├── .editorconfig ├── .github ├── CODEOWNERS ├── renovate.json ├── version.sh └── workflows │ ├── auto-assign.yaml │ ├── main.yaml │ └── techdocs.yaml ├── .gitignore ├── .images └── argo-icon.svg ├── .pre-commit-config.yaml ├── .tool-versions ├── .vscode └── settings.json ├── .yamllint.yaml ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── apps ├── README.md ├── argo-rollouts │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── argo-workflows │ ├── base │ │ ├── kustomization.yaml │ │ └── plugin-cm.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── atlantis │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── basic-auth-sealed.yaml │ │ ├── config.json │ │ ├── ghcr-sealed.yaml │ │ ├── github-sealed.yaml │ │ ├── kustomization.yaml │ │ └── virtual-service.yaml ├── aws-load-balancer-controller │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── backstage │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ ├── dev │ │ └── kustomization.yaml │ │ └── prd │ │ ├── cluster-role.yaml │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── postgres-config.yaml │ │ ├── postgres-secrets.yaml │ │ ├── sa-token.yaml │ │ └── secrets.yaml ├── cert-manager │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── cilium │ ├── base │ │ ├── dns-visibility.yaml │ │ ├── kustomization.yaml │ │ └── values.yaml │ └── overlays │ │ └── ops-test │ │ ├── config.json │ │ ├── gateway.yaml │ │ └── kustomization.yaml ├── crossplane │ ├── base │ │ └── provider.yaml │ └── ops-old │ │ └── config.yaml ├── demo-app │ ├── base │ │ ├── collector.yaml │ │ └── kustomization.yaml │ └── overlays │ │ ├── dev │ │ ├── config.json │ │ └── kustomization.yaml │ │ └── prd │ │ └── kustomization.yaml ├── dex │ ├── base │ │ ├── auth-policy.yaml │ │ ├── kustomization.yaml │ │ └── ns.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── external-dns │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── grafana │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── homepage │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ ├── dev │ │ └── kustomization.yaml │ │ └── prd │ │ ├── config.json │ │ ├── kustomization.yaml │ │ └── virtual-service.yaml ├── hotrod │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── dev │ │ ├── config.json │ │ └── kustomization.yaml ├── istio-ingress │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── auth-policy.yaml │ │ ├── certificate.yaml │ │ ├── clusterissuer.yaml │ │ ├── config.json │ │ ├── gateway-private.yaml │ │ ├── gateway.yaml │ │ └── kustomization.yaml ├── istio │ ├── base │ │ ├── destinationrule.yaml │ │ ├── kustomization.yaml │ │ ├── peerauthentication.yaml │ │ ├── prometheus-rules.yaml │ │ ├── service-entry.yaml │ │ ├── service-monitor.yaml │ │ └── telemetry.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── jaeger │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-bkp │ │ ├── config.json │ │ ├── kustomization.yaml │ │ └── virtual-service.yaml ├── karpenter │ ├── base │ │ ├── kustomization.yaml │ │ └── prometheus-rules.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── ec2nodeclass.yaml │ │ ├── kustomization.yaml │ │ └── nodepool.yaml ├── keycloak │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-old │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── kiali-operator │ ├── base │ │ ├── kustomization.yaml │ │ ├── ns.yaml │ │ └── service-monitor.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── kube-downscaler │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-test │ │ ├── config.json │ │ └── kustomization.yaml ├── kube-prometheus-stack │ ├── base │ │ ├── alertmanager-values.yaml │ │ ├── kube-state-metrics-values.yaml │ │ ├── kustomization.yaml │ │ ├── prometheus-operator-values.yaml │ │ ├── prometheus-rules.yaml │ │ └── prometheus-values.yaml │ └── overlays │ │ └── ops-bkp │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── kubeclarity │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-test │ │ ├── config.json │ │ └── kustomization.yaml ├── kubecost │ ├── base │ │ ├── kustomization.yaml │ │ └── ns.yaml │ └── overlays │ │ └── ops-bkp │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── kyverno │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-test │ │ ├── config.json │ │ └── kustomization.yaml ├── loki │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── metrics-server │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── mimir │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ ├── kustomization.yaml │ │ └── virtual-service.yaml ├── nexus │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops-old │ │ ├── config.json │ │ ├── kustomization.yaml │ │ └── virtual-service.yaml ├── opentelemetry-operator │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── otel-collector │ ├── base │ │ ├── collector-image.png │ │ ├── collector.yaml │ │ ├── instrumentaion.yaml │ │ ├── kustomization.yaml │ │ └── service-monitor.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── promtail │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── sealed-secrets │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── sonarqube │ ├── base │ │ ├── kustomization.yaml │ │ └── ns.yaml │ └── overlays │ │ └── prd-bkp │ │ ├── config.json │ │ ├── kustomization.yaml │ │ ├── secrets.yaml │ │ └── virtual-service.yaml ├── template-java │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ ├── dev │ │ ├── config.json │ │ └── kustomization.yaml │ │ └── prd │ │ └── kustomization.yaml ├── tempo │ ├── base │ │ └── kustomization.yaml │ └── overlays │ │ └── ops │ │ ├── config.json │ │ └── kustomization.yaml ├── teste-loki │ ├── base │ │ ├── auth-policy.yaml │ │ └── kustomization.yaml │ └── overlays │ │ ├── dev │ │ ├── config.json │ │ ├── kustomization.yaml │ │ └── secrets.yaml │ │ └── prd │ │ └── kustomization.yaml └── wordpress │ ├── base │ ├── kustomization.yaml │ └── ns.yaml │ └── overlays │ └── prd │ ├── config.json │ ├── kustomization.yaml │ ├── secrets.yaml │ └── virtual-service.yaml ├── aqua.yaml ├── bootstrap ├── argo-cd.yaml ├── argo-cd │ ├── argocd-notifications-cm.yaml │ ├── argocd-notifications-secret-sealed.yaml │ ├── argocd-server.yaml │ ├── files │ │ ├── dex.config │ │ ├── policy.csv │ │ ├── repositories │ │ ├── repository.credentials │ │ └── resource.customizations │ ├── kustomization.yaml │ ├── secrets.yaml │ ├── service-monitor.yaml │ ├── sso-sealed.yaml │ └── virtual-service.yaml ├── cluster-resources.yaml ├── cluster-resources │ ├── in-cluster.json │ └── in-cluster │ │ ├── README.md │ │ ├── argocd-ns.yaml │ │ ├── monitoring-ns.yaml │ │ ├── podmonitor.yaml │ │ ├── sc-efs.yaml │ │ ├── sc-gp2.yaml │ │ ├── sc-gp3.yaml │ │ └── sre-team-crb.yaml └── root.yaml ├── catalog-info.yaml ├── docker-compose.yaml ├── docs ├── CODE-OF-CONDUCT.md ├── SECURITY.md ├── index.md ├── project-structure.md ├── secrets │ └── index.md ├── to-do.md └── tooling │ ├── required-tools.md │ └── versions.md ├── infra └── networking │ ├── base │ ├── kustomization.yaml │ ├── subnet.yaml │ └── vpc.yaml │ └── overlays │ └── dev-test │ ├── config.json │ └── kustomization.yaml ├── mkdocs.yml ├── projects ├── README.md ├── default.yaml ├── dev-infra.yaml ├── dev.yaml ├── ops.yaml ├── prd.yaml └── workflows-dev.yaml ├── secrets ├── clusters │ └── ops │ │ └── pub.crt └── generate.sh └── workflows ├── base ├── coinflip.yaml ├── cypress.yaml ├── hello-world.yaml └── kustomization.yaml └── overlays └── dev ├── config.json └── kustomization.yaml /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: https://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | charset = utf-8 11 | indent_style = space 12 | 13 | [*.html] 14 | indent_style = space 15 | indent_size = 2 16 | 17 | [*.{ts,json,js,tsx,jsx}] 18 | indent_style = space 19 | indent_size = 2 20 | 21 | [*.md] 22 | indent_size = 2 23 | indent_style = space 24 | 25 | [Dockerfile] 26 | indent_style = space 27 | indent_size = 2 28 | 29 | # Tab indentation (no size specified) 30 | [Makefile] 31 | indent_style = tab 32 | 33 | [*.{yml,yaml}] 34 | indent_size = 2 35 | indent_style = space 36 | end_of_line = lf 37 | charset = utf-8 38 | trim_trailing_whitespace = true 39 | insert_final_newline = true 40 | line_wrap_mode = soft wrap 41 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | bootstrap/* @devxp-tech/sre-team 2 | -------------------------------------------------------------------------------- /.github/renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://docs.renovatebot.com/renovate-schema.json", 3 | "extends": [ 4 | "config:base" 5 | ], 6 | "packageRules": [ 7 | { 8 | "matchFileNames": [ 9 | "apps/**/overlays/dev/kustomization.yaml", 10 | "apps/**/overlays/ops/kustomization.yaml" 11 | ], 12 | "updateTypes": [ 13 | "minor", 14 | "patch" 15 | ], 16 | "automerge": true 17 | }, 18 | { 19 | "matchFileNames": [ 20 | "apps/**/base/kustomization.yaml", 21 | "apps/**/overlays/prd/kustomization.yaml" 22 | ], 23 | "updateTypes": [ 24 | "minor", 25 | "patch" 26 | ], 27 | "automerge": false 28 | } 29 | ], 30 | "pinDigests": true 31 | } -------------------------------------------------------------------------------- /.github/version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Find all kustomization.yaml files in the apps/ directory 4 | files=$(find apps -name "kustomization.yaml") 5 | 6 | # Prepare header 7 | header="# 🔩 Tooling\n\n" 8 | header+="| App | Chart | Version | Repo | base | ops | dev | prd |\n" 9 | header+="| :--: | :-----:| :-----: | :---:| :--: | :-: | :-: | :-: |" 10 | 11 | # Initialize output_content as an empty string 12 | output_content="" 13 | 14 | # Loop through each file and construct the output content 15 | for file in $files; do 16 | # Get the name, version, and repo from the kustomization.yaml file using yq 17 | name=$(yq eval '.helmCharts[0].name' "$file") 18 | version=$(yq eval '.helmCharts[0].version' "$file") 19 | repo=$(yq eval '.helmCharts[0].repo' "$file") 20 | 21 | # Initialize variables base, ops, dev, and prd without ✅ 22 | base="" 23 | ops="" 24 | dev="" 25 | prd="" 26 | 27 | # Determine the app name from the folder structure 28 | app=$(echo "$file" | cut -d "/" -f 2) 29 | 30 | # Determine if ✅ should be added based on folder name 31 | folder_name=$(dirname "$file") 32 | if [[ "$folder_name" == *"base"* ]]; then 33 | base="✅" 34 | fi 35 | if [[ "$folder_name" == *"ops"* ]]; then 36 | ops="[![App Status](https://argocd.devxp-tech.io/api/badge?name=$app-ops&revision=true&showAppName=true)](https://argocd.devxp-tech.io/applications/$app-ops)" 37 | fi 38 | if [[ "$folder_name" == *"dev"* ]]; then 39 | dev="[![App Status](https://argocd.devxp-tech.io/api/badge?name=$app-dev&revision=true&showAppName=true)](https://argocd.devxp-tech.io/applications/$app-dev)" 40 | fi 41 | if [[ "$folder_name" == *"prd"* ]]; then 42 | prd="[![App Status](https://argocd.devxp-tech.io/api/badge?name=$app-prd&revision=true&showAppName=true)](https://argocd.devxp-tech.io/applications/$app-prd)" 43 | fi 44 | 45 | # Check if both name and version are not null 46 | if [ "$name" != "null" ] && [ "$version" != "null" ]; then 47 | # Check if repo is null 48 | if [ "$repo" != "null" ]; then 49 | # Append the name, version, repo, and deployed status to output_content 50 | output_content+="| $app | $name | $version | $repo | $base | $ops | $dev | $prd |\n" 51 | else 52 | # Append the name, version, and deployed status without repo to output_content 53 | output_content+="| $app | $name | $version | - | $base | $ops | $dev | $prd |\n" 54 | fi 55 | fi 56 | done 57 | 58 | output_content=$(echo -e "$output_content" | sort -u -k 2 | awk NF) 59 | 60 | # Sort the output content (excluding the header) and write to TOOLING.md 61 | echo -e "$header" > docs/tooling/versions.md 62 | echo -e "$output_content" >> docs/tooling/versions.md 63 | -------------------------------------------------------------------------------- /.github/workflows/auto-assign.yaml: -------------------------------------------------------------------------------- 1 | name: Auto Assign 🦾 2 | 3 | on: 4 | issues: 5 | types: [opened] 6 | pull_request: 7 | types: [opened] 8 | 9 | jobs: 10 | auto-assign: 11 | uses: devxp-tech/.github/.github/workflows/auto-assign.yaml@main 12 | secrets: inherit 13 | with: 14 | assignees: diegoluisi 15 | numOfAssignee: 1 16 | -------------------------------------------------------------------------------- /.github/workflows/techdocs.yaml: -------------------------------------------------------------------------------- 1 | name: TechDocs 📚 2 | 3 | on: 4 | push: 5 | branches: [main] 6 | # You can even set it to run only when TechDocs related files are updated. 7 | paths: 8 | - "docs/**" 9 | - "mkdocs.yml" 10 | 11 | jobs: 12 | env: 13 | uses: devxp-tech/.github/.github/workflows/env.yaml@main 14 | 15 | docs: 16 | uses: devxp-tech/.github/.github/workflows/techdocs.yaml@main 17 | secrets: inherit 18 | with: 19 | repository: ${{ needs.env.outputs.repository }} 20 | needs: 21 | - env -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/* 2 | .DS_Store 3 | apps/**/base/charts 4 | results.yaml 5 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | repos: 2 | ## Default pre-commit hooks 3 | - repo: https://github.com/pre-commit/pre-commit-hooks 4 | rev: v4.1.0 5 | hooks: 6 | - id: check-json 7 | - id: check-yaml 8 | - id: check-added-large-files 9 | - id: check-merge-conflict 10 | - id: mixed-line-ending 11 | - id: trailing-whitespace 12 | 13 | ## Typos 14 | - repo: https://github.com/crate-ci/typos 15 | rev: typos-v0.8.6 16 | hooks: 17 | - id: typos 18 | 19 | # Markdown linter 20 | - repo: https://github.com/igorshubovych/markdownlint-cli 21 | rev: v0.31.1 22 | hooks: 23 | - id: markdownlint 24 | args: 25 | - "--disable=MD013" -------------------------------------------------------------------------------- /.tool-versions: -------------------------------------------------------------------------------- 1 | argocd v2.8.4 2 | argocd-autopilot v0.4.17 3 | helm v3.13.3 4 | kubectlv1.29.0 5 | kustomize v5.0.4-0 6 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "makefile.configureOnOpen": false 3 | } -------------------------------------------------------------------------------- /.yamllint.yaml: -------------------------------------------------------------------------------- 1 | extends: default 2 | 3 | ignore: | 4 | .github/ 5 | .yamllint.yaml 6 | .pre-commit-config.yaml 7 | 8 | rules: 9 | truthy: 10 | allowed-values: ['true', 'false', 'on', 'yes'] 11 | comments: 12 | min-spaces-from-content: 1 13 | # document start with --- 14 | document-start: 15 | level: warning 16 | # 80 chars should be enough, but don't fail if a line is longer 17 | line-length: 18 | max: 80 19 | level: warning 20 | braces: 21 | min-spaces-inside: 0 22 | max-spaces-inside: 1 23 | brackets: 24 | min-spaces-inside: 0 25 | max-spaces-inside: 0 26 | indentation: 27 | spaces: 2 28 | indent-sequences: consistent 29 | 30 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.22-alpine@sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8 2 | # INSTALL kubeseal cli 3 | RUN go install github.com/bitnami-labs/sealed-secrets/cmd/kubeseal@main 4 | RUN apk update && apk upgrade && apk add curl make gcc bash git openssl openssh 5 | # INSTALL kubectl cli 6 | RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \ 7 | && install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl 8 | # INSTALL HELM cli 9 | RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash 10 | # INSTALL argocd-autopilot cli 11 | RUN VERSION=$(curl --silent "https://api.github.com/repos/argoproj-labs/argocd-autopilot/releases/latest" | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/') \ 12 | && curl -L --output - https://github.com/argoproj-labs/argocd-autopilot/releases/download/$VERSION/argocd-autopilot-linux-amd64.tar.gz | tar zx \ 13 | && mv ./argocd-autopilot-* /usr/local/bin/argocd-autopilot 14 | # INSTALL argocd cli 15 | RUN curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 \ 16 | && chmod +x /usr/local/bin/argocd 17 | 18 | HEALTHCHECK NONE 19 | 20 | # Set the non-root user as the default user 21 | USER nonroot 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Diego Luisi 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Helper to generate secret 2 | secret: 3 | docker-compose run --rm --user="$(shell id -u):$(shell id -g)" cript bash secrets/generate.sh 4 | -------------------------------------------------------------------------------- /apps/README.md: -------------------------------------------------------------------------------- 1 | # Apps 2 | This directory contains all of the applications you installed by using: 3 | ```bash 4 | argocd-autopilot app create --app -p 5 | ``` 6 | 7 | ## Application Types 8 | > If you don't specify the application `--type` argocd-autopilot will try to clone the source repository and infer the application type [automatically](https://argoproj.github.io/argo-cd/user-guide/tool_detection/#tool-detection) 9 | 10 | * ### Directory application 11 | Such an application references a specific directory at a given repo URL, path and revision. It will be persisted in the GitOps Repository as a single file at `apps///config.json`. 12 | #### Example: 13 | ```bash 14 | argocd-autopilot app create dir-example --app github.com/argoproj-labs/argocd-autopilot/examples/demo-dir/ -p --type dir 15 | ``` 16 | 17 | * ### Kustomize application 18 | A Kustomize application will have exactly one: `apps//base/kustomization.yaml` file, and one or more `apps//overlays//` folders. 19 | 20 | The `apps//base/kustomization.yaml` file is created the first time you create the application. The `apps//overlays//` folder is created for each project you install this application on. So all overlays of the same application are using the same base `kustomization.yaml`. 21 | #### Example: 22 | Try running the following command: 23 | ```bash 24 | argocd-autopilot app create hello-world --app github.com/argoproj-labs/argocd-autopilot/examples/demo-app/ -p --type kustomize 25 | ``` 26 | 27 | ###### * If you did not create a project yet take a look at: [creating a project](https://argocd-autopilot.readthedocs.io/en/stable/Getting-Started/#add-a-project-and-an-application). -------------------------------------------------------------------------------- /apps/argo-rollouts/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: argocd 4 | helmCharts: 5 | - name: argo-rollouts 6 | includeCRDs: true 7 | releaseName: argo-rollouts 8 | version: 2.35.3 9 | repo: https://argoproj.github.io/argo-helm 10 | valuesInline: 11 | fullnameOverride: argo-rollouts 12 | dashboard: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /apps/argo-rollouts/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "argo-rollouts", 3 | "userGivenName": "argo-rollouts", 4 | "destNamespace": "argocd", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/argo-rollouts/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/argo-rollouts/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /apps/argo-workflows/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: argowf 4 | resources: 5 | - https://raw.githubusercontent.com/argoproj-labs/argo-workflows-slack-executor-plugin/main/slack-executor-plugin-configmap.yaml 6 | - plugin-cm.yaml 7 | helmCharts: 8 | - name: argo-workflows 9 | releaseName: argo-workflows 10 | namespace: argowf 11 | version: 0.41.11 12 | includeCRDs: true 13 | repo: https://argoproj.github.io/argo-helm 14 | valuesInline: 15 | fullnameOverride: argo-workflows 16 | crds: 17 | install: true 18 | workflow: 19 | serviceAccount: 20 | create: true 21 | name: "argo-workflow" 22 | rbac: 23 | create: true 24 | controller: 25 | extraEnv: 26 | - name: ARGO_EXECUTOR_PLUGINS 27 | value: "true" 28 | workflowDefaults: 29 | spec: 30 | serviceAccountName: argo-workflow 31 | metrics: 32 | enabled: true 33 | logging: 34 | level: debug 35 | workflowNamespaces: 36 | - argowf 37 | # - default 38 | server: 39 | metrics: 40 | enabled: true 41 | logging: 42 | level: debug 43 | extraArgs: 44 | - --auth-mode=sso 45 | sso: 46 | enabled: true 47 | issuer: https://dex.devxp-tech.io 48 | clientId: 49 | name: argo-workflows-sso 50 | key: client-id 51 | clientSecret: 52 | name: argo-workflows-sso 53 | key: client-secret 54 | redirectUrl: https://argowf.devxp-tech.io/oauth2/callback 55 | rbac: 56 | enabled: false 57 | # scopes: 58 | # - openid 59 | # - email 60 | # - profile 61 | # - groups 62 | -------------------------------------------------------------------------------- /apps/argo-workflows/base/plugin-cm.yaml: -------------------------------------------------------------------------------- 1 | # This is an auto-generated file. DO NOT EDIT 2 | apiVersion: v1 3 | data: 4 | sidecar.automountServiceAccountToken: "false" 5 | sidecar.container: | 6 | command: 7 | - python 8 | - -u 9 | - -c 10 | image: python:alpine3.6 11 | name: hello-executor-plugin 12 | ports: 13 | - containerPort: 4355 14 | resources: 15 | limits: 16 | cpu: 500m 17 | memory: 128Mi 18 | requests: 19 | cpu: 250m 20 | memory: 64Mi 21 | securityContext: 22 | runAsNonRoot: true 23 | runAsUser: 65534 24 | kind: ConfigMap 25 | metadata: 26 | creationTimestamp: null 27 | labels: 28 | workflows.argoproj.io/configmap-type: ExecutorPlugin 29 | name: hello-executor-plugin 30 | -------------------------------------------------------------------------------- /apps/argo-workflows/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "argo-workflows", 3 | "userGivenName": "argo-workflows", 4 | "destNamespace": "argowf", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/argo-workflows/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/argo-workflows/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/argo-workflows/overlays/ops/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: argo-workflows-sso 7 | namespace: argowf 8 | spec: 9 | encryptedData: 10 | client-id: AgDI10MRSk6cuibByQJUWQR18V4tojjQGezaqQDzux7e3gDxGvKoYC496l9YCVezqAagC5Z7qQVG+SHZAwpbnJ2HfeMmMHnLHZwS9PDiLfk9Zqmvzjj3O5oxetH7clCziqnIQw6RmCTuEj05KSHAXX/NUnp/fBvZgejA/xRwah3oZD1SbnNfFir7yzHKvcQfhTZL+yMtF2WyExYwtrnFHN7uC8QyYDQazhzR9AyaZj1QqftnOGlfFfPhcnqrfSJJy+cOsMOCRnu5tS9jizpioj7vBOMXmr6Vd5JT5SJOuYohohqWqASD7ubF1dZJhc26bH6AAHEPQGWRuj+TkYKaH00EFjdbab55FWNvcjMXdKxOPSechKe+mVHqPDFZl/afcYtRu4MhZPx1y/t75knPquY3anUppm9WKTCjKdgW2Y44FTHGvNBO4mXC8W8YxW6SyA4+1MGobFxFnsN/jJCGr9i5swn9jO0I7kNxhrRvETMGjsYBrpN9idW0rF6AjnGo3mGAOKwd30jWCrz0exYRVCiQW63XSfaPbhy/0gnfEnGlSJCl10cqnuZJIAHgE16kaYlgHFn7pP8GpqEnfV7xQepb4RMg/hZoJKqEPXIv+ykPDYEfEYpPpSD2CQN6UZB81vk7mig/YueSy8sYsHFOxM60sllyGqKceMrW1cpdN/Oo8CwrPJv7/WFtjGEuR3Z/ObRXsbgNWSOR69OfsnH/KQ== 11 | client-secret: AgBmJGJceqyOpKIRC901i+vL4WNrDOSU3PYkx2M+9Tz/NTJ+rWScQDXcX7C8DVr8QrFSHqHvkvREkoxxAOJW5jOckidx2B8VDIqLKNGJC00J4DH0s1zTs14lCWFq9ts2fgzG7Z6R4y0O+nNwyZKhZQPtved1vtmDrR9u+YGP4Res2st7QHu0j7mInsd/1pf1G/JeKs9KM3w7kRXqmVx99Dx9ppKdJQnCuNLP5AT9F5PBNNFb+tSRI7YAX8+QisWAsw8KrU20irkBgSKMTi1bb14eHHkcW8qc/63IyMPNJUyWG3To+/n+IiAcFXc2s77iWkq/c2+3GDXHv8F0An1YpZl9J9deNZuxxboz2JvYdaijPcwyV5UIipsNythaK8kl3PWMrs3ricXB1KBmhmLaeqiuf2X9VKuckD91+N+IgYcr+Vat+jxbh5RUip77k1Y/f1s30iIk1OnykOt+IYKHoh/u3QeKJ8AHPla3E8d2aDE5Hm+PA+qIvQtBisJZ6RdMhl8rlilrRmOS7CFILqno9by3bFh/2JvIscm9uj0BTT/gVm+rDzMlqARexT6miQEXN/1VLTUyvCQDsytiL3yoIdtkyeF5YrRxaZrMbpExFa+ttA0zLUyRVzUkE76Nx63fBf5ymFLv/eIZtCN2DVsIrmngnKYssv3ZqV2oBRfhe+1RB+zL7esS2RpkiRTQ/E622Gk1TYPuZZbmhIaUJ7gVQrurH1Q+Ox4wbLWBpKy4cJmQRQiq+S8lkPQr 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: argo-workflows-sso 16 | namespace: argowf 17 | -------------------------------------------------------------------------------- /apps/argo-workflows/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: argo-workflows 6 | namespace: argowf 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://argowf.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "argowf.