From f47879259b3c10cdb6b24dcbc38e3f3ab34eff1c Mon Sep 17 00:00:00 2001 From: danielscholl Date: Thu, 22 Aug 2024 11:45:52 -0500 Subject: [PATCH] Enabled Postgresql Database (#162) --- bicep/modules/blade_common.bicep | 16 + bicep/modules/blade_service.bicep | 15 +- .../templates/config-map-devsample.yaml | 21 -- charts/env-debug/.helmignore | 23 -- charts/env-debug/Chart.yaml | 27 -- charts/env-debug/README.md | 67 ---- charts/env-debug/templates/_helpers.tpl | 64 ---- charts/env-debug/templates/config-map.yaml | 8 - charts/env-debug/templates/deployment.yaml | 117 ------- charts/env-debug/templates/hpa.yaml | 28 -- charts/env-debug/templates/kv-secrets.yaml | 80 ----- charts/env-debug/templates/pvc.yaml | 41 --- charts/env-debug/templates/service.yaml | 17 - .../env-debug/templates/serviceaccount.yaml | 9 - charts/env-debug/values.yaml | 24 -- docs/software.md | 191 ++++++----- software/applications/dev-sample/httpbin.yaml | 68 ---- .../applications/dev-sample/namespace.yaml | 8 - software/applications/dev-sample/release.yaml | 62 ---- software/applications/osdu-auth/release.yaml | 2 +- software/components/database/namespace.yaml | 6 + software/components/database/postgresql.yaml | 37 +++ .../vault-secrets.yaml} | 19 +- .../elastic-search/elastic-job.yaml | 0 .../elastic-search/elastic-search.yaml | 0 .../elastic-search/kibana.yaml | 0 .../elastic-search/namespace.yaml | 0 .../elastic-search/vault-secrets.yaml | 0 stamp/applications/kustomize.yaml | 53 --- stamp/components/kustomize.yaml | 314 ++++-------------- 30 files changed, 241 insertions(+), 1076 deletions(-) delete mode 100644 charts/config-maps/templates/config-map-devsample.yaml delete mode 100644 charts/env-debug/.helmignore delete mode 100644 charts/env-debug/Chart.yaml delete mode 100644 charts/env-debug/README.md delete mode 100644 charts/env-debug/templates/_helpers.tpl delete mode 100644 charts/env-debug/templates/config-map.yaml delete mode 100644 charts/env-debug/templates/deployment.yaml delete mode 100644 charts/env-debug/templates/hpa.yaml delete mode 100644 charts/env-debug/templates/kv-secrets.yaml delete mode 100644 charts/env-debug/templates/pvc.yaml delete mode 100644 charts/env-debug/templates/service.yaml delete mode 100644 charts/env-debug/templates/serviceaccount.yaml delete mode 100644 charts/env-debug/values.yaml delete mode 100644 software/applications/dev-sample/httpbin.yaml delete mode 100644 software/applications/dev-sample/namespace.yaml delete mode 100644 software/applications/dev-sample/release.yaml create mode 100644 software/components/database/namespace.yaml create mode 100644 software/components/database/postgresql.yaml rename software/components/{osdu-config/release.yaml => database/vault-secrets.yaml} (57%) rename software/{applications => components}/elastic-search/elastic-job.yaml (100%) rename software/{applications => components}/elastic-search/elastic-search.yaml (100%) rename software/{applications => components}/elastic-search/kibana.yaml (100%) rename software/{applications => components}/elastic-search/namespace.yaml (100%) rename software/{applications => components}/elastic-search/vault-secrets.yaml (100%) diff --git a/bicep/modules/blade_common.bicep b/bicep/modules/blade_common.bicep index d9a3b53d..3e075387 100644 --- a/bicep/modules/blade_common.bicep +++ b/bicep/modules/blade_common.bicep @@ -153,6 +153,22 @@ var vaultSecrets = [ secretName: 'app-dev-sp-id' secretValue: applicationClientId } + { + secretName: 'cpng-user-name' + secretValue: 'dbuser' + } + { + secretName: 'cpng-user-password' + secretValue: substring(uniqueString('dbuser', resourceGroup().id, bladeConfig.sectionName), 0, 8) + } + { + secretName: 'cpng-superuser-name' + secretValue: 'dbadmin' + } + { + secretName: 'cpng-superuser-password' + secretValue: substring(uniqueString('dbadmin', resourceGroup().id, bladeConfig.sectionName), 0, 8) + } ] var roleAssignment = { diff --git a/bicep/modules/blade_service.bicep b/bicep/modules/blade_service.bicep index e541b5ca..8feea0c4 100644 --- a/bicep/modules/blade_service.bicep +++ b/bicep/modules/blade_service.bicep @@ -427,16 +427,16 @@ module federatedCredsOduInitNamespace './federated_identity.bicep' = { ] } -module federatedCredsDevSampleNamespace './federated_identity.bicep' = { - name: '${bladeConfig.sectionName}-federated-cred-ns_dev-sample' +module federatedCredsPostgreSqlNamespace './federated_identity.bicep' = { + name: '${bladeConfig.sectionName}-federated-cred-ns_postgresql' params: { - name: 'federated-ns_dev-sample' + name: 'federated-ns_postgresql' audiences: [ 'api://AzureADTokenExchange' ] issuer: cluster.outputs.aksOidcIssuerUrl userAssignedIdentityName: appIdentity.name - subject: 'system:serviceaccount:dev-sample:workload-identity-sa' + subject: 'system:serviceaccount:postgresql:workload-identity-sa' } dependsOn: [ federatedCredsOduInitNamespace @@ -455,7 +455,7 @@ module federatedCredsConfigMapsNamespace './federated_identity.bicep' = { subject: 'system:serviceaccount:azappconfig-system:az-appconfig-k8s-provider' } dependsOn: [ - federatedCredsDevSampleNamespace + federatedCredsPostgreSqlNamespace ] } @@ -524,7 +524,6 @@ module federatedCredsOsduReference './federated_identity.bicep' = { } - module appRoleAssignments './app_assignments.bicep' = { name: '${bladeConfig.sectionName}-user-managed-identity-rbac' params: { @@ -536,7 +535,7 @@ module appRoleAssignments './app_assignments.bicep' = { federatedCredsDefaultNamespace federatedCredsOsduCoreNamespace federatedCredsOduInitNamespace - federatedCredsDevSampleNamespace + federatedCredsPostgreSqlNamespace federatedCredsConfigMapsNamespace federatedCredsElasticNamespace federatedCredsOsduSystem @@ -555,7 +554,7 @@ module appRoleAssignments2 './app_assignments.bicep' = [for (name, index) in par federatedCredsDefaultNamespace federatedCredsOsduCoreNamespace federatedCredsOsduReference - federatedCredsDevSampleNamespace + federatedCredsPostgreSqlNamespace federatedCredsConfigMapsNamespace ] }] diff --git a/charts/config-maps/templates/config-map-devsample.yaml b/charts/config-maps/templates/config-map-devsample.yaml deleted file mode 100644 index c87b5576..00000000 --- a/charts/config-maps/templates/config-map-devsample.