Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add gke test cluster and bootstrap-v2
Browse files Browse the repository at this point in the history
try multiplanetary

values test
eseiker committed Jan 22, 2025
1 parent 7f02dfc commit 0f40835
Showing 17 changed files with 513 additions and 7 deletions.
13 changes: 6 additions & 7 deletions charts/multiplanetary/templates/network.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ range $.Values.network }}
{{- range $.Values.network }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
@@ -7,16 +7,15 @@ metadata:
spec:
project: default
source:
repoURL: https://github.com/planetarium/9c-infra.git
targetRevision: main
repoURL: {{ $.Values.repoURL | default "https://github.com/planetarium/9c-infra.git" }}
targetRevision: {{ $.Values.targetRevision | default "main" }}
path: charts/all-in-one
helm:
valueFiles:
- "../../{{ $.Values.path }}/network/general.yaml"
- "../../{{ $.Values.path }}/network/{{ . }}.yaml"

- /{{ $.Values.path }}/network/general.yaml
- /{{ $.Values.path }}/network/{{ . }}.yaml
destination:
server: https://kubernetes.default.svc
namespace: {{ . }}
---
{{ end }}
{{- end }}
6 changes: 6 additions & 0 deletions common/bootstrap-v2/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v2
type: application
name: bootstrap-v2
description: A Helm chart bootstrapping the cluster
version: 0.2.0
appVersion: 1.0.0
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: amazon-eks-pod-identity-webhook
resources:
- https://raw.githubusercontent.com/aws/amazon-eks-pod-identity-webhook/refs/tags/v0.6.2/deploy/auth.yaml
- https://raw.githubusercontent.com/aws/amazon-eks-pod-identity-webhook/refs/tags/v0.6.2/deploy/deployment-base.yaml
- https://raw.githubusercontent.com/aws/amazon-eks-pod-identity-webhook/refs/tags/v0.6.2/deploy/mutatingwebhook.yaml
- https://raw.githubusercontent.com/aws/amazon-eks-pod-identity-webhook/refs/tags/v0.6.2/deploy/service.yaml
patches:
- target:
kind: Deployment
name: pod-identity-webhook
patch: |-
- op: replace
path: /spec/template/spec/containers/0/image
value: amazon/amazon-eks-pod-identity-webhook:latest
18 changes: 18 additions & 0 deletions common/bootstrap-v2/templates/amazon-eks-pod-identity-webhook.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: amazon-eks-pod-identity-webhook
namespace: argocd
spec:
project: infra
syncPolicy:
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: default
source:
repoURL: https://github.com/planetarium/9c-infra.git
path: common/bootstrap-v2/kustomization/amazon-eks-pod-identity-webhook
targetRevision: gke
17 changes: 17 additions & 0 deletions common/bootstrap-v2/templates/argocd-appproject-infra.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: infra
spec:
description: In-cluster applications managed by DevOps team
destinations:
- namespace: '*'
server: https://kubernetes.default.svc
sourceRepos:
- '*'
clusterResourceWhitelist:
- group: '*'
kind: '*'
namespaceResourceWhitelist:
- group: '*'
kind: '*'
20 changes: 20 additions & 0 deletions common/bootstrap-v2/templates/argocd-secretstore.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: argocd-secretstore
namespace: argocd
spec:
provider:
{{- if eq .Values.provider "AWS" }}
aws:
service: SecretsManager
region: {{ .Values.AWS.region }}
{{- else if eq .Values.provider "GCP" }}
gcpsm:
projectID: {{ .Values.GCP.projectID }}
{{- else }}
fake:
data:
- key: {{ .Values.clusterName }}-argocd-github-ssh-client
value: '{"dex.github.clientId":"DUMMY","dex.github.clientSecret":""}'
{{- end }}
78 changes: 78 additions & 0 deletions common/bootstrap-v2/templates/argocd.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
spec:
project: infra
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: argocd
source:
repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd
targetRevision: 7.7.16
helm:
values: |-
global:
domain: {{ .Values.argocd.domain }}
controller:
replicas: 1
redis-ha:
enabled: true
repoServer:
autoscaling:
enabled: true
server:
autoscaling:
enabled: true
ingress:
enabled: true
ingressClassName: traefik
configs:
params:
server.insecure: true
rbac:
scopes: "[email, groups]"
policy.default: role:readonly
policy.csv: |
g, planetarium:DevOps, role:admin
cm:
admin.enabled: true
statusbadge.enabled: true
dex.config: |-
connectors:
- type: github
id: github
name: GitHub
config:
orgs:
- name: planetarium
clientID: "$github-ssh-client:dex.github.clientId"
clientSecret: "$github-ssh-client:dex.github.clientSecret"
extraObjects:
- apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: github-ssh-client