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | host: argo-workflows-server.argowf.svc.cluster.local 21 | port: 22 | number: 2746 23 | -------------------------------------------------------------------------------- /apps/atlantis/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: atlantis 4 | -------------------------------------------------------------------------------- /apps/atlantis/overlays/ops/basic-auth-sealed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: basic-auth 7 | namespace: atlantis 8 | spec: 9 | encryptedData: 10 | password: AgCfTz1MwTnF9125hyEleYgyREU2bFf38VjmKJuSCiwZ/5RKUGA4yo+2wPfmSXEf7YhGA4pO3jlRghw5AuX5Btf9+mJCFFRELb3B16z4XVDzlP4LAMlDxYoWxGMkdzcN6GU5GCARKPyxVYtOzoKhiYWsqCFoQ4JcudqxfTasPtCvbc4kBP7fxVcJ7wbOe6AEYGlCLTr+yFqz2Hy6ZLN6C9lzfGgMCaEuHF8Z0KzkOBN8JUouuHbgryLlz2VhBinuKT80KFc7Ov1ekGF1/9JudoJfzMlKBinepx5ETL+qzKZ98jJgrysr5HcBDzU9IqKlh2J9TfhwdzfXPOaUpjiCkDaBrkJHetbabXNYu9soa3DH7AuCpE5N/vJ6q6zoq8U+eQO9JnZIBDjbJUZ1yI/IqX1fP5una1aqOP+z8/8Nsi0aswlJ8O+9AHFP3qi7o00sc+30FNIsrALDcYccF+CTnuuBYf4C0wWxYwUuexgnLIogMJp7suahPR1fh65CdhyivmcDXxJAbIEP8xaC4Z4W30pfBp1vAKDoYw0JqmxYHxq0Nvng0l49GkfOTT77pPT/lIRm65FOiOLL1c00swNDQq6BZWdWtZ3AbJKuqLCeNtsJ5dpTswF5CxJ4RNJ0LG/NSWej5ffSANuXL0LsBrqRAqyJVpTFjjyPCSieMw7wx9i5cQNNMVBZHfTECdLqqqixZN5GurcqZbi82R92 11 | username: AgDTHc4Z4cbLIAWaFwW4sbi2r80wmOAo4DQofqxvioDJi6EU84fe6uAf6mgvB6YheXBqJIEHRUQ91iu2hCx4ckVlGFJsgEl1/wgT/GZypPAJj5Rh+pKZJnQso887jcBzVmygpP9JgLKQP1t7UQV8K/Hugj7yWDVB95lrTxWYOXcZSTa7MEHd6kLjsPI+xlDe/fp1iSJDma/ej26XzHhPtnowYvD0yysXGDlh0svSL08aSWXGBUzTgT2fNlyQzjz8/7xxOE5ZnW4ElgwvhkPxxKSirsUc5/HUch9JfuJvkBYvifcpIHqfghznbXWzeOK8O+AOpECYJysNZiPF3eJSJU3Mf7NGCcettrzY+Iz6drCCLB9LNN7ul6JLg40DLFPYH+Y6grv28YtQftkV/t1mKcoF/GmkvBEorobcVlCimIPhL5xSk60sGokq6M2VqXZp7/0ZNw+NvrapA9tVwm5rN6l7sGvWVG2stPfXitOJFRNsXprb8vB+wj90jERRotSafNowlvBsIJQzSD+SAusWuf3XwX/VFYNsmDj4YRj8OvwPF9OIQOOadu4xtHsLtxbg2BUD9c7ojc8sYV3OjM0rf/CGEEPl0hi4GkQZkQkVdsWTFIumT2QFp/9g6W1EG9nNcqH5TT3EMh85PCz3ODE3Z+iE+Gupc+BbCuzm2wUT0I1/+u5Bmt74sUkVgYMMqpROiCIyaAciYNGYow== 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: basic-auth 16 | namespace: atlantis 17 | type: Opaque 18 | -------------------------------------------------------------------------------- /apps/atlantis/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "atlantis", 3 | "userGivenName": "atlantis", 4 | "destNamespace": "atlantis", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/atlantis/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/atlantis/overlays/ops/ghcr-sealed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: ghcr-secret 7 | namespace: atlantis 8 | spec: 9 | encryptedData: 10 | .dockerconfigjson: AgAergTwWJe0xXiSdEQ3abbeP+aCsP0u9aBB55hpRBzxQkh6i72v6dfZYcCEFsykp2GgNL8gQWWVV60VBhIYvt5ntKETKEHOt6m+Dmz+7UWSpHUS7D9LhO4+Ie04RBuJV+x25XyVL5zUOSvfrdZ0aTp4WKp2rhILdJhvkcnPpR8swP4+5+/I4dQdrPB4mqGFNTK3cOSuaE1McEhrhQ+8rZFfDs7sWWJHPffMzYrgYvq/og9qevBuOa4jaUePk6ZyHBWRNEzuPwiZGDkMYdD/wM0Kqmg3gvLLfOu7KoOX1Ub4tppnX5cScJm+dZfbXQpwyBXm1QixM4sTAIo3YUusYc5ksF7Z013dToojq9d1FAsD2/gQ9HSAQI+SX76xIXtArUSYSFievD1YqTfoyw/4n4u1C4EZbXCEruXmrC4MjUWWwSiu38VtUMY+LE+D3NCrZdr02ZqYOMIrIoFA+wP/oFAHQZ9Q6zYNGo4xNnQfw2p/BnzH0dGlOW/VmzXHVOFZt3R5xkwo1QXS0IlUauld3/wK7nTmXth8l4JmR0sVJoeEswfgZTI7R/+M3Ug+JHM0oydgUvDV2t1hY3knlpsM1tImySDmxTEEeWARzv5pc9Sxqr/4uSrLZifnzwFNmhfQ3O2N5k/rcc69Pj0Q08B1oDDKeiIr7wqf8U0pOL0/5vlwJh3mW15kulk51J+0ErNEtnZ7LKS+4GYqLw+E6XSIwzYLz8XsFShalnGJQu9tnAvEDH9/AhmXM2TuIgS5WzA1FxWEbd5CwP9t742MDdShvJGrHjAeCLAbcU+hQY0g8EKTT7BVHXixYUBc9o3gZvgq0IDJbUmMTyArM4XX3WpCWrvDRd9SXWX7fbphF+nL3Wh9JT8ou2s3xzABBXWXtGqMAOGSBD8n5jQVXjrst0Vb8f9dU87nO6YdOqTjxNAzZKt7Fb1z6Q== 11 | template: 12 | metadata: 13 | creationTimestamp: null 14 | name: ghcr-secret 15 | namespace: atlantis 16 | type: kubernetes.io/dockerconfigjson 17 | -------------------------------------------------------------------------------- /apps/atlantis/overlays/ops/github-sealed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: github-secrets 7 | namespace: atlantis 8 | spec: 9 | encryptedData: 10 | github_secret: AgALgSDaIvOsUK2M4u4zfWjtI+jph7A7Orn1Ot0gZRMJVSYJ7KfnbIBZP2E9Sd82LW3wIJUyHoZcISgSRNApyuUffW2oLrCPHoQX4D4Uu2rPhHi3LLf9YoXpOIeGlf3AQNs6IWs/MQoyJAyBulbMi+9vyqqmHRGI1JuKKhYqiZJoucz34k8sJIogD9eLRfA4PtnnotEhC1HNzZXvVreUOKo3GJUWe7yGiJGvfU3sbLP8Jdd/2FMisj6V5j/K8rbu/RhhjVQhI+AgM99Ezuf3uomErSZT5JlwfIRBG63XFeVGcdve+lvqpBJshMVBbzpwz9h7CeTA5gaR2u7r/Te7xVltrjfVUSxmM3HeIeJDYfAPuY4sMNPdzqom6sBp76X0TT1UgrKGxhER+SJ25LRTuXGi6qBDL3asTajgntl9N2BfY56qxpT2Z3KQJDcfXxtlfj8lp6zVt/eAKnzdAeQ+oGs7e+pZLREbPshdmJSPDASTVHOMJYIseJdCoUJu1NrspzzUy4/vvy0OKUzhV94RYht+Gc4iHXAXcRGeUOPIbNru7OazAzBF9znlzr8Oz4RItmoeOebxh5dlt9fqcfXJsIe7MtvB3sA/WJ7wj5eSJsURXgYe4+9Gtif6pr5mWBZ/mReC4OX/Z1jvuq5J78ZKOoris6j1KOOd+iJgd2nVKB5EK5ugBpCCDUCTLSvNAhVqFw0yf0M/qxQ03jpaxo5uYai0kkM6sg== 11 | github_token: AgBAjqrW7mXfU3C2qeGeHGXR0cxGt8AE+yibvXsU9vHrJ1ZFRAxAQp3SjAfptqPPM9e1NgRgE6tJgu3gryN5ImN7ttHjTZHgcYCDC3rd5fXDE0fY0UWQZk72jWaJ+KkxtTyWBcVHRLjI+1+drBBGSgQsBYgBskOZR5h8piYjOjJt3DUyj5bWr8YFfypD0sOtjRk0EP6rf3pWkc/dJD67u0UQsp10Uy6ISyhI9EKe5jSIr+tsiAd5s8TF/lVZD7pfi1FKNJy3u0HpPSTTR7aPzqHsXU80YNWgXdf0QokP4sQrbwihob5sjwEoKFu0no6Zksc9/syyvPNExneOGAv1Lmow5pGaWFKBwqOWmn0LDNCXseSLD6uVe3psTJCpEUhiBbADd4WmB2Rz3OVVRWKpJ5jdmqbHA5h2hddVD1ROiTDB95bLtWDGM5nXR8lMr45F4mc2XwGL56k1rm5xM6nVTLacZTpghJGQGPfAvuzTdveo7C25p8XfyI92u5L/D7WV0b7/J97MvfvHOV+IBZPYv/lo/I730ymmbUHcdyEqu6udgWuzyLj1l80lPzKL0F9bycU230qFTHPLsT/c9ueyj+0qzxG8inMIkme7p8v1jOZzcAA5UQaGaaYv6MPyqtloM7Sq/6h3WEhUPnq7BtYDbGlkBv9O/d92dAvuef97I6qKOs9e3tR/xvrQTrplQqGmwj/K8sPoUYKstH2Ecw+wxPd9JayG7CAaJhJKw9rlfBibuF5iB46UZs5n 12 | github_user: AgA/wd+Fhtwp3mtnJ+4OnFx/hCyLPueCGLvZkF/fEK7KdvoLS+IFNKiTZUjs4AtCwdWIVkPCQxMAavfjonHTCZ1jQWIysTs2yuZuWKxDkTyY8llPzWAzqnzPTqsbJ2k+kskyTFSa5zi2zZaU6T4PfTRfh3LMwuD3NZmOaOzoZRHV2k4cebAYlOZ17e/cnfjZr/w/XY5/Z64qH5a6H5+LIp7YWvbRIv70smyIhvD7j3PqeAdJg8WhyBzI1jYXQRTRBOI3cEXfpzaOh67K5C+9ARszGF5NfrBvrQ3pxcE5Vl6ioSO9ulg9TlPaL2M0BCnepcxd7cv1JOfQ3Ebsj+2cawd4bfuj7Vn8NPxJZx2oCDkfDWA85FJIeoWuWglis/wHmuCcVIBUGXXhvwB/R+CW7qWps25pEbw/K/Sc5r60yBh/GqqXvG/OJCAHQ6Gw7Ejsu9EE2lbQoW9PYjCMvtQ9VFKqazQzrl90f6ilYTrohT/E0YZGUV0I+60rYHm7WI7gmKLmtE1PccQJ5I7VZAPI3VCIFQ4BMdkejqqZ+8iMtPNpN+pK8wsPZwTG27YiTLJWEe867xTqpSl3kdWIZ67jqRCjc7iIQCM3gx20P9gbgrDKkqvGE6m5Z6+yWcXIrs1AI/R9YIuNoXYm0/mqLxYnyCRWHi8qUUhwk/kXTsjTwjqrTyrAXVfhXcTpTD/j+1xvRhDsYXS3oyXQhw== 13 | template: 14 | metadata: 15 | creationTimestamp: null 16 | name: github-secrets 17 | namespace: atlantis 18 | type: Opaque 19 | -------------------------------------------------------------------------------- /apps/atlantis/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1beta1 3 | kind: VirtualService 4 | metadata: 5 | name: atlantis 6 | spec: 7 | gateways: 8 | - istio-ingress/istio-ingressgateway 9 | hosts: 10 | - atlantis.devxp-tech.io 11 | http: 12 | - match: 13 | - uri: 14 | prefix: "/" 15 | route: 16 | - destination: 17 | host: atlantis.atlantis.svc.cluster.local 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /apps/aws-load-balancer-controller/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | -------------------------------------------------------------------------------- /apps/aws-load-balancer-controller/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "aws-load-balancer-controller", 3 | "userGivenName": "aws-load-balancer-controller", 4 | "destNamespace": "kube-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/aws-load-balancer-controller/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/aws-load-balancer-controller/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | helmCharts: 6 | - name: aws-load-balancer-controller 7 | namespace: kube-system 8 | includeCRDs: true 9 | releaseName: aws-load-balancer-controller 10 | version: 1.8.1 11 | repo: https://aws.github.io/eks-charts 12 | valuesInline: 13 | clusterName: vex-dev-usea1-eks 14 | region: us-east-1 15 | vpcId: vpc-01dc9f4be86534b42 16 | serviceAccount: 17 | create: true 18 | annotations: 19 | eks.amazonaws.com/role-arn: arn:aws:iam::239468932737:role/AmazonEKSLoadBalancerControllerRole 20 | -------------------------------------------------------------------------------- /apps/backstage/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: backstage 4 | 5 | -------------------------------------------------------------------------------- /apps/backstage/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: backstage 4 | resources: 5 | - backstage-secrets-sealed.yaml 6 | - postgres-secrets-sealed.yaml 7 | - postgres-config.yaml 8 | - ../../base 9 | helmCharts: 10 | - name: devxp-app 11 | releaseName: devxp-app 12 | version: 0.2.81 13 | repo: https://devxp-tech.github.io/helm-charts 14 | valuesInline: 15 | name: "backstage" 16 | image: 17 | repository: ghcr.io/devxp-tech/backstage 18 | tag: e355c408 19 | ResourceQuota: 20 | enabled: false 21 | container: 22 | port: 7007 23 | env: 24 | - name: ENV 25 | value: production 26 | envFrom: 27 | - configMapRef: 28 | name: postgres-configs 29 | - secretRef: 30 | name: postgres-secrets 31 | - secretRef: 32 | name: backstage-secrets 33 | resources: 34 | requests: 35 | memory: 256Mi 36 | cpu: 50m 37 | limits: 38 | memory: 512Mi 39 | cpu: 100m 40 | readinessProbe: 41 | initialDelaySeconds: 30 42 | periodSeconds: 15 43 | httpGet: 44 | port: http 45 | path: "/healthcheck" 46 | httpHeaders: 47 | - name: Host 48 | value: backstage.devxp-tech.io 49 | livenessProbe: 50 | initialDelaySeconds: 30 51 | periodSeconds: 15 52 | httpGet: 53 | port: http 54 | path: "/healthcheck" 55 | httpHeaders: 56 | - name: Host 57 | value: backstage.devxp-tech.io 58 | autoscaling: 59 | enabled: true 60 | minReplicas: 1 61 | maxReplicas: 2 62 | targetCPUUtilizationPercentage: 80 63 | 64 | - name: devxp-infra 65 | releaseName: devxp-infra 66 | version: 0.1.1 67 | repo: https://devxp-tech.github.io/helm-charts 68 | valuesInline: 69 | name: "backstage" 70 | Bucket: 71 | enabled: true 72 | 73 | - name: postgresql 74 | releaseName: postgresql 75 | version: 13.4.4 76 | repo: https://charts.bitnami.com/bitnami 77 | valuesInline: 78 | commonLabels: 79 | app: backstage 80 | version: 15.1.0 81 | auth: 82 | username: backstage 83 | database: backstage 84 | existingSecret: postgres-secrets 85 | # global: 86 | # postgresql: 87 | # auth: 88 | # database: backstage 89 | # username: backstage 90 | # existingSecret: postgres-secrets 91 | primary: 92 | resources: 93 | limits: 94 | cpu: 100m 95 | memory: 256Mi 96 | requests: 97 | cpu: 50m 98 | memory: 128Mi 99 | -------------------------------------------------------------------------------- /apps/backstage/overlays/prd/cluster-role.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: backstage-admin 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: cluster-admin 10 | subjects: 11 | - kind: ServiceAccount 12 | name: backstage 13 | namespace: backstage 14 | -------------------------------------------------------------------------------- /apps/backstage/overlays/prd/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "backstage", 3 | "userGivenName": "backstage", 4 | "destNamespace": "backstage", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/backstage/overlays/prd", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/backstage/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: backstage 4 | resources: 5 | - ../../base 6 | - cluster-role.yaml 7 | - postgres-secrets.yaml 8 | - postgres-config.yaml 9 | - sa-token.yaml 10 | - secrets.yaml 11 | helmCharts: 12 | - name: devxp-app 13 | releaseName: devxp-app 14 | version: 0.2.85 15 | repo: https://devxp-tech.github.io/helm-charts 16 | valuesInline: 17 | name: "backstage" 18 | global: 19 | network: 20 | domain: devxp-tech.io 21 | image: 22 | repository: ghcr.io/devxp-tech/backstage 23 | tag: e355c408 #609ddcf6 24 | serviceAccount: 25 | annotations: 26 | "eks.amazonaws.com/role-arn": "arn:aws:iam::239468932737:role/vex-dev-usea1-eks-backstage-sa" 27 | container: 28 | port: 7007 29 | env: 30 | - name: ENV 31 | value: production 32 | envFrom: 33 | - configMapRef: 34 | name: postgres-configs 35 | - secretRef: 36 | name: postgres-secrets 37 | - secretRef: 38 | name: backstage-secrets 39 | quota: 40 | enabled: false 41 | resources: 42 | requests: 43 | memory: 400Mi 44 | cpu: 50m 45 | limits: 46 | memory: 600Mi 47 | cpu: 200m 48 | instrumentation: 49 | enabled: true 50 | language: nodejs 51 | monitoring: 52 | serviceMonitor: 53 | enabled: true 54 | livenessProbe: 55 | initialDelaySeconds: 60 56 | periodSeconds: 15 57 | path: "/healthcheck" 58 | httpHeaders: 59 | - name: Host 60 | value: backstage.devxp-tech.io 61 | readinessProbe: 62 | initialDelaySeconds: 60 63 | periodSeconds: 15 64 | path: "/healthcheck" 65 | httpHeaders: 66 | - name: Host 67 | value: backstage.devxp-tech.io 68 | autoscaling: 69 | enabled: true 70 | minReplicas: 1 71 | maxReplicas: 1 72 | targetCPUUtilizationPercentage: 80 73 | 74 | - name: postgresql 75 | releaseName: postgresql 76 | version: 12.12.10 77 | repo: https://charts.bitnami.com/bitnami 78 | valuesInline: 79 | auth: 80 | username: backstage 81 | database: backstage 82 | existingSecret: postgres-secrets 83 | global: 84 | postgresql: 85 | auth: 86 | database: backstage 87 | username: backstage 88 | existingSecret: postgres-secrets 89 | primary: 90 | resources: 91 | limits: 92 | cpu: 90m 93 | memory: 128Mi 94 | requests: 95 | cpu: 10m 96 | memory: 84Mi 97 | 98 | 99 | # - name: devxp-infra 100 | # releaseName: devxp-infra 101 | # version: 0.0.3 102 | # repo: https://devxp-tech.github.io/helm-charts 103 | # valuesInline: 104 | # name: "backstage" 105 | # Bucket: 106 | # enabled: true 107 | -------------------------------------------------------------------------------- /apps/backstage/overlays/prd/postgres-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: postgres-configs 5 | namespace: backstage 6 | data: 7 | POSTGRES_HOST: "postgresql.backstage.svc.cluster.local" 8 | POSTGRES_PORT: "5432" 9 | POSTGRES_DATABASE: "backstage" 10 | -------------------------------------------------------------------------------- /apps/backstage/overlays/prd/sa-token.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: backstage-token 6 | namespace: backstage 7 | spec: 8 | encryptedData: {} 9 | template: 10 | metadata: 11 | annotations: 12 | kubernetes.io/service-account.name: backstage 13 | creationTimestamp: null 14 | name: backstage-token 15 | namespace: backstage 16 | type: kubernetes.io/service-account-token 17 | -------------------------------------------------------------------------------- /apps/cert-manager/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: cert-manager 4 | -------------------------------------------------------------------------------- /apps/cert-manager/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "cert-manager", 3 | "userGivenName": "cert-manager", 4 | "destNamespace": "cert-manager", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/cert-manager/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/cert-manager/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | helmCharts: 6 | - name: cert-manager 7 | releaseName: cert-manager 8 | namespace: cert-manager 9 | version: v1.15.2 10 | repo: https://charts.jetstack.io 11 | valuesInline: 12 | installCRDs: true 13 | global: 14 | leaderElection: 15 | namespace: "cert-manager" 16 | namespace: "cert-manager" 17 | securityContext: 18 | fsGroup: 1001 19 | serviceAccount: 20 | annotations: 21 | eks.amazonaws.com/role-arn: arn:aws:iam::239468932737:role/AmazonEKS_Cert_Manager_Role 22 | resources: 23 | requests: 24 | cpu: 10m 25 | memory: 32Mi 26 | limits: 27 | cpu: 20m 28 | memory: 64Mi 29 | # webhook: 30 | # networkPolicy: 31 | # enabled: true 32 | prometheus: 33 | enabled: true 34 | servicemonitor: 35 | enabled: true 36 | prometheusInstance: prometheus.monitoring 37 | 38 | -------------------------------------------------------------------------------- /apps/cilium/base/dns-visibility.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cilium.io/v2 2 | kind: CiliumNetworkPolicy 3 | metadata: 4 | annotations: 5 | meta.helm.sh/release-name: jobs-app 6 | meta.helm.sh/release-namespace: tenant-jobs 7 | creationTimestamp: "2024-02-19T09:34:52Z" 8 | generation: 1 9 | labels: 10 | app.kubernetes.io/managed-by: Helm 11 | name: dns-visibility 12 | namespace: tenant-jobs 13 | resourceVersion: "2813" 14 | uid: 518da187-9077-4463-aea4-8cf882ef2f26 15 | spec: 16 | egress: 17 | - toEndpoints: 18 | - matchLabels: 19 | k8s:io.kubernetes.pod.namespace: kube-system 20 | k8s:k8s-app: kube-dns 21 | toPorts: 22 | - ports: 23 | - port: "53" 24 | protocol: ANY 25 | rules: 26 | dns: 27 | - matchPattern: "*" 28 | - toFQDNs: 29 | - matchPattern: "*" 30 | - toEntities: 31 | - all 32 | endpointSelector: 33 | matchLabels: {} 34 | -------------------------------------------------------------------------------- /apps/cilium/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | commonAnnotations: 5 | meta.helm.sh/release-name: cilium 6 | meta.helm.sh/release-namespace: kube-system 7 | helmCharts: 8 | - name: cilium 9 | releaseName: cilium 10 | version: 1.15.7 11 | repo: https://helm.cilium.io 12 | namespace: kube-system 13 | includeCRDs: true 14 | valuesInline: 15 | cni: 16 | chainingMode: aws-cni 17 | exclusive: false 18 | dashboards: 19 | enabled: true 20 | namespace: monitoring 21 | enableIPv4Masquerade: false 22 | endpointRoutes: 23 | enabled: true 24 | gatewayAPI: 25 | enabled: true 26 | kubeProxyReplacement: strict 27 | routingMode: native 28 | # ingressController: 29 | # enabled: true 30 | prometheus: 31 | enabled: true 32 | serviceMonitor: 33 | enabled: true 34 | trustCRDsExist: true 35 | operator: 36 | dashboards: 37 | enabled: true 38 | namespace: monitoring 39 | hubble: 40 | enabled: true 41 | metrics: 42 | dashboards: 43 | enabled: true 44 | namespace: monitoring 45 | serviceMonitor: 46 | enabled: true 47 | enableOpenMetrics: true 48 | enabled: 49 | - dns:query;ignoreAAAA 50 | - drop 51 | - tcp 52 | - flow 53 | - port-distribution 54 | - icmp 55 | - http 56 | - "flow:sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 57 | # - "kafka:labelsContext=source_namespace,source_workload,destination_namespace,destination_workload,traffic_direction;sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 58 | - "httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction;sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 59 | peerService: 60 | # clusterDomain: cluster.local 61 | servicePort: 8080 62 | relay: 63 | enabled: true 64 | prometheus: 65 | serviceMonitor: 66 | enabled: true 67 | ui: 68 | enabled: true 69 | tls: 70 | enabled: false 71 | -------------------------------------------------------------------------------- /apps/cilium/base/values.yaml: -------------------------------------------------------------------------------- 1 | dashboards: 2 | enabled: true 3 | namespace: monitoring 4 | # cni: 5 | # chainingMode: aws-cni 6 | # exclusive: false 7 | # enableIPv4Masquerade: false 8 | # endpointRoutes: 9 | # enabled: true 10 | ingressController: 11 | enabled: true 12 | ipam: 13 | mode: kubernetes 14 | ipv4NativeRoutingCIDR: "10.0.0.0/16" 15 | gatewayAPI: 16 | enabled: true 17 | kubeProxyReplacement: strict 18 | routingMode: native 19 | tunnel: vxlan 20 | prometheus: 21 | enabled: true 22 | serviceMonitor: 23 | enabled: true 24 | trustCRDsExist: true 25 | operator: 26 | dashboards: 27 | enabled: true 28 | namespace: monitoring 29 | hubble: 30 | enabled: true 31 | metrics: 32 | dashboards: 33 | enabled: true 34 | namespace: monitoring 35 | serviceMonitor: 36 | enabled: true 37 | enableOpenMetrics: true 38 | enabled: 39 | - dns:query;ignoreAAAA 40 | - drop 41 | - tcp 42 | - flow 43 | - port-distribution 44 | - icmp 45 | - http 46 | - "flow:sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 47 | # - "kafka:labelsContext=source_namespace,source_workload,destination_namespace,destination_workload,traffic_direction;sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 48 | - "httpV2:exemplars=true;labelsContext=source_ip,source_namespace,source_workload,destination_ip,destination_namespace,destination_workload,traffic_direction;sourceContext=workload-name|reserved-identity;destinationContext=workload-name|reserved-identity" 49 | peerService: 50 | # clusterDomain: cluster.local 51 | servicePort: 8080 52 | relay: 53 | enabled: true 54 | prometheus: 55 | serviceMonitor: 56 | enabled: true 57 | ui: 58 | enabled: true 59 | tls: 60 | enabled: false 61 | -------------------------------------------------------------------------------- /apps/cilium/overlays/ops-test/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "cilium", 3 | "userGivenName": "cilium", 4 | "destNamespace": "kube-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/cilium/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/cilium/overlays/ops-test/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: gateway.networking.k8s.io/v1beta1 2 | kind: Gateway 3 | metadata: 4 | name: cilium 5 | spec: 6 | gatewayClassName: cilium 7 | listeners: 8 | - name: http 9 | protocol: HTTP 10 | port: 80 11 | allowedRoutes: 12 | namespaces: 13 | from: All 14 | -------------------------------------------------------------------------------- /apps/cilium/overlays/ops-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | # - gateway.yaml 6 | -------------------------------------------------------------------------------- /apps/crossplane/base/provider.