From 13c59eca90d31d156588c4e58a09501237e7691b Mon Sep 17 00:00:00 2001 From: Rustam Tagaev Date: Thu, 13 Feb 2025 17:54:13 +0300 Subject: [PATCH] [DO-1552] add helm aggregator (!21) Co-authored-by: Rustam Tagaev Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/21 --- .../argocd-apps-automations-tools.yaml | 58 +++++++++++++++++++ .../argocd-apps-helm-aggregator-app.yaml | 51 ++++++++++++++++ ...d-apps-helm-aggregator-network-policy.yaml | 37 ++++++++++++ .../helm-aggregator/values.yaml | 48 +++++++++++++++ 4 files changed, 194 insertions(+) create mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml create mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml create mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml create mode 100644 clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml new file mode 100644 index 0000000..f266ae8 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/argocd-apps-automations-tools.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: automations-tools + labels: + name: automations-tools + app.kubernetes.io/managed-by: argocd + annotations: + scheduler.alpha.kubernetes.io/node-selector: "nodetype=worker" +--- +apiVersion: v1 +kind: ResourceQuota +metadata: + name: automations-tools + namespace: automations-tools + labels: + app.kubernetes.io/managed-by: argocd +spec: + hard: + configmaps: "200" + limits.cpu: "5" + limits.memory: 13Gi + persistentvolumeclaims: "10" + pods: "200" + requests.cpu: "3" + requests.memory: "10Gi" + requests.storage: "2Gi" + resourcequotas: "1" + secrets: "200" + services: "200" +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: automations-tools-common + namespace: automations-tools + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: [] + egress: + - to: + - ipBlock: + # vault.avroid.tech + cidr: 10.2.16.2/32 + ports: + - port: 443 + protocol: TCP + - ports: + - port: 53 + protocol: TCP + - port: 53 + protocol: UDP diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml new file mode 100644 index 0000000..cc1d940 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-app.yaml @@ -0,0 +1,51 @@ +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: helm-aggregator + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: helm-aggregator + destination: + server: https://kubernetes.default.svc + namespace: automations-tools + sources: + - repoURL: https://git.avroid.tech/K8s/k8s-configs.git + targetRevision: master + ref: values + - repoURL: https://actual-devops.github.io/helm-charts + chart: "helm-aggregator" + targetRevision: 0.1.0 + helm: + valueFiles: + - $values/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - ApplyOutOfSyncOnly=true + - CreateNamespace=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: helm-aggregator + namespace: argocd + # Finalizer that ensures that project is not deleted until it is not referenced by any application + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + sourceRepos: + - https://actual-devops.github.io/helm-charts + - https://git.avroid.tech/K8s/k8s-configs.git + # Only permit applications to deploy to the guestbook namespace in the same cluster + destinations: + - namespace: automations-tools + server: https://kubernetes.default.svc + # Deny all cluster-scoped resources from being created, except for Namespace + clusterResourceWhitelist: + - group: '' + kind: Namespace diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml new file mode 100644 index 0000000..0c94d17 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/argocd-apps-helm-aggregator-network-policy.yaml @@ -0,0 +1,37 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: helm-aggregator-in + namespace: automations-tools + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: helm-aggregator + policyTypes: + - Ingress + ingress: + - ports: + - port: 8080 + protocol: TCP +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: helm-aggregator-out + namespace: automations-tools + labels: + app.kubernetes.io/managed-by: argocd +spec: + podSelector: {} + policyTypes: + - Egress + ingress: [] + egress: + - ports: + - port: 443 + protocol: TCP + - port: 80 + protocol: TCP diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml new file mode 100644 index 0000000..4c7c2b1 --- /dev/null +++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml @@ -0,0 +1,48 @@ +# https://github.com/wiremind/wiremind-helm-charts/blob/main/charts/karma/values.yaml + +# Number of replicas +replicaCount: 2 + +image: + repository: ghcr.io/actual-devops/helm-aggregator + tag: "0.1.0" + +ingress: + enabled: enable + className: "" + annotations: + kubernetes.io/ingress.class: nginx + hosts: + - host: helm-aggregator.avroid.tech + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + +livenessProbe: + httpGet: + path: /healthcheck + port: http +readinessProbe: + httpGet: + path: /healthcheck + port: http + +resources: + requests: + cpu: 100m + memory: 64Mi + limits: + cpu: 200m + memory: 128Mi + +nodeSelector: + nodetype: worker + +config: | + repos: + - name: wiremind + url: https://wiremind.github.io/wiremind-helm-charts + - name: stevehipwell + url: https://stevehipwell.github.io/helm-charts + port: "8080"