spec:
refreshInterval: 1m
secretStoreRef:
kind: SecretStore
name: argocd-secretstore
target:
name: github-ssh-client
template:
metadata:
labels:
app.kubernetes.io/instance: argocd
app.kubernetes.io/part-of: argocd
dataFrom:
- extract:
key: {{ .Values.clusterName }}-argocd-github-ssh-client
29 changes: 29 additions & 0 deletions common/bootstrap-v2/templates/cert-manager.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
namespace: argocd
spec:
project: infra
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
source:
repoURL: https://charts.jetstack.io
chart: cert-manager
targetRevision: v1.16.3
helm:
values: |-
crds:
enabled: true
serviceAccount:
annotations:
{{- with .Values.certManager.serviceAccount.annotations }}
{{- toYaml . | nindent 12 }}
{{- end }}
30 changes: 30 additions & 0 deletions common/bootstrap-v2/templates/certificate.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{- with .Values.certManager.dnsNames }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: certificate
namespace: traefik
spec:
secretName: certificate-secret
dnsNames:
{{- toYaml . | nindent 4 }}
issuerRef:
name: cert-manager-letsencrypt-issuer
kind: ClusterIssuer
{{- end }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: cert-manager-letsencrypt-issuer
spec:
acme:
server: https://acme-staging-v02.api.letsencrypt.org/directory
# server: https://acme-v02.api.letsencrypt.org/directory
email: {{ .Values.certManager.issuer.email }}
privateKeySecretRef:
name: cert-manager-letsencrypt-issuer-secret
solvers:
- dns01:
route53:
region: us-east-2
40 changes: 40 additions & 0 deletions common/bootstrap-v2/templates/external-dns.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-dns
namespace: argocd
spec:
project: infra
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: external-dns
source:
repoURL: https://kubernetes-sigs.github.io/external-dns/
chart: external-dns
targetRevision: 1.15.0
helm:
values: |-
policy: sync
txtOwnerId: "{{ .Values.clusterName }}"
sources:
- service
- ingress
- gateway-httproute
- gateway-grpcroute
- crd
managedRecordTypes:
- A
- AAAA
- CNAME
- TXT
serviceAccount:
annotations:
{{- with .Values.externalDns.serviceAccount.annotations }}
{{- toYaml . | nindent 12 }}
{{- end }}
31 changes: 31 additions & 0 deletions common/bootstrap-v2/templates/external-secrets.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: external-secrets
namespace: argocd
spec:
project: infra
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: external-secrets
source:
repoURL: https://charts.external-secrets.io
chart: external-secrets
targetRevision: 0.12.1
helm:
values: |-
certController:
create: false
webhook:
create: false
serviceAccount:
annotations:
{{- with .Values.externalSecrets.serviceAccount.annotations }}
{{- toYaml . | nindent 12 }}
{{- end }}
31 changes: 31 additions & 0 deletions common/bootstrap-v2/templates/traefik.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik
namespace: argocd
spec:
project: infra
syncPolicy:
syncOptions:
- CreateNamespace=true
automated:
prune: true
selfHeal: true
destination:
server: https://kubernetes.default.svc
namespace: traefik
source:
repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: 34.1.0
helm:
values: |-
service:
annotations:
{{- with .Values.global.service.annotations }}
{{- toYaml . | nindent 12 }}
{{- end }}
tlsStore:
default:
defaultCertificate:
secretName: certificate-secret
24 changes: 24 additions & 0 deletions common/bootstrap-v2/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
clusterName:
provider:

global:
service:
annotations:

argocd:
domain:

externalSecrets:
serviceAccount:
annotations:

externalDns:
serviceAccount:
annotations:

certManager:
serviceAccount:
annotations:
dnsNames:
issuer:
email: ""
27 changes: 27 additions & 0 deletions gke-ninechronicles-internal/bootstrap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: bootstrap
namespace: argocd
spec:
project: infra
destination:
server: https://kubernetes.default.svc
namespace: argocd
sources:
- repoURL: https://github.com/planetarium/9c-infra
path: common/bootstrap-v2
targetRevision: gke
helm:
valueFiles:
- /gke-ninechronicles-internal/values.yaml
- repoURL: https://github.com/planetarium/9c-infra.git
path: charts/multiplanetary
targetRevision: gke
helm:
values: |-
clusterName: ninechronicles-internal-test-1
targetRevision: gke
path: gke-ninechronicles-internal
network:
- odin
15 changes: 15 additions & 0 deletions gke-ninechronicles-internal/network/general.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
clusterName: ninechronicles-internal-test-1