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $namespace := .Release.Namespace }} -apiVersion: azconfig.io/v1 -kind: AzureAppConfigurationProvider -metadata: - name: {{ include "config-maps.fullname" . }}-sample - namespace: {{ $namespace }} -spec: - endpoint: {{ .Values.azure.configEndpoint }} - target: - configMapName: configmap-devsample - configMapData: - type: yaml - key: value.yaml - separator: "." - auth: - workloadIdentity: - managedIdentityClientId: {{ .Values.azure.clientId }} - configuration: - selectors: - - keyFilter: "*" - labelFilter: "configmap-devsample" \ No newline at end of file diff --git a/charts/env-debug/.helmignore b/charts/env-debug/.helmignore deleted file mode 100644 index 0e8a0eb3..00000000 --- a/charts/env-debug/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/env-debug/Chart.yaml b/charts/env-debug/Chart.yaml deleted file mode 100644 index 0eeac5c2..00000000 --- a/charts/env-debug/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -name: env-debug -description: A Sample App with Ingress for accessing KV Secrets - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.1 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.0.1 - -maintainers: - - name: danielscholl - url: https://github.com/danielscholl diff --git a/charts/env-debug/README.md b/charts/env-debug/README.md deleted file mode 100644 index 5b7f464f..00000000 --- a/charts/env-debug/README.md +++ /dev/null @@ -1,67 +0,0 @@ -# Helm Chart for Environment Debuging - -__Create a Custom Values__ - -_The following commands can help generate a prepopulated custom_values file._ -```bash -# Setup Variables -RAND="" # ie: bedfb - -GROUP=$(az group list --query "[?contains(name, 'ctl${UNIQUE}')].name" -otsv) -ENV_VAULT=$(az keyvault list --resource-group $GROUP --query [].name -otsv) - -# Translate Values File -cat > custom_values.yaml << EOF -replicaCount: 1 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 80 - -################################################################################ -# Specify the azure environment specific values -# -azure: - enabled: true - tenant: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/tenant-id --query value -otsv) - subscription: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/subscription-id --query value -otsv) - resourcegroup: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/base-name-cr --query value -otsv)-rg - identity: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/base-name-cr --query value -otsv)-osdu-identity - identity_id: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/osdu-identity-id --query value -otsv) - keyvault: $ENV_VAULT - appid: $(az keyvault secret show --id https://${ENV_VAULT}.vault.azure.net/secrets/aad-client-id --query value -otsv) - -env: -- name: MESSAGE - value: Hello World! -- name: AZURE_TENANT_ID - secret: - name: active-directory - key: tenantid -- name: WORKSPACE_ID - secret: - name: central-logging - key: workspace-id - -EOF - - -__Install Helm Chart__ - -Install the helm chart. - -```bash -# Create Namespace -NAMESPACE=dev-sample -helm upgrade --install dev-sample . -n $NAMESPACE --create-namespace -``` diff --git a/charts/env-debug/templates/_helpers.tpl b/charts/env-debug/templates/_helpers.tpl deleted file mode 100644 index cb77c00f..00000000 --- a/charts/env-debug/templates/_helpers.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "env-debug.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "env-debug.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "env-debug.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "env-debug.labels" -}} -helm.sh/chart: {{ include "env-debug.chart" . }} -{{ include "env-debug.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "env-debug.selectorLabels" -}} -app.kubernetes.io/name: {{ include "env-debug.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -aadpodidbinding: osdu-identity -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "env-debug.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "env-debug.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/env-debug/templates/config-map.yaml b/charts/env-debug/templates/config-map.yaml deleted file mode 100644 index eb5c1048..00000000 --- a/charts/env-debug/templates/config-map.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- $namespace := .Release.Namespace }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "env-debug.fullname" . }}-config - namespace: {{ $namespace }} -data: - MESSAGE: "From config-map.yaml" diff --git a/charts/env-debug/templates/deployment.yaml b/charts/env-debug/templates/deployment.yaml deleted file mode 100644 index eec09c12..00000000 --- a/charts/env-debug/templates/deployment.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- $namespace := .Release.Namespace }} -{{- $nodePool := .Values.nodePool}} -{{- $toleration := .Values.toleration}} -{{- $affinity := .Values.affinity}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "env-debug.fullname" . }} - labels: - {{- include "env-debug.labels" . | nindent 4 }} -spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "env-debug.