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: aws.crossplane.io/v1beta1 3 | kind: ProviderConfig 4 | metadata: 5 | name: default 6 | spec: 7 | credentials: 8 | source: Secret 9 | secretRef: 10 | namespace: crossplane-system 11 | name: aws-creds 12 | key: creds 13 | -------------------------------------------------------------------------------- /apps/crossplane/ops-old/config.yaml: -------------------------------------------------------------------------------- 1 | appName: crossplane 2 | userGivenName: crossplane 3 | destNamespace: crossplane-system 4 | destServer: https://kubernetes.default.svc 5 | srcPath: "" 6 | repoURL: https://kubernetes-sigs.github.io/crossplane-system/ 7 | srcRepoURL: https://charts.crossplane.io/stable 8 | srcTargetRevision: "1.8.0" 9 | labels: 10 | exclude: "" 11 | include: "" 12 | helm: 13 | chart: crossplane 14 | valueFiles: values 15 | values: |- 16 | -------------------------------------------------------------------------------- /apps/demo-app/base/collector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: opentelemetry.io/v1alpha1 2 | kind: OpenTelemetryCollector 3 | metadata: 4 | name: collector 5 | spec: 6 | mode: sidecar 7 | config: | 8 | receivers: 9 | jaeger: 10 | protocols: 11 | grpc: 12 | thrift_compact: 13 | thrift_http: 14 | otlp: 15 | protocols: 16 | grpc: 17 | http: 18 | 19 | processors: 20 | memory_limiter: 21 | check_interval: 1s 22 | limit_percentage: 75 23 | spike_limit_percentage: 15 24 | batch: 25 | send_batch_size: 10000 26 | timeout: 10s 27 | 28 | exporters: 29 | logging: 30 | otlphttp: 31 | endpoint: http://otel-collector.observability.svc.cluster.local:4318 32 | tls: 33 | insecure: true 34 | 35 | service: 36 | pipelines: 37 | traces: 38 | receivers: [jaeger, otlp] 39 | processors: [memory_limiter, batch] 40 | exporters: [otlphttp, logging] 41 | -------------------------------------------------------------------------------- /apps/demo-app/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: demo-app 4 | # resources: 5 | # - collector.yaml 6 | # - service-monitor.yaml 7 | -------------------------------------------------------------------------------- /apps/demo-app/overlays/dev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "demo-app", 3 | "userGivenName": "demo-app", 4 | "destNamespace": "demo-app", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/demo-app/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/demo-app/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: demo-app 4 | resources: 5 | - ../../base 6 | helmCharts: 7 | - name: devxp-app 8 | releaseName: devxp-app 9 | version: 0.2.85 10 | repo: https://devxp-tech.github.io/helm-charts 11 | valuesInline: 12 | name: demo-app 13 | 14 | global: 15 | prometheus: 16 | server: http://mimir-nginx.monitoring.svc:80/prometheus 17 | 18 | image: 19 | repository: ghcr.io/devxp-tech/demo-app 20 | tag: 7df51a75 21 | 22 | instrumentation: 23 | enabled: true 24 | language: go 25 | 26 | monitoring: 27 | serviceMonitor: 28 | enabled: true 29 | 30 | autoscaling: 31 | enabled: true 32 | minReplicas: 1 33 | maxReplicas: 1 34 | targetCPUUtilizationPercentage: 80 35 | 36 | resources: 37 | requests: 38 | cpu: 10m 39 | memory: 32Mi 40 | limits: 41 | cpu: 20m 42 | memory: 48Mi 43 | 44 | network: 45 | enabled: true 46 | domain: devxp-tech.io 47 | service: 48 | type: ClusterIP 49 | port: 80 50 | -------------------------------------------------------------------------------- /apps/demo-app/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: demo-app 4 | resources: 5 | - ../../base 6 | helmCharts: 7 | - name: devxp-app 8 | releaseName: devxp-app 9 | version: 0.2.81 10 | repo: https://devxp-tech.github.io/helm-charts 11 | valuesInline: 12 | name: demo-app 13 | image: 14 | repository: ghcr.io/devxp-tech/demo-app 15 | tag: b307d934 16 | autoscaling: 17 | enabled: true 18 | minReplicas: 1 19 | maxReplicas: 3 20 | targetCPUUtilizationPercentage: 80 21 | resources: 22 | requests: 23 | memory: 64Mi 24 | cpu: 50m 25 | limits: 26 | memory: 128Mi 27 | cpu: 100m 28 | network: 29 | enabled: true 30 | domain: devxp-tech.io 31 | service: 32 | type: ClusterIP 33 | port: 80 34 | probe: 35 | enabled: true 36 | livenessProbe: 37 | path: /health-check/liveness 38 | port: 8080 39 | readinessProbe: 40 | path: /health-check/readiness 41 | port: 8080 42 | deploy: 43 | enabled: true 44 | sa: 45 | enabled: true 46 | quota: 47 | enabled: true 48 | requests: 49 | memory: 1Gi 50 | cpu: 1 51 | limits: 52 | memory: 2Gi 53 | cpu: 2 54 | -------------------------------------------------------------------------------- /apps/dex/base/auth-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: 4 | name: dex-policy 5 | namespace: dex 6 | spec: 7 | selector: 8 | matchLabels: 9 | app.kubernetes.io/instance: dex-k8s-authenticator 10 | action: ALLOW 11 | rules: 12 | - when: 13 | - key: request.headers[x-envoy-external-address] 14 | values: 15 | - "94.62.74.120" # Diego 16 | - "177.76.170.30" # Gritzko 17 | - "179.191.119.178" #DiOculos 18 | to: 19 | - operation: 20 | methods: ["GET", "POST", "OPTIONS", "DELETE", "PATCH"] 21 | - from: 22 | - source: 23 | namespaces: ["dex", "monitoring"] 24 | to: 25 | - operation: 26 | methods: ["GET", "POST", "OPTIONS", "DELETE", "PATCH"] 27 | -------------------------------------------------------------------------------- /apps/dex/base/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: dex 6 | labels: 7 | kubernetes.io/metadata.name: dex 8 | backstage.io/kubernetes-id: dex 9 | istio-injection: enabled 10 | spec: 11 | finalizers: 12 | - kubernetes 13 | -------------------------------------------------------------------------------- /apps/dex/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "dex", 3 | "userGivenName": "dex", 4 | "destNamespace": "dex", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/dex/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/dex/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: dex 4 | commonLabels: 5 | app: dex-auth 6 | resources: 7 | - ../../base 8 | - virtual-service.yaml 9 | - secrets.yaml 10 | -------------------------------------------------------------------------------- /apps/dex/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: dex 6 | namespace: dex 7 | spec: 8 | hosts: 9 | - "dex.devxp-tech.io" 10 | gateways: 11 | - istio-ingress/istio-ingressgateway 12 | http: 13 | - headers: 14 | request: 15 | set: 16 | X-Forwarded-Port: "443" 17 | route: 18 | - destination: 19 | port: 20 | number: 5556 21 | host: dex.dex.svc.cluster.local 22 | --- 23 | apiVersion: networking.istio.io/v1alpha3 24 | kind: VirtualService 25 | metadata: 26 | name: dex-k8s-authenticator 27 | namespace: dex 28 | spec: 29 | hosts: 30 | - "kube-login.devxp-tech.io" 31 | gateways: 32 | - istio-ingress/istio-ingressgateway 33 | http: 34 | - headers: 35 | request: 36 | set: 37 | X-Forwarded-Port: "443" 38 | route: 39 | - destination: 40 | port: 41 | number: 80 42 | host: dex-k8s-authenticator.dex.svc.cluster.local 43 | -------------------------------------------------------------------------------- /apps/external-dns/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | -------------------------------------------------------------------------------- /apps/external-dns/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "external-dns", 3 | "userGivenName": "external-dns", 4 | "destNamespace": "kube-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/external-dns/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/external-dns/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | resources: 5 | - ../../base 6 | helmCharts: 7 | - name: external-dns 8 | includeCRDs: true 9 | releaseName: external-dns 10 | namespace: kube-system 11 | version: 8.3.5 12 | repo: https://charts.bitnami.com/bitnami 13 | valuesInline: 14 | # clusterDomain: "cluster.local" 15 | podSecurityContext: 16 | fsGroup: 65534 17 | runAsUser: 0 18 | serviceAccount: 19 | create: true 20 | annotations: 21 | eks.amazonaws.com/role-arn: arn:aws:iam::239468932737:role/AmazonEKS_ExternalDNS_Role 22 | sources: 23 | - istio-virtualservice 24 | domainFilters: 25 | # - diegoluisi.eti.br 26 | # - devxp-tech.io 27 | - dev.devxp-tech.io 28 | provider: aws 29 | policy: upsert-only 30 | aws-zone-type: public # only look at public hosted zones (valid values are public, private or no value for both) 31 | registry: txt 32 | txt-owner-id: external-dns 33 | aws: 34 | region: us-east-1 35 | -------------------------------------------------------------------------------- /apps/grafana/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "grafana", 3 | "userGivenName": "grafana", 4 | "destNamespace": "monitoring", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/grafana/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/grafana/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/grafana/overlays/ops/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: grafana-secrets 6 | namespace: monitoring 7 | spec: 8 | encryptedData: 9 | GF_AUTH_GITHUB_CLIENT_ID: AgAwyxMRiOC8+pd+TT5+ct3zBNVAl2hZhxOEzqlfKPfhEQpPDvHWsPCEhvqHY+VWxi0Dv5v22p9mgbrHSlXOcSdgFFSacB8XRAAzqF+cqPlgYAqm4V406LR/Pzr5h+a7137PvkbwBuvc3ZG7+b4ynB7k0oixFgcEJwXHg3QOBmx7RLtei29dx9KCfsP/D/1zhRtNUoVssP/40sYM2whFu3bGM26Q9I+RecDF/Z4/NkqTIJEwUgDjwxj1o6Rd42gdiOqfCQpcEO2y/zSnLEtb5reic/BFyjXtMD08fuSWpo14An573emq5hDqRgHT4DzoHjQfTwPWbIz8Fd/XwaEkTtPNggEX+bAVcF6t/uJLcQICjSOUip+L5sfQ52zRTG9iJrZ8wieoErjmtdv1yaUyPiR94b9VyjgHN9NW+FCZzIL3Zgx4RBJ/lp0nzHd1Fyw4BiKl81j8hqfi56fBD1ExrYDHKUHzcr24o7ZPJZ6mtO6z3KsuSFyjpz9L6H0Oq1KF/nSr63fKxaTdIN/VYcmaKB+m8hMrI2sEIIHJNqow8HiBFoaGYNzH1BRskHTxADAUNgMMPI52jVIiss+JoHWeye+jVNjybYSRCmpX9A7D8HOS8oQE0chrmUM1YieLcJdKESFNr7kKA28P8uNMQxdi/5qMibi/60hX20dSsfH/mDNIUXxCEfWvo3KIHGUa52iwqoOghNQs0JYRuL9fvqm586KqIPxKCg== 10 | GF_AUTH_GITHUB_CLIENT_SECRET: AgAnQ7/Kiu/n81OL99/tHBOQPXXPlaM7E00qzkKQ9dBsWNWW4pKU3d6w7yJTwT/OSXYCVmqEPdUHxYt+WMtVYd3Mx66g/UfP/Qk8kb/TvgEC2nPnfMUJvlh2QqhJniZtcCms39OU1AxZzmgMiZ1VlnCygmgnNDmBtUjVtbVFANZMVLrm9jlSlCGFbs0vtuvG6ECgsIFnGpApJ7di36rBptfp8uc70/9aJ+GQ+vZhJz9MR51FGuKXPuPWeKTnI2orAVskL4/yrpA1Muf+bnpjiKBn8jafK0aIRD+AHPbqzkbujaMeI3ZtVJsx6tY//pkfOwiIfs/J4MYwtdv8JJaSNLjNEdG+2uAmoX9Yja/r0WiC8yyoBdkI+JaHJ9GR32HJrDl0G7UnQH9ebuExJ+iz8a8GGc9gF/29m3qWg4RfoxTjfa3FtA/sRL+BgfUoDuiY35aNERUaC0xONHJjrSx6qxsQM1JO2epx++bgevEV4LddleCApWu2GGoZvNqIdoVquNpdryZIzbxZs4zbJpMTFMRpQr6JDtApKjin8DwRn145A52xj7kwqmfEQqZ4wczffyx4ZSCOdBvElZgIAltc0Vu66vBo29WSm0PN+whYhZzSlqttbp98QPE5+5iFV349hE/Y5rV/SPZ9oaxcyDy7K55rTzIylNrMdak1mgm6r7LxR2ImVxXa1Un3Oh19kxtUgvthrWnl3oHd/iRasKct0wlBY2ZYStqJbSSu85GVD7K0zuKuFMvIPrU2 11 | GF_SECURITY_ADMIN_PASSWORD: AgCebbMenI7O0EXucpbQwn7fHVns9rnlWAORC6isfsonbb3L3Ol/yLWv4Nwac7muqJSqb4R3oM5i0GukyCkmqBWe6UUiG42Eu//FYLVA8AiX/nKCsPVpZX61CXWv9Aj+D5usfzBljDPUVaBJFDZSs+RDVXE6H41oNUZw4feHOZAMp+wdPNbK2WahSMY6NGkC8bdNgCAeaWlhSc0iZmArRSLsERtmdlEato9It1z6dK36rNFUzP0MvNnmobUatA8lE8VGtEoUVOcjZ6tsEovzF8B/+dC8ouXr5ntE3ed+cON2yDh5DpWhqh/UuA15Hk1lDltAyQ+OjXczPfbguNMB2vQOGT/6risSUstoLargOcjRcrW3nSrrYrcenhbpKx1en3SQOXMCWiBiqxJrhW2Ful5+dw3No8NuY4IwI7dimXJh5dEgX7g5e64QkZ3ede2Ee7V7A5ltaLSq7vwIlaPdxCX0HmFaoF5/7wFnr4cyvifn7uCjm4GTv20q/o4XgTtEw9OotFtIA2diAQlexdcl/2aYNMWahdWShhYKY2GvThC+u0nWbBZSZtWAgFoyguYI5R3RxL4xvqQzUbXoLDHP130q8aQCAgl4TOnxSS4fMYh+nXGTqw/yoBbfJoEhOL/6+3EMDGTOVf3OuYh89Z81ThIoVGNNTxMSLT5C+YcTJiM2wLngpHoanj0t0aTr7cCopMax2kUVRK/qIyWeDmOk/Og= 12 | GF_SECURITY_ADMIN_USER: AgAqQOa+NTrhrY013kdpLfRU8MXgBrDISb8oXn9xXxdO6JH8F9zsbtnlyTBagygBuHv+CuiemdWpU/sULOL7SYi3qoh0VnaV/vlxQQ5vdk98FtkLY/540E4ZXHgnpCYsdzqWbCu/w2xDBrJwXNXzHfFaZ4KGQKmsAdMETqt9aQ3dFtI6S7B30uV065FqXgnF4B0wNoCQxT1LVSHFqcg7dngPqgrDOsXauE1ZMNAA8zCdbsatATQYQF2npy757B/TqfMSpc9R3E+MSx+WIghdxQNGjp5mCq0kDbNKH0L0qHCLUiIqCHN49At2HbRZSrF+xQITkCKIXAI60zicxyUPXVsLz6QgKI/Sg4iOeOANapsvUwwqjtEXzH18jqnCzlqsS9V95KkcDB0Q5KxKBTsoUIjuAWfwMHrqVMY+1m47jfGOhu6CRGTZ2aQH6zx/U4PZpsFTFf8xzTbUnG2erRs4uiE8kl/czaQL44Ev95SUy9wthkHGEyjm48aVRx8s9/Xdnds/DWAelOFMhLzRymfMXCJDviKqL4N3SSq0puoBR8E65cUexOCHqJQ5KQxooKB1TIWfcSMLK70kJmYNy5OMrNFpjZ4sr0Tio/yHC6+iScPsp7lnkeE//IOc/f873ZyAZmhYewC0QFRztEN7qUar+8PD262CtIg5j8cDbMFHDk/RRmS6diM9OBVwNcCfw3mEZ1ilkE+yQw== 13 | template: 14 | data: null 15 | metadata: 16 | creationTimestamp: null 17 | name: grafana-secrets 18 | namespace: monitoring 19 | type: Opaque 20 | -------------------------------------------------------------------------------- /apps/grafana/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: grafana 6 | namespace: monitoring 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://grafana.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "grafana.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | host: grafana.monitoring.svc.cluster.local 21 | port: 22 | number: 80 23 | -------------------------------------------------------------------------------- /apps/homepage/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: homepage 4 | -------------------------------------------------------------------------------- /apps/homepage/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: homepage 4 | resources: 5 | - ../../base 6 | - role.yaml 7 | - postgres-secrets-sealed.yaml 8 | commonLabels: 9 | app: homepage 10 | helmCharts: 11 | - name: devxp-app 12 | releaseName: devxp-app 13 | version: 0.2.81 14 | repo: https://devxp-tech.github.io/helm-charts 15 | valuesInline: 16 | name: homepage 17 | image: 18 | repository: ghcr.io/devxp-tech/homepage 19 | tag: 14ea875c 20 | envFrom: 21 | - secretRef: 22 | name: postgres-secrets 23 | network: 24 | domain: devxp-tech.io 25 | quota: 26 | enabled: true 27 | autoscaling: 28 | enabled: true 29 | minReplicas: 1 30 | maxReplicas: 3 31 | targetCPUUtilizationPercentage: 80 32 | livenessProbe: 33 | httpGet: 34 | path: /health-check/liveness 35 | port: 8080 36 | initialDelaySeconds: 15 37 | periodSeconds: 10 38 | readinessProbe: 39 | httpGet: 40 | path: /health-check/readiness 41 | port: 8080 42 | initialDelaySeconds: 15 43 | periodSeconds: 10 44 | -------------------------------------------------------------------------------- /apps/homepage/overlays/prd/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "homepage", 3 | "userGivenName": "homepage", 4 | "destNamespace": "homepage", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/homepage/overlays/prd", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/homepage/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: homepage 4 | resources: 5 | - ../../base 6 | # - virtual-service.yaml 7 | helmCharts: 8 | - name: devxp-app 9 | releaseName: devxp-app 10 | version: 0.2.85 11 | repo: https://devxp-tech.github.io/helm-charts 12 | valuesInline: 13 | name: homepage 14 | image: 15 | repository: ghcr.io/devxp-tech/homepage 16 | tag: 14ea875c 17 | container: 18 | port: 80 19 | network: 20 | domain: devxp-tech.io 21 | livenessProbe: 22 | enabled: false 23 | readinessProbe: 24 | enabled: false 25 | istio: 26 | virtualServices: 27 | custom: 28 | hosts: 29 | - devxp-tech.io 30 | - www.devxp-tech.io 31 | resources: 32 | requests: 33 | cpu: "10m" 34 | memory: "20Mi" 35 | limits: 36 | cpu: "50m" 37 | memory: "128Mi" 38 | instrumentation: 39 | enabled: true 40 | language: nginx 41 | monitoring: 42 | serviceMonitor: 43 | enabled: true 44 | extraPort: 45 | enabled: true 46 | autoscaling: 47 | enabled: true 48 | minReplicas: 1 49 | maxReplicas: 1 50 | targetCPUUtilizationPercentage: 80 51 | -------------------------------------------------------------------------------- /apps/homepage/overlays/prd/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: www 6 | namespace: homepage 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://www.devxp-tech.io 9 | spec: 10 | gateways: 11 | - istio-ingress/istio-ingressgateway 12 | hosts: 13 | - devxp-tech.io 14 | - www.devxp-tech.io 15 | http: 16 | - name: www 17 | route: 18 | - destination: 19 | host: homepage.homepage.svc.cluster.local 20 | -------------------------------------------------------------------------------- /apps/hotrod/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: hotrod 4 | commonLabels: 5 | app: hotrod 6 | helmCharts: 7 | - name: devxp-app 8 | releaseName: devxp-app 9 | version: 0.2.82 10 | repo: https://devxp-tech.github.io/helm-charts 11 | valuesInline: 12 | name: hotrod 13 | global: 14 | commonLabels: 15 | app: hotrod 16 | version: 0.2.22 17 | 18 | image: 19 | repository: jaegertracing/example-hotrod #kong/httpbin 20 | 21 | network: 22 | domain: devxp-tech.io 23 | 24 | envs: 25 | # - name: OTEL_EXPORTER_OTLP_ENDPOINT 26 | # value: http://otel-collector.observability.svc.cluster.local:4318 27 | # - name: OTEL_EXPORTER_JAEGER_ENDPOINT 28 | # value: http://otel-collector.observability.svc.cluster.local:14268/api/traces 29 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 30 | value: http://otel-collector.observability.svc.cluster.local:4318 31 | - name: OTEL_EXPORTER_JAEGER_ENDPOINT 32 | value: http://otel-collector.observability.svc.cluster.local:14268/api/traces 33 | 34 | autoscaling: 35 | enabled: false 36 | 37 | quota: 38 | enabled: false 39 | 40 | resources: 41 | requests: 42 | cpu: 10m 43 | memory: 32Mi 44 | limits: 45 | cpu: 30m 46 | memory: 64Mi 47 | 48 | livenessProbe: 49 | enabled: false 50 | readinessProbe: 51 | enabled: false 52 | -------------------------------------------------------------------------------- /apps/hotrod/overlays/dev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "hotrod", 3 | "userGivenName": "hotrod", 4 | "destNamespace": "hotrod", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/hotrod/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/hotrod/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: hotrod 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/istio-ingress/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: istio-ingress 4 | helmCharts: 5 | - name: gateway 6 | releaseName: gateway 7 | version: 1.22.0 8 | repo: https://istio-release.storage.googleapis.com/charts 9 | valuesInline: 10 | name: istio-ingressgateway 11 | defaults: 12 | imagePullPolicy: IfNotPresent 13 | labels: 14 | app_label: istio-ingressgateway 15 | podAnnotations: 16 | proxy.istio.io/config: '{"discoveryAddress" : "istiod.istio-system.svc:15012" }' 17 | autoscaling: 18 | enabled: true 19 | service: 20 | annotations: 21 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp 22 | service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" 23 | service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing 24 | service.beta.kubernetes.io/aws-load-balancer-type: nlb 25 | # numTrustedProxies: 2 26 | externalTrafficPolicy: Local 27 | - name: gateway 28 | releaseName: gateway-private 29 | version: 1.22.0 30 | repo: https://istio-release.storage.googleapis.com/charts 31 | valuesInline: 32 | name: istio-ingressgateway-private 33 | defaults: 34 | imagePullPolicy: IfNotPresent 35 | labels: 36 | app_label: istio-ingressgateway-private 37 | podAnnotations: 38 | proxy.istio.io/config: '{"discoveryAddress" : "istiod.istio-system.svc:15012" }' 39 | autoscaling: 40 | enabled: true 41 | service: 42 | annotations: 43 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp 44 | service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" 45 | service.beta.kubernetes.io/aws-load-balancer-scheme: internal 46 | service.beta.kubernetes.io/aws-load-balancer-internal: "true" 47 | service.beta.kubernetes.io/aws-load-balancer-type: nlb 48 | # numTrustedProxies: 2 49 | externalTrafficPolicy: Local 50 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/auth-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: 4 | name: auth-policy 5 | namespace: istio-ingress 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: istio-ingressgateway 10 | action: ALLOW 11 | rules: 12 | # - from: 13 | # - source: 14 | # principals: ["cluster.local/*"] 15 | # to: 16 | # - operation: 17 | # methods: ["GET", "POST", "OPTIONS", "DELETE", "PATCH"] 18 | - to: 19 | - operation: 20 | hosts: 21 | - "*.devxp-tech.io" 22 | when: 23 | - key: request.headers[x-envoy-external-address] 24 | values: 25 | - "85.240.135.56" # Diego 26 | - "3.220.46.13" # Test 27 | - to: 28 | - operation: 29 | hosts: 30 | - "argocd.devxp-tech.io" # Need for GitHub repository badge 31 | - "atlantis.devxp-tech.io" # Need for GitHub Webhook 32 | - "dex.devxp-tech.io" # Need for kube-login 33 | - "grafana.devxp-tech.io" # Need for Backstage 34 | # - "sonar.devxp-tech.io" # Need for GitHub pipelines # Disabled 35 | - "homepage.devxp-tech.io" # Need for Homepage 36 | - "devxp-tech.io" # Need for Homepage 37 | - "www.devxp-tech.io" # Need for Homepage 38 | - "www.diegoluisi.eti.br" # Allow wordpress for everyone 39 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: diegoluisi.eti.br 5 | spec: 6 | commonName: diegoluisi.eti.br 7 | dnsNames: 8 | - diegoluisi.eti.br 9 | - "*.diegoluisi.eti.br" 10 | issuerRef: 11 | kind: ClusterIssuer 12 | name: diegoluisi.eti.br 13 | secretName: diegoluisi.eti.br 14 | 15 | --- 16 | apiVersion: cert-manager.io/v1 17 | kind: Certificate 18 | metadata: 19 | name: devxp-tech.io 20 | spec: 21 | commonName: devxp-tech.io 22 | dnsNames: 23 | - devxp-tech.io 24 | - "*.devxp-tech.io" 25 | - "*.dev.devxp-tech.io" 26 | issuerRef: 27 | kind: ClusterIssuer 28 | name: devxp-tech.io 29 | secretName: devxp-tech.io 30 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/clusterissuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | labels: 5 | app.kubernetes.io/instance: certs 6 | name: diegoluisi.eti.br 7 | spec: 8 | acme: 9 | email: contato@diegoluisi.eti.br 10 | privateKeySecretRef: 11 | name: issuer-key 12 | server: https://acme-v02.api.letsencrypt.org/directory 13 | solvers: 14 | - selector: 15 | dnsZones: 16 | - diegoluisi.eti.br 17 | dns01: 18 | route53: 19 | region: us-east-1 20 | 21 | --- 22 | apiVersion: cert-manager.io/v1 23 | kind: ClusterIssuer 24 | metadata: 25 | labels: 26 | app.kubernetes.io/instance: certs 27 | name: devxp-tech.io 28 | spec: 29 | acme: 30 | email: diego.luisi@devxp-tech.io 31 | privateKeySecretRef: 32 | name: issuer-key 33 | server: https://acme-v02.api.letsencrypt.org/directory 34 | solvers: 35 | - selector: 36 | dnsZones: 37 | - devxp-tech.io 38 | - dev.devxp-tech.io 39 | - diegoluisi.eti.br 40 | dns01: 41 | route53: 42 | region: us-east-1 43 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "istio-ingress", 3 | "userGivenName": "istio-ingress", 4 | "destNamespace": "istio-ingress", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/istio-ingress/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/gateway-private.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: Gateway 4 | metadata: 5 | name: istio-ingressgateway-private 6 | namespace: istio-ingress 7 | labels: 8 | app_label: istio-ingressgateway-private 9 | app.kubernetes.io/version: 1.20.0 10 | istio: ingressgateway 11 | spec: 12 | selector: 13 | app: istio-ingressgateway-private 14 | servers: 15 | - hosts: 16 | - "*.dev.devxp-tech.io" 17 | - "*.dev.diegoluisi.eti.br" 18 | port: 19 | name: http 20 | number: 80 21 | protocol: HTTP 22 | tls: 23 | httpsRedirect: true 24 | - port: 25 | name: https-diegoluisi 26 | number: 443 27 | protocol: HTTPS 28 | tls: 29 | mode: SIMPLE 30 | credentialName: diegoluisi.eti.br # This should match the Certificate secretName 31 | hosts: 32 | - "*.dev.diegoluisi.eti.br" # This should match a DNS name in the Certificate 33 | - port: 34 | name: https-devxp 35 | number: 443 36 | protocol: HTTPS 37 | tls: 38 | mode: SIMPLE 39 | credentialName: devxp-tech.io # This should match the Certificate secretName 40 | hosts: 41 | - "*.dev.devxp-tech.io" 42 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/gateway.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: Gateway 3 | metadata: 4 | name: istio-ingressgateway 5 | namespace: istio-ingress 6 | labels: 7 | app_label: istio-ingressgateway 8 | app.kubernetes.io/version: 1.20.0 9 | istio: ingressgateway 10 | spec: 11 | selector: 12 | app_label: istio-ingressgateway 13 | servers: 14 | - hosts: 15 | - "*.devxp-tech.io" 16 | - "*.diegoluisi.eti.br" 17 | port: 18 | name: http 19 | number: 80 20 | protocol: HTTP 21 | tls: 22 | httpsRedirect: true 23 | - port: 24 | name: https-diegoluisi 25 | number: 443 26 | protocol: HTTPS 27 | tls: 28 | mode: SIMPLE 29 | credentialName: diegoluisi.eti.br # This should match the Certificate secretName 30 | hosts: 31 | - "*.diegoluisi.eti.br" # This should match a DNS name in the Certificate 32 | - port: 33 | name: https-devxp 34 | number: 443 35 | protocol: HTTPS 36 | tls: 37 | mode: SIMPLE 38 | credentialName: devxp-tech.io # This should match the Certificate secretName 39 | hosts: 40 | - "*.devxp-tech.io" # This should match a DNS name in the Certificate 41 | -------------------------------------------------------------------------------- /apps/istio-ingress/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - auth-policy.yaml 6 | - certificate.yaml 7 | - clusterissuer.yaml 8 | - gateway.yaml 9 | - gateway-private.yaml 10 | -------------------------------------------------------------------------------- /apps/istio/base/destinationrule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: DestinationRule 3 | metadata: 4 | name: api-server 5 | namespace: istio-system 6 | spec: 7 | host: "kubernetes.default.svc.cluster.local" #Disabling it for Kube API Server communication 8 | trafficPolicy: 9 | tls: 10 | mode: DISABLE 11 | --- 12 | apiVersion: networking.istio.io/v1alpha3 13 | kind: DestinationRule 14 | metadata: 15 | name: "default" 16 | namespace: istio-system 17 | labels: 18 | release: istio-system 19 | spec: 20 | host: "*.local" 21 | trafficPolicy: 22 | tls: 23 | mode: DISABLE 24 | -------------------------------------------------------------------------------- /apps/istio/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: istio-system 4 | resources: 5 | # - destinationrule.yaml 6 | - peerauthentication.yaml 7 | - prometheus-rules.yaml 8 | - service-entry.yaml 9 | # - service-monitor.yaml 10 | - telemetry.yaml 11 | helmCharts: 12 | - name: base 13 | releaseName: base 14 | version: 1.22.0 15 | repo: https://istio-release.storage.googleapis.com/charts 16 | includeCRDs: true 17 | valuesInline: 18 | global: 19 | istiod: 20 | enableAnalysis: true 21 | 22 | - name: istiod 23 | releaseName: istiod 24 | version: 1.22.0 25 | repo: https://istio-release.storage.googleapis.com/charts 26 | valuesInline: 27 | fullnameOverride: istiod 28 | defaults: 29 | global: 30 | imagePullPolicy: IfNotPresent 31 | defaultPodDisruptionBudget: 32 | enabled: false 33 | trustDomain: "cluster.local" 34 | global: 35 | imagePullPolicy: IfNotPresent 36 | defaultResources: 37 | requests: 38 | cpu: 10m 39 | memory: 128Mi 40 | limits: 41 | cpu: 100m 42 | memory: 128Mi 43 | mtls: 44 | # Default setting for service-to-service mtls. Can be set explicitly using 45 | # destination rules or service annotations. 