From 648916693d8fa2a94fb8699dc2fc7f399c9b6c1e Mon Sep 17 00:00:00 2001 From: eseiker Date: Fri, 17 Jan 2025 13:03:38 +0900 Subject: [PATCH] add gke test cluster and bootstrap-v2 try multiplanetary values test --- charts/multiplanetary/templates/network.yaml | 13 ++- common/bootstrap-v2/Chart.yaml | 6 ++ .../templates/argocd-appproject-infra.yaml | 17 ++++ .../templates/argocd-secretstore.yaml | 20 ++++ common/bootstrap-v2/templates/argocd.yaml | 78 +++++++++++++++ .../bootstrap-v2/templates/external-dns.yaml | 34 +++++++ .../templates/external-secrets.yaml | 31 ++++++ common/bootstrap-v2/templates/traefik.yaml | 27 ++++++ common/bootstrap-v2/values.yaml | 17 ++++ gke-ninechronicles-internal/bootstrap.yaml | 27 ++++++ .../network/general.yaml | 15 +++ gke-ninechronicles-internal/network/odin.yaml | 97 +++++++++++++++++++ gke-ninechronicles-internal/values.yaml | 18 ++++ 13 files changed, 393 insertions(+), 7 deletions(-) create mode 100644 common/bootstrap-v2/Chart.yaml create mode 100644 common/bootstrap-v2/templates/argocd-appproject-infra.yaml create mode 100644 common/bootstrap-v2/templates/argocd-secretstore.yaml create mode 100644 common/bootstrap-v2/templates/argocd.yaml create mode 100644 common/bootstrap-v2/templates/external-dns.yaml create mode 100644 common/bootstrap-v2/templates/external-secrets.yaml create mode 100644 common/bootstrap-v2/templates/traefik.yaml create mode 100644 common/bootstrap-v2/values.yaml create mode 100644 gke-ninechronicles-internal/bootstrap.yaml create mode 100644 gke-ninechronicles-internal/network/general.yaml create mode 100644 gke-ninechronicles-internal/network/odin.yaml create mode 100644 gke-ninechronicles-internal/values.yaml diff --git a/charts/multiplanetary/templates/network.yaml b/charts/multiplanetary/templates/network.yaml index 872a3907a..48b22c1af 100644 --- a/charts/multiplanetary/templates/network.yaml +++ b/charts/multiplanetary/templates/network.yaml @@ -1,4 +1,4 @@ -{{ range $.Values.network }} +{{- range $.Values.network }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: @@ -7,16 +7,15 @@ metadata: spec: project: default source: - repoURL: https://github.com/planetarium/9c-infra.git - targetRevision: main + repoURL: {{ $.Values.repoURL | default "https://github.com/planetarium/9c-infra.git" }} + targetRevision: {{ $.Values.targetRevision | default "main" }} path: charts/all-in-one helm: valueFiles: - - "../../{{ $.Values.path }}/network/general.yaml" - - "../../{{ $.Values.path }}/network/{{ . }}.yaml" - + - /{{ $.Values.path }}/network/general.yaml + - /{{ $.Values.path }}/network/{{ . }}.yaml destination: server: https://kubernetes.default.svc namespace: {{ . }} --- -{{ end }} +{{- end }} diff --git a/common/bootstrap-v2/Chart.yaml b/common/bootstrap-v2/Chart.yaml new file mode 100644 index 000000000..983b564c2 --- /dev/null +++ b/common/bootstrap-v2/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +type: application +name: bootstrap-v2 +description: A Helm chart bootstrapping the cluster +version: 0.2.0 +appVersion: 1.0.0 diff --git a/common/bootstrap-v2/templates/argocd-appproject-infra.yaml b/common/bootstrap-v2/templates/argocd-appproject-infra.yaml new file mode 100644 index 000000000..2dcfa8472 --- /dev/null +++ b/common/bootstrap-v2/templates/argocd-appproject-infra.yaml @@ -0,0 +1,17 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: infra +spec: + description: In-cluster applications managed by DevOps team + sourceRepos: + - '*' + destinations: + - namespace: '*' + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: '*' + kind: '*' + namespaceResourceWhitelist: + - group: '*' + kind: '*' diff --git a/common/bootstrap-v2/templates/argocd-secretstore.yaml b/common/bootstrap-v2/templates/argocd-secretstore.yaml new file mode 100644 index 000000000..641cbc139 --- /dev/null +++ b/common/bootstrap-v2/templates/argocd-secretstore.yaml @@ -0,0 +1,20 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: argocd-secretstore + namespace: argocd +spec: + provider: + {{- if eq .Values.provider "AWS" }} + aws: + service: SecretsManager + region: {{ .Values.AWS.region }} + {{- else if eq .Values.provider "GCP" }} + gcpsm: + projectID: {{ .Values.GCP.projectID }} + {{- else }} + fake: + data: + - key: {{ .Values.clusterName }}-argocd-github-ssh-client + value: '{"dex.github.clientId":"DUMMY","dex.github.clientSecret":""}' + {{- end }} diff --git a/common/bootstrap-v2/templates/argocd.yaml b/common/bootstrap-v2/templates/argocd.yaml new file mode 100644 