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "env-debug.selectorLabels" . | nindent 8 }} - spec: - {{- if $nodePool }} - nodeSelector: - nodepool: {{ $nodePool }} - {{- end }} - {{- if $affinity }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - {{- if $affinity.zones }} - - key: topology.kubernetes.io/zone - operator: In - values: - {{- range $affinity.zones }} - - {{ . }} - {{- end }} - {{- end }} - {{- if $affinity.pools }} - - key: agentpool - operator: In - values: - {{- range $affinity.pools }} - - {{ . }} - {{- end }} - {{- end }} - {{- end }} - {{- if $toleration }} - tolerations: - - key: "app" - operator: "Equal" - value: {{ $toleration }} - effect: "NoSchedule" - {{- end }} - {{- if .Values.azure.enabled }} - volumes: - - name: azure-keyvault - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: azure-keyvault - - name: azure-share - persistentVolumeClaim: - claimName: {{ include "env-debug.fullname" . }}-pvc - {{- end }} - serviceAccountName: workload-identity-sa - containers: - - image: gcr.io/kuar-demo/kuard-amd64:1 - name: kuard - ports: - - containerPort: 8080 - name: http - protocol: TCP - {{- if .Values.azure.enabled }} - volumeMounts: - - name: azure-keyvault - mountPath: "/mnt/azure-keyvault" - readOnly: true - - name: azure-share - mountPath: "/mnt/azure-share" - readOnly: true - {{- end }} - env: - - name: STATIC_ENV_VALUE - value: "From Deployment.yaml" - - name: CONFIG_ENV_VALUE - valueFrom: - configMapKeyRef: - name: {{ include "env-debug.fullname" . }}-config - key: MESSAGE - {{- if .Values.env }} - {{- range .Values.env }} - - name: {{ .name }} - {{- if .value }} - value: {{ .value | quote }} - {{- end }} - {{- if .config }} - valueFrom: - configMapKeyRef: - name: {{ include "env-debug.fullname" . }}-config - key: {{ .config.key | quote }} - {{- end }} - {{- if .secret }} - valueFrom: - secretKeyRef: - name: {{ .secret.name | quote }} - key: {{ .secret.key | quote }} - {{- end }} - {{- end }} - {{- end }} diff --git a/charts/env-debug/templates/hpa.yaml b/charts/env-debug/templates/hpa.yaml deleted file mode 100644 index 6c015ab9..00000000 --- a/charts/env-debug/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "env-debug.fullname" . }} - labels: - {{- include "env-debug.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "env-debug.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/env-debug/templates/kv-secrets.yaml b/charts/env-debug/templates/kv-secrets.yaml deleted file mode 100644 index 12d70d01..00000000 --- a/charts/env-debug/templates/kv-secrets.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.azure.enabled -}} -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - name: "azure-keyvault" -spec: - provider: azure - secretObjects: - - secretName: active-directory - type: Opaque - data: - - objectName: "app-dev-sp-password" - key: principal-clientpassword - - secretName: common-storage-account - type: Opaque - data: - - objectName: tbl-storage - key: azurestorageaccountname - - objectName: tbl-storage-key - key: azurestorageaccountkey - - secretName: common-secrets - type: Opaque - data: - - objectName: graph-db-connection - key: database-connection - - objectName: tbl-storage-key - key: storage-key - - objectName: log-workspace-key - key: workspace-key - - objectName: insights-key - key: insights-key - - objectName: insights-connection - key: insights-connection - - secretName: opendes-secrets - type: Opaque - data: - - objectName: opendes-cosmos-connection - key: database-connection - - objectName: opendes-cosmos-primary-key - key: database-key - parameters: - clientID: {{ .Values.azure.clientId }} # client id of the Azure AD app/identity to use for workload identity - keyvaultName: {{ .Values.azure.keyvaultName }} # the name of the KeyVault - objects: | - array: - - | - objectName: app-dev-sp-password - objectType: secret - - | - objectName: graph-db-connection - objectType: secret - - | - objectName: tbl-storage - objectType: secret - - | - objectName: tbl-storage-key - objectType: secret - - | - objectName: log-workspace-key - objectType: secret - - | - objectName: opendes-storage - objectType: secret - - | - objectName: opendes-storage-key - objectType: secret - - | - objectName: opendes-cosmos-connection - objectType: secret - - | - objectName: opendes-cosmos-primary-key - objectType: secret - - | - objectName: insights-key - objectType: secret - - | - objectName: insights-connection - objectType: secret - tenantId: {{ .Values.azure.tenantId }} # the tenant ID of the KeyVault -{{- end }} diff --git a/charts/env-debug/templates/pvc.yaml b/charts/env-debug/templates/pvc.yaml deleted file mode 100644 index 8b0f1016..00000000 --- a/charts/env-debug/templates/pvc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- $namespace := .Release.Namespace }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "env-debug.fullname" . }}-pv - namespace: {{ $namespace }} - labels: - usage: file-mount -spec: - capacity: - storage: 5Gi - accessModes: - - ReadOnlyMany - azureFile: - secretName: common-storage-account - shareName: sample-share - volumeMode: Filesystem - mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=1000 - - gid=1000 - - mfsymlinks - - nobrl - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "env-debug.fullname" . }}-pvc - namespace: {{ $namespace }} -spec: - storageClassName: "" - accessModes: - - ReadOnlyMany - resources: - requests: - storage: 5Gi - selector: - matchLabels: - usage: file-mount \ No newline at end of file diff --git a/charts/env-debug/templates/service.yaml b/charts/env-debug/templates/service.yaml deleted file mode 100644 index e99d24bf..00000000 --- a/charts/env-debug/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- $serviceType := .Values.service.type }} -{{- $servicePort := .Values.service.port }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "env-debug.fullname" . }} - labels: - {{- include "env-debug.labels" . | nindent 4 }} -spec: - type: {{ $serviceType }} - ports: - - port: {{ $servicePort }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "env-debug.selectorLabels" . | nindent 4 }} diff --git a/charts/env-debug/templates/serviceaccount.yaml b/charts/env-debug/templates/serviceaccount.yaml deleted file mode 100644 index 346d059a..00000000 --- a/charts/env-debug/templates/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: workload-identity-sa - annotations: - azure.workload.identity/client-id: {{ .Values.azure.clientId }} - azure.workload.identity/tenant-id: {{ .Values.azure.tenantId }} - labels: - azure.workload.identity/use: "true" \ No newline at end of file diff --git a/charts/env-debug/values.yaml b/charts/env-debug/values.yaml deleted file mode 100644 index 23c91914..00000000 --- a/charts/env-debug/values.yaml +++ /dev/null @@ -1,24 +0,0 @@ -replicaCount: 1 - -nameOverride: "" -fullnameOverride: "" - -service: - type: ClusterIP - port: 80 - targetPort: 8080 - -autoscaling: - enabled: false - -azure: - enabled: false - -env: -- name: MESSAGE - value: Hello World! -- name: FROM_CONFIG_MAP - valueFrom: - configMapKeyRef: - name: "{{ include \"env-debug.fullname\" . }}-config" - key: MESSAGE diff --git a/docs/software.md b/docs/software.md index 860e145a..ec21ec5b 100644 --- a/docs/software.md +++ b/docs/software.md @@ -1,16 +1,6 @@ # Software Management with a GitOps Approach -In this workspace, we utilize a **GitOps** approach for efficient and reliable software management. This method leverages this Git repository as the source of truth for defining and updating the software configurations and deployments within our infrastructure. - -## GitOps Configuration - -Our GitOps configuration resides in this Git repository and employs a customized [repo-per-team](https://fluxcd.io/flux/guides/repository-structure/#repo-per-team) pattern. This repository includes: - -- **Configuration Files**: YAML files that define the desired state of our components and applications. - -- **Charts**: Helm charts used for defining, installing, and upgrading Kubernetes applications. - -## Advantages of GitOps +In this solution, we utilize a **GitOps** approach for efficient and reliable software management. This method leverages a git repository as the source of truth for defining and updating the software within the cluster and comes with some distinct advantages. - **Consistency and Standardization**: Ensures consistent configurations across different environments, minimizing discrepancies. @@ -20,26 +10,29 @@ Our GitOps configuration resides in this Git repository and employs a customized - **Enhanced Security**: Changes are reviewed through pull requests, increasing security and promoting collaboration among team members. -## Simplified Deployment Process +Software definitions are defined in this repository alongside the IaC and employ a customized [repo-per-team](https://fluxcd.io/flux/guides/repository-structure/#repo-per-team) pattern along with customized Helm charts. -Our GitOps approach simplifies the process of deploying and managing software, making it easier to maintain and update configurations. It also provides a configurable way to leverage other software configurations by pointing to alternate repositories that host additional configurations. This extensibility ensures our deployments can include not only the default software load but also any additional components required by our architecture. +- **Configuration Files**: YAML files that define the desired state of our components and applications. + +- **Charts**: Helm charts used for defining, installing, and upgrading Kubernetes applications. -## Kustomizations +Our GitOps approach not only standardizes and secures the software management process but also **simplifies the deployment process**. By making it easier to maintain and update configurations, this approach ensures that deployments are both efficient and flexible. It allows for seamless integration of additional software configurations by pointing to alternate repositories that host these configurations. This extensibility enables our deployments to include not just the default software load but also any additional components required by our architecture. -In our software architecture design, we have two primary Kustomizations that describe a **stamp**: -1. **Components**: This includes middleware layers that provide essential services to the platform. Examples of components are: - - Certificate Manager - - Istio - - Operators +### Stamp Layout -2. **Applications**: This category encompasses the code that functions as applications within the OSDU developer platform. Notable examples include: - - OSDU Core Services - - OSDU Reference Services +In our software architecture design, we define two primary software Kustomizations that describe a **stamp**. A Kustomization is a Flux resource representing a set of defined manifests that Flux should reconcile to the cluster, with dependencies between them. Structuring our Kustomizations this way ensures clarity and separation of concerns, making it easier to manage and organize both components and applications. -### Stamp Layout +1. **Components**: Middleware layers that provide essential services to the platform, necessary to support OSDU Services. +2. **Applications**: The OSDU platform services themselves, organized into logical groups of capabilities. -The stamp layout is organized