hongbo-miao · mergify · Jul 15, 2024 · Jul 15, 2024
@@ -0,0 +1,6 @@
+argo-cd-app-create:
+	argocd app create hm-akhq --file=manifests/hm-akhq-application.yaml
+argo-cd-app-update:
+	argocd app create hm-akhq --file=manifests/hm-akhq-application.yaml --upsert
+argo-cd-app-delete:
+	argocd app delete hm-akhq --yes
@@ -0,0 +1,52 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: hm-akhq
+  namespace: production-hm-argo-cd
+  labels:
+    app.kubernetes.io/name: hm-akhq
+spec:
+  project: production-hm
+  sources:
+    - repoURL: https://akhq.io
+      # https://artifacthub.io/packages/helm/akhq/akhq
+      targetRevision: 0.25.1
+      chart: akhq
+      helm:
+        releaseName: hm-akhq
+        values: |
+          # https://github.com/tchiotludo/akhq/blob/dev/helm/akhq/values.yaml
+          ---
+          configuration:
+            akhq:
+              connections:
+                production-hm-kakfa:
+                  properties:
+                    bootstrap.servers: b-1.hmkafka.xxxxxx.xx.kafka.us-west-2.amazonaws.com:9098,b-2.hmkafka.xxxxxx.xx.kafka.us-west-2.amazonaws.com:9098,b-3.hmkafka.xxxxxx.xx.kafka.us-west-2.amazonaws.com:9098
+                    security.protocol: SASL_SSL
+                    sasl.mechanism: AWS_MSK_IAM
+                    sasl.jaas.config: software.amazon.msk.auth.iam.IAMLoginModule required;
+                    sasl.client.callback.handler.class: software.amazon.msk.auth.iam.IAMClientCallbackHandler
+          serviceAccount:
+            create: true
+            annotations:
+              eks.amazonaws.com/role-arn: arn:aws:iam::272394222652:role/AKHQRole-hm-akhq
+          resources:
+            requests:
+              cpu: 50m
+              memory: 512Mi
+            limits:
+              cpu: 300m
+              memory: 2Gi
+    - repoURL: [email protected]:hongbo-miao/hongbomiao.com.git
+      targetRevision: HEAD
+      path: ops/argo-cd/applications/production-hm/akhq/kubernetes-manifests
+  destination:
+    namespace: production-hm-akhq
+    server: https://kubernetes.default.svc
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+    automated:
+      prune: true
@@ -0,0 +1,36 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hm-akhq-ingress
+  namespace: production-hm-akhq
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    # https://doc.traefik.io/traefik/routing/providers/kubernetes-ingress/#on-ingress
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    # https://kubernetes-sigs.github.io/external-dns/latest/annotations/annotations
+    external-dns.alpha.kubernetes.io/hostname: hm-akhq.internal.hongbomiao.com
+    # https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    cert-manager.io/cluster-issuer: production-lets-encrypt-cluster-issuer
+    # https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks
+    argocd.argoproj.io/hook: PostSync
+  labels:
+    app.kubernetes.io/name: hm-akhq-ingress
+    app.kubernetes.io/part-of: production-hm-akhq
+spec:
+  rules:
+    - host: hm-akhq.internal.hongbomiao.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: hm-akhq
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - hm-akhq.internal.hongbomiao.com
+      secretName: production-hm-akhq-certificate
@@ -0,0 +1,17 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: production-hm-akhq-certificate
+  namespace: production-hm-akhq
+  annotations:
+    # https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks
+    argocd.argoproj.io/hook: PostSync
+spec:
+  commonName: hm-akhq.internal.hongbomiao.com
+  secretName: production-hm-akhq-certificate
+  dnsNames:
+    - hm-akhq.internal.hongbomiao.com
+  issuerRef:
+    kind: ClusterIssuer
+    name: production-lets-encrypt-cluster-issuer
@@ -0,0 +1,17 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: staging-hm-akhq-certificate
+  namespace: production-hm-akhq
+  annotations:
+    # https://argo-cd.readthedocs.io/en/stable/user-guide/resource_hooks
+    argocd.argoproj.io/hook: PostSync
+spec:
+  commonName: hm-akhq.internal.hongbomiao.com
+  secretName: staging-hm-akhq-certificate
+  dnsNames:
+    - hm-akhq.internal.hongbomiao.com
+  issuerRef:
+    kind: ClusterIssuer
+    name: staging-lets-encrypt-cluster-issuer