects}" + - name: "gitlab_packages_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_packages_max_objects}" - - name: "gitlab_packages_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_packages_storage_size}" + - name: "gitlab_packages_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_packages_storage_size}" - - name: "gitlab_registry_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_registry_max_objects}" + - name: "gitlab_registry_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_registry_max_objects}" - - name: "gitlab_registry_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_registry_storage_size}" + - name: "gitlab_registry_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_registry_storage_size}" - - name: "gitlab_mrdiffs_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_mrdiffs_max_objects}" + - name: "gitlab_mrdiffs_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_mrdiffs_max_objects}" - - name: "gitlab_mrdiffs_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_mrdiffs_storage_size}" + - name: "gitlab_mrdiffs_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_mrdiffs_storage_size}" - - name: "gitlab_tfstate_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_tfstate_max_objects}" + - name: "gitlab_tfstate_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_tfstate_max_objects}" - - name: "gitlab_tfstate_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_tfstate_storage_size}" + - name: "gitlab_tfstate_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_tfstate_storage_size}" - - name: "gitlab_cisecurefiles_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_cisecurefiles_max_objects}" + - name: "gitlab_cisecurefiles_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_cisecurefiles_max_objects}" - - name: "gitlab_cisecurefiles_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_cisecurefiles_storage_size}" + - name: "gitlab_cisecurefiles_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_cisecurefiles_storage_size}" - - name: "gitlab_dep_proxy_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dep_proxy_max_objects}" + - name: "gitlab_dep_proxy_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dep_proxy_max_objects}" - - name: "gitlab_dep_proxy_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dep_proxy_storage_size}" + - name: "gitlab_dep_proxy_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dep_proxy_storage_size}" - - name: "gitlab_runner_cache_max_objects" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_runner_cache_max_objects}" + - name: "gitlab_runner_cache_max_objects" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_runner_cache_max_objects}" - - name: "gitlab_runner_cache_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_runner_cache_storage_size}" + - name: "gitlab_runner_cache_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_runner_cache_storage_size}" - - name: "gitlab_root_token_secret_name" - value: "root-token-secret" + - name: "gitlab_root_token_secret_name" + value: "root-token-secret" - - name: "gitlab_root_token_secret_key" - value: "token" + - name: "gitlab_root_token_secret_key" + value: "token" - - name: "gitlab_dns_subdomain" - value: "${ARGOCD_ENV_gitlab_gitlab_dns_subdomain}" + - name: "gitlab_dns_subdomain" + value: "${ARGOCD_ENV_gitlab_gitlab_dns_subdomain}" - - name: "gitlab_admin_rbac_group" - value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_admin_rbac_group}" + - name: "gitlab_admin_rbac_group" + value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_admin_rbac_group}" - - name: "gitlab_user_rbac_group" - value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_user_rbac_group}" + - name: "gitlab_user_rbac_group" + value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_user_rbac_group}" - - name: "gitlab_maintainer_rbac_group" - value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_maintainer_rbac_group}" + - name: "gitlab_maintainer_rbac_group" + value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_maintainer_rbac_group}" - - name: "zitadel_namespace" - value: "${ARGOCD_ENV_security_zitadel_namespace}" + - name: "zitadel_namespace" + value: "${ARGOCD_ENV_security_zitadel_namespace}" - - name: "terraform_modules_tag" - value: "${ARGOCD_ENV_gitlab_gitlab_terraform_modules_tag}" + - name: "terraform_modules_tag" + value: "${ARGOCD_ENV_gitlab_gitlab_terraform_modules_tag}" - - name: "zitadel_tf_provider_version" - value: "${ARGOCD_ENV_security_zitadel_zitadel_tf_provider_version}" + - name: "zitadel_tf_provider_version" + value: "${ARGOCD_ENV_security_zitadel_zitadel_tf_provider_version}" - - name: "zitadel_dns_subdomain" - value: "${ARGOCD_ENV_security_zitadel_dns_subdomain}" + - name: "zitadel_dns_subdomain" + value: "${ARGOCD_ENV_security_zitadel_dns_subdomain}" - - name: gitlab_zitadel_project_name - value: ${ARGOCD_ENV_gitlab_gitlab_app_name} + - name: gitlab_zitadel_project_name + value: ${ARGOCD_ENV_gitlab_gitlab_app_name} - - name: "gitlab_oidc_secret" - value: "${ARGOCD_ENV_gitlab_gitlab_oidc_secret}" + - name: "gitlab_oidc_secret" + value: "${ARGOCD_ENV_gitlab_gitlab_oidc_secret}" - - name: "zitadel_post_config_output_secret" - value: "${ARGOCD_ENV_security_zitadel_zitadel_post_config_output_secret}" + - name: "zitadel_post_config_output_secret" + value: "${ARGOCD_ENV_security_zitadel_zitadel_post_config_output_secret}" - - name: "zitadel_grant_prefix" - value: "${ARGOCD_ENV_security_zitadel_zitadel_grant_prefix}" + - name: "zitadel_grant_prefix" + value: "${ARGOCD_ENV_security_zitadel_zitadel_grant_prefix}" - - name: "argocd_namespace" - value: "${ARGOCD_ENV_utils_argocd_helm_namespace}" + - name: "argocd_namespace" + value: "${ARGOCD_ENV_utils_argocd_helm_namespace}" - - name: "praefect_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" + - name: "praefect_db_secret" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" - - name: "gitlab_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" + - name: "gitlab_db_secret" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" - - name: "gitlab_db_name" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" + - name: "gitlab_db_name" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" - - name: "praefect_db_name" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" + - name: "praefect_db_name" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" - - name: "gitlab_db_username" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" + - name: "gitlab_db_username" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - - name: "praefect_db_username" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" + - name: "praefect_db_username" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" - - name: "gitlab_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" + - name: "gitlab_dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - - name: "praefect_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + - name: "praefect_dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + #main gitlab db + - repoURL: ${ARGOCD_ENV_argocd_repo_url} + targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} + path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_gitlab_pre_rdbms_provider}/db + plugin: + name: envsubst + env: + - name: "cluster_name" + value: "${ARGOCD_ENV_cluster_name}" - - repoURL: ${ARGOCD_ENV_argocd_repo_url} - targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} - path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_gitlab_pre_rdbms_provider}/gitlab-pre - plugin: - name: envsubst - env: - - name: "cluster_name" - value: "${ARGOCD_ENV_cluster_name}" + - name: "app_name" + value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" - - name: "gitlab_app_name" - value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" + - name: "db_namespace" + value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - - name: "gitlab_namespace" - value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" + - name: "vault_k8s_admin_auth_path" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" - - name: "vault_k8s_admin_auth_path" - value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" + - name: "vault_k8s_admin_role_name" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" - - name: "vault_k8s_admin_role_name" - value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" + - name: "vault_namespace" + value: "${ARGOCD_ENV_vault_vault_namespace}" - - name: "vault_namespace" - value: "${ARGOCD_ENV_vault_vault_namespace}" + - name: "postgres_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" - - name: "postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" + - name: "postgres_proxy_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" - - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" + - name: "postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" - - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" + - name: "rds_postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" - - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" + - name: "rds_postgres_instance_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" - - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + - name: "rds_vpc_id" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" - - name: "praefect_postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_replicas}" + - name: "vpc_cidr" + value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" - - name: "praefect_postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_proxy_replicas}" + - name: "rds_subnet_list" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" - - name: "praefect_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_praefect_postgres_storage_size}" + - name: "cloud_region" + value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" - - name: "rds_praefect_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_storage_size}" + - name: "db_secret" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" - - name: "rds_praefect_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_instance_size}" - - - name: "rds_vpc_id" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + - name: "db_name" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" - - name: "vpc_cidr" - value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + - name: "db_username" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - - name: "rds_subnet_list" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + - name: "dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - - name: "cloud_region" - value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + - name: "db_backup_retention_period" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" - - name: "praefect_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" + - name: "db_preferred_backup_window" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" - - name: "gitlab_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" + - name: "db_storage_type" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_type}" - - name: "gitlab_db_name" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" + - name: "db_storage_iops" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" - - name: "praefect_db_name" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" + #praefect db + - repoURL: ${ARGOCD_ENV_argocd_repo_url} + targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} + path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_gitlab_pre_rdbms_provider}/db + plugin: + name: envsubst + env: + - name: "cluster_name" + value: "${ARGOCD_ENV_cluster_name}" - - name: "gitlab_db_username" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" + - name: "app_name" + value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" - - name: "praefect_db_username" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" + - name: "db_namespace" + value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - - name: "gitlab_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" + - name: "vault_k8s_admin_auth_path" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" - - name: "praefect_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + - name: "vault_k8s_admin_role_name" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" - - name: "gitlab_db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" + - name: "vault_namespace" + value: "${ARGOCD_ENV_vault_vault_namespace}" - - name: "gitlab_db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" + - name: "postgres_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" - - name: "praefect_db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_backup_retention_period}" + - name: "postgres_proxy_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" - - name: "praefect_db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_preferred_backup_window}" + - name: "postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" - - name: "gitlab_db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_type}" + - name: "rds_postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" - - name: "gitlab_db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" + - name: "rds_postgres_instance_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" - - name: "praefect_db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_type}" + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" - - name: "praefect_db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_iops}" \ No newline at end of file + - name: "postgres_replicas" + value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_replicas}" + + - name: "postgres_proxy_replicas" + value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_proxy_replicas}" + + - name: "postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_percona_praefect_postgres_storage_size}" + + - name: "rds_postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_storage_size}" + + - name: "rds_postgres_instance_size" + value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_instance_size}" + + - name: "rds_vpc_id" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + + - name: "vpc_cidr" + value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + + - name: "rds_subnet_list" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + + - name: "cloud_region" + value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + + - name: "praefect_db_secret" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" + + - name: "gitlab_db_secret" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" + + - name: "gitlab_db_name" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" + + - name: "praefect_db_name" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" + + - name: "gitlab_db_username" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" + + - name: "praefect_db_username" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" + + - name: "gitlab_dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" + + - name: "praefect_dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + + - name: "gitlab_db_backup_retention_period" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" + + - name: "gitlab_db_preferred_backup_window" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" + + - name: "praefect_db_backup_retention_period" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_backup_retention_period}" + + - name: "praefect_db_preferred_backup_window" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_preferred_backup_window}" + + - name: "gitlab_db_storage_type" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_type}" + + - name: "gitlab_db_storage_iops" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" + + - name: "praefect_db_storage_type" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_type}" + + - name: "praefect_db_storage_iops" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_iops}" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 6a02ff7df..8a4442e57 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -57,15 +57,6 @@ spec: - name: "zitadel_grant_prefix" value: "${ARGOCD_ENV_security_zitadel_zitadel_grant_prefix}" - - name: "cockroachdb_helm_version" - value: "${ARGOCD_ENV_security_cockroachdb_helm_version}" - - - name: "cockroachdb_pvc_size" - value: "${ARGOCD_ENV_security_cockroachdb_pvc_size}" - - - name: "cockroachdb_release_name" - value: "${ARGOCD_ENV_security_cockroachdb_app_name}" - - name: "zitadel_istio_gateway_namespace" value: "${ARGOCD_ENV_security_zitadel_istio_gateway_namespace}" @@ -87,5 +78,65 @@ spec: plugin: name: envsubst env: - - name: "argocd_namespace" - value: "${ARGOCD_ENV_utils_argocd_helm_namespace}" + - name: "cockroachdb_helm_version" + value: "${ARGOCD_ENV_security_zitadel_cockroachdb_provider_helm_version}" + + - name: "cockroachdb_pvc_size" + value: "${ARGOCD_ENV_security_zitadel_cockroachdb_provider_pvc_size}" + + - name: "cockroachdb_release_name" + value: "${ARGOCD_ENV_security_zitadel_cockroachdb_provider_app_name}" + + - name: "postgres_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" + + - name: "postgres_proxy_replicas" + value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" + + - name: "postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" + + - name: "rds_postgres_storage_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" + + - name: "rds_postgres_instance_size" + value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" + + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + + - name: "rds_vpc_id" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + + - name: "vpc_cidr" + value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + + - name: "rds_subnet_list" + value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + + - name: "rds_cloud_region" + value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + + - name: "db_secret" + value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_secret}" + + - name: "db_name" + value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_name}" + + - name: "db_username" + value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_username}" + + - name: "dbdeploy_name_prefix" + value: "${ARGOCD_ENV_gitlab_pre_zitadel_dbdeploy_name_prefix}" + + - name: "db_backup_retention_period" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" + + - name: "db_preferred_backup_window" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" + + - name: "db_storage_type" + value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_storage_type}" + + - name: "db_storage_iops" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" From d05871fc3c4098beccaa14c74fdbb1f451e74d54 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 16:35:03 +0530 Subject: [PATCH 03/48] saving the work --- .../percona/db/db-external-name-service.yaml | 6 +- .../percona/db/kustomization.yaml | 2 +- .../rdbms_provider/rds/db/db-secrets.yaml | 14 ++-- .../rdbms_provider/rds/db/db-values.yaml | 18 ++--- gitops/argo-apps/base/gitlab-pre.yaml | 65 ++++--------------- gitops/argo-apps/base/zitadel-pre.yaml | 9 ++- 6 files changed, 39 insertions(+), 75 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml index f54dcb3d2..13e6d6d93 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/db/db-external-name-service.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Service metadata: - name: ${ARGOCD_ENV_gitlab_externalservice_name} - namespace: "${ARGOCD_ENV_gitlab_namespace}" + name: ${ARGOCD_ENV_externalservice_name} + namespace: "${ARGOCD_ENV_namespace}" spec: - externalName: ${ARGOCD_ENV_gitlab_dbdeploy_name_prefix}-pgbouncer.${ARGOCD_ENV_gitlab_namespace}.svc.cluster.local + externalName: ${ARGOCD_ENV_dbdeploy_name_prefix}-pgbouncer.${ARGOCD_ENV_namespace}.svc.cluster.local sessionAffinity: None type: ExternalName \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml index 6fa1d4c3c..0af04bca7 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/db/kustomization.yaml @@ -10,4 +10,4 @@ helmCharts: version: ${ARGOCD_ENV_pgdb_helm_version} repo: https://percona.github.io/percona-helm-charts/ valuesFile: db-values.yaml - namespace: ${ARGOCD_ENV_db_namespace} + namespace: ${ARGOCD_ENV_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index 8fc9f49a3..582c3063b 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -49,7 +49,7 @@ spec: apiVersion: redhatcop.redhat.io/v1alpha1 kind: VaultSecret metadata: - name: gitlab-gitlabdb-secret + name: ${ARGOCD_ENV_db_secret} namespace: ${ARGOCD_ENV_vault_namespace} spec: refreshPeriod: 1m0s @@ -59,15 +59,15 @@ spec: role: ${ARGOCD_ENV_vault_k8s_admin_role_name} serviceAccount: name: default - name: dynamicsecret_gitlabdb_password - path: /secret/data/gitlabdb/gitlabdb-password + name: dynamicsecret_db_password + path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/rdsdb-password output: - name: ${ARGOCD_ENV_gitlab_db_secret} + name: ${ARGOCD_ENV_db_secret} stringData: - password: "{{ .dynamicsecret_gitlabdb_password.password }}" + password: "{{ .dynamicsecret_db_password.password }}" type: Opaque annotations: reflector.v1.k8s.emberstack.com/reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "${ARGOCD_ENV_gitlab_namespace}" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "${ARGOCD_ENV_namespace}" reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces - reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_gitlab_namespace}" + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "${ARGOCD_ENV_namespace}" diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml index e5ea7a21d..b54b299ef 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-values.yaml @@ -1,6 +1,6 @@ -name: ${ARGOCD_ENV_gitlab_dbdeploy_name_prefix} +name: ${ARGOCD_ENV_dbdeploy_name_prefix} namePrefix: ${ARGOCD_ENV_cluster_name} -namespace: "${ARGOCD_ENV_gitlab_namespace}" +namespace: "${ARGOCD_ENV_namespace}" region: ${ARGOCD_ENV_cloud_region} engineVersion: "16" size: ${ARGOCD_ENV_rds_postgres_instance_size} @@ -8,15 +8,15 @@ storageGB: ${ARGOCD_ENV_rds_postgres_storage_size} vpcId: ${ARGOCD_ENV_rds_vpc_id} vpcCidr: ${ARGOCD_ENV_vpc_cidr} subnets: ${ARGOCD_ENV_rds_subnet_list} -dbName: ${ARGOCD_ENV_gitlab_db_name} -userName: ${ARGOCD_ENV_gitlab_db_username} +dbName: ${ARGOCD_ENV_db_name} +userName: ${ARGOCD_ENV_db_username} allowMajorVersionUpgrade: false autoMinorVersionUpgrade: false applyImmediately: true -backupRetentionPeriod: ${ARGOCD_ENV_gitlab_db_backup_retention_period} -preferredBackupWindow: ${ARGOCD_ENV_gitlab_db_preferred_backup_window} +backupRetentionPeriod: ${ARGOCD_ENV_db_backup_retention_period} +preferredBackupWindow: ${ARGOCD_ENV_db_preferred_backup_window} passwordSecret: key: password - name: ${ARGOCD_ENV_gitlab_db_secret} -storageType: ${ARGOCD_ENV_gitlab_db_storage_type} -storageIops: ${ARGOCD_ENV_gitlab_db_storage_iops} \ No newline at end of file + name: ${ARGOCD_ENV_db_secret} +storageType: ${ARGOCD_ENV_db_storage_type} +storageIops: ${ARGOCD_ENV_db_storage_iops} \ No newline at end of file diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index 57fa7293e..c5fa7d78d 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -201,7 +201,7 @@ spec: - name: "app_name" value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" - - name: "db_namespace" + - name: "namespace" value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - name: "vault_k8s_admin_auth_path" @@ -280,7 +280,7 @@ spec: - name: "app_name" value: "${ARGOCD_ENV_gitlab_gitlab_app_name}" - - name: "db_namespace" + - name: "namespace" value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - name: "vault_k8s_admin_auth_path" @@ -292,24 +292,6 @@ spec: - name: "vault_namespace" value: "${ARGOCD_ENV_vault_vault_namespace}" - - name: "postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" - - - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" - - - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" - - - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" - - - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" - - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" - - name: "postgres_replicas" value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_replicas}" @@ -325,6 +307,9 @@ spec: - name: "rds_postgres_instance_size" value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_instance_size}" + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + - name: "rds_vpc_id" value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" @@ -337,50 +322,26 @@ spec: - name: "cloud_region" value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" - - name: "praefect_db_secret" + - name: "db_secret" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" - - name: "gitlab_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" - - - name: "gitlab_db_name" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" - - - name: "praefect_db_name" + - name: "db_name" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" - - name: "gitlab_db_username" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - - - name: "praefect_db_username" + - name: "db_username" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" - - name: "gitlab_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - - - name: "praefect_dbdeploy_name_prefix" + - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" - - name: "gitlab_db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" - - - name: "gitlab_db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" - - - name: "praefect_db_backup_retention_period" + - name: "db_backup_retention_period" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_backup_retention_period}" - - name: "praefect_db_preferred_backup_window" + - name: "db_preferred_backup_window" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_preferred_backup_window}" - - name: "gitlab_db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_type}" - - - name: "gitlab_db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" - - - name: "praefect_db_storage_type" + - name: "db_storage_type" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_type}" - - name: "praefect_db_storage_iops" + - name: "db_storage_iops" value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_iops}" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 8a4442e57..cba2f0fad 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -86,15 +86,18 @@ spec: - name: "cockroachdb_release_name" value: "${ARGOCD_ENV_security_zitadel_cockroachdb_provider_app_name}" + + - name: "zitadel_namespace" + value: "${ARGOCD_ENV_security_zitadel_namespace}" - name: "postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" + value: "${ARGOCD_ENVsecurity_zitadel_percona_provider_postgres_replicas}" - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_security_zitadel_percona_postgres_storage_size}" - name: "rds_postgres_storage_size" value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" From 0884d103ddb9da60a60a5edcd67b18974abfa0c8 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 18:18:32 +0530 Subject: [PATCH 04/48] destroy script --- terraform/ccnew/destroy-cc.