as follows: + +```mermaid +flowchart TD + FluxSystemComponents("flux-system-components") + FluxSystemApplications("flux-system-applications") + FluxSystemComponents-->FluxSystemApplications +``` ```bash ├── applications @@ -48,40 +41,79 @@ The stamp layout is organized as follows: └── kustomize.yaml ``` -- applications/kustomize.yaml: This file defines the Kustomization for the various applications that run on the platform. - -- components/kustomize.yaml: This file specifies the Kustomization for the middleware components that support the applications. - -By structuring our Kustomizations in this manner, we ensure clarity and separation of concerns, making it easier to manage and scale separately both components and applications. + ### Components Structure The Components directory is organized to facilitate the management of various middleware layers essential for our infrastructure. Below is the layout: +Components are organized to facilitate the logical understanding of the middleware software installations. Components have dependency structures in the sequence of configuration. A naming pattern is used to help facilitate understanding. + +```mermaid +flowchart TD + FluxSystemComponents("flux-system-components") + Certs("component-certs") + CertsCA("component-certs-ca") + CertsCAIssuer("component-certs-ca-issuer") + OSDUSystem("component-osdu-system") + Cache("component-cache") + Database("component-database") + Postgresql("component-postgresql") + Airflow("component-airflow") + Elastic("component-elastic") + ElasticStorage("component-elastic-storage") + ElasticSearch("component-elastic-search") + Mesh("component-mesh") + MeshIngress("component-mesh-ingress") + Observability("component-observability") + + FluxSystemComponents-->Certs + Certs-->CertsCA + CertsCA-->CertsCAIssuer + CertsCAIssuer-->OSDUSystem + OSDUSystem-->Cache + OSDUSystem-->Mesh + Mesh-->MeshIngress + MeshIngress-->Observability + OSDUSystem-->Elastic + Elastic-->ElasticStorage + ElasticStorage-->ElasticSearch + OSDUSystem-->Database + Database-->Postgresql + Postgresql-->Airflow +``` + ```bash -└── components - ├── README.md +── components ├── certs - │ ├── namespace.yaml - │ ├── release.yaml - │ └── source.yaml + │   ├── namespace.yaml + │   ├── release.yaml + │   └── source.yaml ├── certs-ca - │ └── certificate.yaml + │   └── certificate.yaml ├── certs-ca-issuer - │ └── issuer.yaml + │   └── issuer.yaml + ├── database + │   ├── namespace.yaml + │   ├── postgresql.yaml + │   └── vault-secrets.yaml + ├── elastic-search + │   ├── elastic-job.yaml + │   ├── elastic-search.yaml + │   ├── kibana.yaml + │   ├── namespace.yaml + │   └── vault-secrets.yaml ├── elastic-storage - │ └── storage-class.yaml + │   └── storage-class.yaml ├── mesh-ingress - │ └── gateway.yaml + │   └── gateway.yaml ├── observability - │ ├── grafana.yaml - │ ├── jaeger.yaml - │ ├── kiali.yaml - │ ├── loki.yaml - │ ├── prometheus.yaml - │ └── subnet_monitoring.yaml - ├── osdu-config - │ └── release.yaml + │   ├── grafana.yaml + │   ├── jaeger.yaml + │   ├── kiali.yaml + │   ├── loki.yaml + │   ├── prometheus.yaml + │   └── subnet_monitoring.yaml └── osdu-system ├── airflow.yaml ├── cache.yaml @@ -92,39 +124,27 @@ The Components directory is organized to facilitate the management of various mi └── reloader.yaml ``` -__Directory Breakdown__ - -- certs: Contains YAML files for managing certificates, including: -- namespace.yaml: Defines the namespace for the certificate resources. -- release.yaml: Specifies the release configuration for the certificates. -- source.yaml: Outlines the source for certificate generation. -- certs-ca: Contains the configuration for Certificate Authority certificates: -- certificate.yaml: Defines the CA certificate. -- certs-ca-issuer: Contains the issuer configuration for certificates: -- issuer.yaml: Specifies the issuer details. -- elastic-storage: Contains the configuration for ElasticSearch storage: -- storage-class.yaml: Defines the storage class for ElasticSearch. -- mesh-ingress: Contains the configuration for ingress routing: -- gateway.yaml: Defines the gateway configuration for the service mesh. -- observability: Includes configurations for observability tools: -- grafana.yaml, jaeger.yaml, kiali.yaml, loki.yaml, prometheus.yaml, subnet_monitoring.yaml: Define settings for various observability tools. -- osdu-config: Contains configuration files for OSDU services: -- release.yaml: Specifies the release configuration for OSDU. -- osdu-system: Contains configurations for the OSDU system components: -- Includes files for airflow, cache, database, elastic, mesh, namespace, and reloader, each defining the necessary configurations for those services. - __Applications Structure__ -The Applications directory is organized to manage various applications within the OSDU developer platform. Below is the layout: +The Applications directory is organized to facilitate the management of applications that are installed in the platform. + +```mermaid +flowchart TD + FluxSystemApplications("flux-system-applications") + Podinfo("application-podinfo") + OSDUCore("application-osdu-core") + OSDUReference("application-osdu-reference") + OSDUAuth("application-osdu-auth") + + FluxSystemApplications-->Podinfo + FluxSystemApplications-->OSDUCore + FluxSystemApplications-->OSDUReference + FluxSystemApplications-->OSDUAuth +``` + ```bash ── applications -│ ├── elastic-search -│ │ ├── elastic-job.yaml -│ │ ├── elastic-search.yaml -│ │ ├── kibana.yaml -│ │ ├── namespace.yaml -│ │ └── vault-secrets.yaml │ ├── osdu-auth │ │ ├── namespace.yaml │ │ └── release.yaml @@ -154,26 +174,3 @@ The Applications directory is organized to