46 | enabled: false 47 | tracer: 48 | zipkin: 49 | address: tempo.observability.svc.cluster.local:9411 50 | # address: otel-collector.observability.svc.cluster.local:9411 51 | # address: jaeger-collector.observability.svc.cluster.local:9411 52 | proxy: 53 | clusterDomain: "cluster.local" 54 | imagePullPolicy: IfNotPresent # test 55 | # Resources for the sidecar. 56 | resources: 57 | requests: 58 | cpu: 30m 59 | memory: 64Mi 60 | limits: 61 | cpu: 50m 62 | memory: 128Mi 63 | autoscalingv2API: true 64 | pilot: 65 | traceSampling: 25.0 66 | replicaCount: 2 67 | resources: 68 | requests: 69 | cpu: 10m 70 | memory: 100Mi 71 | limits: 72 | cpu: 500m 73 | memory: 2Gi 74 | meshConfig: 75 | trustDomain: "cluster.local" 76 | accessLogFile: "/dev/stdout" 77 | enableTracing: true 78 | defaultConfig: 79 | tracing: 80 | sampling: 10 81 | discoveryAddress: istiod.istio-system.svc:15012 82 | # holdApplicationUntilProxyStarts: true 83 | gatewayTopology: 84 | numTrustedProxies: 2 85 | # List of fully qualified services to exclude from mtls 86 | # TODO: add the templating. 87 | mtlsExcludedServices: 88 | - "kubernetes" 89 | - "kubernetes.default.svc" 90 | - "kubernetes.default.svc.cluster.local" 91 | - "10.100.0.1" 92 | -------------------------------------------------------------------------------- /apps/istio/base/peerauthentication.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: "default" 5 | spec: 6 | mtls: 7 | mode: PERMISSIVE # TEST CILIUM 8 | -------------------------------------------------------------------------------- /apps/istio/base/prometheus-rules.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PrometheusRule 3 | metadata: 4 | name: istio-metrics-aggregation 5 | labels: 6 | app.kubernetes.io/name: istio-prometheus 7 | spec: 8 | groups: 9 | - name: "istio.metricsAggregation-rules" 10 | interval: 5s 11 | rules: 12 | - record: "workload:istio_requests_total" 13 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_requests_total)" 14 | 15 | - record: "workload:istio_request_duration_milliseconds_count" 16 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_duration_milliseconds_count)" 17 | - record: "workload:istio_request_duration_milliseconds_sum" 18 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_duration_milliseconds_sum)" 19 | - record: "workload:istio_request_duration_milliseconds_bucket" 20 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_duration_milliseconds_bucket)" 21 | 22 | - record: "workload:istio_request_bytes_count" 23 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_bytes_count)" 24 | - record: "workload:istio_request_bytes_sum" 25 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_bytes_sum)" 26 | - record: "workload:istio_request_bytes_bucket" 27 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_request_bytes_bucket)" 28 | 29 | - record: "workload:istio_response_bytes_count" 30 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_response_bytes_count)" 31 | - record: "workload:istio_response_bytes_sum" 32 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_response_bytes_sum)" 33 | - record: "workload:istio_response_bytes_bucket" 34 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_response_bytes_bucket)" 35 | 36 | - record: "workload:istio_tcp_sent_bytes_total" 37 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_tcp_sent_bytes_total)" 38 | - record: "workload:istio_tcp_received_bytes_total" 39 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_tcp_received_bytes_total)" 40 | - record: "workload:istio_tcp_connections_opened_total" 41 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_tcp_connections_opened_total)" 42 | - record: "workload:istio_tcp_connections_closed_total" 43 | expr: "sum without(instance, kubernetes_namespace, kubernetes_pod_name) (istio_tcp_connections_closed_total)" 44 | -------------------------------------------------------------------------------- /apps/istio/base/service-entry.yaml: -------------------------------------------------------------------------------- 1 | # Define a service entry for the Kubernetes API service, 2 | # to improve visualization of operator traffic. 3 | apiVersion: networking.istio.io/v1alpha3 4 | kind: ServiceEntry 5 | metadata: 6 | name: kubernetes 7 | namespace: default 8 | spec: 9 | hosts: 10 | - "kubernetes" 11 | - "kubernetes.default.svc.cluster.local" 12 | ports: 13 | - number: 443 14 | name: https-port 15 | protocol: HTTPS 16 | resolution: DNS 17 | location: MESH_EXTERNAL 18 | -------------------------------------------------------------------------------- /apps/istio/base/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PodMonitor 3 | metadata: 4 | name: envoy-stats-monitor 5 | namespace: istio-system 6 | labels: 7 | monitoring: istio-proxies 8 | release: kube-prometheus-stack 9 | spec: 10 | selector: 11 | matchExpressions: 12 | - {key: istio-prometheus-ignore, operator: DoesNotExist} 13 | namespaceSelector: 14 | any: true 15 | jobLabel: envoy-stats 16 | podMetricsEndpoints: 17 | - path: /stats/prometheus 18 | interval: 15s 19 | relabelings: 20 | - action: keep 21 | sourceLabels: [__meta_kubernetes_pod_container_name] 22 | regex: "istio-proxy" 23 | - action: keep 24 | sourceLabels: [__meta_kubernetes_pod_annotationpresent_prometheus_io_scrape] 25 | - sourceLabels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] 26 | action: replace 27 | regex: ([^:]+)(?::\d+)?;(\d+) 28 | replacement: $1:$2 29 | targetLabel: __address__ 30 | - action: labeldrop 31 | regex: "__meta_kubernetes_pod_label_(.+)" 32 | - sourceLabels: [__meta_kubernetes_namespace] 33 | action: replace 34 | targetLabel: namespace 35 | - sourceLabels: [__meta_kubernetes_pod_name] 36 | action: replace 37 | targetLabel: pod_name 38 | --- 39 | apiVersion: monitoring.coreos.com/v1 40 | kind: ServiceMonitor 41 | metadata: 42 | name: istio-component-monitor 43 | namespace: istio-system 44 | labels: 45 | monitoring: istio-components 46 | release: kube-prometheus-stack 47 | spec: 48 | jobLabel: istio 49 | targetLabels: [app] 50 | selector: 51 | matchExpressions: 52 | - {key: istio, operator: In, values: [pilot]} 53 | namespaceSelector: 54 | any: true 55 | endpoints: 56 | - port: http-monitoring 57 | interval: 15s 58 | -------------------------------------------------------------------------------- /apps/istio/base/telemetry.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: mesh-default 5 | namespace: istio-system 6 | spec: 7 | accessLogging: 8 | - providers: 9 | - name: envoy 10 | -------------------------------------------------------------------------------- /apps/istio/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "istio", 3 | "userGivenName": "istio", 4 | "destNamespace": "istio-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/istio/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/istio/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /apps/jaeger/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: observability 4 | commonLabels: 5 | app: jaeger-operator 6 | version: 2.45.0 7 | helmCharts: 8 | # - name: jaeger-operator 9 | # releaseName: jaegertracing 10 | # version: 2.45.0 11 | # repo: https://jaegertracing.github.io/helm-charts 12 | # includeCRDs: true 13 | # namespace: observability 14 | # valuesInline: 15 | # fullnameOverride: jaeger-operator 16 | # rbac: 17 | # create: true 18 | # clusterRole: true 19 | 20 | - name: jaeger 21 | releaseName: jaegertracing 22 | version: 2.1.0 23 | repo: https://jaegertracing.github.io/helm-charts 24 | namespace: observability 25 | valuesInline: 26 | fullnameOverride: jaeger 27 | # hotrod: 28 | # enabled: true 29 | commonLabels: 30 | app: jaeger 31 | version: 0.72.0 32 | provisionDataStore: 33 | cassandra: false 34 | elasticsearch: true 35 | storage: 36 | type: elasticsearch 37 | collector: 38 | service: 39 | zipkin: 40 | port: 9411 41 | otlp: 42 | grpc: 43 | name: otlp-grpc 44 | port: 4317 45 | http: 46 | name: otlp-http 47 | port: 4318 48 | # cassandra: 49 | # clusterDomain: cluster.local # Just need if cluster is different of cluster.local 50 | # dbUser: 51 | # existingSecret: jaeger-cassandra 52 | query: 53 | cmdlineParams: 54 | # query.ui-config: /etc/jaeger/jaeger-ui.json 55 | # log-level: debug 56 | metrics-backend: prometheus 57 | support-spanmetrics-connector: true 58 | serviceMonitor: 59 | enabled: true 60 | extraEnv: 61 | - name: METRICS_STORAGE_TYPE 62 | value: prometheus 63 | - name: PROMETHEUS_SERVER_URL 64 | value: http://prometheus-community-kube-prometheus.monitoring.svc.cluster.local:9090 65 | - name: COLLECTOR_OTLP_ENABLED 66 | value: "false" 67 | - name: PROMETHEUS_QUERY_SUPPORT_SPANMETRICS_CONNECTOR 68 | value: "true" 69 | spark: 70 | enabled: true 71 | resources: 72 | # Give this job enough amount of resources plz! 73 | limits: 74 | cpu: 800m 75 | memory: 4Gi 76 | requests: 77 | cpu: 400m 78 | memory: 2Gi 79 | agent: 80 | # if you are using otel-agent, then you don't need to deploy the jaeger agent 81 | enabled: false 82 | -------------------------------------------------------------------------------- /apps/jaeger/overlays/ops-bkp/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "jaeger", 3 | "userGivenName": "jaeger", 4 | "destNamespace": "observability", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/jaeger/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/jaeger/overlays/ops-bkp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - virtual-service.yaml 6 | -------------------------------------------------------------------------------- /apps/jaeger/overlays/ops-bkp/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: jaeger 6 | namespace: observability 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://jaeger.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "jaeger.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 80 #80 or 16686 22 | host: jaeger-query.observability.svc.cluster.local 23 | -------------------------------------------------------------------------------- /apps/karpenter/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: karpenter 4 | helmCharts: 5 | - name: karpenter 6 | includeCRDs: true 7 | releaseName: karpenter 8 | namespace: karpenter 9 | version: 0.36.2 #v0.34.6 10 | repo: oci://public.ecr.aws/karpenter 11 | valuesInline: 12 | fullnameOverride: karpenter 13 | dnsPolicy: Default 14 | serviceAccount: 15 | annotations: 16 | eks.amazonaws.com/role-arn: arn:aws:iam::239468932737:role/vex-dev-usea1-eks-karpenter-controller 17 | # Failed to watch *v1.Lease: failed to list *v1.Lease: leases.coordination.k8s.io is forbidden: User "system:serviceaccount:karpenter:karpenter" cannot list resource "leases" in API group "coordination.k8s.io" in the namespace "kube-node-lease" 18 | additionalClusterRoleRules: 19 | - apiGroups: ["coordination.k8s.io"] 20 | resources: ["leases"] 21 | verbs: ["*"] 22 | webhook: 23 | enabled: false 24 | serviceMonitor: 25 | enabled: true 26 | replicas: 1 27 | # nodeSelector: 28 | # karpenter.sh/controller: 'true' 29 | tolerations: 30 | - key: CriticalAddonsOnly 31 | operator: Exists 32 | - key: karpenter.sh/controller 33 | operator: Exists 34 | effect: NoSchedule 35 | controller: 36 | resources: 37 | requests: 38 | cpu: 80m 39 | memory: 384Mi 40 | limits: 41 | cpu: 120m 42 | memory: 512Mi 43 | settings: 44 | clusterName: vex-dev-usea1-eks 45 | clusterEndpoint: https://DDC166ECE3AF805DA19B0CC5502AF3C0.gr7.us-east-1.eks.amazonaws.com 46 | defaultInstanceProfile: vex-dev-usea1-eks-karpenter-node-role 47 | interruptionQueue: vex-dev-usea1-eks-karpenter 48 | featureGates: 49 | spotToSpotConsolidation: true 50 | -------------------------------------------------------------------------------- /apps/karpenter/base/prometheus-rules.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PrometheusRule 3 | metadata: 4 | labels: 5 | app: karpenter 6 | heritage: Helm 7 | release: prometheus 8 | name: karpenter 9 | spec: 10 | groups: 11 | - name: karpenter 12 | rules: 13 | - alert: KarpenterCanNotRegisterNewNodes 14 | annotations: 15 | description: | 16 | Karpenter in the nodepool {{`{{ $labels.nodeppol }}`}} launched new nodes, but some of nodes did not registerd in the cluster during 15 min 17 | summary: Problem with registering new nodes in the cluster. 18 | expr: sum by (nodepool) (karpenter_nodeclaims_launched) - sum by (nodepool)(karpenter_nodeclaims_registered) != 0 19 | for: 15m 20 | labels: 21 | severity: warning 22 | - alert: KarpenterNodepoolAlmostFull 23 | annotations: 24 | description: | 25 | Nodepool {{`{{ $labels.nodeppol }}`}} launched {{`{{ $value }}`}}% {{`{{ $labels.resource_type }}`}} resources of the limit. 26 | summary: Nodepool almost full, you should increase limits. 27 | expr: sum by (nodepool,resource_type) (karpenter_nodepool_usage) / sum by (nodepool,resource_type) (karpenter_nodepool_limit) * 100 > 80 28 | for: 15m 29 | labels: 30 | severity: warning 31 | - alert: KarpenterCloudproviderErrors 32 | annotations: 33 | description: | 34 | Karpenter received an error during an api call to the cloud provider. 35 | expr: increase(karpenter_cloudprovider_errors_total[10m]) > 0 36 | for: 1m 37 | labels: 38 | severity: warning 39 | -------------------------------------------------------------------------------- /apps/karpenter/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "karpenter", 3 | "userGivenName": "karpenter", 4 | "destNamespace": "karpenter", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/karpenter/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/karpenter/overlays/ops/ec2nodeclass.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: karpenter.k8s.aws/v1beta1 2 | kind: EC2NodeClass 3 | metadata: 4 | name: default 5 | spec: 6 | amiFamily: AL2023 7 | blockDeviceMappings: 8 | - deviceName: /dev/xvda 9 | ebs: 10 | deleteOnTermination: true 11 | volumeSize: 20Gi #4Gi 12 | volumeType: gp3 13 | - deviceName: /dev/xvdb 14 | ebs: 15 | deleteOnTermination: true 16 | volumeSize: 50Gi 17 | volumeType: gp3 18 | detailedMonitoring: true 19 | role: vex-dev-usea1-eks-karpenter-node-role 20 | securityGroupSelectorTerms: 21 | - tags: 22 | karpenter.sh/discovery: vex-dev-usea1-eks 23 | subnetSelectorTerms: 24 | - tags: 25 | karpenter.sh/discovery: vex-dev-usea1-eks 26 | tags: 27 | KarpenerProvisionerName: default 28 | role: default 29 | karpenter.sh/cluster_name: vex-dev-usea1-eks 30 | karpenter.sh/discovery: vex-dev-usea1-eks 31 | managed-by: karpenter 32 | node-role.kubernetes.io/worker: worker 33 | userData: | 34 | #!/bin/bash 35 | 36 | # Mount data volumes to /data directory on a Amazon Linux Worker Node (excluding OS volume) 37 | 38 | # Identify the device name of the root volume 39 | root_device=$(mount | awk '$3 == "/" {print $1}') 40 | 41 | # Identify the device names of all attached block devices (excluding root volume) 42 | device_names=$(lsblk -d -n -o NAME | grep -v "") 43 | 44 | # Loop through each device name and mount the corresponding volume to a directory named /data 45 | i=1 46 | for device_name in ; do 47 | if ! grep -qs "/dev/" /proc/mounts; then 48 | sudo mkfs.xfs "/dev/" 49 | sudo mkdir -p "/data" 50 | sudo mount "/dev/" "/data" 51 | echo "Mounted /dev/ to /data" 52 | ((i++)) 53 | fi 54 | done 55 | 56 | -------------------------------------------------------------------------------- /apps/karpenter/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - ec2nodeclass.yaml 6 | - nodepool.yaml 7 | 8 | -------------------------------------------------------------------------------- /apps/karpenter/overlays/ops/nodepool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: karpenter.sh/v1beta1 2 | kind: NodePool 3 | metadata: 4 | name: on-demand 5 | spec: 6 | disruption: 7 | consolidationPolicy: WhenUnderutilized 8 | expireAfter: 360h 9 | limits: 10 | cpu: 16 11 | memory: 36Gi 12 | template: 13 | metadata: 14 | labels: 15 | role: on-demand 16 | spec: 17 | kubelet: 18 | evictionHard: 19 | memory.available: 5% 20 | nodefs.available: 10% 21 | nodefs.inodesFree: 10% 22 | systemReserved: 23 | cpu: 200m 24 | memory: 100Mi 25 | ephemeral-storage: 1Gi 26 | maxPods: 110 27 | # taints: 28 | # - key: role 29 | # value: on-demand 30 | # effect: NoSchedule 31 | nodeClassRef: 32 | name: default 33 | requirements: 34 | - key: karpenter.k8s.aws/instance-generation 35 | operator: Gt 36 | values: ["2"] 37 | - key: karpenter.k8s.aws/instance-cpu 38 | operator: Gt 39 | values: ["1"] 40 | - key: karpenter.k8s.aws/instance-memory 41 | operator: Gt 42 | values: ['4095'] # 4 * 1024 -1 43 | - key: karpenter.k8s.aws/instance-category 44 | operator: In 45 | values: ["c", "m", "r"] 46 | - key: topology.kubernetes.io/zone 47 | operator: In 48 | values: ["us-east-1a", "us-east-1b", "us-east-1c"] 49 | - key: karpenter.sh/capacity-type 50 | operator: In 51 | values: ["on-demand"] 52 | - key: kubernetes.io/arch 53 | operator: In 54 | values: ["amd64"] 55 | - key: kubernetes.io/os 56 | operator: In 57 | values: ["linux"] 58 | 59 | --- 60 | apiVersion: karpenter.sh/v1beta1 61 | kind: NodePool 62 | metadata: 63 | name: spot 64 | spec: 65 | disruption: 66 | consolidationPolicy: WhenUnderutilized 67 | expireAfter: 360h 68 | limits: 69 | cpu: 12 70 | memory: 32Gi 71 | template: 72 | metadata: 73 | labels: 74 | role: spot 75 | spec: 76 | kubelet: 77 | evictionHard: 78 | memory.available: 5% 79 | nodefs.available: 10% 80 | nodefs.inodesFree: 10% 81 | systemReserved: 82 | cpu: 200m 83 | memory: 100Mi 84 | ephemeral-storage: 1Gi 85 | maxPods: 110 86 | nodeClassRef: 87 | name: default 88 | requirements: 89 | - key: karpenter.k8s.aws/instance-generation 90 | operator: Gt 91 | values: ["2"] 92 | - key: karpenter.k8s.aws/instance-cpu 93 | operator: Gt 94 | values: ["1"] 95 | - key: karpenter.k8s.aws/instance-memory 96 | operator: Gt 97 | values: ['4095'] # 4 * 1024 -1 98 | - key: karpenter.k8s.aws/instance-category 99 | operator: In 100 | values: ["c", "m", "r"] 101 | - key: topology.kubernetes.io/zone 102 | operator: In 103 | values: ["us-east-1a", "us-east-1b", "us-east-1c"] 104 | - key: karpenter.sh/capacity-type 105 | operator: In 106 | values: ["spot"] 107 | - key: kubernetes.io/arch 108 | operator: In 109 | values: ["amd64"] 110 | - key: kubernetes.io/os 111 | operator: In 112 | values: ["linux"] 113 | 114 | -------------------------------------------------------------------------------- /apps/keycloak/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: keycloak 4 | helmCharts: 5 | - name: keycloak 6 | releaseName: keycloak 7 | version: 18.4.4 #21.0.3 8 | includeCRDs: true 9 | repo: https://codecentric.github.io/helm-charts #https://charts.bitnami.com/bitnami 10 | valuesInline: 11 | namespaceOverride: keycloak 12 | # image: 13 | # tag: 24.0.1 14 | # args: ["start-dev"] 15 | extraEnv: | 16 | - name: KEYCLOAK_ADMIN 17 | value: "admin" 18 | - name: KEYCLOAK_ADMIN_PASSWORD 19 | value: "admin" 20 | - name: KC_PROXY 21 | value: "edge" 22 | postgresql: 23 | auth: 24 | existingSecret: keycloak-postgresql 25 | 26 | # auth: 27 | # adminUser: admin 28 | # existingSecret: keycloak 29 | # metrics: 30 | # enabled: true 31 | # serviceMonitor: 32 | # enabled: true 33 | # # proxyAddressForwarding: true 34 | # proxy: edge 35 | # extraEnvVars: 36 | # - name: KEYCLOAK_LOG_LEVEL 37 | # value: INFO 38 | # - name: KEYCLOAK_ADMIN 39 | # value: "admin" 40 | # # - name: KC_HOSTNAME 41 | # # value: keycloak.devxp-tech.io 42 | # # - name: KC_HOSTNAME_URL 43 | # # value: "https://keycloak.devxp-tech.io/" 44 | # # - name: KC_HOSTNAME_ADMIN_URL 45 | # # value: "https://keycloak.devxp-tech.io/" 46 | # - name: KC_HOSTNAME_DEBUG 47 | # value: "true" 48 | # postgresql: 49 | # auth: 50 | # existingSecret: keycloak-postgresql 51 | -------------------------------------------------------------------------------- /apps/keycloak/overlays/ops-old/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "keycloak", 3 | "userGivenName": "keycloak", 4 | "destNamespace": "keycloak", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/keycloak/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/keycloak/overlays/ops-old/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/keycloak/overlays/ops-old/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: keycloak-postgresql 7 | namespace: keycloak 8 | spec: 9 | encryptedData: 10 | password: AgBNcMEVenbAXMjEhmLnMDnSMKiVUDA/1ybRVeZyLiVAQPbFxkqmGl8kO11KYNmKScqnytK1bhj9FQ6Cys8+DbdN0gFw+1TIwyObs1t6mqp5s/V6zPBR1FQ2iZqAUPBCs27nnL6Zi8/KA8uBDPdswDsRQcwG/UhMNAPqQdTvEGb3zu6jfJ4nM9HUoMHPghSFxpa6LHWZsbVKoD2A3hWWRCDU7c6DLx/jsBCf4a4iQaGcWru3wWQAoZHPviRQD6qm4k5lbIbu7Ra01B4JqCeWkdtoNDcT3brTeg2m95QzprT7uO+yywwpWEOcWGiF1hY1+/vlgqnkEeNE1OmA1G5f09fWugTir+q+5ItsoQNyeNXOGXex34VDG6kS9Sx+XPPOK8fzldX6Lwrd8jPOa1l0nniTkQLCGMmrJdd9D1uNlHs7I25VvSD3zxXy5kLt4/tbrRAHW9ogqulhHAPwQwEMjXBnglJhEFQIpyOV/AenQxz08emEqpxH9UtOrbZze2pxPbxtUp5TcwmB9S6SSE9bfaIb+kbuOLkADWZ8kmJb4+qFP7raNe9XJyhU/J/lzLJzVFTAdt0/T+cGdjM05UL6xL754j/KpLUboPCO+es+d5AvsgN2bo04rGNaiU2veChqW/Vcm6AjJi7g5G/BWl416b4HXXYATJQTOl7LhxjlA6h9pxvnAU4HXlZJD8ih2KzcXYg0+Fz6GCf4qtSt 11 | postgres-password: AgABpjyE4BzuB9+Apoc/A3PazQ3EZcJX+rIz/9ZR/vPb/3afvGHHB4ButlfDDWOJKtLtOQ/YCJb53SQSgY436BdmFSBiWzF3e0KeDoa1IaVB8uJphGJsPP+LUXm3wze/c1/A6f0/h6efEeoWAUIsEuZ6/7ej1yOAalHNF7psVH5NxQo6mpoun5FQ7zh0e6OwNpdT7hcHdtylLkLO3eMEZAVTIX42yYFegAbBwzBVGFWFeHi/eyuDLlKTNmkHUpdLMhaTqu4N8gu2WLBCgVxlA+/z1OgOou2S0vPvPQuZhu7aCP8ZGpkjioKZVUAmrxG8b0lBjkIH3Xb0jevZamzjurTGaO1ypCU1B53IJBRzszkGzU3+UaxLqlL4Y214sOJWqZQgaMHNqqtWZWY97eKorrkm/wcZHnVUN4+3I4zNao3K4ArZXwo+mjuLGOMxnLsY3CReND/RE+dcyBBh+7wuq0ymqdctIOLnxO6aRWjJue4kOjLKngfUH+CCDUP0Nvp8VrOJnsFthsjBR1ixM3AQ/UM0zE7vq+GxqtTllJ6D1xg6/F4B4/LmE1lYj154SPpRM6cz57/m7icf2P9a6NXf4bUXUQ9k4wQ7eOKd98ZTCl63Po6nZyvaHDaHRQ7LNNOmro0TFgdH2ZFXT4AZAuRzjaJrNtFbJaGzfl12wyjCAIrKDuv19QnGpl5vntomu4nuIYO2pniRcvmtv4DI 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: keycloak-postgresql 16 | namespace: keycloak 17 | type: Opaque 18 | 19 | --- 20 | apiVersion: bitnami.com/v1alpha1 21 | kind: SealedSecret 22 | metadata: 23 | creationTimestamp: null 24 | name: keycloak 25 | namespace: keycloak 26 | spec: 27 | encryptedData: 28 | admin-password: AgBkV4yHPgKXwzW5OzetbRPerDc0Lw9427YMzLDlwsC7jHlFRjrzmBMsXClhTiC/Mr5j1VqQx60gU4RlrWIYVxNK3L3qtM2oxLjM5cvbPqYrSmMVQgxWyDpdb73I1pDWcnCILQRKqTDuJ5GTaoE018vH0q+uNceYklyaSIrDj8E4X1d4mjDe/smugnXwsriCTSLGNJIEqt8rG6gCSu/WkxH27SsobEe9YlainsCSa9Gb+9iRlixhH4bRju1tGjlQmDQmIk79WNfrb+DKDWvuTclLFsn1D4uK7AvYMkc6amP+frWnMgeQ/Q273TLFcrsmP7w9Lle+GdQnoBGqoBMG6bcrSQ7BhZCweI4pTbQpG+i1tZgbSLZN8xYCxO8/0VeAnCOFWwlnJ0dazegfEFODKhzRaqSuy8PKjH+qocYnNcsx80fc2eBt4VxS3e6J9yWlhwCINY/VU5dAK7gBr0A9+PY8UTXKX7S13k9h5DpdMo1p+MH4dCu06PPEuY8M2ULngODXFS38K/2g7FTgx+UMGagDtjwPkUhP4z0T6VOrR/TLl/Bk1/SmF5skaVczpWXnrL0hlyYHGeVzD9Aj6g2/2KX7W59yoRVjT2Y5l1dLgZYWDJJECvL85kyy1rkIxlI1luss2+rhPvSt1Fbu8srGlmrY7U7Hj6TGIjygf8MADmUdcTpZgvXk/ZlXqeurENPqOzUXzxorTw== 29 | template: 30 | metadata: 31 | creationTimestamp: null 32 | name: keycloak 33 | namespace: keycloak 34 | type: Opaque 35 | -------------------------------------------------------------------------------- /apps/keycloak/overlays/ops-old/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: keycloak 6 | namespace: keycloak 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://keycloak.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "keycloak.