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 terraform/ccnew/destroy-cc.sh diff --git a/terraform/ccnew/destroy-cc.sh b/terraform/ccnew/destroy-cc.sh new file mode 100644 index 000000000..5d2b3cb65 --- /dev/null +++ b/terraform/ccnew/destroy-cc.sh @@ -0,0 +1,4 @@ +source externalrunner.sh +source scripts/setlocalvars.sh +sh movestatefromk8s.sh +terragrunt run-all destroy --terragrunt-non-interactive \ No newline at end of file From f7dd552a870d78675a4e9660810dd4aefeae7895 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 19:19:59 +0530 Subject: [PATCH 05/48] restructuring cont --- gitops/argo-apps/base/zitadel-pre.yaml | 41 ++++++++++--------- .../templates/argoapps.yaml.tpl | 16 +++++++- .../ccnew/default-config/common-vars.yaml | 7 +++- 3 files changed, 42 insertions(+), 22 deletions(-) diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index cba2f0fad..5b4a2e6f7 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -90,6 +90,12 @@ spec: - name: "zitadel_namespace" value: "${ARGOCD_ENV_security_zitadel_namespace}" + - name: "namespace" + value: "${ARGOCD_ENV_security_zitadel_namespace}" + + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_zitadel_percona_provider_pgdb_helm_version}" + - name: "postgres_replicas" value: "${ARGOCD_ENVsecurity_zitadel_percona_provider_postgres_replicas}" @@ -97,49 +103,46 @@ spec: value: "${ARGOCD_ENV_security_zitadel_percona_provider_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_security_zitadel_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_storage_size}" - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_storage_size}" - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" - - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_instance_size}" - name: "rds_vpc_id" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + value: "${ARGOCD_ENV_zitadel_rds_provider_rdbms_vpc_id}" - name: "vpc_cidr" - value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_vpc_cidr}" - name: "rds_subnet_list" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_rdbms_subnet_list}" - name: "rds_cloud_region" - value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_secret}" + value: "zitadel-db-secret" - name: "db_name" - value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_name}" + value: "zitadel" - name: "db_username" - value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_username}" + value: "zitadel" - - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_zitadel_dbdeploy_name_prefix}" + - name: "db_deploy_name_prefix" + value: "${ARGOCD_ENV_security_zitadel_db_deploy_name_prefix}" - name: "db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_backup_retention_period}" - name: "db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" + value: "${ARGOCD_ENV__security_zitadel_rds_provider_preferred_backup_window}" - name: "db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_zitadel_db_storage_type}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_storage_type}" - name: "db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_storage_iops}" diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 4cff73138..0acf1bd78 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -106,9 +106,21 @@ argocd_override: argocd_user_rbac_group: "${argocd_user_rbac_group}" argocd_admin_rbac_group: "${argocd_admin_rbac_group}" log_level: "${zitadel_log_level}" - cockroachdb: + zitadel_percona_provider: + postgres_storage_size: "${zitadel_db_storage_size}" + zitadel_rds_provider: + postgres_storage_size: "${zitadel_rds_storage_size}" + rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" + db_provider_cloud_region: "${cloud_region}" + rdbms_vpc_id: "${rdbms_vpc_id}" + vpc_cidr: "${vpc_cidr}" + backup_retention_period: "${zitadel_db_backup_retention_period}" + preferred_backup_window: "${zitadel_db_preferred_backup_window}" + db_storage_type: "${zitadel_db_storage_type}" + db_storage_iops: "${zitadel_db_storage_iops}" + zitadel_cockroachdb_provider: helm_version: "${cockroachdb_helm_version}" - pvc_size: "${cockroachdb_storage_size}" + pvc_size: "${zitadel_db_storage_size}" netbird: stunner_nodeport_port: "'${wireguard_ingress_port}'" terraform_modules_tag: "${iac_terraform_modules_tag}" diff --git a/terraform/ccnew/default-config/common-vars.yaml b/terraform/ccnew/default-config/common-vars.yaml index 01b4926d0..cdcfca316 100644 --- a/terraform/ccnew/default-config/common-vars.yaml +++ b/terraform/ccnew/default-config/common-vars.yaml @@ -50,7 +50,12 @@ nexus_storage_size: 30Gi zitadel_public_access: true consul_storage_size: "3Gi" consul_replica_count: 1 -cockroachdb_storage_size: "5Gi" +zitadel_db_storage_size: "5Gi" +zitadel_rds_storage_size: "100" +zitadel_db_backup_retention_period: "'1'" +zitadel_db_preferred_backup_window: "07:00-09:00" +zitadel_db_storage_iops: "'5000'" +zitadel_db_storage_type: "io1" argocd_admin_rbac_group: "argocd_administrators" argocd_user_rbac_group: "argocd_users" vault_rbac_admin_group: "techops-admin" From 3dde55c7fc6d9c2d85963fab3b68a23029ad3716 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 19:24:59 +0530 Subject: [PATCH 06/48] change cont --- .../templates/argoapps.yaml.tpl | 1 + terraform/ccnew/default-config/common-vars.yaml | 15 +++++++-------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 0acf1bd78..14985955c 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -106,6 +106,7 @@ argocd_override: argocd_user_rbac_group: "${argocd_user_rbac_group}" argocd_admin_rbac_group: "${argocd_admin_rbac_group}" log_level: "${zitadel_log_level}" + rdbms_provider: "${zitadel_postgres_rdbms_provider}" zitadel_percona_provider: postgres_storage_size: "${zitadel_db_storage_size}" zitadel_rds_provider: diff --git a/terraform/ccnew/default-config/common-vars.yaml b/terraform/ccnew/default-config/common-vars.yaml index cdcfca316..f4fc6baa8 100644 --- a/terraform/ccnew/default-config/common-vars.yaml +++ b/terraform/ccnew/default-config/common-vars.yaml @@ -50,12 +50,6 @@ nexus_storage_size: 30Gi zitadel_public_access: true consul_storage_size: "3Gi" consul_replica_count: 1 -zitadel_db_storage_size: "5Gi" -zitadel_rds_storage_size: "100" -zitadel_db_backup_retention_period: "'1'" -zitadel_db_preferred_backup_window: "07:00-09:00" -zitadel_db_storage_iops: "'5000'" -zitadel_db_storage_type: "io1" argocd_admin_rbac_group: "argocd_administrators" argocd_user_rbac_group: "argocd_users" vault_rbac_admin_group: "techops-admin" @@ -172,5 +166,10 @@ env_token_ttl: "14d" zitadel_postgres_rdbms_provider: "percona" zitadel_postgres_instance_size: "small" zitadel_postgres_storage_size: "'20'" -zitadel_db_storage_type: "io1" # rds specific -zitadel_db_storage_iops: "'5000'" # rds specific +zitadel_db_storage_size: "5Gi" +#Zitadel RDS specific +zitadel_db_backup_retention_period: "'1'" +zitadel_db_preferred_backup_window: "07:00-09:00" +zitadel_rds_storage_size: "100" +zitadel_db_storage_iops: "'5000'" +zitadel_db_storage_type: "io1" From 6665f611ce57e061edb118cfd899f8ee5a8a9850 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 20:43:37 +0530 Subject: [PATCH 07/48] gitlab restruct --- gitops/argo-apps/base/gitlab-pre.yaml | 78 +++++++++---------- gitops/argo-apps/base/zitadel-pre.yaml | 4 +- .../templates/argoapps.yaml.tpl | 54 +++++++------ 3 files changed, 73 insertions(+), 63 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index c5fa7d78d..c25dea458 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -214,58 +214,58 @@ spec: value: "${ARGOCD_ENV_vault_vault_namespace}" - name: "postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_replicas}" + value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_postgres_replicas}" - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_postgres_proxy_replicas}" + value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_postgres_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_percona_postgres_storage_size}" + + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_pgdb_helm_version}" - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_postgres_storage_size}" - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_postgres_instance_size}" - - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_postgres_instance_size}" - name: "rds_vpc_id" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_rdbms_vpc_id}" - name: "vpc_cidr" - value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_vpc_cidr}" - name: "rds_subnet_list" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_rdbms_subnet_list}" - name: "cloud_region" - value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" + value: "gitlab-db-secret" - name: "db_name" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" + value: "gitlab" - name: "db_username" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" + value: "gitlab" - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - name: "db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_backup_retention_period}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_backup_retention_period}" - name: "db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_preferred_backup_window}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_preferred_backup_window}" - name: "db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_type}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_storage_type}" - name: "db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_storage_iops}" + value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_storage_iops}" #praefect db - repoURL: ${ARGOCD_ENV_argocd_repo_url} @@ -293,55 +293,55 @@ spec: value: "${ARGOCD_ENV_vault_vault_namespace}" - name: "postgres_replicas" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_replicas}" + value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_postgres_replicas}" - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_proxy_replicas}" + value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_postgres_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_percona_praefect_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_percona_postgres_storage_size}" + + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_pgdb_helm_version}" - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_postgres_storage_size}" - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_gitlab_pre_praefect_postgres_instance_size}" - - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_gitlab_pre_pgdb_helm_version}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_postgres_instance_size}" - name: "rds_vpc_id" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_vpc_id}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_rdbms_vpc_id}" - name: "vpc_cidr" - value: "${ARGOCD_ENV_gitlab_pre_vpc_cidr}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_vpc_cidr}" - name: "rds_subnet_list" - value: "${ARGOCD_ENV_gitlab_pre_rdbms_subnet_list}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_rdbms_subnet_list}" - name: "cloud_region" - value: "${ARGOCD_ENV_gitlab_pre_db_provider_cloud_region}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" + value: "gitlab-db-secret" - name: "db_name" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" + value: "gitlab" - name: "db_username" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" + value: "gitlab" - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - name: "db_backup_retention_period" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_backup_retention_period}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_backup_retention_period}" - name: "db_preferred_backup_window" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_preferred_backup_window}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_preferred_backup_window}" - name: "db_storage_type" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_type}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_storage_type}" - name: "db_storage_iops" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_storage_iops}" + value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_storage_iops}" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 5b4a2e6f7..cbc4ccd9a 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -132,8 +132,8 @@ spec: - name: "db_username" value: "zitadel" - - name: "db_deploy_name_prefix" - value: "${ARGOCD_ENV_security_zitadel_db_deploy_name_prefix}" + - name: "dbdeploy_name_prefix" + value: "${ARGOCD_ENV_security_zitadel_dbdeploy_name_prefix}" - name: "db_backup_retention_period" value: "${ARGOCD_ENV_security_zitadel_rds_provider_backup_retention_period}" diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 14985955c..04ec3f45f 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -154,20 +154,7 @@ argocd_override: terraform_modules_tag: "${iac_terraform_modules_tag}" gitaly_storage_size: "${gitaly_storage_size}" pre: - redis_cluster_size: "${gitlab_redis_cluster_size}" - redis_storage_size: "${gitlab_redis_storage_size}" - postgres_replicas: "${gitlab_postgres_replicas}" - postgres_proxy_replicas: "${gitlab_postgres_proxy_replicas}" - postgres_storage_size: "${gitlab_postgres_storage_size}" - postgres_instance_size: "${gitlab_postgres_instance_size}" - percona_postgres_storage_size: "${format("%sGi",trim(gitlab_postgres_storage_size,"'"))}" - pgdb_helm_version: "${gitlab_pgdb_helm_version}" - praefect_postgres_replicas: "${gitlab_praefect_postgres_replicas}" - praefect_postgres_proxy_replicas: "${gitlab_praefect_postgres_proxy_replicas}" - praefect_postgres_storage_size: "${gitlab_praefect_postgres_storage_size}" - praefect_postgres_instance_size: "${gitlab_praefect_postgres_instance_size}" - percona_praefect_postgres_storage_size: "${format("%sGi",trim(gitlab_praefect_postgres_storage_size,"'"))}" - praefect_pgdb_helm_version: "${gitlab_praefect_pgdb_helm_version}" + # object storage bucket configuration gitlab_artifacts_max_objects: "${gitlab_artifacts_max_objects}" gitlab_artifacts_storage_size: "${gitlab_artifacts_storage_size}" git_lfs_max_objects: "${git_lfs_max_objects}" @@ -189,19 +176,42 @@ argocd_override: gitlab_registry_storage_size: "${gitlab_registry_storage_size}" gitlab_runner_cache_max_objects: "${gitlab_runner_cache_max_objects}" gitlab_runner_cache_storage_size: "${gitlab_runner_cache_storage_size}" + # redis + redis_cluster_size: "${gitlab_redis_cluster_size}" + redis_storage_size: "${gitlab_redis_storage_size}" rdbms_provider: "${gitlab_postgres_rdbms_provider}" + webdb_percona_provider: + postgres_replicas: "${gitlab_postgres_replicas}" + postgres_proxy_replicas: "${gitlab_postgres_proxy_replicas}" + postgres_storage_size: "${format("%sGi",trim(gitlab_postgres_storage_size,"'"))}" + pgdb_helm_version: "${gitlab_pgdb_helm_version}" + praefectdb_percona_provider: + postgres_replicas: "${gitlab_praefect_postgres_replicas}" + postgres_proxy_replicas: "${gitlab_praefect_postgres_proxy_replicas}" + postgres_storage_size: "${format("%sGi",trim(gitlab_praefect_postgres_storage_size,"'"))}" + pgdb_helm_version: "${gitlab_praefect_pgdb_helm_version}" + webdb_rds_provider: + rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" + db_provider_cloud_region: "${cloud_region}" + rdbms_vpc_id: "${rdbms_vpc_id}" + vpc_cidr: "${vpc_cidr}" + postgres_instance_size: "${gitlab_postgres_instance_size}" + postgres_storage_size: "${gitlab_postgres_storage_size}" + backup_retention_period: "${gitlab_db_backup_retention_period}" + preferred_backup_window: "${gitlab_db_preferred_backup_window}" + storage_type: "${gitlab_db_storage_type}" + storage_iops: "${gitlab_db_storage_iops}" + praefectdb_rds_provider: rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" db_provider_cloud_region: "${cloud_region}" rdbms_vpc_id: "${rdbms_vpc_id}" vpc_cidr: "${vpc_cidr}" - gitlab_db_backup_retention_period: "${gitlab_db_backup_retention_period}" - gitlab_db_preferred_backup_window: "${gitlab_db_preferred_backup_window}" - praefect_db_backup_retention_period: "${praefect_db_backup_retention_period}" - praefect_db_preferred_backup_window: "${praefect_db_preferred_backup_window}" - gitlab_db_storage_type: "${gitlab_db_storage_type}" - gitlab_db_storage_iops: "${gitlab_db_storage_iops}" - praefect_db_storage_type: "${praefect_db_storage_type}" - praefect_db_storage_iops: "${praefect_db_storage_iops}" + postgres_instance_size: "${gitlab_postgres_instance_size}" + postgres_storage_size: "${gitlab_praefect_postgres_storage_size}" + backup_retention_period: "${praefect_db_backup_retention_period}" + preferred_backup_window: "${praefect_db_preferred_backup_window}" + storage_type: "${praefect_db_storage_type}" + storage_iops: "${praefect_db_storage_iops}" deploy_env: From 7d5a38420381684c47a8cf6cd5aa57929b4c9f60 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 14 Nov 2024 20:58:31 +0530 Subject: [PATCH 08/48] restruct --- gitops/argo-apps/base/gitlab-pre.yaml | 12 ++++++------ gitops/argo-apps/base/zitadel-pre.yaml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index c25dea458..102856f6c 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -244,13 +244,13 @@ spec: value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "gitlab-db-secret" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" - name: "db_name" - value: "gitlab" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" - name: "db_username" - value: "gitlab" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" @@ -323,13 +323,13 @@ spec: value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "gitlab-db-secret" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" - name: "db_name" - value: "gitlab" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" - name: "db_username" - value: "gitlab" + value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index cbc4ccd9a..abc768d3a 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -124,13 +124,13 @@ spec: value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_provider_cloud_region}" - name: "db_secret" - value: "zitadel-db-secret" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_secret}" - name: "db_name" - value: "zitadel" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_name}" - name: "db_username" - value: "zitadel" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_username}" - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_security_zitadel_dbdeploy_name_prefix}" From 5e7a2f41a6b0ee32360be2abe91a093c0b91c99a Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 15 Nov 2024 14:25:22 +0530 Subject: [PATCH 09/48] terragrunt log --- gitops/applications/base/zitadel/zitadel-values.yaml | 4 ++-- terraform/ccnew/wrapper.sh | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/gitops/applications/base/zitadel/zitadel-values.yaml b/gitops/applications/base/zitadel/zitadel-values.yaml index 3de9c9367..1af600123 100644 --- a/gitops/applications/base/zitadel/zitadel-values.yaml +++ b/gitops/applications/base/zitadel/zitadel-values.yaml @@ -32,12 +32,12 @@ zitadel: User: Username: ${ARGOCD_ENV_zitadel_db_user} SSL: - Mode: verify-full + Mode: require Admin: Username: ${ARGOCD_ENV_zitadel_db_user} ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} SSL: - Mode: verify-full + Mode: require dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" diff --git a/terraform/ccnew/wrapper.sh b/terraform/ccnew/wrapper.sh index 386a15378..794087c03 100755 --- a/terraform/ccnew/wrapper.sh +++ b/terraform/ccnew/wrapper.sh @@ -33,6 +33,8 @@ else exit -1 fi -terragrunt run-all apply --terragrunt-non-interactive +TIMESTAMP=$(date +"%Y-%m-%d_%H-%M-%S") + +terragrunt run-all apply --terragrunt-non-interactive | tee /tmp/terragrunt-$(TIMESTAMP).log # no need to call cleanup manually. We are using trap function \ No newline at end of file From d0f0c69fc150e1e6467ea3c815793638c195b941 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 15 Nov 2024 14:58:39 +0530 Subject: [PATCH 10/48] zitadel overlay --- .../cockroach/zitadel/kustomization.yaml | 9 ++++ .../cockroach/zitadel/zitadel-values.yaml | 46 +++++++++++++++++++ .../percona/zitadel/kustomization.yaml | 9 ++++ .../percona/zitadel/zitadel-values.yaml | 45 ++++++++++++++++++ .../rds/zitadel/kustomization.yaml | 9 ++++ .../rds/zitadel/zitadel-values.yaml | 45 ++++++++++++++++++ 6 files changed, 163 insertions(+) create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/zitadel/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel/zitadel-values.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-values.yaml diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/kustomization.yaml new file mode 100644 index 000000000..25216cf43 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: zitadel + releaseName: zitadel + version: ${ARGOCD_ENV_zitadel_helm_version} + repo: https://charts.zitadel.com + valuesFile: zitadel-values.yaml + namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml new file mode 100644 index 000000000..2e042f9e8 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml @@ -0,0 +1,46 @@ +replicaCount: ${ARGOCD_ENV_zitadel_replicas} +zitadel: + masterkeySecretName: masterkey + debug: + enabled: false + configmapConfig: + Log: + Level: ${ARGOCD_ENV_zitadel_log_level} + ExternalPort: 443 + ExternalSecure: true + ExternalDomain: zitadel.${ARGOCD_ENV_zitadel_dns_subdomain} + TLS: + Enabled: false + FirstInstance: + Org: + Machine: + Machine: + Username: zitadel-admin-sa + Name: Admin + MachineKey: + ExpirationDate: "2028-01-01T00:00:00Z" + # Type: 1 means JSON. This is currently the only supported machine key type. + Type: 1 + Database: + Cockroach: + Database: ${ARGOCD_ENV_zitadel_db_name} + User: + SSL: + Mode: verify-full + Admin: + SSL: + Mode: verify-full + + secretConfig: + Database: + Cockroach: + User: + Password: xyz + Admin: + Password: abc + + dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" + configSecretKey: config.yaml diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel/kustomization.yaml new file mode 100644 index 000000000..25216cf43 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: zitadel + releaseName: zitadel + version: ${ARGOCD_ENV_zitadel_helm_version} + repo: https://charts.zitadel.com + valuesFile: zitadel-values.yaml + namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel/zitadel-values.yaml new file mode 100644 index 000000000..1af600123 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel/zitadel-values.yaml @@ -0,0 +1,45 @@ +replicaCount: ${ARGOCD_ENV_zitadel_replicas} +zitadel: + masterkeySecretName: masterkey + debug: + enabled: false + configmapConfig: + Log: + Level: ${ARGOCD_ENV_zitadel_log_level} + ExternalPort: 443 + ExternalSecure: true + ExternalDomain: zitadel.${ARGOCD_ENV_zitadel_dns_subdomain} + TLS: + Enabled: false + FirstInstance: + Org: + Machine: + Machine: + Username: zitadel-admin-sa + Name: Admin + MachineKey: + ExpirationDate: "2028-01-01T00:00:00Z" + # Type: 1 means JSON. This is currently the only supported machine key type. + Type: 1 + Database: + Postgres: + Port: 5432 + Database: ${ARGOCD_ENV_zitadel_db_name} + MaxOpenConns: 20 + MaxIdleConns: 10 + MaxConnLifetime: 30m + MaxConnIdleTime: 5m + User: + Username: ${ARGOCD_ENV_zitadel_db_user} + SSL: + Mode: require + Admin: + Username: ${ARGOCD_ENV_zitadel_db_user} + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} + SSL: + Mode: require + dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" + configSecretKey: config.yaml diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml new file mode 100644 index 000000000..25216cf43 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: zitadel + releaseName: zitadel + version: ${ARGOCD_ENV_zitadel_helm_version} + repo: https://charts.zitadel.com + valuesFile: zitadel-values.yaml + namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-values.yaml new file mode 100644 index 000000000..1af600123 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel/zitadel-values.yaml @@ -0,0 +1,45 @@ +replicaCount: ${ARGOCD_ENV_zitadel_replicas} +zitadel: + masterkeySecretName: masterkey + debug: + enabled: false + configmapConfig: + Log: + Level: ${ARGOCD_ENV_zitadel_log_level} + ExternalPort: 443 + ExternalSecure: true + ExternalDomain: zitadel.${ARGOCD_ENV_zitadel_dns_subdomain} + TLS: + Enabled: false + FirstInstance: + Org: + Machine: + Machine: + Username: zitadel-admin-sa + Name: Admin + MachineKey: + ExpirationDate: "2028-01-01T00:00:00Z" + # Type: 1 means JSON. This is currently the only supported machine key type. + Type: 1 + Database: + Postgres: + Port: 5432 + Database: ${ARGOCD_ENV_zitadel_db_name} + MaxOpenConns: 20 + MaxIdleConns: 10 + MaxConnLifetime: 30m + MaxConnIdleTime: 5m + User: + Username: ${ARGOCD_ENV_zitadel_db_user} + SSL: + Mode: require + Admin: + Username: ${ARGOCD_ENV_zitadel_db_user} + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} + SSL: + Mode: require + dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" + configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" + configSecretKey: config.yaml From 5a0c08ed49b2f7ccf49e3cf7eccd86d3c36fe675 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 15 Nov 2024 14:59:27 +0530 Subject: [PATCH 11/48] zitadel overlay --- .../base/zitadel/kustomization.yaml | 8 ---- .../base/zitadel/zitadel-values.yaml | 45 ------------------- 2 files changed, 53 deletions(-) delete mode 100644 gitops/applications/base/zitadel/zitadel-values.yaml diff --git a/gitops/applications/base/zitadel/kustomization.yaml b/gitops/applications/base/zitadel/kustomization.yaml index ab4fba4bb..8ccf92d68 100644 --- a/gitops/applications/base/zitadel/kustomization.yaml +++ b/gitops/applications/base/zitadel/kustomization.yaml @@ -3,11 +3,3 @@ kind: Kustomization resources: - virtual-services.yaml - testvsjob.yaml - -helmCharts: - - name: zitadel - releaseName: zitadel - version: ${ARGOCD_ENV_zitadel_helm_version} - repo: https://charts.zitadel.com - valuesFile: zitadel-values.yaml - namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/base/zitadel/zitadel-values.yaml b/gitops/applications/base/zitadel/zitadel-values.yaml deleted file mode 100644 index 1af600123..000000000 --- a/gitops/applications/base/zitadel/zitadel-values.yaml +++ /dev/null @@ -1,45 +0,0 @@ -replicaCount: ${ARGOCD_ENV_zitadel_replicas} -zitadel: - masterkeySecretName: masterkey - debug: - enabled: false - configmapConfig: - Log: - Level: ${ARGOCD_ENV_zitadel_log_level} - ExternalPort: 443 - ExternalSecure: true - ExternalDomain: zitadel.${ARGOCD_ENV_zitadel_dns_subdomain} - TLS: - Enabled: false - FirstInstance: - Org: - Machine: - Machine: - Username: zitadel-admin-sa - Name: Admin - MachineKey: - ExpirationDate: "2028-01-01T00:00:00Z" - # Type: 1 means JSON. This is currently the only supported machine key type. - Type: 1 - Database: - Postgres: - Port: 5432 - Database: ${ARGOCD_ENV_zitadel_db_name} - MaxOpenConns: 20 - MaxIdleConns: 10 - MaxConnLifetime: 30m - MaxConnIdleTime: 5m - User: - Username: ${ARGOCD_ENV_zitadel_db_user} - SSL: - Mode: require - Admin: - Username: ${ARGOCD_ENV_zitadel_db_user} - ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} - SSL: - Mode: require - dbSslCaCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" - dbSslAdminCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" - dbSslUserCrtSecret: "${ARGOCD_ENV_zitadel_pg_db_release_name}-pg-db-cluster-cert" - configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" - configSecretKey: config.yaml From 684604efd30639aae0369a35a5c282b58cb2616f Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Tue, 19 Nov 2024 17:50:26 +0530 Subject: [PATCH 12/48] zitadel db changes --- .../percona/zitadel-pre/kustomization.yaml | 8 -- .../zitadel-pre/zitadel-config-secrets.yaml | 72 ++++++++++++++++- .../zitadel-pre/zitadel-db-values.yaml | 54 ------------- gitops/argo-apps/base/zitadel-pre.yaml | 79 +++++++++++++++++++ .../templates/argoapps.yaml.tpl | 16 ++-- .../ccnew/default-config/common-vars.yaml | 15 ++-- 6 files changed, 168 insertions(+), 76 deletions(-) delete mode 100644 gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-db-values.yaml diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/kustomization.yaml index 99bbdf17a..282918383 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/kustomization.