index 000000000..ebf22d3ef --- /dev/null +++ b/common/bootstrap-v2/templates/argocd.yaml @@ -0,0 +1,78 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd + namespace: argocd +spec: + project: infra + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + destination: + server: https://kubernetes.default.svc + namespace: argocd + source: + repoURL: https://argoproj.github.io/argo-helm + chart: argo-cd + targetRevision: 7.7.16 + helm: + values: |- + global: + domain: {{ .Values.argocd.domain }} + controller: + replicas: 1 + redis-ha: + enabled: true + repoServer: + autoscaling: + enabled: true + server: + autoscaling: + enabled: true + ingress: + enabled: true + ingressClassName: traefik + configs: + params: + server.insecure: true + rbac: + scopes: "[email, groups]" + policy.default: role:readonly + policy.csv: | + g, planetarium:DevOps, role:admin + cm: + admin.enabled: true + statusbadge.enabled: true + dex.config: |- + connectors: + - type: github + id: github + name: GitHub + config: + orgs: + - name: planetarium + clientID: "$github-ssh-client:dex.github.clientId" + clientSecret: "$github-ssh-client:dex.github.clientSecret" + extraObjects: + - apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: github-ssh-client + spec: + refreshInterval: 1m + secretStoreRef: + kind: SecretStore + name: argocd-secretstore + target: + name: github-ssh-client + template: + metadata: + labels: + app.kubernetes.io/instance: argocd + app.kubernetes.io/part-of: argocd + dataFrom: + - extract: + key: {{ .Values.clusterName }}-argocd-github-ssh-client diff --git a/common/bootstrap-v2/templates/external-dns.yaml b/common/bootstrap-v2/templates/external-dns.yaml new file mode 100644 index 000000000..de51919ae --- /dev/null +++ b/common/bootstrap-v2/templates/external-dns.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-dns + namespace: argocd +spec: + project: infra + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + destination: + server: https://kubernetes.default.svc + namespace: external-dns + source: + repoURL: https://charts.bitnami.com/bitnami + chart: external-dns + targetRevision: 8.3.9 + helm: + values: |- + sources: + - service + - ingress + - gateway-httproute + - gateway-grpcroute + policy: sync + txtOwnerId: "{{ .Values.clusterName }}" + serviceAccount: + annotations: + {{- with .Values.externalDns.serviceAccount.annotations }} + {{- toYaml . | nindent 12 }} + {{- end }} diff --git a/common/bootstrap-v2/templates/external-secrets.yaml b/common/bootstrap-v2/templates/external-secrets.yaml new file mode 100644 index 000000000..bee7c66b1 --- /dev/null +++ b/common/bootstrap-v2/templates/external-secrets.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-secrets + namespace: argocd +spec: + project: infra + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + destination: + server: https://kubernetes.default.svc + namespace: external-secrets + source: + repoURL: https://charts.external-secrets.io + chart: external-secrets + targetRevision: 0.12.1 + helm: + values: |- + certController: + create: false + webhook: + create: false + serviceAccount: + annotations: + {{- with .Values.externalSecrets.serviceAccount.annotations }} + {{- toYaml . | nindent 12 }} + {{- end }} diff --git a/common/bootstrap-v2/templates/traefik.yaml b/common/bootstrap-v2/templates/traefik.yaml new file mode 100644 index 000000000..c56e2c618 --- /dev/null +++ b/common/bootstrap-v2/templates/traefik.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: traefik + namespace: argocd +spec: + project: infra + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + prune: true + selfHeal: true + destination: + server: https://kubernetes.default.svc + namespace: traefik + source: + repoURL: https://traefik.github.io/charts + chart: traefik + targetRevision: 34.1.0 + helm: + values: |- + service: + annotations: + {{- with .Values.global.service.annotations }} + {{- toYaml . | nindent 12 }} + {{- end }} diff --git a/common/bootstrap-v2/values.yaml b/common/bootstrap-v2/values.yaml new file mode 100644 index 000000000..0150457c5 --- /dev/null +++ b/common/bootstrap-v2/values.yaml @@ -0,0 +1,17 @@ +clusterName: +provider: + +global: + service: + annotations: + +argocd: + domain: + +externalSecrets: + serviceAccount: + annotations: + +externalDns: + serviceAccount: + annotations: diff --git a/gke-ninechronicles-internal/bootstrap.yaml b/gke-ninechronicles-internal/bootstrap.yaml new file mode 100644 index 000000000..274380b86 --- /dev/null +++ b/gke-ninechronicles-internal/bootstrap.