From 09b97338ec4dc4bd999054ada0cf344150d92e78 Mon Sep 17 00:00:00 2001
From: Denis Patrakeev <denis.patrakeev@avroid.team>
Date: Fri, 21 Feb 2025 19:50:15 +0300
Subject: [PATCH] [DO-1600] Move karma to new namespace (!33)

[DO-1600]

Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech>
Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/33
---
 .../karma/argocd-apps-karma-namespace.yaml    | 25 ------------
 .../karma/argocd-apps-karma-app.yaml          | 12 +++---
 .../argocd-apps-karma-network-policy.yaml     | 40 +++++++++++++++++++
 .../karma/values-ovveride.yaml}               |  0
 4 files changed, 46 insertions(+), 31 deletions(-)
 delete mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-namespace.yaml
 rename clusters/k8s-avroid-office.prod.local/namespaces/{ => prod}/karma/argocd-apps-karma-app.yaml (83%)
 create mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-network-policy.yaml
 rename clusters/k8s-avroid-office.prod.local/namespaces/{karma/values.yaml => prod/karma/values-ovveride.yaml} (100%)

diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-namespace.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-namespace.yaml
deleted file mode 100644
index fa689ad..0000000
--- a/clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-namespace.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: karma
-  labels:
-    name: karma
-    app.kubernetes.io/managed-by: argocd
-  annotations:
-    argocd.argoproj.io/sync-wave: "-1"
-    scheduler.alpha.kubernetes.io/node-selector: node-role.kubernetes.io/worker=
----
-apiVersion: v1
-kind: ResourceQuota
-metadata:
-  name: karma
-  namespace: karma
-  labels:
-    app.kubernetes.io/managed-by: argocd
-spec:
-  hard:
-    requests.cpu: "0.5"
-    requests.memory: 1Gi
-    limits.cpu: "1"
-    limits.memory: 2Gi
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-app.yaml
similarity index 83%
rename from clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-app.yaml
rename to clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-app.yaml
index 2f63c78..c303bd9 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/karma/argocd-apps-karma-app.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-app.yaml
@@ -10,17 +10,17 @@ spec:
   project: karma
   destination:
     server: https://kubernetes.default.svc
-    namespace: karma
+    namespace: prod
   sources:
     - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
       targetRevision: master
       ref: values
-    - repoURL: https://wiremind.github.io/wiremind-helm-charts
-      chart: "karma"
+    - repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+      chart: "wiremind/karma"
       targetRevision: 2.9.3
       helm:
         valueFiles:
-          - $values/clusters/k8s-avroid-office.prod.local/namespaces/karma/values.yaml
+          - $values/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/values-ovveride.yaml
   syncPolicy:
     automated:
       prune: true
@@ -39,11 +39,11 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   sourceRepos:
-    - https://wiremind.github.io/wiremind-helm-charts
     - https://git.avroid.tech/K8s/k8s-configs.git
+    - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
   # Only permit applications to deploy to the guestbook namespace in the same cluster
   destinations:
-    - namespace: karma
+    - namespace: prod
       server: https://kubernetes.default.svc
   # Deny all cluster-scoped resources from being created, except for Namespace
   clusterResourceWhitelist:
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-network-policy.yaml
new file mode 100644
index 0000000..186e545
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/argocd-apps-karma-network-policy.yaml
@@ -0,0 +1,40 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: karma-in
+  namespace: prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: karma
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: ingress-nginx
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: karma-out
+  namespace: prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - ipBlock:
+            # h-mon.avroid.tech
+            cidr: 10.18.3.27/32
+      ports:
+        - port: 9093
+          protocol: TCP
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/karma/values.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/values-ovveride.yaml
similarity index 100%
rename from clusters/k8s-avroid-office.prod.local/namespaces/karma/values.yaml
rename to clusters/k8s-avroid-office.prod.local/namespaces/prod/karma/values-ovveride.yaml