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/kustomization.yaml @@ -2,11 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - zitadel-config-secrets.yaml - -helmCharts: - - name: pg-db - releaseName: ${ARGOCD_ENV_zitadel_pg_db_release_name} - version: ${ARGOCD_ENV_pgdb_helm_version} - repo: https://percona.github.io/percona-helm-charts/ - valuesFile: zitadel-db-values.yaml - namespace: ${ARGOCD_ENV_zitadel_namespace} diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml index 7e8efcb6d..90af3f349 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml @@ -1,3 +1,59 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: zitadel-secret-creator + namespace: ${ARGOCD_ENV_zitadel_namespace} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: ${ARGOCD_ENV_zitadel_namespace} + name: zitadel-secret-role +rules: + - apiGroups: [""] + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - authorization.k8s.io + resources: + - selfsubjectrulesreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: zitadel-secret-creator + namespace: ${ARGOCD_ENV_zitadel_namespace} +subjects: + - kind: ServiceAccount + name: zitadel-secret-creator +roleRef: + kind: Role + name: zitadel-secret-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: zitadel-secret-store + namespace: ${ARGOCD_ENV_zitadel_namespace} +spec: + provider: + kubernetes: + auth: + serviceAccount: + name: "zitadel-secret-creator" + remoteNamespace: ${ARGOCD_ENV_zitadel_namespace} + server: + caProvider: + type: ConfigMap + name: kube-root-ca.crt + key: ca.crt --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -41,8 +97,20 @@ spec: config.yaml: | Database: Postgres: + Admin: + Password: '{{.password}}' + SSL: + Mode: require + Username: {{.user}} + Database: {{.dbname}} Host: {{.host}} + MaxConnIdleTime: 5m + MaxConnLifetime: 30m + MaxIdleConns: 10 + MaxOpenConns: 20 + Port: {{.port}} User: Password: '{{.password}}' - Admin: - Password: '{{.password}}' + SSL: + Mode: require + Username: {{.user}} \ No newline at end of file diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-db-values.yaml deleted file mode 100644 index 290a6a0ac..000000000 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-db-values.yaml +++ /dev/null @@ -1,54 +0,0 @@ -users: - - name: ${ARGOCD_ENV_zitadel_db_user} - databases: - - ${ARGOCD_ENV_zitadel_db_name} - options: "SUPERUSER" - password: - type: ASCII - secretName: "${ARGOCD_ENV_zitadel_db_secret_name}" - -customTLSSecret: - name: "" -customReplicationTLSSecret: - name: "" - -instances: -- name: instance1 - replicas: ${ARGOCD_ENV_postgres_replicas} - dataVolumeClaimSpec: - # storageClassName: standard - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${ARGOCD_ENV_postgres_storage_size} - -proxy: - pgBouncer: - replicas: ${ARGOCD_ENV_postgres_proxy_replicas} - config: - global: - pool_mode: session # https://www.pgbouncer.org/config.html (setting to trasaction will cause a fail in init and setup stages ) - query_wait_timeout: "600" - - volume: - volumeClaimSpec: - # storageClassName: "" - accessModes: - - ReadWriteOnce - resources: - requests: - storage: ${ARGOCD_ENV_pgbouncer_storage_size} -pmm: - enabled: false - -secrets: - name: - # replication user password - primaryuser: - # superuser password - postgres: - # pgbouncer user password - pgbouncer: - # pguser user password - pguser: \ No newline at end of file diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index abc768d3a..9c0663c76 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -146,3 +146,82 @@ spec: - name: "db_storage_iops" value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_storage_iops}" + + #zitadel db + - repoURL: ${ARGOCD_ENV_argocd_repo_url} + targetRevision: ${ARGOCD_ENV_security_application_gitrepo_tag} + path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_security_zitadel_rdbms_provider}/db + plugin: + name: envsubst + env: + - name: "cluster_name" + value: "${ARGOCD_ENV_cluster_name}" + + - name: "app_name" + value: "${ARGOCD_ENV_security_zitadel_app_name}" + + - name: "namespace" + value: "${ARGOCD_ENV_security_zitadel_namespace}" + + - name: "vault_k8s_admin_auth_path" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_auth_path}" + + - name: "vault_k8s_admin_role_name" + value: "${ARGOCD_ENV_vault_post_config_vault_k8s_admin_role_name}" + + - name: "vault_namespace" + value: "${ARGOCD_ENV_vault_vault_namespace}" + + - name: "postgres_replicas" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_replicas}" + + - name: "postgres_proxy_replicas" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_proxy_replicas}" + + - name: "postgres_storage_size" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_percona_postgres_storage_size}" + + - name: "pgdb_helm_version" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_pgdb_helm_version}" + + - name: "rds_postgres_storage_size" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_storage_size}" + + - name: "rds_postgres_instance_size" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_instance_size}" + + - name: "rds_vpc_id" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_rdbms_vpc_id}" + + - name: "vpc_cidr" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_vpc_cidr}" + + - name: "rds_subnet_list" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_rdbms_subnet_list}" + + - name: "cloud_region" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_provider_cloud_region}" + + - name: "db_secret" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_secret}" + + - name: "db_name" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_name}" + + - name: "db_username" + value: "${ARGOCD_ENV_security_zitadel_zitadel_db_username}" + + - name: "dbdeploy_name_prefix" + value: "${ARGOCD_ENV_security_zitadel_zitadel_dbdeploy_name_prefix}" + + - name: "db_backup_retention_period" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_backup_retention_period}" + + - name: "db_preferred_backup_window" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_preferred_backup_window}" + + - name: "db_storage_type" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_storage_type}" + + - name: "db_storage_iops" + value: "${ARGOCD_ENV_security_zitadel_rds_provider_storage_iops}" diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 04ec3f45f..8ab2bc3c9 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -108,17 +108,21 @@ argocd_override: log_level: "${zitadel_log_level}" rdbms_provider: "${zitadel_postgres_rdbms_provider}" zitadel_percona_provider: - postgres_storage_size: "${zitadel_db_storage_size}" + postgres_replicas: "${zitadel_postgres_replicas}" + postgres_proxy_replicas: "${zitadel_postgres_proxy_replicas}" + postgres_storage_size: "${format("%sGi",trim(zitadel_postgres_storage_size,"'"))}" + pgdb_helm_version: "${zitadel_pgdb_helm_version}" zitadel_rds_provider: - postgres_storage_size: "${zitadel_rds_storage_size}" rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" db_provider_cloud_region: "${cloud_region}" rdbms_vpc_id: "${rdbms_vpc_id}" vpc_cidr: "${vpc_cidr}" + postgres_instance_size: "${zitadel_postgres_instance_size}" + postgres_storage_size: "${zitadel_rds_postgres_storage_size}" backup_retention_period: "${zitadel_db_backup_retention_period}" preferred_backup_window: "${zitadel_db_preferred_backup_window}" - db_storage_type: "${zitadel_db_storage_type}" - db_storage_iops: "${zitadel_db_storage_iops}" + storage_type: "${zitadel_db_storage_type}" + storage_iops: "${zitadel_db_storage_iops}" zitadel_cockroachdb_provider: helm_version: "${cockroachdb_helm_version}" pvc_size: "${zitadel_db_storage_size}" @@ -196,7 +200,7 @@ argocd_override: rdbms_vpc_id: "${rdbms_vpc_id}" vpc_cidr: "${vpc_cidr}" postgres_instance_size: "${gitlab_postgres_instance_size}" - postgres_storage_size: "${gitlab_postgres_storage_size}" + postgres_storage_size: "${gitlab_rds_postgres_storage_size}" backup_retention_period: "${gitlab_db_backup_retention_period}" preferred_backup_window: "${gitlab_db_preferred_backup_window}" storage_type: "${gitlab_db_storage_type}" @@ -207,7 +211,7 @@ argocd_override: rdbms_vpc_id: "${rdbms_vpc_id}" vpc_cidr: "${vpc_cidr}" postgres_instance_size: "${gitlab_postgres_instance_size}" - postgres_storage_size: "${gitlab_praefect_postgres_storage_size}" + postgres_storage_size: "${gitlab_praefect_rds_postgres_storage_size}" backup_retention_period: "${praefect_db_backup_retention_period}" preferred_backup_window: "${praefect_db_preferred_backup_window}" storage_type: "${praefect_db_storage_type}" diff --git a/terraform/ccnew/default-config/common-vars.yaml b/terraform/ccnew/default-config/common-vars.yaml index f4fc6baa8..96064b4ab 100644 --- a/terraform/ccnew/default-config/common-vars.yaml +++ b/terraform/ccnew/default-config/common-vars.yaml @@ -115,14 +115,14 @@ gitlab_redis_cluster_size: "'3'" gitlab_redis_storage_size: "'5Gi'" gitlab_postgres_replicas: "'1'" gitlab_postgres_proxy_replicas: "'1'" -gitlab_postgres_storage_size: "'10'" -#gitlab_postgres_storage_size: "'100'" # for rds +gitlab_postgres_storage_size: "10Gi" +gitlab_rds_postgres_storage_size: "'100'" gitlab_postgres_instance_size: "small" gitlab_pgdb_helm_version: "2.4.0" gitlab_praefect_postgres_replicas: "'1'" gitlab_praefect_postgres_proxy_replicas: "'1'" -gitlab_praefect_postgres_storage_size: "'10'" -#gitlab_praefect_postgres_storage_size: "'100'" # for rds add this line in custom-config/common-vars.yaml +gitlab_praefect_postgres_storage_size: "10Gi" +gitlab_praefect_rds_postgres_storage_size: "'100'" gitlab_praefect_postgres_instance_size: "small" gitlab_praefect_pgdb_helm_version: "2.4.0" git_lfs_max_objects: "'1000000'" @@ -165,11 +165,14 @@ env_token_ttl: "14d" # Zitadel zitadel_postgres_rdbms_provider: "percona" zitadel_postgres_instance_size: "small" -zitadel_postgres_storage_size: "'20'" +zitadel_postgres_storage_size: "20Gi" zitadel_db_storage_size: "5Gi" #Zitadel RDS specific zitadel_db_backup_retention_period: "'1'" zitadel_db_preferred_backup_window: "07:00-09:00" -zitadel_rds_storage_size: "100" +zitadel_rds_postgres_storage_size: "'100'" zitadel_db_storage_iops: "'5000'" zitadel_db_storage_type: "io1" +zitadel_postgres_replicas: "'1'" +zitadel_postgres_proxy_replicas: "'1'" +zitadel_pgdb_helm_version: "2.4.0" \ No newline at end of file From b4e320dcb378d1ac4565608f1f6b0c9e4ce1d5af Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:09:14 +0530 Subject: [PATCH 13/48] Zitadel db --- .../base/zitadel-pre/cockroach-db-values.yaml | 10 -- .../base/zitadel-pre/kustomization.yaml | 9 -- .../base/zitadel-pre/virtual-services.yaml | 19 --- .../base/zitadel-pre/zitadel-cert-job.yaml | 108 ------------------ .../cockroach/zitadel/zitadel-values.yaml | 6 +- .../zitadel-pre/zitadel-config-secrets.yaml | 15 ++- .../percona/zitadel/zitadel-values.yaml | 20 ---- .../rds/zitadel-pre/kustomization.yaml | 4 + .../zitadel-pre/zitadel-config-secrets.yaml | 105 +++++++++++++++++ .../rds/zitadel/zitadel-values.yaml | 21 +--- gitops/argo-apps/base/gitlab-pre.yaml | 8 +- gitops/argo-apps/base/zitadel-pre.yaml | 8 +- 12 files changed, 137 insertions(+), 196 deletions(-) delete mode 100644 gitops/applications/base/zitadel-pre/cockroach-db-values.yaml delete mode 100644 gitops/applications/base/zitadel-pre/virtual-services.yaml delete mode 100644 gitops/applications/base/zitadel-pre/zitadel-cert-job.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/kustomization.yaml create mode 100644 gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml diff --git a/gitops/applications/base/zitadel-pre/cockroach-db-values.yaml b/gitops/applications/base/zitadel-pre/cockroach-db-values.yaml deleted file mode 100644 index 4236a7d2e..000000000 --- a/gitops/applications/base/zitadel-pre/cockroach-db-values.yaml +++ /dev/null @@ -1,10 +0,0 @@ -tls: - enabled: true -storage: - persistentVolume: - size: ${ARGOCD_ENV_cockroachdb_pvc_size} -init: - provisioning: - enabled: true - jobAnnotations: - argocd.argoproj.io/hook: Sync diff --git a/gitops/applications/base/zitadel-pre/kustomization.yaml b/gitops/applications/base/zitadel-pre/kustomization.yaml index bc9bdf23f..63ef51b8a 100644 --- a/gitops/applications/base/zitadel-pre/kustomization.yaml +++ b/gitops/applications/base/zitadel-pre/kustomization.yaml @@ -2,18 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespaces.yaml - - virtual-services.yaml - - zitadel-cert-job.yaml - zitadel-random-secrets.yaml - local-external-secrets-store.yaml -helmCharts: - - name: cockroachdb - releaseName: zitadel-db - version: ${ARGOCD_ENV_cockroachdb_helm_version} - repo: https://charts.cockroachdb.com/ - valuesFile: cockroach-db-values.yaml - namespace: ${ARGOCD_ENV_zitadel_namespace} patches: - target: diff --git a/gitops/applications/base/zitadel-pre/virtual-services.yaml b/gitops/applications/base/zitadel-pre/virtual-services.yaml deleted file mode 100644 index a644405c9..000000000 --- a/gitops/applications/base/zitadel-pre/virtual-services.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: zitadel-vs - namespace: ${ARGOCD_ENV_zitadel_namespace} -spec: - gateways: - - ${ARGOCD_ENV_zitadel_istio_gateway_namespace}/${ARGOCD_ENV_zitadel_istio_wildcard_gateway_name} - hosts: - - "zitadel.