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 80 22 | host: keycloak-http.keycloak.svc.cluster.local 23 | - match: 24 | - uri: 25 | prefix: /auth 26 | route: 27 | - destination: 28 | port: 29 | number: 9990 30 | host: keycloak-http.keycloak.svc.cluster.local 31 | 32 | # --- 33 | # apiVersion: networking.istio.io/v1alpha3 34 | # kind: VirtualService 35 | # metadata: 36 | # name: keycloak-admin 37 | # namespace: keycloak 38 | # annotations: 39 | # link.argocd.argoproj.io/external-link: https://keycloak-admin.devxp-tech.io 40 | # spec: 41 | # hosts: 42 | # - "keycloak-admin.devxp-tech.io" 43 | # gateways: 44 | # - istio-ingress/istio-ingressgateway 45 | # http: 46 | # - match: 47 | # - uri: 48 | # prefix: / 49 | # route: 50 | # - destination: 51 | # port: 52 | # number: 9990 53 | # host: keycloak-http.keycloak.svc.cluster.local 54 | -------------------------------------------------------------------------------- /apps/kiali-operator/base/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: kiali-operator 6 | labels: 7 | kubernetes.io/metadata.name: kiali-operator 8 | backstage.io/kubernetes-id: kiali-operator 9 | istio-injection: enabled 10 | spec: 11 | finalizers: 12 | - kubernetes 13 | -------------------------------------------------------------------------------- /apps/kiali-operator/base/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: kiali 5 | namespace: kiali-operator 6 | labels: 7 | app: kiali 8 | application: kiali 9 | spec: 10 | namespaceSelector: 11 | matchNames: 12 | - kiali-operator 13 | selector: 14 | matchLabels: 15 | app.kubernetes.io/name: kiali 16 | endpoints: 17 | - port: http-metrics 18 | path: /metrics 19 | scheme: http 20 | interval: 60s 21 | -------------------------------------------------------------------------------- /apps/kiali-operator/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kiali-operator", 3 | "userGivenName": "kiali-operator", 4 | "destNamespace": "kiali-operator", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kiali-operator/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/kiali-operator/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | # - cluster-role-binding.yaml 6 | - virtual-service.yaml 7 | - secrets.yaml 8 | -------------------------------------------------------------------------------- /apps/kiali-operator/overlays/ops/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: kiali 7 | namespace: kiali-operator 8 | spec: 9 | encryptedData: 10 | grafanaToken: AgDextIqCXwZTcDrv/zPSy9GreDeEyuZq2iehwri/C//k5f+PdXb6mkIZE8It+2e/zqawlmAJxIXR1S4BFAmRQNHScCDjLH/ADicF3Ut7rousJZb22jj8VwW4LeY+ghDZgAif2oMYxhXzj3TVDvETROgZGkRImoYn4S1xZhAb+Ahi88n/Rr6rzyUv517mXa7yFaoHz0sFtSE/vhARluVEwW4LqS/ksWCnhvt0cGx1KWXfbVekoC6QA78Z2xMduWw66KnqJ1MdYsSP2TOxmqNsfhQqkH8bRugDRzc8IPTa1cYS6FMUg3eMNVXQjpToSIEJI85tbQZi77DM4nTgQEcd1GubB/DrYeiwI1w+LRSbdJIy9eoBN87ML5kC4mCnDGAO6Z4SgAsbgo9qvIifpUqYlt1C7agiuVdcObH7WbQ8wLBH4y+x6pgRxKsldu+0sWfFHLFIY35+qoMKe9GxivBioo9WONSKuExjcyZwuTmNb6tbANSj5ZpwBFhLwaxUwQx8Bp62y0SJ/AI4S2xM1gKJYQECQvIwFMlGLJ3XMhVzA12NGdEummYeaCTzxTlcE4xXau60vfARrEUZVA3uLVYz3yQT2MQll5CuJog0d35vHP+I7qJeTIxGhoo12Bpsc2dhbcxPDFzUHeghJDbEomy4kQDHMPhE2qapDxuJ9yC3Z0B/gVrzH2ONY00FJRDYN3zKARzcBX9pu0HNstM7ECQRuRSZIN7FyV7yTQ6FsixGyQ+T4T8NTq63E88RJnDSa+J 11 | oidc-secret: AgBFCRS4LqZIsSEZf59btJGtiz5OHAmZKAKndrCKH3FfFNAcRZPDdncKTygnT8ARDVMkkzC7ObnuyIiWUQ1X2huqdimtFpPrhchUlnYkk6NWXhyInvWsHzpT/BNPh570hpu7YlNig/mOy8WXXpsXfkNnFQk4rGgfh2oAihr2bNgioGfU7WWtp2KsuhCxcHWIqJJm9GdqqSqafLSSExYjWRVsUmBDtuk8SFZaeW26mZH+7WiQnZ1Bf15T3+KysIreJSZLZt8pt95vZDo2I7HiVGz0CvnO2yTrhIcEaPXessUZZ/FeiP2oM8sI4j+ORM3svJIz3q8CdXR13oAM3jquJVlAJpRbaCA1LaqEUZfOlqSxeQ9ZmSJb8nqw5l9kgA7nMBatGKEY9IXdXkyfhvhqUWsgg6VN7YdWCQkAsGIMNpwAmUMrwwptJZSsHId6HsPMd+NeZElo52d4L1IBOjLLE1hwatWod4PDbHuNya6i804CxQ0eLY0C/DknAKUC0e2hoD+pZNtVY1Mb3+nCmU1wPNrU509RXAKrfab5u+Ne57WYGEDcT0dbJg9eBf+qXyNYOEH2HJbBWzWgcsPr9SXzT8s1kcxBtffR1E51OnZNH7ItRKpsIJEX6t/N/OqBW/YlL+nh/s+d51+vnu8cuNagsrbv0AEaDULIN7J0hAh00M8NLWBoAUZC382L/ZKjrMuh4XRBqctSmfAMdZzvl+TUMoVI 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: kiali 16 | namespace: kiali-operator 17 | type: Opaque 18 | -------------------------------------------------------------------------------- /apps/kiali-operator/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: kiali 6 | namespace: kiali-operator 7 | labels: 8 | app: kiali 9 | annotations: 10 | link.argocd.argoproj.io/external-link: https://kiali.devxp-tech.io 11 | spec: 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | hosts: 15 | - "kiali.devxp-tech.io" 16 | http: 17 | - headers: 18 | request: 19 | set: 20 | X-Forwarded-Port: "443" 21 | route: 22 | - destination: 23 | host: kiali.kiali-operator.svc.cluster.local 24 | port: 25 | number: 20001 26 | -------------------------------------------------------------------------------- /apps/kube-downscaler/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-downscaler 4 | helmCharts: 5 | - name: kube-downscaler 6 | includeCRDs: true 7 | releaseName: kube-downscaler 8 | version: 0.7.4 9 | repo: https://charts.deliveryhero.io/ 10 | valuesInline: 11 | fullnameOverride: kube-downscaler 12 | debug: 13 | enabled: true 14 | -------------------------------------------------------------------------------- /apps/kube-downscaler/overlays/ops-test/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kube-downscaler", 3 | "userGivenName": "kube-downscaler", 4 | "destNamespace": "kube-downscaler", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kube-downscaler/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/kube-downscaler/overlays/ops-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-downscaler 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/base/kube-state-metrics-values.yaml: -------------------------------------------------------------------------------- 1 | kube-state-metrics: 2 | resources: 3 | requests: 4 | cpu: 15m 5 | memory: 105M 6 | limits: 7 | cpu: 90m 8 | memory: 407M 9 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: monitoring 4 | resources: 5 | - prometheus-rules.yaml 6 | helmCharts: 7 | - name: kube-prometheus-stack 8 | releaseName: prometheus-community 9 | version: 61.7.1 10 | repo: https://prometheus-community.github.io/helm-charts 11 | includeCRDs: true 12 | valuesInline: 13 | # fullnameOverride: prometheus 14 | crds: 15 | enabled: true 16 | grafana: 17 | enabled: false 18 | kubeEtcd: 19 | enabled: true 20 | kubeControllerManager: 21 | enabled: true 22 | kubeScheduler: 23 | enabled: true 24 | kubeStateMetrics: 25 | enabled: true 26 | kubeProxy: 27 | enabled: false 28 | kubelet: 29 | enabled: false 30 | defaultRules: 31 | rules: 32 | time: false 33 | kubelet: false 34 | kubeControllerManager: false 35 | kubeSchedulerAlerting: false 36 | kubeSchedulerRecording: false 37 | additionalValuesFiles: 38 | - alertmanager-values.yaml 39 | - kube-state-metrics-values.yaml 40 | - prometheus-operator-values.yaml 41 | - prometheus-values.yaml 42 | 43 | # - name: prometheus-pushgateway 44 | # releaseName: prometheus-community 45 | # version: 2.8.0 46 | # repo: https://prometheus-community.github.io/helm-charts 47 | # # includeCRDs: true 48 | # valuesInline: 49 | # fullnameOverride: prometheus-pushgateway 50 | # serviceMonitor: 51 | # enabled: true 52 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/base/prometheus-operator-values.yaml: -------------------------------------------------------------------------------- 1 | prometheusOperator: 2 | admissionWebhooks: 3 | enabled: false 4 | tls: 5 | enabled: false 6 | tlsProxy: 7 | enabled: false 8 | kubeletService: 9 | enabled: false 10 | createCustomResource: false 11 | resources: 12 | requests: 13 | cpu: 30m 14 | memory: 64M 15 | limits: 16 | cpu: 80m 17 | memory: 128M 18 | prometheusConfigReloader: 19 | resources: 20 | requests: 21 | cpu: 50m 22 | memory: 50Mi 23 | limits: 24 | cpu: 100m 25 | memory: 50Mi 26 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/overlays/ops-bkp/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kube-prometheus-stack", 3 | "userGivenName": "kube-prometheus-stack", 4 | "destNamespace": "monitoring", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kube-prometheus-stack/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/overlays/ops-bkp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/overlays/ops-bkp/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: alertmanager-secret 6 | namespace: monitoring 7 | spec: 8 | encryptedData: 9 | SLACK-TOKEN: AgDE+2o+Rap4IfhOgCxuY1lvuDJVqYi6c7q/NEGn834KOBnAA6JebAJ3JRPpcA64f16+kDM61Q4nQLd8OH+HS5k3DFF75Is5e3ZNLIoZUu/d1VnMnf21eeu4YlTRK4Anjbq1TPXwcNN6oIGCIAgvXJtaxxPlnm3Xt6J4iHIUhm0raeL0FVEwvMNJQA0VL5hAAwa413orQEwwH+NqXOfQVmyXv8nm5EznTJe5tAvohwFr4wQKxseCL4qTTHEZXRQQEDlyuTLXHQGbBifwfP8x0ZPuf6fQbluok8ijMtqxeuSFnjqajDl+/6ywd4de2VURm/8ZSlQgnD7zexOpTVigJ1DHkLK5qj+oT76ND2zW2fcI+fsCxZOZGOJ1aGGAIcVV/k2Lg2XZtW20/qYw+20yLLvKyPJQcJ5BKx2YZhYT6yosGwJm904Fa/8hKrgCsjWumziSuSbcUgKxN2XwGXwhOAy1x4D3ThsRingiB5+I6Ge4U5u7A+pct6hiFo3nRLNvNGwKA7mE0dvNa54Vsp/uHMXDuojZXZ+AWialXbSE2sXKo6E4pK7KGGUWPTy2CoOkpFWtgr0n5Nd/EcdbtoB8g9VzeHuxZSRhS2RzdcBJEIaGgxqhmJ1ezWODJbhQBAIZ7n5ENnmuVwcXvNk/gH2Yy1H08ssDE6W+m5frjmwi35Kc1SZ5pUf1US1xBd5ZIt65kjT/C2yKolR4dXtcRlXtDCtTWocmqhqnPr8GqT8BajdW8b+1cduvvliFAbQOx6lme9lETSD8YYefrwbJ/ldynWEKjO/tBupP/Q1WAB7BqxTOJLg= 10 | template: 11 | metadata: 12 | creationTimestamp: null 13 | name: alertmanager-secret 14 | namespace: monitoring 15 | -------------------------------------------------------------------------------- /apps/kube-prometheus-stack/overlays/ops-bkp/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: prometheus 6 | namespace: monitoring 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://prometheus.dev.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "prometheus.dev.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway-private 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 9090 22 | host: prometheus-community-kube-prometheus.monitoring.svc.cluster.local 23 | 24 | --- 25 | apiVersion: networking.istio.io/v1alpha3 26 | kind: VirtualService 27 | metadata: 28 | name: alertmanager 29 | namespace: monitoring 30 | annotations: 31 | link.argocd.argoproj.io/external-link: https://alertmanager.dev.devxp-tech.io 32 | spec: 33 | hosts: 34 | - "alertmanager.dev.devxp-tech.io" 35 | gateways: 36 | - istio-ingress/istio-ingressgateway-private 37 | http: 38 | - match: 39 | - uri: 40 | prefix: / 41 | route: 42 | - destination: 43 | host: prometheus-community-kube-alertmanager.monitoring.svc.cluster.local 44 | port: 45 | number: 9093 46 | -------------------------------------------------------------------------------- /apps/kubeclarity/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kubeclarity 4 | helmCharts: 5 | - name: kubeclarity 6 | releaseName: kubeclarity 7 | namespace: kubeclarity 8 | repo: https://openclarity.github.io/kubeclarity 9 | version: v2.23.1 10 | valuesInline: 11 | labels: 12 | app: kubeclarity 13 | version: 2.18.1 14 | -------------------------------------------------------------------------------- /apps/kubeclarity/overlays/ops-test/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kubeclarity", 3 | "userGivenName": "kubeclarity", 4 | "destNamespace": "kubeclarity", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kubeclarity/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/kubeclarity/overlays/ops-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /apps/kubecost/base/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | labels: 6 | kubernetes.io/metadata.name: kubecost 7 | backstage.io/kubernetes-id: kubecost 8 | istio-injection: enabled 9 | name: kubecost 10 | spec: 11 | finalizers: 12 | - kubernetes 13 | -------------------------------------------------------------------------------- /apps/kubecost/overlays/ops-bkp/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kubecost", 3 | "userGivenName": "kubecost", 4 | "destNamespace": "kubecost", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kubecost/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/kubecost/overlays/ops-bkp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - virtual-service.yaml 6 | - secrets.yaml 7 | -------------------------------------------------------------------------------- /apps/kubecost/overlays/ops-bkp/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: kubecost-secrets 6 | namespace: kubecost 7 | spec: 8 | encryptedData: 9 | client_id: AgCaFTNcdSsIDIjU67+MBJTWlCQGUBH6jxPzFXkkDqAQaa3InyC0kgp7eyYNm8/VXJJ67w/LMY7PCzwVTfTIAyQ3yLc4LAdcXzTAELVIAyzEvEPNutHpzN6MVvQoztfF2+YGLMMNJGkBwNiLtdUgJ/AnnT2IYeZN+6D0g5iwrAz29hNb2VaHHyq1CNBlJ6s5tyJzsVvrvU3nqwBoEKsBqBMtPXLWjE8Ntrf13k2a/AtCSngEZWS83fnCXdt95RYdbgqsDH1/5uMjLxiCJas1mYO0CgoKo77MdEOwdfHV6VKpY7tlJnDE8BNZ0xRgtvWGM8jmA+9lq5Q2T6f7dWX4PEXBZWIE8Y149Ty54C2YOdnzlwQlPZYpWu8ZV6nne+KAljLcLMQKt4xMm4Ti3N5/vnFLyzzWHXonEFjnUzhEsXjDjm4CMEAinjNjlq0oDmLd+rxZA3XqeS2YWmsbWd3fIL0gnKRiZaUQh3gkn4FJSnnvwWdO5qttTd1rExW3ZDFywDcwdNfzlI7S2xCG9bzHK9DAj+GjWWNHHZDsNiq5wBFkJ7UyStw2bn9J9LScG06pGVe8QaUDoarrNoHeXTdmoWFMzUcuAupeXxC03FcYUm6dX1A6lBPNbbg5knfFop+PbWgXHBdUBAARVOlUurM0TI3KqbVybTX6j6Y4VLH2isw4IHiriUWA6WoIGJOt4oql5NhvwOaGoa4h2ZmPfcST0UE= 10 | client_secret: AgCN9X3pJ2ohHa2jwlQpocXYRYGcZRZQs1X9phFpV1LswYK5sH1hexOCYFmnvaAlDHFQuAPxzEZlirQIwQKN3mckejz9Go57+I8go+k2aCWyQtzxyjqc8vpAPZdGyvkiQwSDOHOdjNXGcvR2b21r1H+hVPQIAvepUadIVUaP+SW5yiC0gOhM6FfogRCSzSd5AOVGuPo9pU5hOqKD6IfmXmwDDIYgLjthc3E5im65XZ9dcWbcNQe8WIXJ42gJZT+BXgsUq9ri4cBrfkOXoHF4xfiT5w8ItFbNsPAhuNE7O1uvDc6ZkCTKd9V3khs19dSlSObcBHRftx6mnLWzvklAnWmppSaPVPpT/nYhm2YSlY+lCgJ4tGNOMubJ+ubOpemdf57s4M4FTCyIlsTCTIVDlo78MBmNhoT0le0NAI8JC5N/qqpp8geaEh1HnQZeAckJP30oI3PKhG+vbhEs/HutROmzHF9cyV1mYCPXJexU30iHFV+/9TH4TpXb2AUTucuEHwt4xLj3LeuJhYfynv6b2MlcgbxZIfK1UmZUNZUanSQiYPmAr+4WZ3knhIpmA0H0N8fAunxFo39sKT0giHSF9hwTrPsAPQAhANfk+DVfnrHd3OjMrIS24K77LXdlMp89Y2f0DASO5Rtvo1ak8eSP/dWlVhmIgdIs54Gtb6yKHIvXX62sCyzHF1X1yNXfog9B2DVoIthXCR08RtRYb1m/Zn/Zp8f/9m0vH2l6S4FjXKPw8LuHf/m2es/X 11 | clientID: AgAHoCilQrlKL04gBU+pSWweyEjWKNAk5jtLECAo1xgbjIJ/T7W9lLXqzyLXJYDrkMOKcK3DS+Nbe5g5xgSO1CVJOxmDTsw9ssvpGJLDa22v2KZYkugjUwx3sWexkf9YvsC4Un1VIrEk+f2WjQVXrj9u4GmW2b+rM6wkpKDY/Hin1Z7/8+lcs0nZOBYqlUz3RAKCdoF4h/euKijQ0vSPfhj3pY2pngB2HM6P8M+G6W+mMcWgRCTqf1OGOaG2MYzmy+FfG5pfkdmYeH/SdNENqJxQSO/mklHGZReblipeE4qv0dk3xtS5buZsN8BfulbDV0FneUjj61JasbL6VLctkifpupSQGt3qdl33elaj9QL/V+QJydBlYdcnt6jdSErnF1aJr1rSUSwQ2591clEy6ThFNTbzU/jqGQ4WG0XgM1Bkzk8VrHPC2E7YQ2SxpprRRq0zwk692QUi1qViUCCkfyQlKasPtmrS33c/9yBF3oTYhUmllzXPfdiifn2ovWZ4P6adOWPmOfu0c1y1TPsldoXLJOwJqCdDPqqSbD1hOgeIaoKAXNdGmkKynKgK9DuOYdLJTtIySu4aJ/LtVF9zRfuyw1sauoImhjxpAh4DxcdPV/MfgrYSbKfFUTjO5L/9qLkdClpx0ZwZNUM2G3Zk5hc4r5RxOldwAS83tGzWMy6hSZLNsPbes1Rcgv2UPn5fZFOPCljf3sdn9n6DZbpMdUk= 12 | clientSecret: AgA5J4Biw98bEeSJveeH8Q5x7dp5E8Kq6bZUnTbxsj3cIraeB4DSxOw78/h+5DQzUq0ncgCw8t4L1R77cEyJId+WklV1cMZ+bIjuLQ94BX4mpp3avKZrl5MNA7jXqfxlvO1NWnTTEJ/Mgv8BOhwrKr/TnTfjSPg0ps5dKanpx++PYoAQgy7H/ahGS5fNOS20H2aCYsueLiai7dq9L/WdBhU0adz8cDp0F1ydjbAC2yK2vi8qaEOXNrEz+kuj0FMT1f1dGxTxuUIUHi7Uu7ZYFQc2UGyK8WPn4YhJugdwZ4LWi6oVHgKLY+qDZEj7U1bRO9FRjF/fLfDwtags8JGWbn6DZ4h0dF8hNVIz7YzmJUfisag0vWeDRbI4Lys0qNjN5BA3wrIR7yZ9atFOa9/km3lR8RDef3vby4nWrJC0J+UcEKm7+fxZLJks37Hp1TFxocoJ47mKFdj7L8P0J7+ajF//zFo99iThq970enJWtfRUIrwMFhokcmUr2jwe0bR/7r0oX6fjPXaMX4N8f9samoiOslHqAzCj1Q2630hGC8AFeg/umh3eXhYB6/lFs8H1V43Mw628G0VwyB9fvY9yqrbzeNFVqOczilKEBIhaS7V+hMFQDv7MqGWzthCvo8yXQlszISBFPA4gRzSeobYtbqXYjdfzIwbPGjG391Wnu0SsjRMS+vHdDLq2+pGGS3JdxvzQVhINiKSSoASYJeettCjB06rNoUR2CsCNqUZqVzLccYmmWVD6a8oH 13 | template: 14 | metadata: 15 | creationTimestamp: null 16 | name: kubecost-secrets 17 | namespace: kubecost 18 | -------------------------------------------------------------------------------- /apps/kubecost/overlays/ops-bkp/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: kubecost 6 | namespace: monitoring 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://kubecost.dev.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "kubecost.dev.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway-private 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 9090 22 | host: kubecost-cost-analyzer.kubecost.svc.cluster.local 23 | -------------------------------------------------------------------------------- /apps/kyverno/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kyverno 4 | # patches: 5 | # - target: 6 | # kind: CustomResourceDefinition 7 | # patch: |- 8 | # - op: remove 9 | # path: /metadata/labels/app.kubernetes.io~1instance 10 | helmCharts: 11 | - name: kyverno 12 | # includeCRDs: true 13 | releaseName: kyverno 14 | namespace: kyverno 15 | version: 3.2.4 16 | repo: https://kyverno.github.io/kyverno 17 | valuesInline: 18 | fullnameOverride: kyverno 19 | crds: 20 | install: true 21 | 22 | # networkPolicy: 23 | # enabled: true 24 | # namespace: kyverno 25 | # cleanupController: 26 | # enabled: true 27 | # replicaCount: 1 28 | # - name: kyverno-policies 29 | # releaseName: kyverno-policies 30 | # version: 2.7.0 31 | # repo: https://kyverno.github.io/kyverno 32 | -------------------------------------------------------------------------------- /apps/kyverno/overlays/ops-test/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "kyverno", 3 | "userGivenName": "kyverno", 4 | "destNamespace": "kyverno", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/kyverno/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/kyverno/overlays/ops-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kyverno 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/loki/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: logging 4 | -------------------------------------------------------------------------------- /apps/loki/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "loki", 3 | "userGivenName": "loki", 4 | "destNamespace": "logging", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/loki/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/metrics-server/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | helmCharts: 5 | - name: metrics-server 6 | releaseName: metrics-server 7 | version: 3.12.1 8 | repo: https://kubernetes-sigs.github.io/metrics-server/ 9 | valuesInline: 10 | metrics: 11 | enabled: true 12 | args: 13 | - --kubelet-insecure-tls 14 | - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname 15 | - --kubelet-use-node-status-port 16 | -------------------------------------------------------------------------------- /apps/metrics-server/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "metrics-server", 3 | "userGivenName": "metrics-server", 4 | "destNamespace": "kube-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/metrics-server/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/metrics-server/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /apps/mimir/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "mimir", 3 | "userGivenName": "mimir", 4 | "destNamespace": "monitoring", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/mimir/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/mimir/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - virtual-service.yaml 6 | -------------------------------------------------------------------------------- /apps/mimir/overlays/ops/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: mimir 6 | namespace: monitoring 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://mimir.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "mimir.dev.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway-private 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 80 22 | host: mimir-nginx.monitoring.svc.cluster.local 23 | -------------------------------------------------------------------------------- /apps/nexus/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: nexus 4 | helmCharts: 5 | - name: nexus-repository-manager 6 | releaseName: nexus-repository-manager 7 | version: 64.2.0 8 | repo: https://sonatype.github.io/helm3-charts 9 | valuesInline: 10 | nameOverride: nexus 11 | -------------------------------------------------------------------------------- /apps/nexus/overlays/ops-old/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "nexus", 3 | "userGivenName": "nexus", 4 | "destNamespace": "nexus", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/nexus/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/nexus/overlays/ops-old/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - virtual-service.yaml 6 | -------------------------------------------------------------------------------- /apps/nexus/overlays/ops-old/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: nexus 6 | namespace: nexus 7 | spec: 8 | hosts: 9 | - "nexus.devxp-tech.io" 10 | gateways: 11 | - istio-ingress/istio-ingressgateway 12 | http: 13 | - match: 14 | - uri: 15 | prefix: / 16 | route: 17 | - destination: 18 | port: 19 | number: 8081 20 | host: nexus-repository-manager.nexus.svc.cluster.local 21 | -------------------------------------------------------------------------------- /apps/opentelemetry-operator/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: opentelemetry-operator 4 | helmCharts: 5 | - name: opentelemetry-operator 6 | includeCRDs: true 7 | releaseName: opentelemetry-operator 8 | namespace: opentelemetry-operator 9 | version: 0.64.4 10 | repo: https://open-telemetry.github.io/opentelemetry-helm-charts 11 | valuesInline: 12 | # nameOverride: opentelemetry-operator 13 | admissionWebhooks: 14 | # create: false 15 | certManager: 16 | enabled: true 17 | autoGenerateCert: 18 | enabled: true 19 | servicePort: 443 20 | failurePolicy: Ignore 21 | manager: 22 | collectorImage: 23 | repository: "otel/opentelemetry-collector-contrib" 24 | prometheusRule: 25 | enabled: true 26 | serviceMonitor: 27 | enabled: true 28 | # env: 29 | # ENABLE_WEBHOOKS: "false" 30 | # crds: 31 | # create: true 32 | -------------------------------------------------------------------------------- /apps/opentelemetry-operator/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "opentelemetry-operator", 3 | "userGivenName": "opentelemetry-operator", 4 | "destNamespace": "opentelemetry-operator", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/opentelemetry-operator/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/opentelemetry-operator/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: opentelemetry-operator 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/otel-collector/base/collector-image.