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: bootstrap + namespace: argocd +spec: + project: infra + destination: + server: https://kubernetes.default.svc + namespace: argocd + sources: + - repoURL: https://github.com/planetarium/9c-infra + path: common/bootstrap-v2 + targetRevision: gke + helm: + valueFiles: + - /gke-ninechronicles-internal/values.yaml + - repoURL: https://github.com/planetarium/9c-infra.git + path: charts/multiplanetary + targetRevision: gke + helm: + values: |- + clusterName: ninechronicles-internal-test-1 + targetRevision: gke + path: gke-ninechronicles-internal + network: + - odin diff --git a/gke-ninechronicles-internal/network/general.yaml b/gke-ninechronicles-internal/network/general.yaml new file mode 100644 index 000000000..354e04726 --- /dev/null +++ b/gke-ninechronicles-internal/network/general.yaml @@ -0,0 +1,15 @@ +clusterName: ninechronicles-internal-test-1 + +global: + image: + repository: planetariumhq/ninechronicles-headless + tag: "git-5681ee3a468d8c550d70e0ebed6eb530a5caf82a" + + service: + annotations: + +seed: + image: + repository: planetariumhq/libplanet-seed + pullPolicy: Always + tag: "git-67d0ef91c52a71a9772cd7fdb241c9fc37b165b8" diff --git a/gke-ninechronicles-internal/network/odin.yaml b/gke-ninechronicles-internal/network/odin.yaml new file mode 100644 index 000000000..89a36eba4 --- /dev/null +++ b/gke-ninechronicles-internal/network/odin.yaml @@ -0,0 +1,97 @@ +logLevel: "debug" + +global: + validatorPath: "validator-5.9c-network.svc.cluster.local" + genesisBlockPath: "https://release.nine-chronicles.com/genesis-block-9c-main" + trustedAppProtocolVersionSigner: "02529a61b9002ba8f21c858224234af971e962cac9bd7e6b365e71e125c6463478" + headlessAppsettingsPath: "https://9c-cluster-config.s3.us-east-2.amazonaws.com/9c-internal/odin/appsettings.json" + + appProtocolVersion: "200190/54684Ac4ee5B933e72144C4968BEa26056880d71/MEUCIQCNQmMSk4nnbOXSpe9yk0Q2ecyoQYrnZpQxmMeVz+Ve0wIgb9v1jf4R6DL8iikurLgzH9gYQJ+zvEBsEqQqmS55nPc=/ZHU5OnRpbWVzdGFtcHUxMDoyMDI0LTA2LTE3ZQ==" + + peerStrings: + - "033369e95dbfd970dd9a7b4df31dcf5004d7cfd63289d26cc42bbdd01e25675b6f,tcp-seed-1.9c-network.svc.cluster.local,31234" + + iceServers: + - "turn://0ed3e48007413e7c2e638f13ddd75ad272c6c507e081bd76a75e4b7adc86c9af:0apejou+ycZFfwtREeXFKdfLj2gCclKzz5ZJ49Cmy6I=@turn-us.planetarium.dev:3478" + + networkType: Internal + planet: OdinInternal + consensusType: pbft + + resetSnapshot: true + rollbackSnapshot: false + +externalSecret: + enabled: true + +ingress: + enabled: false + +gateway: + enabled: true + services: + - name: remote-headless + hostnames: + - odin-internal-gke-rpc.nine-chronicles.com + backendRefs: + - name: remote-headless-1 + protocols: + - web + - grpc + +snapshot: + downloadSnapshot: true + slackChannel: "9c-internal" + image: "planetariumhq/ninechronicles-snapshot:git-45205b5ed6d978bb0dda6ad0b84fb0a393015711" + partition: + enabled: false + suspend: true + path: internal + nodeSelector: + +# if you want to delete PVC with the volume provisioned together, set this value "Delete" +volumeReclaimPolicy: "Retain" + +seed: + count: 1 + useTurnServer: false + image: + repository: planetariumhq/libplanet-seed + pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. + + hosts: + - "odin-internal-gke-tcp-seed-1.nine-chronicles.com" + + nodeSelector: + +remoteHeadless: + image: + repository: planetariumhq/ninechronicles-headless + pullPolicy: Always + + hosts: + - "odin-internal-gke-rpc-1.nine-chronicles.com" + + ports: + headless: 31234 + graphql: 80 + rpc: 31238 + + storage: + data: 500Gi + + resources: + requests: + cpu: 1 + memory: 12Gi + + nodeSelector: + + loggingEnabled: true + + extraArgs: + - --tx-quota-per-signer=1 + - --remote-key-value-service + +validator: + count: 0 diff --git a/gke-ninechronicles-internal/values.yaml b/gke-ninechronicles-internal/values.yaml new file mode 100644 index 000000000..a308da385 --- /dev/null +++ b/gke-ninechronicles-internal/values.yaml @@ -0,0 +1,18 @@ +clusterName: ninechronicles-internal-test-1 +provider: GCP +GCP: + projectID: devops-test-445104 +global: + service: + annotations: + cloud.google.com/network-tier: Standard +argocd: + domain: argocd-internal-gke.planetarium.network +externalSecrets: + serviceAccount: + annotations: + iam.gke.io/gcp-service-account: external-secrets@devops-test-445104.iam.gserviceaccount.com +externalDns: + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::319679068466:role/gke-external-dns