manage various applications within th │ └── source.yaml ``` -- dev-sample: Contains sample application configurations: -- httpbin.yaml: Configuration for the HTTP Bin sample application. -- namespace.yaml: Defines the namespace for the sample application resources. -- release.yaml: Specifies the release configuration for the sample application. -- elastic-search: Includes configurations for the ElasticSearch application: -- elastic-job.yaml: Defines a job for ElasticSearch. -- elastic-search.yaml: Configuration for the ElasticSearch deployment. -- kibana.yaml: Configuration for Kibana, the visualization tool. -- namespace.yaml: Defines the namespace for ElasticSearch resources. -- vault-secrets.yaml: Contains the secrets required by ElasticSearch. -- osdu-auth: Contains configurations for OSDU authentication services: -- namespace.yaml: Defines the namespace for authentication resources. -- release.yaml: Specifies the release configuration for the authentication service. -- osdu-core: Includes configurations for core OSDU services: -- Contains multiple YAML files for defining the service configurations, including: -- base.yaml, entitlements.yaml, file.yaml, indexer.yaml, legal.yaml, namespace.yaml, partition.yaml, schema.yaml, search.yaml, storage.yaml, user-init.yaml. -- osdu-reference: Contains configurations for reference services in OSDU: -- Includes base.yaml, crs-catalog.yaml, crs-conversion.yaml, namespace.yaml, and unit.yaml. -- podinfo: Contains configurations for the Podinfo application: -- ingress.yaml: Defines ingress rules for the Podinfo application. -- namespace.yaml: Defines the namespace for Podinfo resources. -- release.yaml: Specifies the release configuration for Podinfo. -- source.yaml: Contains the source configuration for Podinfo. \ No newline at end of file diff --git a/software/applications/dev-sample/httpbin.yaml b/software/applications/dev-sample/httpbin.yaml deleted file mode 100644 index c6faff4a..00000000 --- a/software/applications/dev-sample/httpbin.yaml +++ /dev/null @@ -1,68 +0,0 @@ -################################################################################################## -# httpbin service -################################################################################################## -apiVersion: v1 -kind: ServiceAccount -metadata: - name: httpbin - namespace: dev-sample ---- -apiVersion: v1 -kind: Service -metadata: - name: httpbin - namespace: dev-sample - labels: - app: httpbin - service: httpbin -spec: - ports: - - name: http - port: 8000 - targetPort: 8080 - selector: - app: httpbin ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: httpbin - namespace: dev-sample -spec: - replicas: 1 - selector: - matchLabels: - app: httpbin - version: v1 - template: - metadata: - labels: - app: httpbin - version: v1 - spec: - serviceAccountName: httpbin - containers: - - image: docker.io/kong/httpbin - imagePullPolicy: IfNotPresent - name: httpbin - # Same as found in Dockerfile's CMD but using an unprivileged port - command: - - gunicorn - - -b - - 0.0.0.0:8080 - - httpbin:app - - -k - - gevent - env: - # Tells pipenv to use a writable directory instead of $HOME - - name: WORKON_HOME - value: /tmp - ports: - - containerPort: 8080 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 200m - memory: 256Mi diff --git a/software/applications/dev-sample/namespace.yaml b/software/applications/dev-sample/namespace.yaml deleted file mode 100644 index 2d0039c8..00000000 --- a/software/applications/dev-sample/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dev-sample - labels: - toolkit.fluxcd.io/tenant: dev-team - istio-injection: enabled \ No newline at end of file diff --git a/software/applications/dev-sample/release.yaml b/software/applications/dev-sample/release.yaml deleted file mode 100644 index c5662f81..00000000 --- a/software/applications/dev-sample/release.yaml +++ /dev/null @@ -1,62 +0,0 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: dev-sample - namespace: default - annotations: - clusterconfig.azure.com/use-managed-source: "true" -spec: - chart: - spec: - chart: ./charts/env-debug - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - interval: 5m0s - install: - remediation: - retries: 3 - targetNamespace: dev-sample - valuesFrom: - - kind: ConfigMap - name: config-map-values - valuesKey: values.yaml - values: - replicaCount: 1 - nameOverride: "" - fullnameOverride: env-debug - azure: - enabled: true - service: - type: ClusterIP - port: 80 - env: - - name: MESSAGE - value: Hello World! - - name: FROM_CONFIG_MAP - valueFrom: - configMapKeyRef: - name: env-debug-config - key: MESSAGE - - name: WORKSPACE_KEY - secret: - name: common-secrets - key: workspace-key - - name: STORAGE_KEY - secret: - name: common-secrets - key: storage-key - - name: DATABASE_CONNECTION - secret: - name: common-secrets - key: database-connection - - name: INSIGHTS_KEY - secret: - name: common-secrets - key: insights-key - - name: APPLICATIONINSIGHTS_CONNECTION_STRING - secret: - name: common-secrets - key: insights-connection \ No newline at end of file diff --git a/software/applications/osdu-auth/release.yaml b/software/applications/osdu-auth/release.yaml index 87ae8444..811c96e6 100644 --- a/software/applications/osdu-auth/release.yaml +++ b/software/applications/osdu-auth/release.yaml @@ -33,7 +33,7 @@ spec: apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: osdu-auth + name: osdu-developer-auth namespace: default annotations: clusterconfig.azure.com/use-managed-source: "true" diff --git a/software/components/database/namespace.yaml b/software/components/database/namespace.yaml new file mode 100644 index 00000000..8f9de922 --- /dev/null +++ b/software/components/database/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: postgresql + labels: + toolkit.fluxcd.io/tenant: dev-team \ No newline at end of file diff --git a/software/components/database/postgresql.yaml b/software/components/database/postgresql.yaml new file mode 100644 index 00000000..248feb92 --- /dev/null +++ b/software/components/database/postgresql.yaml @@ -0,0 +1,37 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: airflow-cluster + namespace: postgresql +spec: + inheritedMetadata: + labels: + azure.workload.identity/use: "true" + # imageName: 'ghcr.io/cloudnative-pg/postgresql:16' + instances: 3 + storage: + size: 1Gi + replicationSlots: + highAvailability: + enabled: true + affinity: + tolerations: + - effect: NoSchedule + key: app + value: "cluster" + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + cnpg.io/cluster: airflow-cluster + postgresql: + pg_hba: + - host airflow-db airflow all password + bootstrap: + initdb: + database: airflow-db + owner: airflow + secret: + name: postgresql-credentials diff --git a/software/components/osdu-config/release.yaml b/software/components/database/vault-secrets.yaml similarity index 57% rename from software/components/osdu-config/release.yaml rename to software/components/database/vault-secrets.yaml index 297c4389..7f3553c5 100644 --- a/software/components/osdu-config/release.yaml +++ b/software/components/database/vault-secrets.yaml @@ -2,27 +2,32 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: - name: osdu-config - namespace: default ## <--- Have to install here so we can get the configmap values + name: azure-keyvault-database + namespace: default annotations: clusterconfig.azure.com/use-managed-source: "true" spec: - targetNamespace: default - releaseName: config-maps + targetNamespace: postgresql chart: spec: - chart: ./charts/config-maps + chart: ./charts/keyvault-secrets sourceRef: kind: GitRepository name: flux-system namespace: flux-system + interval: 5m0s install: remediation: retries: 3 - interval: 5m0s valuesFrom: - kind: ConfigMap name: config-map-values valuesKey: values.yaml values: - fullnameOverride: configmap-ac \ No newline at end of file + secrets: + - secretName: postgresql-credentials + data: + - key: username + vaultSecret: cpng-user-name + - key: password + vaultSecret: cpng-user-password diff --git a/software/applications/elastic-search/elastic-job.yaml b/software/components/elastic-search/elastic-job.yaml similarity index 100% rename from software/applications/elastic-search/elastic-job.yaml rename to software/components/elastic-search/elastic-job.yaml diff --git a/software/applications/elastic-search/elastic-search.yaml b/software/components/elastic-search/elastic-search.yaml similarity index 100% rename from software/applications/elastic-search/elastic-search.yaml rename to software/components/elastic-search/elastic-search.yaml diff --git a/software/applications/elastic-search/kibana.yaml b/software/components/elastic-search/kibana.yaml similarity index 100% rename from software/applications/elastic-search/kibana.yaml rename to software/components/elastic-search/kibana.yaml diff --git a/software/applications/elastic-search/namespace.yaml b/software/components/elastic-search/namespace.yaml similarity index 100% rename from software/applications/elastic-search/namespace.yaml rename to software/components/elastic-search/namespace.yaml diff --git a/software/applications/elastic-search/vault-secrets.yaml b/software/components/elastic-search/vault-secrets.yaml similarity index 100% rename from software/applications/elastic-search/vault-secrets.yaml rename to software/components/elastic-search/vault-secrets.yaml diff --git a/stamp/applications/kustomize.yaml b/stamp/applications/kustomize.yaml index 2aa434d2..9a8bcfaa 100644 --- a/stamp/applications/kustomize.yaml +++ b/stamp/applications/kustomize.yaml @@ -23,59 +23,6 @@ spec: namespace: podinfo -###################### -## Dev Sample App -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: application-devsample -# namespace: flux-system -# spec: -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/applications/dev-sample -# prune: true -# wait: true -# healthChecks: -# - kind: Deployment -# name: env-debug -# namespace: dev-sample - - -###################### -## Elastic Search App -###################### ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -kind: Kustomization -metadata: - name: application-elastic - namespace: flux-system -spec: - interval: 1h - retryInterval: 1m - timeout: 5m - sourceRef: - kind: GitRepository - name: flux-system - path: ./software/applications/elastic-search - prune: true - wait: true - healthChecks: - - kind: StatefulSet - name: elasticsearch-ha-es-master - namespace: elastic-search - - kind: StatefulSet - name: elasticsearch-ha-es-coordinating - namespace: elastic-search - - ###################### ## OSDU Auth ###################### diff --git a/stamp/components/kustomize.yaml b/stamp/components/kustomize.yaml index 11a05044..fd3b2d55 100644 --- a/stamp/components/kustomize.yaml +++ b/stamp/components/kustomize.yaml @@ -69,85 +69,111 @@ spec: wait: true ###################### -## Configuration Component +## Middleware Components ###################### --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: - name: component-osdu-config + name: component-osdu-system namespace: flux-system spec: + dependsOn: + - name: component-certs-ca-issuer interval: 1h retryInterval: 1m timeout: 5m sourceRef: kind: GitRepository name: flux-system - path: ./software/components/osdu-config + path: ./software/components/osdu-system prune: true wait: true + healthChecks: + - kind: Deployment + name: stakater-reloader + namespace: reloader + - kind: StatefulSet + name: elastic-system + namespace: elastic-operator + - kind: Deployment + name: postgresql-operator-cloudnative-pg + namespace: cnpg-system + - kind: Deployment + name: istiod + namespace: istio-system + - kind: Deployment + name: istio-ingress-internal + namespace: istio-system + - kind: Deployment + name: istio-ingress-external + namespace: istio-system + - kind: StatefulSet + name: redis-master + namespace: redis-cluster + - kind: StatefulSet + name: redis-replicas + namespace: redis-cluster + ###################### -## Middleware Components +## Elastic Storage Component ###################### --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: - name: component-osdu-system + name: component-elastic-storage namespace: flux-system spec: dependsOn: - - name: component-certs-ca-issuer - - name: component-osdu-config + - name: component-osdu-system interval: 1h retryInterval: 1m timeout: 5m sourceRef: kind: GitRepository name: flux-system - path: ./software/components/osdu-system + path: ./software/components/elastic-storage prune: true - wait: true - # healthChecks: - # - kind: Deployment - # name: stakater-reloader - # namespace: reloader - # - kind: StatefulSet - # name: elastic-system - # namespace: elastic-operator - # - kind: Deployment - # name: postgresql-operator-cloudnative-pg - # namespace: cnpg-system - # - kind: Deployment - # name: istiod - # namespace: istio-system - # - kind: Deployment - # name: istio-ingress-internal - # namespace: istio-system - # - kind: Deployment - # name: istio-ingress-external - # namespace: istio-system - # - kind: StatefulSet - # name: redis-master - # namespace: redis-cluster - # - kind: StatefulSet - # name: redis-replicas - # namespace: redis-cluster - - - +###################### +## Elastic Search Component +###################### +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: component-elastic-search + namespace: flux-system +spec: + dependsOn: + - name: component-elastic-storage + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/components/elastic-search + prune: true + wait: true + healthChecks: + - kind: StatefulSet + name: elasticsearch-ha-es-master + namespace: elastic-search + - kind: StatefulSet + name: elasticsearch-ha-es-coordinating + namespace: elastic-search ###################### -## Elastic Component +## Postgresql Component ###################### --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: - name: component-elastic-storage + name: component-postgresql namespace: flux-system spec: dependsOn: @@ -158,8 +184,9 @@ spec: sourceRef: kind: GitRepository name: flux-system - path: ./software/components/elastic-storage + path: ./software/components/database prune: true + wait: true ###################### @@ -225,209 +252,4 @@ spec: namespace: istio-system - kind: Service name: loki - namespace: istio-system - - - - - - - - - - - - - - - -###################### -## Reloader Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-reloader -# namespace: flux-system -# spec: -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/reloader -# prune: true -# wait: true - - -###################### -## Airflow Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-airflow -# namespace: flux-system -# spec: -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/airflow -# prune: true -# wait: true - - - - - -###################### -## Cache Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-cache -# namespace: flux-system -# spec: -# dependsOn: -# - name: component-certs-ca-issuer -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/cache -# prune: true -# wait: true -# healthChecks: -# - kind: StatefulSet -# name: redis-master -# namespace: redis-cluster -# - kind: StatefulSet -# name: redis-replicas -# namespace: redis-cluster - - -###################### -## Config Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-configmap -# namespace: flux-system -# spec: -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/configmap -# prune: true -# wait: true - - -###################### -## Elastic Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-elastic -# namespace: flux-system -# spec: -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/elastic -# prune: true -# wait: true -# healthChecks: -# - kind: StatefulSet -# name: elastic-system -# namespace: elastic-operator -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-elastic-storage -# namespace: flux-system -# spec: -# dependsOn: -# - name: component-middleware -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/elastic-storage -# prune: true - - -###################### -## Mesh Component -###################### -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-mesh -# namespace: flux-system -# spec: -# dependsOn: -# - name: component-certs-ca-issuer -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/mesh -# prune: true -# wait: true -# healthChecks: -# - kind: Deployment -# name: istiod -# namespace: istio-system -# --- -# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 -# kind: Kustomization -# metadata: -# name: component-mesh-ingress -# namespace: flux-system -# spec: -# dependsOn: -# - name: component-middleware -# interval: 1h -# retryInterval: 1m -# timeout: 5m -# sourceRef: -# kind: GitRepository -# name: flux-system -# path: ./software/components/mesh-ingress -# prune: true -# wait: true -# healthChecks: -# - kind: Deployment -# name: istio-ingress-internal -# namespace: istio-system -# - kind: Deployment -# name: istio-ingress-external -# namespace: istio-system - - + namespace: istio-system \ No newline at end of file