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/devxp-tech/gitops/6893145fc32c6f9804badf006b9b08867b4c9959/apps/otel-collector/base/collector-image.png -------------------------------------------------------------------------------- /apps/otel-collector/base/instrumentaion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: opentelemetry.io/v1alpha1 2 | kind: Instrumentation 3 | metadata: 4 | name: default 5 | spec: 6 | exporter: 7 | endpoint: http://otel-collector.observability.svc.cluster.local:4317 #4318 8 | propagators: 9 | - tracecontext 10 | - baggage 11 | - b3 12 | sampler: 13 | type: parentbased_traceidratio 14 | argument: "1" 15 | -------------------------------------------------------------------------------- /apps/otel-collector/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: observability 4 | resources: 5 | - collector.yaml 6 | - instrumentaion.yaml 7 | # - service-monitor.yaml #enabled remote write 8 | -------------------------------------------------------------------------------- /apps/otel-collector/base/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | name: otel-collector 5 | namespace: observability 6 | labels: 7 | app: otel-collector 8 | application: otel-collector 9 | app.kubernetes.io/name: otel-collector 10 | spec: 11 | namespaceSelector: 12 | matchNames: 13 | - observability 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: otel-collector 17 | endpoints: 18 | - port: prometheus #tcp-node 19 | path: /metrics 20 | scheme: http 21 | interval: 30s 22 | honorLabels: true 23 | 24 | --- 25 | apiVersion: monitoring.coreos.com/v1 26 | kind: ServiceMonitor 27 | metadata: 28 | name: otel-collector-monitoring 29 | namespace: observability 30 | labels: 31 | app: otel-collector-monitoring 32 | application: otel-collector 33 | app.kubernetes.io/name: otel-collector-monitoring 34 | spec: 35 | namespaceSelector: 36 | matchNames: 37 | - observability 38 | selector: 39 | matchLabels: 40 | app.kubernetes.io/name: otel-collector-monitoring 41 | endpoints: 42 | - port: monitoring 43 | path: /metrics 44 | scheme: http 45 | interval: 60s 46 | honorLabels: true 47 | -------------------------------------------------------------------------------- /apps/otel-collector/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "otel-collector", 3 | "userGivenName": "otel-collector", 4 | "destNamespace": "observability", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/otel-collector/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/otel-collector/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: observability 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/promtail/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: logging 4 | helmCharts: 5 | - name: promtail 6 | includeCRDs: true 7 | releaseName: promtail 8 | version: 6.16.0 9 | repo: https://grafana.github.io/helm-charts 10 | valuesInline: 11 | fullnameOverride: promtail 12 | # serviceMonitor: 13 | # enabled: true 14 | # prometheusRule: 15 | # enabled: true 16 | resources: 17 | requests: 18 | cpu: 100m 19 | memory: 64Mi 20 | limits: 21 | cpu: 200m 22 | memory: 128Mi 23 | affinity: 24 | nodeAffinity: 25 | requiredDuringSchedulingIgnoredDuringExecution: 26 | nodeSelectorTerms: 27 | - matchExpressions: 28 | - key: eks.amazonaws.com/compute-type 29 | operator: NotIn 30 | values: 31 | - fargate 32 | config: 33 | enableTracing: true 34 | clients: 35 | - url: http://loki-gateway.logging.svc/loki/api/v1/push 36 | external_labels: 37 | cluster: vex-dev-usea1-eks 38 | environment: development 39 | snippets: 40 | # extraRelabelConfigs: 41 | # - actions: replace 42 | # target_label: cluster 43 | # replacement: "vex-dev-usea1-eks" 44 | pipelineStages: 45 | - cri: {} 46 | - drop: 47 | source: "container" 48 | expression: "istio-proxy" 49 | - drop: 50 | source: "container" 51 | expression: "istio-init" 52 | - match: 53 | selector: '{app="hotrod"}' 54 | stages: 55 | - regex: 56 | expression: ".*(?Ptrace_id\"\\S)\\s\"(?P[a-zA-Z\\d]+).*" 57 | trace_id: trace_id 58 | - labels: 59 | trace_id: 60 | - json: 61 | expressions: 62 | timestamp: "'@timestamp'" 63 | version: "'@version'" 64 | message: message 65 | logger_name: logger_name 66 | thread_name: thread_name 67 | level: level 68 | level_value: level_value 69 | trace_id: trace_id 70 | span_id: span_id 71 | - labels: 72 | level: 73 | message: 74 | service: 75 | span_id: 76 | trace_id: 77 | - metrics: 78 | grpc_latency: 79 | type: Histogram 80 | description: "gRPC latency (ns)" 81 | source: latency 82 | config: 83 | buckets: [0, 10000000, 20000000, 30000000, 50000000, 80000000, 100000000, 500000000, 1000000000, 10000000000, 100000000000, 1000000000000] 84 | - timestamp: 85 | format: RFC3339 86 | source: "time" 87 | - output: 88 | source: message 89 | -------------------------------------------------------------------------------- /apps/promtail/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "promtail", 3 | "userGivenName": "promtail", 4 | "destNamespace": "logging", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/promtail/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/promtail/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: logging 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/sealed-secrets/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: kube-system 4 | helmCharts: 5 | - name: sealed-secrets 6 | releaseName: sealed-secrets 7 | version: 2.15.3 8 | includeCRDs: true 9 | repo: https://bitnami-labs.github.io/sealed-secrets 10 | valuesInline: 11 | fullnameOverride: sealed-secrets-controller 12 | -------------------------------------------------------------------------------- /apps/sealed-secrets/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "sealed-secrets", 3 | "userGivenName": "sealed-secrets", 4 | "destNamespace": "kube-system", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/sealed-secrets/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/sealed-secrets/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /apps/sonarqube/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: sonarqube 4 | resources: 5 | - ns.yaml 6 | # commonLabels: 7 | # app: sonarqube 8 | # version: 10.0.0 9 | helmCharts: 10 | - name: sonarqube 11 | releaseName: sonarqube 12 | namespace: sonarqube 13 | version: "10.6.0+3033" 14 | repo: https://SonarSource.github.io/helm-chart-sonarqube 15 | valuesInline: 16 | resources: 17 | requests: 18 | cpu: 120m 19 | memory: 2048M 20 | limits: 21 | cpu: 360m 22 | memory: 6144M 23 | # prometheusExporter: 24 | # enabled: true 25 | prometheusMonitoring: 26 | podMonitor: 27 | enabled: true 28 | interval: 60s 29 | postgresql: 30 | resources: 31 | limits: 32 | cpu: 90m 33 | memory: 128Mi 34 | requests: 35 | cpu: 10m 36 | memory: 84Mi 37 | -------------------------------------------------------------------------------- /apps/sonarqube/base/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sonarqube 6 | annotations: 7 | downscaler/downtime: Mon-Sun 16:30-09:00 UTC 8 | labels: 9 | kubernetes.io/metadata.name: sonarqube 10 | backstage.io/kubernetes-id: sonarqube 11 | istio-injection: enabled 12 | spec: 13 | finalizers: 14 | - kubernetes 15 | -------------------------------------------------------------------------------- /apps/sonarqube/overlays/prd-bkp/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "sonarqube", 3 | "userGivenName": "sonarqube", 4 | "destNamespace": "sonarqube", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/sonarqube/overlays/prd", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/sonarqube/overlays/prd-bkp/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/sonarqube/overlays/prd-bkp/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: sonarqube-postgresql-secret 6 | namespace: sonarqube 7 | spec: 8 | encryptedData: 9 | password: AgBIlrwOjZW65OqBD160IuDnU+g1Iy2Ta7YHyXsk8Ep/upm0j50kBBaDhbdA3znKphe9nj8mck3oz9oH6/4YMh3eDHUISzkt+Ix6Q8bnochUEkPzUEy0E1McQU2GTkyyB45cddsoHxL9F7iVtGbtJn6y1IrhU3ChMEvvnByAA0AZS8v0gjC0eUjZq/dRKDmiUBUTmZfbIVLh37rpoaXc8hAmrPYp+AjMa2OeSuGHAFqOI8zOpgScS7kwMThPf33UCO/UYl+pYOM+LbeJTOUD3q0dN+vBn+2KgULhewUpLLwOCdqmNGQ69T8gsFoTxRVXmByuFPJRyH7pGhetX0leJ3wMINmo32T4cHksPEj5YhOlTRf2kEEwJrMIiIrTiBJ6rIqj0E1hpqHdEHQrpqTt5SphKjyzy06S7+ui5eHKw5gWKr+T9fskK4OjuSan8YqLc9VWtxW8LPBIAEJDeu7/c8gn+E1jYiiayFX/G3lzdJ3kSGwxXTyVCX46JRnLKCwLcyzruZwCSYG1CS8F/d5NdP6zzERTCEzNlOY6UFx8tGrhv/79lgES3yph7lHk4P85KoHSrXiSb0bI1A+HYf83e84mKP3y+IhYnAfVgPNZEj5WaawkJrz4DOH12zJimEwKnWt+5Y6Bf+N4mu9UsZkBQyD9Uu5WBz7nevFGOzOk2KNXesy3h8pt2Z2MLM+DkVCdLT+y2vLqbeVciE2OL9DrDw== 10 | postgres-password: AgCJbfZkDtwrVlwE/wMdjMlvVIn6Tr/MvlHzWVTHybdX60v/1LAFJ1cm23nSL8AsunqSztzaZZOO4MtZC9YgSaAxTsb8UOWeKhHNcfqT0yw5/5CYpeuJIUsB1kEKuyg1jKTY4ovafv+Smy28qjyyrrU/QGCn66hBc9V1kS7LIfpBosQM0uYzeFXxWgOSHUd2ehYRFt8z5KKpA4R9E3VZsVg87KRZIJphseM+xlu3JNJPBhI39bpZ1orQAOilkQpe1YaIBmD55VRhe7HLKm/CgknZOWKgq4hCsxvWXPnwevq2zpd/0xzMTTVKQly653CMUaWQ50+ecTM9M7WYZ1ReLpC8x4v2NT+M5xQv5MjNsqd8JdRgijQ4n+lrjwwYSc/XpKqC5ZDDTGthUsDkVyuyUNX3q5dOZfOb7/qG69YvRO3NIYdp8y5BE/Bdj8B2tGFhKC5EISg8wUqyXR4ciq31B+aoAXLnaZbtfEwzlw71S+v5p9vUlwuhokKJWrOqiFuU8ar0C+2Xi3f8W6lbuQxLQ/Tp6q9MGZIUSGQMwX4ZSLsV5Cn9v6L3GAbfLMBr4CXFmvyE7web0Gvs+EBUsvuBDNwk0M8KvP4Zbf6lzEocjCIexq8LbQWrXKORzZ2z6/vlmdzSX/adhgPQ0RKw4QE3rAmw+a56YGsokQkZ1HzjHGXui18P+zJ4ZDj7J5PbvkwqJnaHxLXJre1MYHrL6g2WEQ== 11 | sonarqube-password: AgC9vCg8nkhEUN7ShJh8gva/FWhe+sQYrkYaY80c0Jf3Af6XvZkz1X2Nf5CjOX3ZUxawbaz73P5nTXbnh2CpRsYQESvBPtHwcNgV4CHrUv3hS35T0ZaZb0QZQiNKVujXy4v4Nw/MGBwEsde2HDqVfdFuQQht5FmgsWAZMs1IRw0mjzeKSkHHg+tXaVvScXl0y1e0IBbX+ooZDmLrkDCOD5e4uy/IHm7HIzuSRfIi/qCPsy//EgmyGjStUy7LLdBhiqLNE66CQJq4D8Cvdg0dsfNbaPSkfxiOCQZh9dxoTnhUMsqb15r8LRDlOjJy9PhavuFwsYadSB1KHpEghxqm1xKFTUyumVCfnt+PSdguD3bC26f0Bn3TyEkg49luIhPoet5pXbcyIa5HGWZeoZlEmfP0ej3pUYK6DQZS5D4JBC6dmWgpjZnjkjx07OTgK93tRyzr4P6FiB7XEW6hP7qsjO+wXQKROElrtf6IvxG8+uX2LILykTifdDisXKUIrX/nwZ0p3cfAgEAiWwxODPnZ2we8wPamdBeUMj3svropbKp2wnr+9t4iS0KMw0ny3BqgBsBlCe43eCmmOsbGYtlNMds+GHYwNxrdPNS0C+BVGrB2fLHgaBfpXLT3UgpGg6V55FnxZ6fhdqN4TXUvFUEOLeLSgcqO7qe9zyVQz2NDsfcSJVBvQoR3TVRJtA4tS9h88uB+1uWicYFL0Sy+cm8vJg== 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: sonarqube-postgresql-secret 16 | namespace: sonarqube 17 | type: Opaque 18 | -------------------------------------------------------------------------------- /apps/sonarqube/overlays/prd-bkp/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: VirtualService 3 | metadata: 4 | name: sonarqube 5 | namespace: sonarqube 6 | annotations: 7 | link.argocd.argoproj.io/external-link: https://sonar.devxp-tech.io 8 | spec: 9 | hosts: 10 | - "sonar.devxp-tech.io" 11 | gateways: 12 | - istio-ingress/istio-ingressgateway 13 | http: 14 | - match: 15 | - uri: 16 | prefix: / 17 | route: 18 | - destination: 19 | port: 20 | number: 9000 21 | host: sonarqube-sonarqube.sonarqube.svc.cluster.local 22 | -------------------------------------------------------------------------------- /apps/template-java/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: template-java 4 | # resources: 5 | # - instrumentation.yaml 6 | # - collector.yaml 7 | -------------------------------------------------------------------------------- /apps/template-java/overlays/dev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "template-java", 3 | "userGivenName": "template-java", 4 | "destNamespace": "template-java", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/template-java/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/template-java/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: template-java 4 | resources: 5 | - ../../base 6 | helmCharts: 7 | - name: devxp-app 8 | releaseName: devxp-app 9 | version: 0.2.85 10 | repo: https://devxp-tech.github.io/helm-charts 11 | valuesInline: 12 | name: template-java 13 | global: 14 | network: 15 | domain: devxp-tech.io 16 | actuator: 17 | enabled: true 18 | instrumentation: 19 | enabled: true 20 | language: java 21 | image: 22 | repository: ghcr.io/devxp-tech/template-java 23 | tag: 16fcee54 24 | autoscaling: 25 | enabled: true 26 | minReplicas: 1 27 | maxReplicas: 1 28 | targetCPUUtilizationPercentage: 80 29 | resources: 30 | requests: 31 | memory: 192Mi 32 | cpu: 20m 33 | limits: 34 | memory: 350Mi 35 | cpu: 80m 36 | monitoring: 37 | serviceMonitor: 38 | enabled: true 39 | livenessProbe: 40 | enabled: false 41 | readinessProbe: 42 | enabled: false 43 | quota: 44 | enabled: true 45 | requests: 46 | memory: 1Gi 47 | cpu: 1 48 | limits: 49 | memory: 2Gi 50 | cpu: 2 51 | -------------------------------------------------------------------------------- /apps/template-java/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: template-java 4 | resources: 5 | - ../../base 6 | helmCharts: 7 | - name: devxp-app 8 | releaseName: devxp-app 9 | version: 0.2.81 10 | repo: https://devxp-tech.github.io/helm-charts 11 | valuesInline: 12 | name: template-java 13 | image: 14 | repository: ghcr.io/devxp-tech/template-java 15 | tag: 742f377e 16 | autoscaling: 17 | enabled: true 18 | minReplicas: 1 19 | maxReplicas: 3 20 | targetCPUUtilizationPercentage: 80 21 | resources: 22 | requests: 23 | memory: 64Mi 24 | cpu: 50m 25 | limits: 26 | memory: 128Mi 27 | cpu: 100m 28 | network: 29 | enabled: true 30 | domain: devxp-tech.io 31 | service: 32 | type: ClusterIP 33 | port: 80 34 | probe: 35 | enabled: true 36 | livenessProbe: 37 | path: /health-check/liveness 38 | port: 8080 39 | readinessProbe: 40 | path: /health-check/readiness 41 | port: 8080 42 | deploy: 43 | enabled: true 44 | sa: 45 | enabled: true 46 | quota: 47 | enabled: true 48 | requests: 49 | memory: 1Gi 50 | cpu: 1 51 | limits: 52 | memory: 2Gi 53 | cpu: 2 54 | -------------------------------------------------------------------------------- /apps/tempo/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: observability 4 | helmCharts: 5 | - name: tempo 6 | includeCRDs: true 7 | releaseName: tempo 8 | version: 1.10.3 9 | repo: https://grafana.github.io/helm-charts 10 | valuesInline: 11 | replicas: 1 12 | serviceAccount: 13 | name: tempo 14 | annotations: 15 | eks.amazonaws.com/role-arn: arn:aws:iam::239468932737:role/vex-dev-usea1-eks-tempo-sa 16 | automountServiceAccountToken: true 17 | # nodeSelector: 18 | # topology.kubernetes.io/zone: us-east-1a 19 | serviceMonitor: 20 | enabled: true 21 | tempo: 22 | enabled: true 23 | metricsGenerator: 24 | remoteWriteUrl: http://mimir-nginx.monitoring.svc:80/api/v1/push 25 | storage: 26 | trace: 27 | backend: s3 # we're using minio anyway! 28 | s3: 29 | bucket: vex-dev-usea1-eks-s3-traces 30 | endpoint: s3.us-east-1.amazonaws.com 31 | region: us-east-1 32 | gateway: 33 | enabled: true 34 | tempoQuery: 35 | enabled: true 36 | service: 37 | port: 16685 38 | searchEnabled: true 39 | storage: 40 | trace: 41 | backend: s3 # we're using minio anyway! 42 | s3: 43 | bucket: vex-dev-usea1-eks-s3-traces 44 | endpoint: s3.us-east-1.amazonaws.com 45 | region: us-east-1 46 | receivers: 47 | jaeger: 48 | protocols: 49 | grpc: 50 | endpoint: 0.0.0.0:14250 51 | thrift_binary: 52 | endpoint: 0.0.0.0:6832 53 | thrift_compact: 54 | endpoint: 0.0.0.0:6831 55 | thrift_http: 56 | endpoint: 0.0.0.0:14268 57 | otlp: 58 | protocols: 59 | grpc: 60 | endpoint: "0.0.0.0:4317" 61 | http: 62 | endpoint: "0.0.0.0:4318" 63 | zipkin: 64 | -------------------------------------------------------------------------------- /apps/tempo/overlays/ops/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "tempo", 3 | "userGivenName": "tempo", 4 | "destNamespace": "observability", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/tempo/overlays/ops", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/tempo/overlays/ops/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: observability 4 | resources: 5 | - ../../base 6 | -------------------------------------------------------------------------------- /apps/teste-loki/base/auth-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1beta1 2 | kind: AuthorizationPolicy 3 | metadata: 4 | name: teste-loki-policy 5 | namespace: teste-loki 6 | spec: 7 | selector: 8 | matchLabels: 9 | app: teste-loki 10 | action: DENY 11 | rules: 12 | - to: 13 | - operation: 14 | methods: ["GET", "POST", "OPTIONS", "DELETE", "PATCH"] 15 | when: 16 | - key: request.headers[x-envoy-external-address] 17 | notValues: 18 | - "94.62.74.120" # Diego 19 | -------------------------------------------------------------------------------- /apps/teste-loki/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: teste-loki 4 | # resources: 5 | # - auth-policy.yaml 6 | -------------------------------------------------------------------------------- /apps/teste-loki/overlays/dev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "teste-loki", 3 | "userGivenName": "teste-loki", 4 | "destNamespace": "teste-loki", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/teste-loki/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /apps/teste-loki/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: teste-loki 4 | resources: 5 | - ../../base 6 | - secrets.yaml 7 | helmCharts: 8 | - name: devxp-app 9 | releaseName: devxp-app 10 | version: 0.2.85 11 | repo: https://devxp-tech.github.io/helm-charts 12 | valuesInline: 13 | name: teste-loki 14 | 15 | image: 16 | repository: ghcr.io/devxp-tech/teste-loki 17 | tag: cd6fc9c0 18 | 19 | instrumentation: 20 | enabled: true 21 | language: go 22 | 23 | # podAnnotations: 24 | # instrumentation.opentelemetry.io/otel-go-auto-target-exe: '/app' 25 | 26 | monitoring: 27 | serviceMonitor: 28 | enabled: true 29 | 30 | envFrom: 31 | - secretRef: 32 | name: postgres-secrets 33 | 34 | network: 35 | domain: devxp-tech.io 36 | 37 | quota: 38 | enabled: true 39 | 40 | resources: 41 | requests: 42 | cpu: 10m 43 | memory: 32Mi 44 | limits: 45 | cpu: 30m 46 | memory: 64Mi 47 | 48 | autoscaling: 49 | enabled: true 50 | minReplicas: 1 51 | maxReplicas: 1 52 | targetCPUUtilizationPercentage: 80 53 | -------------------------------------------------------------------------------- /apps/teste-loki/overlays/dev/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: postgres-secrets 6 | namespace: teste-loki 7 | spec: 8 | encryptedData: 9 | POSTGRES_DB: AgBXHEkQH1Z9R3CcW1KhnkYJUzAgmpy0WF0ubFz/Q2Ey4uZkRfOli8nm5SU2N8NwcgpEK2PqxqUE9uXVX1UUSAlH2dGUIVaCwAXTn1gowFA0o/HomxUBgnx97T/JSUvMycyQNBodN81KxO7oRc1dMoOIAhv4twKz0Bs1RJmb3d9cj9bpDSMk5G2m3e2kqIi9QkML+y7f+dmypD4fcd7WnaYD8Z66iT8Ak2PPlgCm/yRRqLa0r3mbY0+bp4EGVyiZsTFfBl4RLpL6mFrpZ4bFFJ/K5AAA1th+V5n73WBQIsYc7PoNwo8gWUsPyor6SchtPJlOslZLm6/N5J/ik6Kb5QLwoLTVks3OtWSzd8iiunAJA8mGGpqYHswalBHesqPhuS2Qa9QKAi76YJa52Gc3Ri8FfOfYnrwR0IEwxFqNDEbfQAua1Ei8YtkyfvHvp7+LzQcDUWy64CDpNygl3WB5Re2NLJLqAoXLzFswN9lYarfHGDo4YdgA0qevOyONX2Yi1fgwsCod2LOWPb6Q45ij2vol4u9IMp1N7ORSAWXGxVs53DQ6ghqgirVqblObnn2o8JmNZO8v5CUmQUs25Ms0FfYkFGxtJ9Jbt9qYHOIwwN+Ih372PB9SlWcjpbUeM/MTZ90kna+1F7JGv544U61/rRYagyozZTbNvWKQ5F65/XUFA1E0BEfvo7jPWQWpgQQdNuKq0uWjJkBOqvOz 10 | POSTGRES_HOST: AgCuZOIBrOHVCvshsx0FIxuEs7FEvA5H2Od3rV9isWGZIQNQU1DLCMICJjHhrK/+REsBAXL2+Bu6Ph11JXb4nuUgnf/nqX7KJ/YfWAJDbu+6EQo078fBRyW8/JQcR+SOg3qx3lQquO2LaqHhpc9Q1Xfd5T8RRT8lyUzmNKGz311IlWhwhOoOUsJ7av7nJvRSHWvF+jiah7UtqwBA0m5MMJgx3huSuBBoT/itncDqTfH/f0lILAisM9G8tk82xwa9NSpx0t3inKkPVHy2p4nIh8bAqcz/AJk3Zjn3DhGa2VTRBPVrFDzRGWlo5rjtKXmZkkliS8dKtFpClOJcmw14B/PrFWuk+bbp2249ox2mbXLQhtTUBPoY8ze51+wj/rYCawuIFDuQjtVZPZxJHId96w32OvRCA+leYWQomvBt4n3scq5Z0gf1IMEUBZA07WlHu7GtGfrw7GPctvcwIp1vDEkJuljfos5o7xF8RCCZrUQA3REWepItbGgMZvqBo46NJr0qWYRn9crZm+nA7tFyVhWNdbZ6jyz148VQt7lGDZZpjynUt1G70qBWFaiZJUICtYLrk0mkQw083Q295qk8rvcqduBpqFjLUYWc9+dtJxb5k21lBDBTFtzcjGkWoaf/gSeg6WHjn0pDJwQq8j3vT7zEtqkc9LpnUTEAXi9hhej5RMX2D+XvYBStjEWRWDqcPOTy4S3TsoRFRM2r 11 | POSTGRES_PASSWORD: AgAFwfDe2FRlaxJaMkHu1iO9s67F7R4BtBQFcOgbEWTmow+g/Xk/OM7h5ArZ4+3czZrgHBH0uV2eMTMcTS30Pw1eoQW1yOh55YrJOZvW0xccelTjHX17XrzCl+wmaFZPpVub1ASKx0W0hoWRyuulgTx/JbrPiPRHs4nfujTLIvnnwOyIlSz/p01Pt7fMljl8FN/Qkr1YtnHypFsty39N7wZqDNDZZQ5g4pWYWeIq2Xwv3mSaNAsl0QY+o4aWAFPRC6uZ7AFIy58I+elnetIlAO3RhhY2tktA8YNpNcYl9suhh+wc0RFigG0rin3NNxhxsPngt+mMd5pIkSNbdHVgp5Cy0bOmg6iMo+TIuYam10mu79cl9UtGdAYUlY4E0zjWO0I8cNHdI3f2DtV5sbRaHjDG5sm3kRfRtwltibO1zby6v4DnxRRfgYc/uwp63qsR2JgRikdl10Q7dfN0VB+P4tS+6D6YfsarcPXk2RuoSFCjL/Q4TlL+o3Tv/g7Oll5hYaUzK8P5OVpN1bue+RmuMVEHBFvODULts+JW1EvzH5Zx8TgZmIdYUAqfOl87561Ptz1uL5GunhZba3BhHx4GGVo9vcsZxcipHnPnCCRxb8imFC5oGbgxTpUIf63Wh5zeoif9vLRvvfZP2QzCIg1zKj9p1LdG2+uxaXVmKO023tt5U/3Vwy4Vormy9ZcrBA91myhCMdvAXbr0Pw== 12 | POSTGRES_USER: AgBOwwfr9yXNxM9XXjpKRDJCsV5ZJvWGb4WKh+g1UI2WLzy4Va4t9vJqP0bxPlI2nXEoCRkJECIWXUtpqAIai3RMRdaZ6y41xRDjhBRbid5kjT1Xj1NDaKfvycJa59qBDlJKOZgQ62vFczt1E0boHcIttd8gsbxUx5rWhVQWxgKMKIBI8IbGy87MsKHSIdDBsGBIulvwFs9nG4EYgaaIsfMSbLV5BTlVnHirwC5mnofxVWprMWktQDRcmW+UfwTEOcxubygRIXhpxblneXFfFY0+5vSPlPI9jTBcG8jHDW/CKcr2qWkRzteg+fdG2hWDtP4GyPv/S/gwSzJgSDnVG8i8vNesCS0gBNahv/qMDOIQ+J6YPtWdOT1TU7wtH/rh2GK5c8vNPvonLke8YbhHxZsXgCe7MJXIW4Of2T/lr/2YDZBqJKHtXfKbAokmBa6OCnZSU+zXFHbL/0MTMU/ZE4DbarPiPh1kLIg8BGKTHqwPhD6X3h5ly/UjpJScNQVbgJbZzD5FfUtPV3tZzI2FEMqv+X3siNzHxXZ/dlypjCmTv4Hg1HOiYK/3sYesRQv4B+3t80lBXulQSG8c/+sprBqCDhxymU8wJ/H9GYDyLl2wNzNTmhMZrPSIRh18AbT4B2yL6qT3J0hajL/lnkNq0GVT0SOzrWy61V359uOL0leqI9S3N7W7SmsWqJ3MIYdWuxC1rkFsMzf4h18+ 13 | template: 14 | metadata: 15 | creationTimestamp: null 16 | name: postgres-secrets 17 | namespace: teste-loki 18 | -------------------------------------------------------------------------------- /apps/teste-loki/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: teste-loki 4 | resources: 5 | - ../../base 6 | - postgres-secrets-sealed.yaml 7 | helmCharts: 8 | - name: devxp-app 9 | releaseName: devxp-app 10 | version: 0.2.81 11 | repo: https://devxp-tech.github.io/helm-charts 12 | valuesInline: 13 | name: teste-loki 14 | envFrom: 15 | - secretRef: 16 | name: postgres-secrets 17 | image: 18 | repository: ghcr.io/devxp-tech/teste-loki 19 | tag: d9ab7875 20 | network: 21 | domain: devxp-tech.io 22 | ResourceQuota: 23 | enabled: false 24 | migration: 25 | enabled: false 26 | PeerAuthentication: 27 | enabled: true 28 | autoscaling: 29 | enabled: true 30 | minReplicas: 1 31 | maxReplicas: 1 32 | targetCPUUtilizationPercentage: 80 33 | livenessProbe: 34 | httpGet: 35 | path: /health-check/liveness 36 | port: 8080 37 | initialDelaySeconds: 15 38 | periodSeconds: 10 39 | readinessProbe: 40 | httpGet: 41 | path: /health-check/readiness 42 | port: 8080 43 | initialDelaySeconds: 15 44 | periodSeconds: 10 45 | -------------------------------------------------------------------------------- /apps/wordpress/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: wordpress 4 | # resources: 5 | # - ns.yaml 6 | helmCharts: 7 | - name: wordpress 8 | releaseName: wordpress 9 | version: 23.0.1 10 | repo: https://charts.bitnami.com/bitnami 11 | valuesInline: 12 | resources: 13 | requests: 14 | cpu: 30m 15 | memory: 128Mi 16 | limits: 17 | cpu: 90m 18 | memory: 256Mi 19 | existingSecret: wordpress-secrets 20 | metrics: 21 | enabled: true 22 | serviceMonitor: 23 | enabled: true 24 | service: 25 | type: ClusterIP 26 | persistence: 27 | enabled: true 28 | wordpressUsername: "dluisi" 29 | wordpressEmail: "contato@diegoluisi.eti.br" 30 | serviceAccount: 31 | create: true 32 | extraEnvVars: 33 | - name: PHP_UPLOAD_MAX_FILESIZE 34 | value: 1024M 35 | - name: PHP_POST_MAX_SIZE 36 | value: 1024M 37 | - name: PHP_MAX_EXECUTION_TIME 38 | value: "0" 39 | - name: PHP_MEMORY_LIMIT 40 | value: 2048M 41 | # wordpressFirstName: Diego 42 | # wordpressLastName: Luisi 43 | # wordpressBlogName: "www.diegoluisi.eti.br" 44 | # wordpressExtraConfigContent: | 45 | # @ini_set( 'upload_max_filesize' , '512M' ); 46 | # @ini_set( 'post_max_size', '512M'); 47 | # @ini_set( 'memory_limit', '1024M' ); 48 | # # Make sure to sync with php.ini 49 | # define('WP_UPLOAD_MAX_FILESIZE', '8192M'); 50 | # define('WP_POST_MAX_SIZE', '8192M'); 51 | # define('WP_MEMORY_LIMIT', '512M'); 52 | # define('WP_MAX_EXECUTION_TIME', '900'); 53 | # define('WP_MAX_INPUT_TIME', '900'); 54 | # define('WP_AUTO_UPDATE_CORE', 'true'); 55 | 56 | # uploadMaxFilesize: 8192M 57 | # postMaxSize: 8192M 58 | # memoryLimit: 512M 59 | # maxExecutionTime: 900 60 | # maxInputTime: 900 61 | # wordpressConfigureCache: true 62 | # allowEmptyPassword: true 63 | mariadb: 64 | auth: 65 | existingSecret: wordpress-secrets #mariadb-password 66 | # primary: 67 | # resources: 68 | # limits: 69 | # cpu: 120m 70 | # memory: 256Mi 71 | # requests: 72 | # cpu: 60m 73 | # memory: 192Mi 74 | -------------------------------------------------------------------------------- /apps/wordpress/base/ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | labels: 6 | kubernetes.io/metadata.name: wordpress 7 | backstage.io/kubernetes-id: wordpress 8 | istio-injection: enabled 9 | name: wordpress 10 | spec: 11 | finalizers: 12 | - kubernetes 13 | -------------------------------------------------------------------------------- /apps/wordpress/overlays/prd/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "wordpress", 3 | "userGivenName": "wordpress", 4 | "destNamespace": "wordpress", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "apps/wordpress/overlays/prd", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /apps/wordpress/overlays/prd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | - secrets.yaml 6 | - virtual-service.yaml 7 | -------------------------------------------------------------------------------- /apps/wordpress/overlays/prd/secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: wordpress-secrets 6 | namespace: wordpress 7 | spec: 8 | encryptedData: 9 | mariadb-password: AgBbtZ+E+Zi82C6qoXtONZcRR3tzM5M8qOry4PB6VZLLyHjrodiU57+BoxO7ovsOSJygq7oa9gVV6aXB5jUVK53Ku8mBNNpQhAbu/MYcqNG5/xZgBu8Yv/bf8d2xvXg5B4zOyi0YxuuTPR8INYHfPISKmAjF9TSdGA+K3PofMul4FyLGKlAYqtpSdqSmMo/uKLTzd3+BzsFnVPYzdGGGoe+UVOVPefHuloGnkqUoJyoVVbOalnJ1I0XIFQKVV03SevliHCHlETTXgQfAOn+e3K07f0KEz7ddmawdVQ/v60IJ0srOMc8bqU8aLhnue50CukJx52YDq2eiPa2YZuQndVsKr2N25QVKrGST4pqAKxLzDwlADG2BCSKLalhJTqgr37G1AxwHa6Y7YRQOuVx5cdzfmgj8pSCRTwN9SWoKSOKRnA+mAvyyTFmXNu7u9X3m8A2KnsLeQMC7N3NsgZJrxEg2ImBOqlDG3YtSeqOppD3BZEJvLBVbvm4zIiJwNxfWhmpALQZrfVtdfFy+2nli+V8Z/uvmNxcx6rFXv498ehB/87o22CI6zWjH/M7mPX1a0VLhnBILx2iBxukZQihQ9WeBcu/IwWCDNdDhGiW+mSVmBfc1lwy5Y9Yw+oXpHgq28z1KozBSf5o3Bcf81RPH/9rkNkA0dHZi4iX1ZlIBKNVURdsXKRFfnxYLgkpcfDUKsI5JcWZC1md/6P5OzNQ= 10 | mariadb-root-password: AgAcarUFZdN0ngBIB28UY9By8l8twGgLryG9jeKcCJf+MmV4nmw9JMSx9llH0fNy2KSeVwCKKMXxLNp08iQwy2iqKhtPIhTHkxbT7RqN5ao+p/EVHKB7tRio8oNtf+btb0tDXAkRXcEFQ3d7ZgNxIb7eM0sdDXUboQ/W0Z7YRkE3ZJJlZMhrWaVkF9xCaIq6/Wq/Cl3Ck6JiNeK9TUdrLaMO7sgKBxJLFQYhpzCWY+eoYXhk28suCxErrgVGYxYkvOHV80AcAnJkxGZVrpRL6qnjL0WjcnbaeR6KXUvKoArK1QJrfllBH0uN9VzKYWbqe3avFOoyFlrps0op9hBgsQeV4/YQUNmnEXXtJ5iBmZhmCNPpZEG/ZsvRARPar0Q/hGYkZDd8Jy8K0yQXOm5ykYCMp6lT4GwNNaZV+LR1S0zyc4j+gyVLrGMhK/bREJJbDKi2CVzGeyWhABdZAofx79Ij466Hze/ZlDlpLfxPaYL9oc3cGSPndu5uxkXS29lU0mvmt+dlrbVfEoEY5Bv9yottmviuDtlWzKdvQtqkRmd5WLNjAZBBjLdaB2jFXW49pGaYvqPDOC7F20oPGeDmoC3fksXn0EBH3euQNvVy1509o5WV4bv9xhZbmds/nTxBzZ5BTheyGnTFsiGMAlO/XfaF2YQtsInllN7FnzK3NfMVaZdWsL+tNlsmNF/hm6hcVDzipTtvViemepwMt06tpg== 11 | wordpress-password: AgBD3UINRmp+8KScngc5MDsMvyBTedAiz6r2eWqz/z5dIWLuq5DaiUIDFeLO0WIPpU7tqqwiKYlGSWoiSy5BCq0BRB7acjYF927TX6bm9aIuAriH/dWgCtcOUdpufXE2I1GnxkRD0spOqaYi3FAsiJFpQGYfj5zEjqGlqH3PgVg6hXpeY7NFdExdWyFn8gFDUbL+hsX6YB/aakDWy5sD3EAV+B2MY/FCFgfjM/w6xe7IRqoNhHyKxUgihKtY4AsZy9tjefAEddpHkhUyjVa4SZGJUzgOqmXC9PgaqoU8fN5CA5NzDS48BEdc4DFOqyBpblwYhZKTzmShkBOXW0kvk0c4yTFd4fTWZKZLosfJjJPckpAgGdMz/S39HgGaEKogMTuMzVrQ0E6I0Sfem2/EZ9ZF7FIgFsiHpFmu1ombB7jMgpJLdOeZsw7q0h5k6ZauSSBLNwRW8FLKUpZJPkQu22B1Xuw78t4eFv94+R0qPmhYx2kZNputxwm/hxlBymiaRmg7gDWnoMjaKdIH+gal0FP9Xgwz773HE+QErFCAo09GssyLcVmBJMNgEtri8fOnYDLEsiSpiYCigAeo604SNEChtQyupQ6oDVJMIGROmPhEsFNfqXHm0T2/UJyxrbCnJdNimJcYlWP+1z/KsX59Z5Tfznik9H8Va1UzVqdVRDWw5pBVcw9+85GlAPpJQErd02USiuVPQ8H8iKg4EwBaxlc= 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: wordpress-secrets 16 | namespace: wordpress 17 | -------------------------------------------------------------------------------- /apps/wordpress/overlays/prd/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: wordpress 6 | namespace: wordpress 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://www.diegoluisi.eti.br 9 | spec: 10 | hosts: 11 | - "www.diegoluisi.eti.br" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - match: 16 | - uri: 17 | prefix: / 18 | route: 19 | - destination: 20 | port: 21 | number: 80 22 | host: wordpress.wordpress.svc.cluster.local 23 | -------------------------------------------------------------------------------- /aqua.