global:
image:
repository: planetariumhq/ninechronicles-headless
tag: "git-5681ee3a468d8c550d70e0ebed6eb530a5caf82a"

service:
annotations:

seed:
image:
repository: planetariumhq/libplanet-seed
pullPolicy: Always
tag: "git-67d0ef91c52a71a9772cd7fdb241c9fc37b165b8"
97 changes: 97 additions & 0 deletions gke-ninechronicles-internal/network/odin.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
logLevel: "debug"

global:
validatorPath: "validator-5.9c-network.svc.cluster.local"
genesisBlockPath: "https://release.nine-chronicles.com/genesis-block-9c-main"
trustedAppProtocolVersionSigner: "02529a61b9002ba8f21c858224234af971e962cac9bd7e6b365e71e125c6463478"
headlessAppsettingsPath: "https://9c-cluster-config.s3.us-east-2.amazonaws.com/9c-internal/odin/appsettings.json"

appProtocolVersion: "200190/54684Ac4ee5B933e72144C4968BEa26056880d71/MEUCIQCNQmMSk4nnbOXSpe9yk0Q2ecyoQYrnZpQxmMeVz+Ve0wIgb9v1jf4R6DL8iikurLgzH9gYQJ+zvEBsEqQqmS55nPc=/ZHU5OnRpbWVzdGFtcHUxMDoyMDI0LTA2LTE3ZQ=="

peerStrings:
- "033369e95dbfd970dd9a7b4df31dcf5004d7cfd63289d26cc42bbdd01e25675b6f,tcp-seed-1.9c-network.svc.cluster.local,31234"

iceServers:
- "turn://0ed3e48007413e7c2e638f13ddd75ad272c6c507e081bd76a75e4b7adc86c9af:0apejou+ycZFfwtREeXFKdfLj2gCclKzz5ZJ49Cmy6I=@turn-us.planetarium.dev:3478"

networkType: Internal
planet: OdinInternal
consensusType: pbft

resetSnapshot: true
rollbackSnapshot: false

externalSecret:
enabled: true

ingress:
enabled: false

gateway:
enabled: true
services:
- name: remote-headless
hostnames:
- odin-internal-gke-rpc.nine-chronicles.com
backendRefs:
- name: remote-headless-1
protocols:
- web
- grpc

snapshot:
downloadSnapshot: true
slackChannel: "9c-internal"
image: "planetariumhq/ninechronicles-snapshot:git-45205b5ed6d978bb0dda6ad0b84fb0a393015711"
partition:
enabled: false
suspend: true
path: internal
nodeSelector:

# if you want to delete PVC with the volume provisioned together, set this value "Delete"
volumeReclaimPolicy: "Retain"

seed:
count: 1
useTurnServer: false
image:
repository: planetariumhq/libplanet-seed
pullPolicy: Always # Overrides the image tag whose default is the chart appVersion.

hosts:
- "odin-internal-gke-tcp-seed-1.nine-chronicles.com"

nodeSelector:

remoteHeadless:
image:
repository: planetariumhq/ninechronicles-headless
pullPolicy: Always

hosts:
- "odin-internal-gke-rpc-1.nine-chronicles.com"

ports:
headless: 31234
graphql: 80
rpc: 31238

storage:
data: 500Gi

resources:
requests:
cpu: 1
memory: 12Gi

nodeSelector:

loggingEnabled: true

extraArgs:
- --tx-quota-per-signer=1
- --remote-key-value-service

validator:
count: 0
27 changes: 27 additions & 0 deletions gke-ninechronicles-internal/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
clusterName: ninechronicles-internal-test-1
provider: GCP
GCP:
projectID: devops-test-445104
global:
service:
annotations:
cloud.google.com/network-tier: Standard
argocd:
domain: argocd-internal-gke.planetarium.network
externalSecrets:
serviceAccount:
annotations:
iam.gke.io/gcp-service-account: external-secrets@devops-test-445104.iam.gserviceaccount.com
externalDns:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::319679068466:role/gke-external-dns
certManager:
serviceAccount:
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::319679068466:role/gke-external-dns
dnsNames:
- "*.nine-chronicles.com"
- "*.planetarium.network"
issuer:
email: devops@planetariumhq.com

0 comments on commit 0f40835

Please sign in to comment.