From 19fdea7857c13a841a7cd055bacb4c0abe36b69f Mon Sep 17 00:00:00 2001 From: Smaine Kahlouch Date: Sun, 24 Nov 2024 08:29:52 +0100 Subject: [PATCH] chore(oncall): use CNPG instead of RDS --- ...d.yaml => externalsecret-cnpg-oncall.yaml} | 6 ++-- .../grafana-oncall/helmrelease-oncall.yaml | 8 ++---- .../grafana-oncall/helmrelease-rabbitmq.yaml | 2 +- .../base/grafana-oncall/kustomization.yaml | 2 +- .../base/grafana-oncall/sqlinstance.yaml | 28 ++++++++----------- .../cert-manager/openbao-clusterissuer.yaml | 2 +- 6 files changed, 20 insertions(+), 28 deletions(-) rename observability/base/grafana-oncall/{externalsecret-sqlinstance-password.yaml => externalsecret-cnpg-oncall.yaml} (70%) diff --git a/observability/base/grafana-oncall/externalsecret-sqlinstance-password.yaml b/observability/base/grafana-oncall/externalsecret-cnpg-oncall.yaml similarity index 70% rename from observability/base/grafana-oncall/externalsecret-sqlinstance-password.yaml rename to observability/base/grafana-oncall/externalsecret-cnpg-oncall.yaml index 0117d662..a220e331 100644 --- a/observability/base/grafana-oncall/externalsecret-sqlinstance-password.yaml +++ b/observability/base/grafana-oncall/externalsecret-cnpg-oncall.yaml @@ -1,12 +1,12 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: oncall-sqlinstance-password + name: xplane-oncall-cnpg-oncall spec: dataFrom: - extract: conversionStrategy: Default - key: observability/grafana/oncall-sqlinstance + key: cnpg/xplane-oncall/oncall refreshInterval: 20m secretStoreRef: kind: ClusterSecretStore @@ -14,4 +14,4 @@ spec: target: creationPolicy: Owner deletionPolicy: Retain - name: oncall-pg-masterpassword + name: xplane-oncall-cnpg-oncall diff --git a/observability/base/grafana-oncall/helmrelease-oncall.yaml b/observability/base/grafana-oncall/helmrelease-oncall.yaml index c05381c4..6c2470f4 100644 --- a/observability/base/grafana-oncall/helmrelease-oncall.yaml +++ b/observability/base/grafana-oncall/helmrelease-oncall.yaml @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: grafana namespace: observability - version: "1.11.5" + version: "1.13.3" interval: 5m0s timeout: 15m install: @@ -66,14 +66,12 @@ spec: enabled: false externalPostgresql: - host: xplane-oncall-rds-service + host: xplane-oncall-cnpg-cluster-rw port: 5432 db_name: "oncall" user: "oncall" - existingSecret: "xplane-oncall-owner-oncall" + existingSecret: "xplane-oncall-cnpg-oncall" passwordKey: "password" - options: >- - sslmode=require rabbitmq: enabled: false diff --git a/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml b/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml index 7b77d8d2..26b5f069 100644 --- a/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml +++ b/observability/base/grafana-oncall/helmrelease-rabbitmq.yaml @@ -14,7 +14,7 @@ spec: kind: HelmRepository name: bitnami namespace: flux-system - version: "15.0.3" + version: "15.0.6" interval: 5m0s timeout: 15m install: diff --git a/observability/base/grafana-oncall/kustomization.yaml b/observability/base/grafana-oncall/kustomization.yaml index c637c729..3c87f6d4 100644 --- a/observability/base/grafana-oncall/kustomization.yaml +++ b/observability/base/grafana-oncall/kustomization.yaml @@ -4,9 +4,9 @@ namespace: observability resources: - externalsecret-admin.yaml + - externalsecret-cnpg-oncall.yaml - externalsecret-rabbitmq.yaml - externalsecret-slackapp.yaml - - externalsecret-sqlinstance-password.yaml - externalsecret-valkey.yaml - helmrelease-oncall.yaml - helmrelease-rabbitmq.yaml diff --git a/observability/base/grafana-oncall/sqlinstance.yaml b/observability/base/grafana-oncall/sqlinstance.yaml index f88716e6..13005287 100644 --- a/observability/base/grafana-oncall/sqlinstance.yaml +++ b/observability/base/grafana-oncall/sqlinstance.yaml @@ -2,21 +2,15 @@ apiVersion: cloud.ogenki.io/v1alpha1 kind: SQLInstance metadata: name: xplane-oncall - namespace: tooling + namespace: "observability" spec: - parameters: - engine: postgres - engineVersion: "16" - size: small - storageGB: 20 - databases: - - owner: oncall - name: oncall - passwordSecretRef: - namespace: tooling - name: oncall-pg-masterpassword - key: password - compositionRef: - name: xsqlinstances.cloud.ogenki.io - writeConnectionSecretToRef: - name: xplane-oncall-rds + size: "small" + storageGB: 20 + databases: + - owner: "oncall" + name: "oncall" + cnpg: + instances: 1 + backup: + schedule: "0 0 * * *" + bucketName: "oncall-rds-instance-backups" diff --git a/security/base/cert-manager/openbao-clusterissuer.yaml b/security/base/cert-manager/openbao-clusterissuer.yaml index 379e9dce..65b777a3 100644 --- a/security/base/cert-manager/openbao-clusterissuer.yaml +++ b/security/base/cert-manager/openbao-clusterissuer.yaml @@ -11,7 +11,7 @@ spec: auth: appRole: path: approle - roleId: f52c783d-0259-86a4-c80d-2380a9cc443f # !! This value changes each time I recreate the whole platform + roleId: 4b20b17b-705d-80d9-18b0-7cb8a1a0b560 # !! This value changes each time I recreate the whole platform secretRef: name: cert-manager-openbao-approle key: secret_id