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # aqua - Declarative CLI Version Manager 3 | # https://aquaproj.github.io/ 4 | # checksum: 5 | # # https://aquaproj.github.io/docs/reference/checksum/ 6 | # enabled: true 7 | # require_checksum: true 8 | registries: 9 | - type: standard 10 | ref: v4.0.1 # renovate: depName=aquaproj/aqua-registry 11 | packages: 12 | - name: kubernetes/kubectl 13 | version: v1.25.3 14 | - name: ahmetb/kubectx@v0.9.4 15 | - name: argoproj/argo-cd@v2.7.1 16 | - name: helm/helm@v3.11.3 17 | - name: ahmetb/kubectx/kubens@v0.9.4 18 | - name: kubernetes-sigs/kustomize@kustomize/v5.0.2 19 | - name: bitnami-labs/sealed-secrets@v0.20.5 20 | # - name: cloudflare/cloudflared 21 | # version: 2023.5.0 22 | -------------------------------------------------------------------------------- /bootstrap/argo-cd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app.kubernetes.io/managed-by: argocd-autopilot 7 | app.kubernetes.io/name: argo-cd 8 | name: argo-cd 9 | namespace: argocd 10 | spec: 11 | destination: 12 | namespace: argocd 13 | server: https://kubernetes.default.svc 14 | ignoreDifferences: 15 | - group: argoproj.io 16 | jsonPointers: 17 | - /status 18 | kind: Application 19 | project: default 20 | source: 21 | path: bootstrap/argo-cd 22 | repoURL: https://github.com/devxp-tech/gitops.git 23 | syncPolicy: 24 | automated: 25 | allowEmpty: true 26 | prune: true 27 | selfHeal: true 28 | syncOptions: 29 | - allowEmpty=true 30 | status: 31 | health: {} 32 | summary: {} 33 | sync: 34 | comparedTo: 35 | destination: {} 36 | source: 37 | repoURL: "" 38 | status: "" 39 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/argocd-notifications-secret-sealed.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: argocd-notifications-secret 7 | namespace: argocd 8 | spec: 9 | encryptedData: 10 | grafana-api-key: AgARY/ddhRK7gifJy73jmZfIEoUcHVYiQe13om1Ar6MBgXMSaq0uCbPSS2Z1JHwkZIPiRWBxi/DLAMHrxDo9vq5vQJWsKNrkGrvI8oKkS3DE6valJCqzrjTDlwizvr5iDkALnC+HhSx1Q6FHL+6kYC9DjvCwUC2GCAeToz6mkgBxfb2lkXBSV6QxivftDgmQ++C4wwC855Wxx/eKfevRiugHSdu5Z+nS31mrA6DiXN9wndP2SqvHxbW/02idB+9yNtgaaTW1tfgn0yne55zGNlUoqpR9u1T/XJ7Xm0nazkdM9p9g/U8BkfO46vukMd+1/zls+HggS5vz/I3xwgU7t5jmi1zp9J1iCjK788iWXZINv2xlai1l/on7CEnoAO4YKbe55YwtUxjw4/aqxGcEHBrCPq8ob3iKI0wCi7v/l9aVELHJWp+MH8kdYMhcwz0bDkZ2Onms8KxW0B0s+18XnW48PWmXJh9GKvLLPQ/2LtOdA/cBI0YiRxRX178YWsLwCR4ajXYaB4CTAGcol/SleeWzmKYM5zYqADwthFp81HOVZkKbbBeBuWTZwmtvkNRwjF5SzNDYgmj/upuXeMILYIJYSt7/pXmnQ4S24B8/yxJW3SidRDAOgF5Hid/m/9tPyQ7Me6JAopkfpdudHxcU1MPopn2Wn/ydu16deqhX29CufS7WMXBQ06+zqxfPe47aynMOED4Y2jNLAlNCY1Afn/8vnhU9DkonrtNfCld3aPJfbIQloaooAUhod4HSt4Mn 11 | slack-token: AgB1IDz9oNZ6PWClwIIlJ/krAinrSUSYjFxLCzEVYkJtBnIYOI2wu6YwuPtfSJHrkXw/qTUPUa1BkTwHLgDatdL7+hZ6j4KC2eL+qVQxd5qsJdVQJ4BGnZx8aFdly6sIKlu/vmvguQv7WsjcWaLEoLQmrk9wgcigtcC+enYvNm3odBBBOaNlmqVrbiuArYD8RsBU3IEXLlo3AZ350NE7siSlZZxZdkOEHv48XihrPa419NWSpKMF/lbkqdRzK09MMmDYl2rgUUQZ9+7BlAyy+vdoFc68IOGo60M8j7V8ecH2FmtF5d8iSW4p/yDhY59Vj10QQITR3wo3YQNMCdzI5hPUR5xgKbqknoOb7AEtqrS1ZbEED/Xt9WJQ2qo5he+up55cVvH7s4p3OvCVzy1PKZhq9GB2RznTxG1dD27lfUxE4N5MIbv2FEZIYbRns1/5BWMRh4xG2lrjWX4vdWQSpByOWNncRaaKWyNKuYnGy73Ty869cr105FctWPk/r7OHuSsbsJjia+vunTQ7UD/Mm3qTvQV1ly12TznbldI3FJNOcO7znhQec2ZpKsl3mxg3QDh42YjVQH2tIVPCbmCcpSdYnbVYLuk1fFzWsZ8N0KJXQdwCA31mMOzoyEg3CQJ+O4+sAxdYjzV0SLlJdh11ZvOz5zi4REMjOrS48inazxjtbra6ZKlJpc3DmMcjJURqa5FwBqNTV+a1/j6PvXwGyFviwX2GeFw2BXwCjnmDaTkIcgm9YayzC+AhuawuNaneDf98vhwR7ML25+o= 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | name: argocd-notifications-secret 16 | namespace: argocd 17 | type: Opaque 18 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/argocd-server.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: argocd-server 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: argocd-server 10 | env: 11 | - name: GITHUB_CLIENT_ID 12 | valueFrom: 13 | secretKeyRef: 14 | name: github-secrets 15 | key: dex.github.clientID 16 | - name: GITHUB_CLIENT_SECRET 17 | valueFrom: 18 | secretKeyRef: 19 | name: github-secrets 20 | key: dex.github.clientSecret 21 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/files/dex.config: -------------------------------------------------------------------------------- 1 | connectors: 2 | - type: github 3 | id: github 4 | name: GitHub 5 | config: 6 | clientID: 83427ea0b6f6645900a5 7 | clientSecret: $github-secrets:dex.github.clientSecret 8 | orgs: 9 | - name: devxp-tech 10 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/files/policy.csv: -------------------------------------------------------------------------------- 1 | # admin all-clusters roles ===================================== 2 | p, role:org-admin, applications, *, */*, allow 3 | p, role:org-admin, clusters, *, *, allow 4 | p, role:org-admin, repositories, get, *, allow 5 | p, role:org-admin, repositories, create, *, allow 6 | p, role:org-admin, repositories, update, *, allow 7 | p, role:org-admin, repositories, delete, *, allow 8 | p, role:org-admin, logs, get, *, allow 9 | p, role:org-admin, exec, create, */*, allow 10 | 11 | # Policy for Developers Team ===================================== 12 | p, role:dev-team, clusters, get, *, allow 13 | p, role:dev-team, repositories, get, *, allow 14 | p, role:dev-team, applications, sync, */*, allow 15 | p, role:dev-team, applications, get, */*, allow 16 | p, role:dev-team, applications, delete, */pod, allow 17 | p, role:dev-team, applications, action/*, */*, allow 18 | 19 | # Groups here resembles to Github Teams 20 | g, devxp-tech:sre-team, role:org-admin 21 | g, devxp-tech:dev-team, role:dev-team 22 | 23 | # Backstage user permissions 24 | g, backstage, role:org-admin 25 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/files/repositories: -------------------------------------------------------------------------------- 1 | - name: gitops 2 | url: https://github.com/devxp-tech/gitops.git 3 | - name: crossplane 4 | type: helm 5 | url: https://charts.crossplane.io/stable 6 | - name: grafana 7 | type: helm 8 | url: https://grafana.github.io/helm-charts 9 | - name: devxp-tech 10 | type: helm 11 | url: https://devxp-tech.github.io/helm-charts 12 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/files/repository.credentials: -------------------------------------------------------------------------------- 1 | - passwordSecret: 2 | key: git_token 3 | name: autopilot-secret 4 | url: https://github.com/ 5 | usernameSecret: 6 | key: git_username 7 | name: autopilot-secret 8 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/files/resource.customizations: -------------------------------------------------------------------------------- 1 | admissionregistration.k8s.io/MutatingWebhookConfiguration: 2 | ignoreDifferences: | 3 | jsonPointers: 4 | - /webhooks/0/clientConfig/caBundle 5 | - /webhooks/0/failurePolicy 6 | - /webhooks/0/rules 7 | admissionregistration.k8s.io/ValidatingWebhookConfiguration: 8 | ignoreDifferences: | 9 | jsonPointers: 10 | - /webhooks/0/clientConfig/caBundle 11 | - /webhooks/0/failurePolicy 12 | - /webhooks/0/rules 13 | PersistentVolume: 14 | ignoreDifferences: | 15 | jsonPointers: 16 | - /spec/claimRef/resourceVersion 17 | - /spec/claimRef/uid 18 | - /status/lastPhaseTransitionTime 19 | StatefulSet: 20 | ignoreDifferences: | 21 | jsonPointers: 22 | - /spec/volumeClaimTemplates/0/apiVersion 23 | - /spec/volumeClaimTemplates/0/kind 24 | ServiceMonitor: 25 | ignoreDifferences: | 26 | jsonPointers: 27 | - /spec/endpoints/0/relabelings/0/action 28 | - /spec/endpoints/0/relabelings/0/replacement 29 | - /spec/endpoints/0/relabelings/1/replacement 30 | - /spec/endpoints/1/relabelings/0/replacement 31 | - /spec/endpoints/1/relabelings/1/replacement 32 | 33 | 34 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: argocd 4 | components: 5 | - https://github.com/argoproj-labs/argocd-extensions/manifests 6 | resources: 7 | - github.com/argoproj-labs/argocd-autopilot/manifests/base?ref=v0.4.17 8 | - https://raw.githubusercontent.com/argoproj-labs/rollout-extension/v0.3.3/manifests/install.yaml 9 | - argocd-notifications-secret-sealed.yaml 10 | - secrets.yaml 11 | - service-monitor.yaml 12 | - virtual-service.yaml 13 | patches: 14 | - target: 15 | kind: Deployment 16 | name: argocd-applicationset-controller 17 | patch: |- 18 | - op: replace 19 | path: /spec/template/spec/containers/0/imagePullPolicy 20 | value: IfNotPresent 21 | - target: 22 | kind: Deployment 23 | name: argocd-notifications-controller 24 | patch: |- 25 | - op: replace 26 | path: /spec/template/spec/containers/0/imagePullPolicy 27 | value: IfNotPresent 28 | - target: 29 | kind: Deployment 30 | name: argocd-redis 31 | patch: |- 32 | - op: replace 33 | path: /spec/template/spec/containers/0/imagePullPolicy 34 | value: IfNotPresent 35 | - target: 36 | kind: Deployment 37 | name: argocd-dex-server 38 | patch: |- 39 | - op: replace 40 | path: /spec/template/spec/containers/0/imagePullPolicy 41 | value: IfNotPresent 42 | - op: replace 43 | path: /spec/template/spec/initContainers/0/imagePullPolicy 44 | value: IfNotPresent 45 | - patch: |- 46 | apiVersion: v1 47 | kind: Secret 48 | type: Opaque 49 | metadata: 50 | name: argocd-notifications-secret 51 | annotations: 52 | sealedsecrets.bitnami.com/managed: "true" 53 | - path: argocd-server.yaml 54 | - path: argocd-notifications-cm.yaml 55 | configMapGenerator: 56 | - name: argocd-cmd-params-cm 57 | behavior: merge 58 | literals: 59 | - server.insecure="true" 60 | - dexserver.disable.tls="true" 61 | - server.dex.server="http://argocd-dex-server:5556" 62 | - server.dex.server.strict.tls="false" 63 | - name: argocd-cm 64 | options: 65 | labels: 66 | app.kubernetes.io/part-of: argocd 67 | behavior: merge 68 | files: 69 | - files/dex.config 70 | - files/repositories 71 | - files/repository.credentials 72 | - files/resource.customizations 73 | literals: 74 | - admin.enabled=true 75 | - kustomize.buildOptions="--enable-alpha-plugins --enable-helm --load-restrictor LoadRestrictionsNone" 76 | - statusbadge.enabled=true 77 | - url=https://argocd.devxp-tech.io 78 | - dexserver.disable.tls=true 79 | - accounts.backstage="apiKey, login" 80 | - application.instanceLabelKey="argocd.argoproj.io/instance" 81 | - name: argocd-rbac-cm 82 | behavior: merge 83 | files: 84 | - files/policy.csv 85 | literals: 86 | - policy.default="role:readonly" 87 | options: 88 | labels: 89 | app.kubernetes.io/part-of: argocd 90 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/secrets.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: bitnami.com/v1alpha1 3 | kind: SealedSecret 4 | metadata: 5 | creationTimestamp: null 6 | name: github-secrets 7 | namespace: argocd 8 | spec: 9 | encryptedData: 10 | dex.github.clientID: AgBRgrZJmJ/oBLR6Y7oWvantLgCkZQIDdohLuX04VNwqhWYyq84azAsF/h/DxmTk1A/yCiLulPp3iQCc0rB1BU5T4eijLqgxk1hFvYzrz5EPUAPIRG1dbFI5+O/177HTQPA3ZWU7JzGQJ2uSkB4AQWwta/EmvCnsIP9qm9Gzxe2fyTZpOUHi/SqLQHbgTevuW3K8q5X0mksGDYeoCWuDgSQKxEQtgrFRo0B0hO/K+TJBhK88ZgHvpXI6HFGp/Ploq5FDSEYyVRBXt/pKRESXUA9oSNvphn1HsJkUBG0rpKTj/QHdB2kS0AoGD0j4AI+DmZy1J9DEnXX996tmj92uHP3aF8fwgpX3PKkzBfXcy3j98avphBJICHGkB/2f03UWRSdPeWELD/TBpK9LxBmwm2KOaEvG98Q9fHZl5fWzPQZ/B7R4XtCdFVd9lyK73J9b1SWG+JZtc3Ip2Pm3Y8uuanqMAz4FkYktfVNl5B5j5ts0u7q3kIp0xt9nGv6mqz3yS5Y9NQSoxAflXfigSHHRhxWxzBIVFaHOpJtiP0tHoyB9PYXRQhS/Yp0DVDDbdfEpGVuVY6BlbzYdW91LgijpoX/t8cD3tUJxnXEZDdh1xaUNgHpCY/6KrnsSwSYDSO3sqREUrlWZhRvYRqIN1I1XS7kc01hIJhXmBLKNzYZlzs6j2EkzOQyyYvvVu1lQ741jxSzIKnzzKrenKB78bDtprEih0/w/kg== 11 | dex.github.clientSecret: AgCTjU3R2jbXeycDzF3QxtDdbypbUM8eqR16gzeRqg2CrRC1M0K39FYaJbkMiAdA0XP0NBt69BPMFbVWAjydgQP+140eZa6LPAFkqmf+FHDtcGpCVCZnBMLtd4QuUl8Ac5vRg4SfFiCcUzPuugcFYmHe/1WspuSDfmDKjAL4/m+6tbV6Q1pg7ztmZn8WLhbZ7jQSigiSn5TJnOV0WS1HBzKz0WMZ8mXL4hQvt4Dz/SVxnrUMzMQ6X7LRVzwYk5h2jV6VvpwRN2STCAxRXbyaW24RwMHW6ApIJW7ETJdlpzswk0lclOPsAkhBma1brDQZlPzElQ7iMwaxBcQZZazhCteBoq+Vw+9uyWVdp6RsVzwlfPtjIaz2w66tTxDGdW+ydE44pxIhweJK1tOQX+dorQ4v8VUSsi9vOt6X+0PnxXUFWIMRKgdZvnyJ+rILWujGNfR3XS1g9T/fzxxgOa2E3k4QjYkJZt8h+X7RrQ/WjGXTfW8HY/O7bT/2NAQa/igs+Kuks6ezpI0Na9RWBFX/VPTmSMVr7Zndh1UappW9FQEyPOPHwt2w83s1c3AOCrPlzRmKCSQqvJGr6Pt6tEUO5imBZ+6JrKj66v1u/iff8xdT8NSUjE7NamYvMD7ipbQhkLnPx77kBbvynSpzSygFvsRBGGJd4FmQMN45a+nEer1a5C2B2zFYTPrqFidXSn0gEw/vtbTmZaxHX10fqlKa1pTDtR84XVTMURrm9brVMfm6L08ZSkHLUQT5 12 | template: 13 | metadata: 14 | creationTimestamp: null 15 | labels: 16 | app.kubernetes.io/part-of: argocd 17 | name: github-secrets 18 | namespace: argocd 19 | type: Opaque 20 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/service-monitor.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Source: argo-cd/templates/argocd-server/servicemonitor.yaml 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | name: argocd-server 7 | namespace: "argocd" 8 | labels: 9 | app.kubernetes.io/name: argocd-server 10 | app.kubernetes.io/component: server 11 | app.kubernetes.io/part-of: argocd 12 | spec: 13 | endpoints: 14 | - port: metrics 15 | interval: 30s 16 | path: /metrics 17 | namespaceSelector: 18 | matchNames: 19 | - argocd 20 | selector: 21 | matchLabels: 22 | app.kubernetes.io/name: argocd-server-metrics 23 | app.kubernetes.io/component: server 24 | 25 | --- 26 | # Source: argo-cd/templates/argocd-application-controller/servicemonitor.yaml 27 | apiVersion: monitoring.coreos.com/v1 28 | kind: ServiceMonitor 29 | metadata: 30 | name: argocd-metrics 31 | namespace: "argocd" 32 | labels: 33 | app.kubernetes.io/name: argocd-metrics 34 | app.kubernetes.io/component: metrics 35 | app.kubernetes.io/part-of: argocd 36 | spec: 37 | endpoints: 38 | - port: metrics 39 | interval: 30s 40 | path: /metrics 41 | namespaceSelector: 42 | matchNames: 43 | - argocd 44 | selector: 45 | matchLabels: 46 | app.kubernetes.io/name: argocd-metrics 47 | app.kubernetes.io/component: metrics 48 | 49 | --- 50 | # Source: argo-cd/templates/argocd-notifications/servicemonitor.yaml 51 | apiVersion: monitoring.coreos.com/v1 52 | kind: ServiceMonitor 53 | metadata: 54 | name: argocd-notifications-controller 55 | namespace: "argocd" 56 | labels: 57 | app.kubernetes.io/name: argocd-notifications-controller-metrics 58 | app.kubernetes.io/component: notifications-controller 59 | app.kubernetes.io/part-of: argocd 60 | spec: 61 | endpoints: 62 | - port: metrics 63 | path: /metrics 64 | namespaceSelector: 65 | matchNames: 66 | - argocd 67 | selector: 68 | matchLabels: 69 | app.kubernetes.io/name: argocd-notifications-controller-metrics 70 | app.kubernetes.io/component: notifications-controller 71 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/sso-sealed.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: bitnami.com/v1alpha1 2 | kind: SealedSecret 3 | metadata: 4 | creationTimestamp: null 5 | name: sso 6 | namespace: argocd 7 | spec: 8 | encryptedData: 9 | dex.github.clientSecret: AgAWTxol0Q/j0GExwBRxjUrO0aT8pEDbTv+95D71oTEND3c9+6XMzTwksiUgz1kHxYjqSIVojNZ2yiNKMu8mqmcQMpqeQzdaArZqFQYVhsiuEWl7kuN6FctyyLquEr/kZpyS/bXLl6uOn50EeQegujVo3wLsHkipYTeZ4aCAKuu2J2ViIv+98y5Znl5sGoDQiCRQlP5XTY0l1iu8h9FL4yuIwXix6ElbMLU0EZjoV6oRUSdeCx2UuV4yEO/339R7N7K7/ad6ulfuOHrHGFruNWPVsuPFvmr06BZEqaBv6cQXzj+XIyOD2AyFsmap+Y9M9XwbgB4aNx65ju6AGT4p1PCRMZdRrNwfFGbXJHnGZjL8YLatuIOQQJlphSmbpdfdCX2in94diM8mRfmG/tMn6zdrUafFK6SKx0UqM0b3QFzGnGenIC3DbuHnbhpolyTniGpceaxE6Jmpovtu/K5ChI956+bEJr8JbWF5hALDt522u1SRs1AkfuVCaO1pzsZwRms4yjxE0Vh1M6OYvA/B+HBUNsd+fYKcTwaD7djXD/jEDw8ZwYA5WPnK1hGvLJ7rb5EkxAkW/CCdmuuUl6NHt8G4SFtPlSMwndNx3XSJ4mB2B7Fio0wa/bpT+XgkSh9EHjXzwZoGQLHBaSvy3iyuecbOYtLAs4TGO7+S7KhPDWAOyufVPfjnsb//vAkti2YLie+rxF2RFPKUj+aNxIPsY492sBvb0ZpfbFTEa8REVuyE7Sh1G4Mdpyma 10 | template: 11 | data: null 12 | metadata: 13 | creationTimestamp: null 14 | labels: 15 | app.kubernetes.io/part-of: argocd 16 | name: sso 17 | namespace: argocd 18 | type: Opaque 19 | -------------------------------------------------------------------------------- /bootstrap/argo-cd/virtual-service.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: VirtualService 4 | metadata: 5 | name: argocd 6 | namespace: argocd 7 | annotations: 8 | link.argocd.argoproj.io/external-link: https://argocd.devxp-tech.io 9 | spec: 10 | hosts: 11 | - "argocd.devxp-tech.io" 12 | gateways: 13 | - istio-ingress/istio-ingressgateway 14 | http: 15 | - route: 16 | - destination: 17 | host: argocd-server.argocd.svc.cluster.local 18 | port: 19 | number: 80 20 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: ApplicationSet 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-wave: "0" 6 | creationTimestamp: null 7 | name: cluster-resources 8 | namespace: argocd 9 | spec: 10 | generators: 11 | - git: 12 | files: 13 | - path: bootstrap/cluster-resources/*.json 14 | repoURL: https://github.com/devxp-tech/gitops.git 15 | requeueAfterSeconds: 20 16 | revision: "" 17 | template: 18 | metadata: {} 19 | spec: 20 | destination: {} 21 | project: "" 22 | source: 23 | repoURL: "" 24 | syncPolicy: 25 | preserveResourcesOnDeletion: true 26 | template: 27 | metadata: 28 | labels: 29 | app.kubernetes.io/managed-by: argocd-autopilot 30 | app.kubernetes.io/name: cluster-resources-{{name}} 31 | name: cluster-resources-{{name}} 32 | namespace: argocd 33 | spec: 34 | destination: 35 | server: '{{server}}' 36 | ignoreDifferences: 37 | - group: argoproj.io 38 | jsonPointers: 39 | - /status 40 | kind: Application 41 | project: default 42 | source: 43 | path: bootstrap/cluster-resources/{{name}} 44 | repoURL: https://github.com/devxp-tech/gitops.git 45 | directory: 46 | recurse: true 47 | syncPolicy: 48 | automated: 49 | allowEmpty: true 50 | selfHeal: true 51 | status: {} 52 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "in-cluster", 3 | "server": "https://kubernetes.default.svc" 4 | } -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/README.md: -------------------------------------------------------------------------------- 1 | # Cluster Resources 2 | This directory contains all cluster resources that should be applied to cluster: `in-cluster`. 3 | For example `Namespace` resources that are shared by multiple applications on the same namespace. 4 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/argocd-ns.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | annotations: 5 | argocd.argoproj.io/sync-options: Prune=false 6 | # labels: 7 | # istio-injection: enabled 8 | creationTimestamp: null 9 | name: argocd 10 | spec: {} 11 | status: {} 12 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/monitoring-ns.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: monitoring 6 | labels: 7 | kubernetes.io/metadata.name: monitoring 8 | backstage.io/kubernetes-id: monitoring 9 | # istio-injection: enabled 10 | spec: 11 | finalizers: 12 | - kubernetes 13 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/podmonitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: PodMonitor 3 | metadata: 4 | name: aws-cni-metrics 5 | namespace: kube-system 6 | spec: 7 | jobLabel: k8s-app 8 | namespaceSelector: 9 | matchNames: 10 | - kube-system 11 | podMetricsEndpoints: 12 | - interval: 30s 13 | path: /metrics 14 | port: metrics 15 | selector: 16 | matchLabels: 17 | k8s-app: aws-node 18 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/sc-efs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: efs 5 | provisioner: efs.csi.aws.com 6 | parameters: 7 | provisioningMode: efs-ap 8 | fileSystemId: fs-026bb4e33bea77857 9 | directoryPerms: "700" 10 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/sc-gp2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: storage.k8s.io/v1 2 | kind: StorageClass 3 | metadata: 4 | name: gp2 5 | parameters: 6 | fsType: ext4 7 | type: gp2 8 | provisioner: kubernetes.io/aws-ebs 9 | reclaimPolicy: Delete 10 | volumeBindingMode: WaitForFirstConsumer 11 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/sc-gp3.yaml: -------------------------------------------------------------------------------- 1 | kind: StorageClass 2 | apiVersion: storage.k8s.io/v1 3 | metadata: 4 | name: gp3 5 | annotations: 6 | storageclass.kubernetes.io/is-default-class: "true" 7 | allowVolumeExpansion: true 8 | provisioner: ebs.csi.aws.com 9 | volumeBindingMode: WaitForFirstConsumer 10 | parameters: 11 | type: gp3 12 | -------------------------------------------------------------------------------- /bootstrap/cluster-resources/in-cluster/sre-team-crb.yaml: -------------------------------------------------------------------------------- 1 | kind: ClusterRoleBinding 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | metadata: 4 | name: oidc-cluster-admin 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: cluster-admin 9 | subjects: 10 | - kind: Group 11 | name: devxp-tech:sre-team 12 | -------------------------------------------------------------------------------- /bootstrap/root.