[DO-1600] Move namespace prod to avroid-prod (!36)

[DO-1600]

Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech>
Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/36
Reviewed-by: Vasiliy Chipizhin <vasiliy.chipizhin@avroid.team>
Reviewed-by: Rustam Tagaev <rustam.tagaev@avroid.team>

clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/monitoring/karma/argocd-apps-karma-app.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: karma
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: karma
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: avroid-prod
+  sources:
+    - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
+      targetRevision: master
+      ref: values
+    - repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+      chart: "wiremind/karma"
+      targetRevision: 2.9.3
+      helm:
+        valueFiles:
+          - $values/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/monitoring/karma/values-ovveride.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - ApplyOutOfSyncOnly=true
+      - CreateNamespace=true
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: karma
+  namespace: argocd
+  # Finalizer that ensures that project is not deleted until it is not referenced by any application
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  sourceRepos:
+    - https://git.avroid.tech/K8s/k8s-configs.git
+    - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+  # Only permit applications to deploy to the guestbook namespace in the same cluster
+  destinations:
+    - namespace: avroid-prod
+      server: https://kubernetes.default.svc
+  # Deny all cluster-scoped resources from being created, except for Namespace
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace

clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/monitoring/karma/argocd-apps-karma-network-policy.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: karma-in
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: karma
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: ingress-nginx
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: karma-out
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - ipBlock:
+            # h-mon.avroid.tech
+            cidr: 10.18.3.27/32
+      ports:
+        - port: 9093
+          protocol: TCP

clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/monitoring/karma/values-ovveride.yaml

@@ -0,0 +1,69 @@
+# https://github.com/wiremind/wiremind-helm-charts/blob/main/charts/karma/values.yaml
+
+# Number of replicas
+replicaCount: 2
+
+image:
+  repository: ghcr.io/prymitive/karma
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+  hosts:
+    - karma.avroid.tech
+  ingressClassName: "nginx"
+  path: /
+  pathType: ImplementationSpecific
+  tls: []
+    # - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 450m
+    memory: 384Mi
+
+nodeSelector:
+  node-role.kubernetes.io/worker: ""
+
+configMap:
+  enabled: true
+  rawConfig:
+    alertmanager:
+      interval: 30s
+      servers:
+        - cluster: standalone
+          name: avroid
+          uri: http://h-mon.avroid.tech:9093
+          timeout: 10s
+          proxy: true
+          cors:
+            credentials: same-origin
+    labels:
+      color:
+        static:
+          - job
+        unique:
+          - alertname
+          - alertgroup
+          - severity
+          - name
+          - job
+          - instance
+          - subsystem
+          - device
+          - mountpoint
+    ui:
+      refresh: 10s
+      animations: true
+      colorTitlebar: true
+      multiGridLabel: severity
+    filters:
+      default:
+        - "@state!=suppressed"
+        - "@receiver!=avroid_alerts_critical"