${ARGOCD_ENV_zitadel_dns_subdomain}" - http: - - match: - - uri: - prefix: / - route: - - destination: - host: zitadel - port: - number: 8080 diff --git a/gitops/applications/base/zitadel-pre/zitadel-cert-job.yaml b/gitops/applications/base/zitadel-pre/zitadel-cert-job.yaml deleted file mode 100644 index 55f548e6d..000000000 --- a/gitops/applications/base/zitadel-pre/zitadel-cert-job.yaml +++ /dev/null @@ -1,108 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: zitadel-cert-creator - namespace: ${ARGOCD_ENV_zitadel_namespace} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: secret-creator - namespace: ${ARGOCD_ENV_zitadel_namespace} -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: zitadel-cert-creator - namespace: ${ARGOCD_ENV_zitadel_namespace} -subjects: - - kind: ServiceAccount - name: zitadel-cert-creator -roleRef: - kind: Role - name: secret-creator - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: create-zitadel-cert - namespace: ${ARGOCD_ENV_zitadel_namespace} -spec: - template: - spec: - restartPolicy: OnFailure - serviceAccountName: zitadel-cert-creator - containers: - - command: - - /bin/bash - - -ecx - - | - cockroach cert create-client \ - --certs-dir /cockroach/cockroach-certs \ - --ca-key /cockroach/cockroach-certs/ca.key \ - --lifetime 8760h \ - zitadel - export SECRET=$(cat < Date: Wed, 20 Nov 2024 12:50:48 +0530 Subject: [PATCH 14/48] correction --- .../ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 8ab2bc3c9..9bd45bce7 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -110,7 +110,7 @@ argocd_override: zitadel_percona_provider: postgres_replicas: "${zitadel_postgres_replicas}" postgres_proxy_replicas: "${zitadel_postgres_proxy_replicas}" - postgres_storage_size: "${format("%sGi",trim(zitadel_postgres_storage_size,"'"))}" + postgres_storage_size: "${zitadel_postgres_storage_size}" pgdb_helm_version: "${zitadel_pgdb_helm_version}" zitadel_rds_provider: rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" @@ -187,12 +187,12 @@ argocd_override: webdb_percona_provider: postgres_replicas: "${gitlab_postgres_replicas}" postgres_proxy_replicas: "${gitlab_postgres_proxy_replicas}" - postgres_storage_size: "${format("%sGi",trim(gitlab_postgres_storage_size,"'"))}" + postgres_storage_size: "${gitlab_postgres_storage_size}" pgdb_helm_version: "${gitlab_pgdb_helm_version}" praefectdb_percona_provider: postgres_replicas: "${gitlab_praefect_postgres_replicas}" postgres_proxy_replicas: "${gitlab_praefect_postgres_proxy_replicas}" - postgres_storage_size: "${format("%sGi",trim(gitlab_praefect_postgres_storage_size,"'"))}" + postgres_storage_size: "${gitlab_praefect_postgres_storage_size}" pgdb_helm_version: "${gitlab_praefect_pgdb_helm_version}" webdb_rds_provider: rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" From f990e5f782786861ca30f1dcbc93a9a0dde2b386 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:00:02 +0530 Subject: [PATCH 15/48] remove zitadel helm --- gitops/argo-apps/base/zitadel-helm.yaml | 77 ------------------------- 1 file changed, 77 deletions(-) delete mode 100644 gitops/argo-apps/base/zitadel-helm.yaml diff --git a/gitops/argo-apps/base/zitadel-helm.yaml b/gitops/argo-apps/base/zitadel-helm.yaml deleted file mode 100644 index 55bc9c453..000000000 --- a/gitops/argo-apps/base/zitadel-helm.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ${ARGOCD_ENV_security_zitadel_app_name} - namespace: ${ARGOCD_ENV_security_app_namespace} - annotations: - argocd.argoproj.io/sync-wave: ${ARGOCD_ENV_security_zitadel_sync_wave} - - finalizers: - - resources-finalizer.argocd.argoproj.io - -spec: - project: default - syncPolicy: - automated: - prune: true - selfHeal: true - retry: - limit: 20 - backoff: - duration: 10s - maxDuration: 3m0s - factor: 2 - syncOptions: - - CreateNamespace=true - - PrunePropagationPolicy=foreground - - PruneLast=true - destination: - server: "https://kubernetes.default.svc" - namespace: ${ARGOCD_ENV_security_zitadel_namespace} - - sources: - - chart: zitadel - repoURL: https://charts.zitadel.com - targetRevision: ${ARGOCD_ENV_security_zitadel_helm_version} - helm: - valuesObject: - zitadel: - masterkeySecretName: masterkey - configmapConfig: - Log: - Level: ${ARGOCD_ENV_security_zitadel_log_level} - ExternalPort: 443 - ExternalSecure: true - ExternalDomain: zitadel.${ARGOCD_ENV_security_zitadel_dns_subdomain} - TLS: - Enabled: false - FirstInstance: - Org: - Machine: - Machine: - Username: zitadel-admin-sa - Name: Admin - MachineKey: - ExpirationDate: "2026-01-01T00:00:00Z" - # Type: 1 means JSON. This is currently the only supported machine key type. - Type: 1 - Database: - Cockroach: - Host: zitadel-db-cockroachdb-public - User: - SSL: - Mode: verify-full - Admin: - SSL: - Mode: verify-full - secretConfig: - Database: - Cockroach: - User: - Password: xyz - Admin: - Password: abc - - dbSslCaCrtSecret: zitadel-db-cockroachdb-ca-secret - dbSslAdminCrtSecret: zitadel-db-cockroachdb-client-secret - dbSslUserCrtSecret: zitadel-db-cockroachdb-zitadel-secret From 564066b7960b9c29b447a3d88a4cf0d79e885b5f Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:30:18 +0530 Subject: [PATCH 16/48] zitadel change --- .../zitadel-pre/zitadel-config-secrets.yaml | 2 +- gitops/argo-apps/base/zitadel-pre.yaml | 49 ++----------------- gitops/argo-apps/base/zitadel.yaml | 29 ++++++----- 3 files changed, 23 insertions(+), 57 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml index 88ca2bec3..d43bdbd7e 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml @@ -74,7 +74,7 @@ spec: property: password target: - name: ${ARGOCD_ENV_zitadel_config_secret_name} + name: ${ARGOCD_ENV_zitadel_db_secret_name} creationPolicy: Owner template: data: diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index bde71a04a..f9f486f74 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -93,37 +93,7 @@ spec: - name: "namespace" value: "${ARGOCD_ENV_security_zitadel_namespace}" - - name: "pgdb_helm_version" - value: "${ARGOCD_ENV_zitadel_percona_provider_pgdb_helm_version}" - - - name: "postgres_replicas" - value: "${ARGOCD_ENVsecurity_zitadel_percona_provider_postgres_replicas}" - - - name: "postgres_proxy_replicas" - value: "${ARGOCD_ENV_security_zitadel_percona_provider_proxy_replicas}" - - - name: "postgres_storage_size" - value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_storage_size}" - - - name: "rds_postgres_storage_size" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_storage_size}" - - - name: "rds_postgres_instance_size" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_postgres_instance_size}" - - - name: "rds_vpc_id" - value: "${ARGOCD_ENV_zitadel_rds_provider_rdbms_vpc_id}" - - - name: "vpc_cidr" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_vpc_cidr}" - - - name: "rds_subnet_list" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_rdbms_subnet_list}" - - - name: "rds_cloud_region" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_provider_cloud_region}" - - - name: "db_secret" + - name: "db_secret_name" value: "${ARGOCD_ENV_security_zitadel_zitadel_db_secret}" - name: "db_name" @@ -135,20 +105,11 @@ spec: - name: "dbdeploy_name_prefix" value: "${ARGOCD_ENV_security_zitadel_dbdeploy_name_prefix}" - - name: "db_backup_retention_period" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_backup_retention_period}" - - - name: "db_preferred_backup_window" - value: "${ARGOCD_ENV__security_zitadel_rds_provider_preferred_backup_window}" - - - name: "db_storage_type" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_storage_type}" - - - name: "db_storage_iops" - value: "${ARGOCD_ENV_security_zitadel_rds_provider_db_storage_iops}" - - name: "externalservice_name" - value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" + value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" + + - name: "zitadel_config_secret_name" + value: "${ARGOCD_ENV_security_zitadel_config_secret_name}" #zitadel db - repoURL: ${ARGOCD_ENV_argocd_repo_url} diff --git a/gitops/argo-apps/base/zitadel.yaml b/gitops/argo-apps/base/zitadel.yaml index 90f83706c..e1965c92a 100644 --- a/gitops/argo-apps/base/zitadel.yaml +++ b/gitops/argo-apps/base/zitadel.yaml @@ -36,15 +36,10 @@ spec: plugin: name: envsubst env: - - name: "zitadel_release_name" - value: "${ARGOCD_ENV_security_zitadel_app_name}" - name: "zitadel_namespace" value: "${ARGOCD_ENV_security_zitadel_namespace}" - - name: "zitadel_helm_version" - value: "${ARGOCD_ENV_security_zitadel_helm_version}" - - name: "zitadel_istio_gateway_namespace" value: "${ARGOCD_ENV_security_zitadel_istio_gateway_namespace}" @@ -54,6 +49,21 @@ spec: - name: "zitadel_dns_subdomain" value: "${ARGOCD_ENV_security_zitadel_dns_subdomain}" + - repoURL: ${ARGOCD_ENV_argocd_repo_url} + targetRevision: ${ARGOCD_ENV_security_application_gitrepo_tag} + path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_security_zitadel_rdbms_provider}/zitadel + plugin: + name: envsubst + env: + - name: "zitadel_helm_version" + value: "${ARGOCD_ENV_security_zitadel_helm_version}" + + - name: "zitadel_namespace" + value: "${ARGOCD_ENV_security_zitadel_namespace}" + + - name: "zitadel_dns_subdomain" + value: "${ARGOCD_ENV_security_zitadel_dns_subdomain}" + - name: "zitadel_replicas" value: "${ARGOCD_ENV_security_zitadel_replicas}" @@ -63,11 +73,6 @@ spec: - name: "zitadel_db_name" value: "${ARGOCD_ENV_security_zitadel_zitadel_db_name}" - - name: "zitadel_db_user" - value: "${ARGOCD_ENV_security_zitadel_zitadel_db_user}" - - - name: "zitadel_pg_db_release_name" - value: "${ARGOCD_ENV_security_zitadel_zitadel_pg_db_release_name}" - - name: "zitadel_config_secret_name" - value: "${ARGOCD_ENV_security_zitadel_config_secret_name}" + value: "${ARGOCD_ENV_security_zitadel_config_secret_name}" + From 7bbc01d85c138bbb8a72b7d19fdc271472d81080 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:38:34 +0530 Subject: [PATCH 17/48] zitadel helm ref --- gitops/argo-apps/overlays/local/root/kustomization.yaml | 2 +- gitops/argo-apps/overlays/local/security/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gitops/argo-apps/overlays/local/root/kustomization.yaml b/gitops/argo-apps/overlays/local/root/kustomization.yaml index d0e664153..ab6a3bf42 100644 --- a/gitops/argo-apps/overlays/local/root/kustomization.yaml +++ b/gitops/argo-apps/overlays/local/root/kustomization.yaml @@ -32,7 +32,7 @@ resources: - ../../../base/maintenance-pre.yaml # security - ../../../base/zitadel-pre.yaml - - ../../../base/zitadel-helm.yaml + - ../../../base/zitadel.yaml - ../../../base/zitadel-post-config.yaml - ../../../base/netbird-pre.yaml - ../../../base/netbird.yaml diff --git a/gitops/argo-apps/overlays/local/security/kustomization.yaml b/gitops/argo-apps/overlays/local/security/kustomization.yaml index b5e79c146..41a28ed8c 100644 --- a/gitops/argo-apps/overlays/local/security/kustomization.yaml +++ b/gitops/argo-apps/overlays/local/security/kustomization.yaml @@ -3,6 +3,6 @@ kind: Kustomization resources: - ../../../base/zitadel-pre.yaml - - ../../../base/zitadel-helm.yaml + - ../../../base/zitadel.yaml - ../../../base/zitadel-post-config.yaml #- ../../../base/netbird.yaml From 0c108ae432fc68b9dd421a60f5e395f96a6d9f2d Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:43:14 +0530 Subject: [PATCH 18/48] correction --- gitops/argo-apps/base/zitadel-pre.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index f9f486f74..4676b3383 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -103,7 +103,7 @@ spec: value: "${ARGOCD_ENV_security_zitadel_zitadel_db_username}" - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_security_zitadel_dbdeploy_name_prefix}" + value: "${ARGOCD_ENV_security_zitadel_zitadel_dbdeploy_name_prefix}" - name: "externalservice_name" value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" From 18632331552d635b92783a347487f0a5a787f2eb Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:46:21 +0530 Subject: [PATCH 19/48] zitadel replicas --- terraform/ccnew/default-config/common-vars.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/ccnew/default-config/common-vars.yaml b/terraform/ccnew/default-config/common-vars.yaml index 96064b4ab..ad813e1d1 100644 --- a/terraform/ccnew/default-config/common-vars.yaml +++ b/terraform/ccnew/default-config/common-vars.yaml @@ -163,6 +163,7 @@ ceph_bucket_max_size: "10Gi" env_token_ttl: "14d" # Zitadel +zitadel_replicas: "'2'" zitadel_postgres_rdbms_provider: "percona" zitadel_postgres_instance_size: "small" zitadel_postgres_storage_size: "20Gi" From 785d93d9978d7d350544ff301a25984d8e9ace76 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:47:20 +0530 Subject: [PATCH 20/48] zitadel corrections --- .../rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml | 2 +- terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml index d43bdbd7e..88ca2bec3 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml @@ -74,7 +74,7 @@ spec: property: password target: - name: ${ARGOCD_ENV_zitadel_db_secret_name} + name: ${ARGOCD_ENV_zitadel_config_secret_name} creationPolicy: Owner template: data: diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 9bd45bce7..16c0ff0c0 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -98,6 +98,7 @@ argocd_override: application_gitrepo_tag: "${iac_terraform_modules_tag}" sub_apps: zitadel: + replicas: "${zitadel_replicas}" public_ingress_access_domain: "${zitadel_public_access}" terraform_modules_tag: "${iac_terraform_modules_tag}" helm_version: "${zitadel_helm_version}" From 68c33c784370c4eaf165baafd3d08594814f5fd0 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 13:54:35 +0530 Subject: [PATCH 21/48] max prep stmnts --- .../overlays/rdbms_provider/percona/db/db-values.yaml | 1 + gitops/argo-apps/base/gitlab-pre.yaml | 10 ++++++++-- gitops/argo-apps/base/zitadel-pre.yaml | 5 ++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml index 3bc72d499..ecc2f952d 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml @@ -303,6 +303,7 @@ proxy: global: pool_mode: transaction query_wait_timeout: "600" + max_prepared_statements: ${ARGOCD_ENV_max_prepared_statements} backups: pgbackrest: diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index ce9201c24..ce38fa77f 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -268,7 +268,10 @@ spec: value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_storage_iops}" - name: "externalservice_name" - value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_externalservice_name}" + value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_externalservice_name}" + + - name: max_prepared_statements + value: "0" #praefect db - repoURL: ${ARGOCD_ENV_argocd_repo_url} @@ -350,4 +353,7 @@ spec: value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_storage_iops}" - name: "externalservice_name" - value: "${ARGOCD_ENV_gitlab_gitlab_praefect_externalservice_name}" + value: "${ARGOCD_ENV_gitlab_gitlab_praefect_externalservice_name}" + + - name: max_prepared_statements + value: "0" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 4676b3383..914429042 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -191,4 +191,7 @@ spec: value: "${ARGOCD_ENV_security_zitadel_rds_provider_storage_iops}" - name: "externalservice_name" - value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" + value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" + + - name: max_prepared_statements + value: "1" From 12d15835341942cbf803bb4ba1bfddf54718de30 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:02:27 +0530 Subject: [PATCH 22/48] pg size --- gitops/argo-apps/base/zitadel-pre.