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Application 3 | metadata: 4 | creationTimestamp: null 5 | finalizers: 6 | - resources-finalizer.argocd.argoproj.io 7 | labels: 8 | app.kubernetes.io/managed-by: argocd-autopilot 9 | app.kubernetes.io/name: root 10 | name: root 11 | namespace: argocd 12 | spec: 13 | destination: 14 | namespace: argocd 15 | server: https://kubernetes.default.svc 16 | ignoreDifferences: 17 | - group: argoproj.io 18 | jsonPointers: 19 | - /status 20 | kind: Application 21 | project: default 22 | source: 23 | path: projects 24 | repoURL: https://github.com/devxp-tech/gitops.git 25 | syncPolicy: 26 | automated: 27 | allowEmpty: true 28 | prune: true 29 | selfHeal: true 30 | syncOptions: 31 | - allowEmpty=true 32 | status: 33 | health: {} 34 | summary: {} 35 | sync: 36 | comparedTo: 37 | destination: {} 38 | source: 39 | repoURL: "" 40 | status: "" 41 | -------------------------------------------------------------------------------- /catalog-info.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: backstage.io/v1alpha1 2 | kind: Component 3 | spec: 4 | system: "system:default/lab" 5 | type: "service" 6 | lifecycle: "experimental" 7 | owner: "group:default/devxp-tech" 8 | metadata: 9 | name: gitops 10 | description: gitops 11 | annotations: 12 | github.com/project-slug: devxp-tech/gitops 13 | backstage.io/techdocs-ref: dir:. 14 | argocd/app-name: argo-cd 15 | backstage.io/kubernetes-namespace: argocd 16 | sonarqube.org/project-key: gitops 17 | grafana/tag-selector: Kubernetes 18 | prometheus.io/rule: container_cpu_usage_seconds_total{namespace="argocd"} 19 | prometheus.io/alert: all 20 | tags: 21 | - argocd 22 | - gitops 23 | - service 24 | - experimental 25 | links: 26 | - url: https://gitops.devxp-tech.io 27 | title: Website 28 | icon: Website 29 | - url: https://grafana.devxp-tech.io/ 30 | title: Dashboard 31 | icon: dashboard 32 | - url: https://alerts.devxp-tech.io/ 33 | title: Alerts 34 | icon: alert 35 | - url: https://argocd.devxp-tech.io/applications/argo-cd?resource= 36 | title: ArgoCD 37 | icon: cloud 38 | - url: https://grafana.devxp-tech.io/d/k8s_views_ns/kubernetes-views-namespaces?orgId=1&refresh=30s&var-datasource=Prometheus&var-namespace=gitops&var-resolution=30s 39 | title: Logs 40 | icon: cloud 41 | - url: https://kiali.devxp-tech.io/kiali/console/graph/namespaces/?traffic=grpc%2CgrpcRequest%2Chttp%2ChttpRequest%2Ctcp%2CtcpSent&graphType=versionedApp&namespaces=gitops&duration=120&refresh=60000&idleNodes=true&layout=kiali-breadthfirst&namespaceLayout=kiali-dagre 42 | title: Kiali 43 | icon: cloud 44 | -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: "3.8" 2 | services: 3 | cript: &defaults 4 | image: gitops:dev 5 | build: . 6 | container_name: giops_dev 7 | working_dir: /app 8 | command: sh -c 'secrets/generate.sh' 9 | volumes: 10 | - .:/app 11 | -------------------------------------------------------------------------------- /docs/SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Supported Versions 4 | 5 | Use this section to tell people about which versions of your project are 6 | currently being supported with security updates. 7 | 8 | | Version | Supported | 9 | | ------- | ------------------ | 10 | | 5.1.x | :white_check_mark: | 11 | | 5.0.x | :x: | 12 | | 4.0.x | :white_check_mark: | 13 | | < 4.0 | :x: | 14 | 15 | ## Reporting a Vulnerability 16 | 17 | Use this section to tell people how to report a vulnerability. 18 | 19 | Tell them where to go, how often they can expect to get an update on a 20 | reported vulnerability, what to expect if the vulnerability is accepted or 21 | declined, etc. 22 | -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # GitOps Documentation 2 | 3 | This is a basic example of documentation. 4 | -------------------------------------------------------------------------------- /docs/project-structure.md: -------------------------------------------------------------------------------- 1 | # 🌳 Project Structure 2 | 3 | ````bash 4 | . 5 | ├── apps 6 | │   ├── argo-rollouts 7 | │   ├── backstage 8 | │   ├── cert-manager 9 | │   ├── crossplane 10 | │   ├── grafana 11 | │   ├── istio-base 12 | │   ├── istio-ingress 13 | │   ├── istiod 14 | │   ├── jaeger 15 | │   ├── kiali-operator 16 | │   ├── kubernetes-dashboard 17 | │   ├── loki 18 | │   ├── metrics-server 19 | │   ├── prometheus 20 | │   ├── promtail 21 | │   ├── rollout-demo 22 | │   ├── sealed-secrets 23 | │   ├── sonarqube 24 | │   └── wordpress 25 | ├── bootstrap 26 | │   ├── argo-cd 27 | │   └── cluster-resources 28 | ├── infra 29 | │   └── networking 30 | ├── projects 31 | └── secrets 32 | ```` 33 | -------------------------------------------------------------------------------- /docs/secrets/index.md: -------------------------------------------------------------------------------- 1 | # Sealed Secrets 2 | 3 | ## Fetch public certificate 4 | 5 | kubeseal --fetch-cert > pub.crt 6 | 7 | ## Fetch private certificate 8 | 9 | kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml >main.key kubectl get secret -n kube-system sealed-secrets-key -o yaml >>main.key 10 | -------------------------------------------------------------------------------- /docs/to-do.md: -------------------------------------------------------------------------------- 1 | # 🔨 To Do 2 | 3 | | Issue | Description | Status | 4 | | :-----------: | :-------------: | :----: | 5 | | wordpress | Fix kustomize | ✅ | 6 | | argo-worflows | Fix Build | ❌ | 7 | | yaml-validate | Fix CI Workflow | ❌ | 8 | -------------------------------------------------------------------------------- /docs/tooling/required-tools.md: -------------------------------------------------------------------------------- 1 | # 🛠️ Required Tools 2 | 3 | | Tools | Version | 4 | | :--------------: | :------: | 5 | | argocd | v2.8.4 | 6 | | argocd-autopilot | v0.4.17 | 7 | | helm | v3.13.3 | 8 | | kubectl | v1.29.0 | 9 | | kustomize | v5.0.4-0 | 10 | -------------------------------------------------------------------------------- /infra/networking/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: infrastructure 4 | resources: 5 | - vpc.yaml 6 | - subnet.yaml 7 | -------------------------------------------------------------------------------- /infra/networking/base/subnet.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ec2.aws.crossplane.io/v1beta1 2 | kind: Subnet 3 | metadata: 4 | name: subnet-public-1a 5 | spec: 6 | forProvider: 7 | region: us-east-1 8 | availabilityZone: us-east-1a 9 | cidrBlock: 172.32.1.0/24 10 | vpcIdRef: 11 | name: development 12 | mapPublicIPOnLaunch: true 13 | tags: 14 | - key: Environment 15 | value: development 16 | - key: Name 17 | value: subnet-public-1a 18 | - key: crossplane-kind 19 | value: subnet.ec2.aws.crossplane.io 20 | - key: crossplane-name 21 | value: subnet-public-1a 22 | - key: crossplane-providerconfig 23 | value: default 24 | providerConfigRef: 25 | name: default 26 | --- 27 | apiVersion: ec2.aws.crossplane.io/v1beta1 28 | kind: Subnet 29 | metadata: 30 | name: subnet-private-1a 31 | spec: 32 | forProvider: 33 | region: us-east-1 34 | availabilityZone: us-east-1a 35 | cidrBlock: 172.32.2.0/24 36 | vpcIdRef: 37 | name: development 38 | mapPublicIPOnLaunch: true 39 | tags: 40 | - key: Environment 41 | value: development 42 | - key: Name 43 | value: subnet-private-1a 44 | - key: crossplane-kind 45 | value: subnet.ec2.aws.crossplane.io 46 | - key: crossplane-name 47 | value: subnet-private-1a 48 | - key: crossplane-providerconfig 49 | value: default 50 | providerConfigRef: 51 | name: default 52 | -------------------------------------------------------------------------------- /infra/networking/base/vpc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: ec2.aws.crossplane.io/v1beta1 2 | kind: VPC 3 | metadata: 4 | name: development 5 | spec: 6 | forProvider: 7 | region: us-east-1 8 | cidrBlock: 172.32.0.0/16 9 | enableDnsSupport: true 10 | enableDnsHostNames: true 11 | instanceTenancy: default 12 | tags: 13 | - key: Environment 14 | value: development 15 | - key: Name 16 | value: development 17 | - key: crossplane-kind 18 | value: vpc.ec2.aws.crossplane.io 19 | - key: crossplane-name 20 | value: development 21 | - key: crossplane-providerconfig 22 | value: default 23 | providerConfigRef: 24 | name: default 25 | -------------------------------------------------------------------------------- /infra/networking/overlays/dev-test/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "networking", 3 | "userGivenName": "networking", 4 | "destNamespace": "networking", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "infra/networking/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } 12 | -------------------------------------------------------------------------------- /infra/networking/overlays/dev-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - ../../base 5 | -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: "gitops" 2 | site_description: "Main documentation for ArgoCD - GitOps features and platform APIs" 3 | site_url: https://argocd.devxp-tech.io 4 | repo_url: https://github.com/devxp-tech/gitops 5 | edit_uri: edit/main/docs 6 | 7 | plugins: 8 | - techdocs-core 9 | 10 | nav: 11 | - Home: index.md 12 | - How To: 13 | - Code of Conduct: CODE-OF-CONDUCT.md 14 | - Generate Secrets: secrets/index.md 15 | - Project Structure: project-structure.md 16 | - To Do: to-do.md 17 | - Security: 18 | - Security: SECURITY.md 19 | - Tooling: 20 | - Required Tools: tooling/required-tools.md 21 | - Versions: tooling/versions.md 22 | -------------------------------------------------------------------------------- /projects/README.md: -------------------------------------------------------------------------------- 1 | # Projects 2 | This directory contains all of your `argocd-autopilot` projects. Projects provide a way to logically group applications and easily control things such as defaults and restrictions. 3 | 4 | ### Creating a new project 5 | To create a new project run: 6 | ```bash 7 | export GIT_TOKEN= 8 | export GIT_REPO= 9 | 10 | argocd-autopilot project create 11 | ``` 12 | 13 | ### Creating a new project on different cluster 14 | You can create a project that deploys applications to a different cluster, instead of the cluster where Argo-CD is installed. To do that run: 15 | ```bash 16 | export GIT_TOKEN= 17 | export GIT_REPO= 18 | 19 | argocd-autopilot project create --dest-kube-context 20 | ``` 21 | Now all applications in this project that do not explicitly specify a different `--dest-server` will be created on the project's destination server. 22 | -------------------------------------------------------------------------------- /projects/default.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | annotations: 5 | argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc 6 | argocd.argoproj.io/sync-options: PruneLast=true 7 | argocd.argoproj.io/sync-wave: "-2" 8 | creationTimestamp: null 9 | name: default 10 | namespace: argocd 11 | spec: 12 | clusterResourceWhitelist: 13 | - group: "*" 14 | kind: "*" 15 | description: default project 16 | destinations: 17 | - namespace: "*" 18 | server: "*" 19 | namespaceResourceWhitelist: 20 | - group: "*" 21 | kind: "*" 22 | sourceRepos: 23 | - "*" 24 | status: {} 25 | 26 | --- 27 | apiVersion: argoproj.io/v1alpha1 28 | kind: ApplicationSet 29 | metadata: 30 | annotations: 31 | argocd.argoproj.io/sync-wave: "0" 32 | creationTimestamp: null 33 | name: default 34 | namespace: argocd 35 | spec: 36 | generators: 37 | - git: 38 | files: 39 | - path: apps/**/default/config.json 40 | repoURL: https://github.com/devxp-tech/gitops.git 41 | requeueAfterSeconds: 20 42 | revision: "" 43 | template: 44 | metadata: {} 45 | spec: 46 | destination: {} 47 | project: "" 48 | source: 49 | repoURL: "" 50 | - git: 51 | files: 52 | - path: apps/**/default/config_dir.json 53 | repoURL: https://github.com/devxp-tech/gitops.git 54 | requeueAfterSeconds: 20 55 | revision: "" 56 | template: 57 | metadata: {} 58 | spec: 59 | destination: {} 60 | project: "" 61 | source: 62 | directory: 63 | exclude: "{{ exclude }}" 64 | include: "{{ include }}" 65 | jsonnet: {} 66 | recurse: true 67 | repoURL: "" 68 | syncPolicy: {} 69 | template: 70 | metadata: 71 | labels: 72 | app.kubernetes.io/managed-by: argocd-autopilot 73 | app.kubernetes.io/name: "{{ appName }}" 74 | annotations: 75 | # notifications.argoproj.io/subscribe.on-sync-succeeded.slack: argocd-notifications 76 | notifications.argoproj.io/subscribe.on-sync-failed.slack: argocd-notifications 77 | notifications.argoproj.io/subscribe.on-sync-status-unknown.slack: argocd-notifications 78 | notifications.argoproj.io/subscribe.on-health-degraded.slack: argocd-notifications 79 | # notifications.argoproj.io/subscribe.on-deployed.slack.slack: argocd-notifications 80 | notifications.argoproj.io/subscribe.on-sync-succeeded.grafana: deployment 81 | name: default-{{ userGivenName }} 82 | namespace: argocd 83 | spec: 84 | destination: 85 | namespace: "{{ destNamespace }}" 86 | server: "{{ destServer }}" 87 | ignoreDifferences: 88 | - group: argoproj.io 89 | jsonPointers: 90 | - /status 91 | kind: Application 92 | project: default 93 | source: 94 | path: "{{ srcPath }}" 95 | repoURL: "{{ srcRepoURL }}" 96 | targetRevision: "{{ srcTargetRevision }}" 97 | syncPolicy: 98 | automated: 99 | allowEmpty: true 100 | prune: true 101 | selfHeal: true 102 | syncOptions: 103 | - CreateNamespace=true 104 | status: {} 105 | -------------------------------------------------------------------------------- /projects/dev-infra.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: AppProject 3 | metadata: 4 | annotations: 5 | argocd-autopilot.argoproj-labs.io/default-dest-server: https://kubernetes.default.svc 6 | argocd.argoproj.io/sync-options: PruneLast=true 7 | argocd.argoproj.io/sync-wave: "-2" 8 | creationTimestamp: null 9 | name: dev-infra 10 | namespace: argocd 11 | spec: 12 | clusterResourceWhitelist: 13 | - group: "*" 14 | kind: "*" 15 | description: dev infrastrucuture project 16 | destinations: 17 | - namespace: "*" 18 | server: "*" 19 | namespaceResourceWhitelist: 20 | - group: "*" 21 | kind: "*" 22 | sourceRepos: 23 | - "*" 24 | status: {} 25 | 26 | --- 27 | apiVersion: argoproj.io/v1alpha1 28 | kind: ApplicationSet 29 | metadata: 30 | annotations: 31 | argocd.argoproj.io/sync-wave: "0" 32 | creationTimestamp: null 33 | name: dev-infra 34 | namespace: argocd 35 | spec: 36 | generators: 37 | - git: 38 | files: 39 | - path: infra/**/dev/config.json 40 | repoURL: https://github.com/devxp-tech/gitops.git 41 | requeueAfterSeconds: 20 42 | revision: "" 43 | template: 44 | metadata: {} 45 | spec: 46 | destination: {} 47 | project: "" 48 | source: 49 | repoURL: "" 50 | - git: 51 | files: 52 | - path: infra/**/dev/config_dir.json 53 | repoURL: https://github.com/devxp-tech/gitops.git 54 | requeueAfterSeconds: 20 55 | revision: "" 56 | template: 57 | metadata: {} 58 | spec: 59 | destination: {} 60 | project: "" 61 | source: 62 | directory: 63 | exclude: "{{ exclude }}" 64 | include: "{{ include }}" 65 | jsonnet: {} 66 | recurse: true 67 | repoURL: "" 68 | syncPolicy: {} 69 | template: 70 | metadata: 71 | labels: 72 | app.kubernetes.io/managed-by: argocd-autopilot 73 | app.kubernetes.io/name: "{{ appName }}" 74 | annotations: 75 | # notifications.argoproj.io/subscribe.on-sync-succeeded.slack: argocd-notifications 76 | notifications.argoproj.io/subscribe.on-sync-failed.slack: argocd-notifications 77 | notifications.argoproj.io/subscribe.on-sync-status-unknown.slack: argocd-notifications 78 | notifications.argoproj.io/subscribe.on-health-degraded.slack: argocd-notifications 79 | # notifications.argoproj.io/subscribe.on-deployed.slack.slack: argocd-notifications 80 | notifications.argoproj.io/subscribe.on-sync-succeeded.grafana: deployment 81 | name: dev-{{ userGivenName }} 82 | namespace: argocd 83 | spec: 84 | destination: 85 | namespace: "{{ destNamespace }}" 86 | server: "{{ destServer }}" 87 | ignoreDifferences: 88 | - group: argoproj.io 89 | jsonPointers: 90 | - /status 91 | kind: Application 92 | project: dev 93 | source: 94 | path: "{{ srcPath }}" 95 | repoURL: "{{ srcRepoURL }}" 96 | targetRevision: "{{ srcTargetRevision }}" 97 | syncPolicy: 98 | automated: 99 | allowEmpty: true 100 | prune: false 101 | selfHeal: true 102 | syncOptions: 103 | - CreateNamespace=true 104 | status: {} 105 | -------------------------------------------------------------------------------- /secrets/clusters/ops/pub.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEzDCCArSgAwIBAgIQGdWlhAubiXqfZgA7tIxeFzANBgkqhkiG9w0BAQsFADAA 3 | MB4XDTIzMDIyNjEyNDEzMVoXDTMzMDIyMzEyNDEzMVowADCCAiIwDQYJKoZIhvcN 4 | AQEBBQADggIPADCCAgoCggIBALi9dbhb5Fr8GX2JIGFOmjxLAhTw8QlCIDeb1jBv 5 | KlR2xOzZeHowhODXItXng/0d0iMjf+p9GWz/rZeKWHs4mhpwBZ/EQwlE2LM1xL5m 6 | IBTUCxXCuJ2BVS4DBnTYbDxmhupMDaMOdrj6Z0AFtnC1chRZ9AGaKXQhKSe/7jVv 7 | kpFX1BQKxVYt9H1tE4PnBxibEqdyhZqm+1o89d381PUHg+42Zrsl6HvhWisGJvxC 8 | /6PU4L/ImIkZORy9Aq8d6yBFM4jw3YFvSs5+J9uFd7ICtR6O7Q4CDljH8IwETwdl 9 | zwO/bKJbVkEq5ahUahA6Hoj5uiE6a98GLf3xdbMpI5z96WlVdhmw1NzinkKcxCKm 10 | w0KpNNfa0aAO2kzwqNp2VVAT6wsh8+lyiISNDnezkr6DFcax+g5xapP3TBPUe+/3 11 | /H5s3FAbYezB/gb5yyDX0rMVOyn1uM6cEopOAYdnpJYk3yCe4dkt3cqW3ZlQqRNs 12 | SwKAU6BP63dAagQVTiWpxwoQn1eRjxCcuAeqHjecKM1E5ET64Psr422xQSjfB7Uo 13 | IenZIKIc7AuJ9GYWq34qDzlLcF6DBQNh6L5GpgSuniQAMss5i/fuzPJBrGVWRy5D 14 | 3AYiTdLG2QoIz2e8B3rts1sUEWiYLjB6wx9j+AJSgaliBjcaUAG4dd0k7PGjgKSD 15 | f+BpAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIAATAPBgNVHRMBAf8EBTADAQH/MB0G 16 | A1UdDgQWBBRcSjtsCiJtqb04Wuj8wXDs/4bTczANBgkqhkiG9w0BAQsFAAOCAgEA 17 | MnlijDVJBD67fX1IfoN5Szx6xfGxqFwVMLszfKvcwegNTypoetCNzJ1YbAfI3q42 18 | L07k51zQgoTZN7VRH1QpDzRjuiAj8pXPh51SBN50fXzHWm6SVTbmpu4nZO34YD+X 19 | A0Aryefa/4skHoKKQov6iS9AehjiaMWT2n1ll95qMicbB1RRGIKhVC0aKM6XlcAq 20 | IHCaBrggmOWJXTGJxsIg4pl4gHQ34mx1g+qMEh9HOlSR+wbQhSBDD7pLsBsHpLTI 21 | mkUxRzdlcMDM6U2+WKbgKCwSnyw/ggbgR/b4pb/Jh5LClkRg3BQD0JS013wdg679 22 | tUgQAcwm9TAx2i2XeGQpQ0MKMuqC/y/xBdDgLHXKZEcH6usGCgB1TgrEBkj+e/5y 23 | n+qML5v6gP7Aja8AGSXdizqUkBZUJ1VA0dL+7ZFD4F1NXHGio+h5nLt8SqujyNbE 24 | WtwH6RcF/fe8VcZ94BlO+7j3CfjGL7muspRw+1qFuRdMefVs6YIUs1MV+GiEi9RC 25 | ppITxZeY91pFManQuZLH3LQWIdyALfhNxkTzoibTNbxBgr/K++QiAEqjP3hQxG/R 26 | 7OE5A2cCR8c5e2dE0mz60dQZEbReenF8qHPMvnOs8D8/pBtSH0eGd0a86kXHWham 27 | eMIBiD8H64Yg0dPAaw7QWyNfYkv5mUf/Qa09wRx1sbI= 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /secrets/generate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e pipefail 4 | trap - SIGINT 5 | echo " 6 | =============================================== 7 | |Secrets automation! 8 | =============================================== 9 | running as: $(id -u):$(id -g) 10 | Follow the instructions!!! 11 | " 12 | hr() { 13 | echo "============================" 14 | } 15 | hr 16 | read -p "Enter APP_NAME (ex: teste-loki): " APP_NAME 17 | read -p "Enter NAMESPACE (default is APP_NAME use only to overryde!): " NAMESPACE 18 | read -p "Enter KEY: " KEY 19 | read -p "Enter VALUE: " VALUE 20 | hr 21 | echo "Select target env (folder)" 22 | PS3="Type the relative number of the folder options and press enter: " 23 | select ENV in dev prd ops; do break; done 24 | hr 25 | echo "Select cluster certificate" 26 | PS3="Type the relative number of the cluster pub key and press enter: " 27 | select CLUSTER in ops; do break; done 28 | hr 29 | if [ -z "${NAMESPACE}" ]; then 30 | NAMESPACE=$APP_NAME 31 | fi 32 | hr 33 | echo "Typed infos: 34 | APP_NAME:${APP_NAME} 35 | NAMESPACE:${NAMESPACE} 36 | KEY:${KEY} 37 | VALUE:${VALUE} 38 | ENV:${ENV} 39 | " 40 | hr 41 | CERT_PATH="secrets/clusters/$CLUSTER/pub.crt" 42 | APP_PATH="apps/$APP_NAME/overlays/$ENV" 43 | SECRET_FILE="$APP_PATH/secrets.yaml" 44 | 45 | if [ ! -f "${CERT_PATH}" ]; then 46 | echo "cluster cert $CERT_PATH not found" 47 | exit 1 48 | fi 49 | if [ -f "${SECRET_FILE}" ]; then 50 | echo -n ${VALUE} | kubectl create secret generic \ 51 | "${APP_NAME}-secrets" \ 52 | --namespace ${NAMESPACE} \ 53 | --dry-run=client \ 54 | --from-file=${KEY}=/dev/stdin \ 55 | -o yaml | kubeseal \ 56 | --cert=${CERT_PATH} \ 57 | --format=yaml --merge-into ${SECRET_FILE} 58 | else 59 | echo -n ${VALUE} | kubectl create secret generic \ 60 | "${APP_NAME}-secrets" \ 61 | --namespace ${NAMESPACE} \ 62 | --dry-run=client \ 63 | --from-file=${KEY}=/dev/stdin \ 64 | -o yaml | kubeseal \ 65 | --cert=${CERT_PATH} \ 66 | --format=yaml >${SECRET_FILE} 67 | fi 68 | 69 | echo "generated secret: ${SECRET_FILE}" 70 | hr 71 | echo "ありがとうごさいますみんさなん!!! 72 | $(git status -s ${APP_PATH}) 73 | " 74 | -------------------------------------------------------------------------------- /workflows/base/coinflip.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: Workflow 3 | metadata: 4 | name: coinflip 5 | generateName: coinflip- 6 | annotations: 7 | workflows.argoproj.io/description: | 8 | This is an example of coin flip defined as a sequence of conditional steps.\ 9 | spec: 10 | entrypoint: coinflip 11 | serviceAccountName: argo-workflow 12 | templates: 13 | - name: coinflip 14 | steps: 15 | - - name: flip-coin 16 | template: flip-coin 17 | - - name: heads 18 | template: heads 19 | when: "{{steps.flip-coin.outputs.result}} == heads" 20 | - name: tails 21 | template: tails 22 | when: "{{steps.flip-coin.outputs.result}} == tails" 23 | 24 | - name: flip-coin 25 | script: 26 | image: python:alpine3.6 27 | command: [python] 28 | source: | 29 | import random 30 | result = "heads" if random.randint(0,1) == 0 else "tails" 31 | print(result) 32 | 33 | - name: heads 34 | container: 35 | image: alpine:3.6 36 | command: [sh, -c] 37 | args: ['echo "it was heads"'] 38 | 39 | - name: tails 40 | container: 41 | image: alpine:3.6 42 | command: [sh, -c] 43 | args: ['echo "it was tails"'] 44 | -------------------------------------------------------------------------------- /workflows/base/cypress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: WorkflowTemplate 3 | metadata: 4 | name: cypress 5 | spec: 6 | entrypoint: cypress-template 7 | arguments: 8 | parameters: 9 | - name: image 10 | value: ghcr.io/devxp-tech/backstage:f8172400 11 | - name: message 12 | value: "sucesso!" 13 | tasks: 14 | - name: A 15 | template: cypress-template 16 | arguments: 17 | parameters: [{ name: message, value: A }] 18 | templates: 19 | - name: cypress-template 20 | inputs: 21 | parameters: 22 | - name: image 23 | - name: message 24 | container: 25 | image: "{{inputs.parameters.image}}" 26 | command: [echo, "{{inputs.parameters.message}}"] 27 | -------------------------------------------------------------------------------- /workflows/base/hello-world.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: argoproj.io/v1alpha1 2 | kind: WorkflowTemplate 3 | metadata: 4 | name: workflow-template-submittable 5 | spec: 6 | arguments: 7 | parameters: 8 | - name: message 9 | value: hello world 10 | templates: 11 | - name: whalesay-template 12 | inputs: 13 | parameters: 14 | - name: message 15 | container: 16 | image: docker/whalesay 17 | command: [cowsay] 18 | args: ["{{inputs.parameters.message}}"] 19 | - name: slack-notification 20 | plugin: 21 | slack: 22 | text: "{{workflow.name}} finished!" 23 | -------------------------------------------------------------------------------- /workflows/base/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: argowf 4 | resources: 5 | - cypress.yaml 6 | -------------------------------------------------------------------------------- /workflows/overlays/dev/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "appName": "workflows", 3 | "userGivenName": "workflows", 4 | "destNamespace": "workflows", 5 | "destServer": "https://kubernetes.default.svc", 6 | "srcPath": "workflows/overlays/dev", 7 | "srcRepoURL": "https://github.com/devxp-tech/gitops.git", 8 | "srcTargetRevision": "", 9 | "CreateNamespace": true, 10 | "labels": null 11 | } -------------------------------------------------------------------------------- /workflows/overlays/dev/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: argowf 4 | resources: 5 | - ../../base 6 | --------------------------------------------------------------------------------