[DO-1552] add helm aggregator (!21)

Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.tech> Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/21
2025-02-13 17:54:13 +03:00
parent 3fb6e5c463
commit 13c59eca90
4 changed files with 194 additions and 0 deletions
--- a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: automations-tools
+  labels:
+    name: automations-tools
+    app.kubernetes.io/managed-by: argocd
+  annotations:
+    scheduler.alpha.kubernetes.io/node-selector: "nodetype=worker"
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: automations-tools
+  namespace: automations-tools
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  hard:
+    configmaps: "200"
+    limits.cpu: "5"
+    limits.memory: 13Gi
+    persistentvolumeclaims: "10"
+    pods: "200"
+    requests.cpu: "3"
+    requests.memory: "10Gi"
+    requests.storage: "2Gi"
+    resourcequotas: "1"
+    secrets: "200"
+    services: "200"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: automations-tools-common
+  namespace: automations-tools
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - ipBlock:
+            # vault.avroid.tech
+            cidr: 10.2.16.2/32
+      ports:
+        - port: 443
+          protocol: TCP
+    - ports:
+        - port: 53
+          protocol: TCP
+        - port: 53
+          protocol: UDP
--- a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: helm-aggregator
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: helm-aggregator
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: automations-tools
+  sources:
+    - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
+      targetRevision: master
+      ref: values
+    - repoURL: https://actual-devops.github.io/helm-charts
+      chart: "helm-aggregator"
+      targetRevision: 0.1.0
+      helm:
+        valueFiles:
+          - $values/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - ApplyOutOfSyncOnly=true
+      - CreateNamespace=true
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: helm-aggregator
+  namespace: argocd
+  # Finalizer that ensures that project is not deleted until it is not referenced by any application
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  sourceRepos:
+    - https://actual-devops.github.io/helm-charts
+    - https://git.avroid.tech/K8s/k8s-configs.git
+  # Only permit applications to deploy to the guestbook namespace in the same cluster
+  destinations:
+    - namespace: automations-tools
+      server: https://kubernetes.default.svc
+  # Deny all cluster-scoped resources from being created, except for Namespace
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace
--- a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml
@@ -0,0 +1,37 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: helm-aggregator-in
+  namespace: automations-tools
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: helm-aggregator
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+        - port: 8080
+          protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: helm-aggregator-out
+  namespace: automations-tools
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - ports:
+        - port: 443
+          protocol: TCP
+        - port: 80
+          protocol: TCP
--- a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
@@ -0,0 +1,48 @@
+# https://github.com/wiremind/wiremind-helm-charts/blob/main/charts/karma/values.yaml
+
+# Number of replicas
+replicaCount: 2
+
+image:
+  repository: ghcr.io/actual-devops/helm-aggregator
+  tag: "0.1.0"
+
+ingress:
+  enabled: enable
+  className: ""
+  annotations:
+    kubernetes.io/ingress.class: nginx
+  hosts:
+    - host: helm-aggregator.avroid.tech
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+
+livenessProbe:
+  httpGet:
+    path: /healthcheck
+    port: http
+readinessProbe:
+  httpGet:
+    path: /healthcheck
+    port: http
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 64Mi
+  limits:
+    cpu: 200m
+    memory: 128Mi
+
+nodeSelector:
+  nodetype: worker
+
+config: |
+  repos:
+    - name: wiremind
+      url: https://wiremind.github.io/wiremind-helm-charts
+    - name: stevehipwell
+      url: https://stevehipwell.github.io/helm-charts
+  port: "8080"