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 914429042..5dc59520f 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -143,7 +143,7 @@ spec: value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_security_zitadel_percona_provider_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_security_zitadel_percona_provider_postgres_storage_size}" - name: "pgdb_helm_version" value: "${ARGOCD_ENV_security_zitadel_percona_provider_pgdb_helm_version}" From c632f0fd1bb546beb5ab62a42a461ae9b38b9813 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:09:22 +0530 Subject: [PATCH 23/48] conf struct --- .../ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 16c0ff0c0..f0e207dde 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -108,12 +108,12 @@ argocd_override: argocd_admin_rbac_group: "${argocd_admin_rbac_group}" log_level: "${zitadel_log_level}" rdbms_provider: "${zitadel_postgres_rdbms_provider}" - zitadel_percona_provider: + percona_provider: postgres_replicas: "${zitadel_postgres_replicas}" postgres_proxy_replicas: "${zitadel_postgres_proxy_replicas}" postgres_storage_size: "${zitadel_postgres_storage_size}" pgdb_helm_version: "${zitadel_pgdb_helm_version}" - zitadel_rds_provider: + rds_provider: rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" db_provider_cloud_region: "${cloud_region}" rdbms_vpc_id: "${rdbms_vpc_id}" @@ -124,7 +124,7 @@ argocd_override: preferred_backup_window: "${zitadel_db_preferred_backup_window}" storage_type: "${zitadel_db_storage_type}" storage_iops: "${zitadel_db_storage_iops}" - zitadel_cockroachdb_provider: + cockroachdb_provider: helm_version: "${cockroachdb_helm_version}" pvc_size: "${zitadel_db_storage_size}" netbird: From c4cb9a160f6e26eb0600c1d27d8bc46c518d4f61 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:13:40 +0530 Subject: [PATCH 24/48] int --- gitops/argo-apps/base/gitlab-pre.yaml | 4 ++-- gitops/argo-apps/base/zitadel-pre.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index ce38fa77f..19c7707ea 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -271,7 +271,7 @@ spec: value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_externalservice_name}" - name: max_prepared_statements - value: "0" + value: "'0'" #praefect db - repoURL: ${ARGOCD_ENV_argocd_repo_url} @@ -356,4 +356,4 @@ spec: value: "${ARGOCD_ENV_gitlab_gitlab_praefect_externalservice_name}" - name: max_prepared_statements - value: "0" + value: "'0'" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 5dc59520f..702170264 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -194,4 +194,4 @@ spec: value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" - name: max_prepared_statements - value: "1" + value: "'1'" From 252e037269f05b26ac1693a1250005c40c959c92 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:19:29 +0530 Subject: [PATCH 25/48] corrections --- .../overlays/rdbms_provider/percona/db/db-values.yaml | 2 +- .../percona/zitadel-pre/zitadel-config-secrets.yaml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml index ecc2f952d..a7d1e504a 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/db/db-values.yaml @@ -303,7 +303,7 @@ proxy: global: pool_mode: transaction query_wait_timeout: "600" - max_prepared_statements: ${ARGOCD_ENV_max_prepared_statements} + max_prepared_statements: "${ARGOCD_ENV_max_prepared_statements}" backups: pgbackrest: diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml index 25199bb9c..cbd5ecaee 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml @@ -70,23 +70,23 @@ spec: data: - secretKey: user remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: user - secretKey: dbname remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: dbname - secretKey: host remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: pgbouncer-host - secretKey: password remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: password - secretKey: port remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: port target: From cce6ab0846a77f7e9402d1b64301ec7553af6be3 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 14:23:46 +0530 Subject: [PATCH 26/48] config --- .../ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index f0e207dde..16c0ff0c0 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -108,12 +108,12 @@ argocd_override: argocd_admin_rbac_group: "${argocd_admin_rbac_group}" log_level: "${zitadel_log_level}" rdbms_provider: "${zitadel_postgres_rdbms_provider}" - percona_provider: + zitadel_percona_provider: postgres_replicas: "${zitadel_postgres_replicas}" postgres_proxy_replicas: "${zitadel_postgres_proxy_replicas}" postgres_storage_size: "${zitadel_postgres_storage_size}" pgdb_helm_version: "${zitadel_pgdb_helm_version}" - rds_provider: + zitadel_rds_provider: rdbms_subnet_list: "${join(",", rdbms_subnet_list)}" db_provider_cloud_region: "${cloud_region}" rdbms_vpc_id: "${rdbms_vpc_id}" @@ -124,7 +124,7 @@ argocd_override: preferred_backup_window: "${zitadel_db_preferred_backup_window}" storage_type: "${zitadel_db_storage_type}" storage_iops: "${zitadel_db_storage_iops}" - cockroachdb_provider: + zitadel_cockroachdb_provider: helm_version: "${cockroachdb_helm_version}" pvc_size: "${zitadel_db_storage_size}" netbird: From e2caa1e46b632165061c3212d1fff763cc5734bd Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:23:09 +0530 Subject: [PATCH 27/48] zitadel prep stmts --- gitops/argo-apps/base/gitlab-pre.yaml | 4 ++-- gitops/argo-apps/base/zitadel-pre.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index 19c7707ea..ce38fa77f 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -271,7 +271,7 @@ spec: value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_externalservice_name}" - name: max_prepared_statements - value: "'0'" + value: "0" #praefect db - repoURL: ${ARGOCD_ENV_argocd_repo_url} @@ -356,4 +356,4 @@ spec: value: "${ARGOCD_ENV_gitlab_gitlab_praefect_externalservice_name}" - name: max_prepared_statements - value: "'0'" + value: "0" diff --git a/gitops/argo-apps/base/zitadel-pre.yaml b/gitops/argo-apps/base/zitadel-pre.yaml index 702170264..5dc59520f 100644 --- a/gitops/argo-apps/base/zitadel-pre.yaml +++ b/gitops/argo-apps/base/zitadel-pre.yaml @@ -194,4 +194,4 @@ spec: value: "${ARGOCD_ENV_security_zitadel_externalservice_name}" - name: max_prepared_statements - value: "'1'" + value: "1" From 6331fb810d29d53c4a2c4a9d3dad3537044df2f3 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:30:31 +0530 Subject: [PATCH 28/48] zitadel config correction --- .../percona/zitadel-pre/zitadel-config-secrets.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml index cbd5ecaee..4328f61dc 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml @@ -99,6 +99,7 @@ spec: Postgres: Admin: Password: '{{.password}}' + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} SSL: Mode: require Username: ${ARGOCD_ENV_db_username} @@ -113,9 +114,4 @@ spec: Password: '{{.password}}' SSL: Mode: require - Username: ${ARGOCD_ENV_db_username} - Admin: - Username: {{.user}} - ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} - SSL: - Mode: require \ No newline at end of file + Username: ${ARGOCD_ENV_db_username} \ No newline at end of file From d2521060aeabf335c2df58374d0f90841aad4088 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:31:25 +0530 Subject: [PATCH 29/48] zitadel config --- .../rds/zitadel-pre/zitadel-config-secrets.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml index 88ca2bec3..650f43a80 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml @@ -83,6 +83,7 @@ spec: Postgres: Admin: Password: '{{.password}}' + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} SSL: Mode: require Username: ${ARGOCD_ENV_db_username} @@ -97,9 +98,4 @@ spec: Password: '{{.password}}' SSL: Mode: require - Username: ${ARGOCD_ENV_db_username} - Admin: - Username: {{.user}} - ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} - SSL: - Mode: require \ No newline at end of file + Username: ${ARGOCD_ENV_db_username} \ No newline at end of file From 088bdae015a92e631f28e4924da1130a09c7334b Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 15:48:25 +0530 Subject: [PATCH 30/48] post stor size --- gitops/argo-apps/base/gitlab-pre.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index ce38fa77f..1763d6531 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -220,7 +220,7 @@ spec: value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_postgres_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_postgres_storage_size}" - name: "pgdb_helm_version" value: "${ARGOCD_ENV_gitlab_webdb_percona_provider_pgdb_helm_version}" @@ -305,7 +305,7 @@ spec: value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_postgres_proxy_replicas}" - name: "postgres_storage_size" - value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_percona_postgres_storage_size}" + value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_postgres_storage_size}" - name: "pgdb_helm_version" value: "${ARGOCD_ENV_gitlab_praefectdb_percona_provider_pgdb_helm_version}" From 0a3ae122e9c8d5aa23968f812ebc121c00987883 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:03:07 +0530 Subject: [PATCH 31/48] db deploy --- gitops/argo-apps/base/gitlab-pre.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index 1763d6531..15affdde7 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -253,7 +253,7 @@ spec: value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" + value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" - name: "db_backup_retention_period" value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_backup_retention_period}" From 898bcca9dda84f56d9e6e98995af2bb6051f1ef8 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:12:39 +0530 Subject: [PATCH 32/48] correction --- gitops/argo-apps/base/gitlab-pre.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitops/argo-apps/base/gitlab-pre.yaml b/gitops/argo-apps/base/gitlab-pre.yaml index 15affdde7..c2b6003f8 100644 --- a/gitops/argo-apps/base/gitlab-pre.yaml +++ b/gitops/argo-apps/base/gitlab-pre.yaml @@ -253,7 +253,7 @@ spec: value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" + value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - name: "db_backup_retention_period" value: "${ARGOCD_ENV_gitlab_webdb_rds_provider_backup_retention_period}" @@ -338,7 +338,7 @@ spec: value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" - name: "dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" + value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" - name: "db_backup_retention_period" value: "${ARGOCD_ENV_gitlab_praefectdb_rds_provider_backup_retention_period}" From 837328fee046206d667b36d6110f2ad62ea7c855 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 17:11:45 +0530 Subject: [PATCH 33/48] removing overlay from gitlab --- gitops/argo-apps/base/gitlab.yaml | 44 +------------------------------ 1 file changed, 1 insertion(+), 43 deletions(-) diff --git a/gitops/argo-apps/base/gitlab.yaml b/gitops/argo-apps/base/gitlab.yaml index f2bbf3062..fcf9dd795 100644 --- a/gitops/argo-apps/base/gitlab.yaml +++ b/gitops/argo-apps/base/gitlab.yaml @@ -109,46 +109,4 @@ spec: value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" - name: "gitlab_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" - - - repoURL: ${ARGOCD_ENV_argocd_repo_url} - targetRevision: ${ARGOCD_ENV_gitlab_application_gitrepo_tag} - path: gitops/applications/overlays/rdbms_provider/${ARGOCD_ENV_gitlab_pre_rdbms_provider}/gitlab - plugin: - name: envsubst - env: - - name: "cluster_name" - value: "${ARGOCD_ENV_cluster_name}" - - - name: "gitlab_namespace" - value: "${ARGOCD_ENV_gitlab_gitlab_namespace}" - - - name: "praefect_externalservice_name" - value: "${ARGOCD_ENV_gitlab_gitlab_praefect_externalservice_name}" - - - name: "gitlab_externalservice_name" - value: "${ARGOCD_ENV_gitlab_gitlab_gitlab_externalservice_name}" - - - name: "gitlab_db_name" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_name}" - - - name: "praefect_db_name" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_name}" - - - name: "gitlab_db_username" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_username}" - - - name: "praefect_db_username" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_username}" - - - name: "gitlab_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_dbdeploy_name_prefix}" - - - name: "praefect_dbdeploy_name_prefix" - value: "${ARGOCD_ENV_gitlab_pre_praefect_dbdeploy_name_prefix}" - - - name: "praefect_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_praefect_db_secret}" - - - name: "gitlab_db_secret" - value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" \ No newline at end of file + value: "${ARGOCD_ENV_gitlab_pre_gitlab_db_secret}" \ No newline at end of file From 0c4e2460aaf29eac57a06c901fa6945115b94279 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 18:56:14 +0530 Subject: [PATCH 34/48] zitadel db correction --- .../rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml index 650f43a80..7082d26f3 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml @@ -70,7 +70,7 @@ spec: data: - secretKey: password remoteRef: - key: ${ARGOCD_ENV_zitadel_db_secret_name} + key: ${ARGOCD_ENV_db_secret_name} property: password target: From 3cfb58a1b01f499e7abe4f10d485eedb48781341 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 19:32:45 +0530 Subject: [PATCH 35/48] zitadel db changes --- .../zitadel-pre/zitadel-config-secrets.yaml | 16 ---------------- .../rdbms_provider/rds/db/db-secrets.yaml | 8 ++++---- .../rds/zitadel-pre/zitadel-config-secrets.yaml | 4 ++-- 3 files changed, 6 insertions(+), 22 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml index 4328f61dc..8658817cb 100644 --- a/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/percona/zitadel-pre/zitadel-config-secrets.yaml @@ -68,26 +68,10 @@ spec: name: zitadel-secret-store data: - - secretKey: user - remoteRef: - key: ${ARGOCD_ENV_db_secret_name} - property: user - - secretKey: dbname - remoteRef: - key: ${ARGOCD_ENV_db_secret_name} - property: dbname - - secretKey: host - remoteRef: - key: ${ARGOCD_ENV_db_secret_name} - property: pgbouncer-host - secretKey: password remoteRef: key: ${ARGOCD_ENV_db_secret_name} property: password - - secretKey: port - remoteRef: - key: ${ARGOCD_ENV_db_secret_name} - property: port target: name: ${ARGOCD_ENV_zitadel_config_secret_name} diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index 582c3063b..ec3acd598 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -1,7 +1,7 @@ apiVersion: redhatcop.redhat.io/v1alpha1 kind: PasswordPolicy metadata: - name: rdsdb-password-policy + name: ${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password-policy namespace: ${ARGOCD_ENV_vault_namespace} spec: # Add fields here @@ -32,7 +32,7 @@ spec: apiVersion: redhatcop.redhat.io/v1alpha1 kind: RandomSecret metadata: - name: rdsdb-password + name: ${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password namespace: ${ARGOCD_ENV_vault_namespace} spec: authentication: @@ -44,7 +44,7 @@ spec: path: /secret/data/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} secretKey: password secretFormat: - passwordPolicyName: rdsdb-password-policy + passwordPolicyName: ${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password-policy --- apiVersion: redhatcop.redhat.io/v1alpha1 kind: VaultSecret @@ -60,7 +60,7 @@ spec: serviceAccount: name: default name: dynamicsecret_db_password - path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/rdsdb-password + path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password output: name: ${ARGOCD_ENV_db_secret} stringData: diff --git a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml index 7082d26f3..8658817cb 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/zitadel-pre/zitadel-config-secrets.yaml @@ -83,7 +83,7 @@ spec: Postgres: Admin: Password: '{{.password}}' - ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} + ExistingDatabase: ${ARGOCD_ENV_zitadel_db_name} SSL: Mode: require Username: ${ARGOCD_ENV_db_username} @@ -98,4 +98,4 @@ spec: Password: '{{.password}}' SSL: Mode: require - Username: ${ARGOCD_ENV_db_username} \ No newline at end of file + Username: ${ARGOCD_ENV_db_username} \ No newline at end of file From 18fc6a150f01dec43381ac8cd52fb21cd8ce67f5 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 19:44:03 +0530 Subject: [PATCH 36/48] secrets --- .../overlays/rdbms_provider/rds/db/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml index 363af4f1f..6dd2f5ecf 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/kustomization.yaml @@ -12,3 +12,4 @@ helmCharts: resources: - xplane-kubernetes-provider-config.yaml - db-external-name-service.yaml + - db-secrets.yaml From 14693b9821d33aa148377ffc21fb272231d6e89a Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:30:04 +0530 Subject: [PATCH 37/48] zitadel db path --- .../applications/overlays/rdbms_provider/rds/db/db-secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index ec3acd598..86ea22724 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -41,7 +41,7 @@ spec: serviceAccount: name: default isKVSecretsEngineV2: true - path: /secret/data/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} + path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} secretKey: password secretFormat: passwordPolicyName: ${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password-policy From c0e7e2914347b06cd3510e569b1a95c22fcc1824 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:33:03 +0530 Subject: [PATCH 38/48] secret data path --- .../applications/overlays/rdbms_provider/rds/db/db-secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index 86ea22724..3cf8e240d 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -60,7 +60,7 @@ spec: serviceAccount: name: default name: dynamicsecret_db_password - path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password + path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password output: name: ${ARGOCD_ENV_db_secret} stringData: From 7e8da13f4f915cb89e8f838950aefd6255ceb5e7 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:50:44 +0530 Subject: [PATCH 39/48] zitadel db secret path --- .../overlays/rdbms_provider/rds/db/db-secrets.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml index 3cf8e240d..c0ed05c3b 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-secrets.yaml @@ -41,7 +41,7 @@ spec: serviceAccount: name: default isKVSecretsEngineV2: true - path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} + path: /secret/data/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix} secretKey: password secretFormat: passwordPolicyName: ${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password-policy @@ -60,7 +60,7 @@ spec: serviceAccount: name: default name: dynamicsecret_db_password - path: /secret/data/${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password + path: /secret/data/${ARGOCD_ENV_cluster_name}-${ARGOCD_ENV_dbdeploy_name_prefix}/${ARGOCD_ENV_dbdeploy_name_prefix}-rds-password output: name: ${ARGOCD_ENV_db_secret} stringData: From d28377f6ea1b4eafcbd03933a577788558dd417a Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 21:06:57 +0530 Subject: [PATCH 40/48] zitadel ns --- .../rdbms_provider/rds/db/db-external-name-service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml index 3ad37ce85..e585783fe 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml @@ -11,7 +11,7 @@ spec: externalName: sample kind: Service metadata: - namespace: "${ARGOCD_ENV_externalservice_namespace}" + namespace: "${ARGOCD_ENV_namespace}" providerConfigRef: name: kubernetes-provider references: From 92de7fd07cb8dc96ce5fc18023c2271409108066 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Wed, 20 Nov 2024 21:26:02 +0530 Subject: [PATCH 41/48] k8s provider --- .../rdbms_provider/rds/db/db-external-name-service.yaml | 2 +- .../rds/db/xplane-kubernetes-provider-config.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml index e585783fe..63526a8c3 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/db-external-name-service.yaml @@ -13,7 +13,7 @@ spec: metadata: namespace: "${ARGOCD_ENV_namespace}" providerConfigRef: - name: kubernetes-provider + name: ${ARGOCD_ENV_dbdeploy_name_prefix}-kubernetes-provider references: - patchesFrom: apiVersion: rds.aws.crossplane.io/v1alpha1 diff --git a/gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml b/gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml index 721ebf812..8bbebe304 100644 --- a/gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml +++ b/gitops/applications/overlays/rdbms_provider/rds/db/xplane-kubernetes-provider-config.yaml @@ -1,7 +1,7 @@ apiVersion: kubernetes.crossplane.io/v1alpha1 kind: ProviderConfig metadata: - name: kubernetes-provider + name: ${ARGOCD_ENV_dbdeploy_name_prefix}-kubernetes-provider spec: credentials: source: InjectedIdentity \ No newline at end of file From a89c939bd5f9833a98743677b7849226c641fcdb Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Thu, 21 Nov 2024 17:18:02 +0530 Subject: [PATCH 42/48] zitadel cockraoch --- .../rdbms_provider/cockroach/zitadel/zitadel-values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml index 50518f75e..2db0b1c74 100644 --- a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml @@ -42,5 +42,3 @@ zitadel: dbSslCaCrtSecret: zitadel-db-cockroachdb-ca-secret dbSslAdminCrtSecret: zitadel-db-cockroachdb-client-secret dbSslUserCrtSecret: zitadel-db-cockroachdb-zitadel-secret - configSecretName: "${ARGOCD_ENV_zitadel_config_secret_name}" - configSecretKey: config.yaml From 330a6cedcaf1b4d7edd5027c6a7218a4e1904f12 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:36:37 +0530 Subject: [PATCH 43/48] cockraoch zitadel pre --- .../rdbms_provider/cockroach/zitadel-pre/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml index 0ead75c20..fb26365c8 100644 --- a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - zitadel-config-secrets.yaml + - zitadel-cert-jobs.yaml helmCharts: - name: cockroachdb From 9ab9a1bb8655abec768d788617997c74a06eb6a7 Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:43:26 +0530 Subject: [PATCH 44/48] correction --- .../rdbms_provider/cockroach/zitadel-pre/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml index fb26365c8..7e39c6a54 100644 --- a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel-pre/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - zitadel-cert-jobs.yaml + - zitadel-cert-job.yaml helmCharts: - name: cockroachdb From a396e4793f9ade3ed39e75f658c66f574738657d Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 12:51:16 +0530 Subject: [PATCH 45/48] cockroach db placeholder --- .../overlays/rdbms_provider/cockroach/db/kustomization.yaml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 gitops/applications/overlays/rdbms_provider/cockroach/db/kustomization.yaml diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/db/kustomization.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/db/kustomization.yaml new file mode 100644 index 000000000..b83b23e57 --- /dev/null +++ b/gitops/applications/overlays/rdbms_provider/cockroach/db/kustomization.yaml @@ -0,0 +1,3 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: [] From 152b2e1f33503e1570040da329aa81bdea5dadea Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 13:06:54 +0530 Subject: [PATCH 46/48] cockroach db name --- .../rdbms_provider/cockroach/zitadel/zitadel-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml index 2db0b1c74..de6658f5e 100644 --- a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml @@ -23,7 +23,7 @@ zitadel: Type: 1 Database: Cockroach: - Database: ${ARGOCD_ENV_zitadel_db_name} + Database: zitadel-db-cockroachdb-public User: SSL: Mode: verify-full From 66d21c58c6ef133e518c0ad3cbc1a4fc825f863d Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 13:26:19 +0530 Subject: [PATCH 47/48] correction --- .../rdbms_provider/cockroach/zitadel/zitadel-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml index de6658f5e..80f1ce493 100644 --- a/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml +++ b/gitops/applications/overlays/rdbms_provider/cockroach/zitadel/zitadel-values.yaml @@ -23,7 +23,7 @@ zitadel: Type: 1 Database: Cockroach: - Database: zitadel-db-cockroachdb-public + Host: zitadel-db-cockroachdb-public User: SSL: Mode: verify-full From 58c2c384efd4900f32c879ba001cb4216d895c2e Mon Sep 17 00:00:00 2001 From: Sijo George <87609749+sijo5722-2021@users.noreply.github.com> Date: Fri, 22 Nov 2024 14:45:35 +0530 Subject: [PATCH 48/48] rdbms provider config --- terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl | 2 +- terraform/ccnew/default-config/common-vars.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl index 16c0ff0c0..ec0dfae27 100644 --- a/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl +++ b/terraform/ccnew/ansible-k8s-deploy/templates/argoapps.yaml.tpl @@ -107,7 +107,7 @@ argocd_override: argocd_user_rbac_group: "${argocd_user_rbac_group}" argocd_admin_rbac_group: "${argocd_admin_rbac_group}" log_level: "${zitadel_log_level}" - rdbms_provider: "${zitadel_postgres_rdbms_provider}" + rdbms_provider: "${zitadel_rdbms_provider}" zitadel_percona_provider: postgres_replicas: "${zitadel_postgres_replicas}" postgres_proxy_replicas: "${zitadel_postgres_proxy_replicas}" diff --git a/terraform/ccnew/default-config/common-vars.yaml b/terraform/ccnew/default-config/common-vars.yaml index ad813e1d1..e50df693d 100644 --- a/terraform/ccnew/default-config/common-vars.yaml +++ b/terraform/ccnew/default-config/common-vars.yaml @@ -164,7 +164,7 @@ env_token_ttl: "14d" # Zitadel zitadel_replicas: "'2'" -zitadel_postgres_rdbms_provider: "percona" +zitadel_rdbms_provider: "percona" zitadel_postgres_instance_size: "small" zitadel_postgres_storage_size: "20Gi" zitadel_db_storage_size: "5Gi"