portefaix · nlamirault · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024 · Nov 12, 2024
diff --git a/gitops/argocd/charts/database/dragonfly-operator/Chart.yaml b/gitops/argocd/charts/database/dragonfly-operator/Chart.yaml
@@ -23,4 +23,4 @@ appVersion: 1.0.0
 dependencies:
 - name: dragonfly-operator
   repository: oci://ghcr.io/dragonflydb/dragonfly-operator/helm
-  version: v1.1.7
+  version: v1.2.26
diff --git a/gitops/argocd/charts/mdm/fleet/Chart.yaml b/gitops/argocd/charts/mdm/fleet/Chart.yaml
@@ -0,0 +1,26 @@
+---
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v2
+type: application
+name: fleet
+version: 1.0.0
+appVersion: 1.0.0
+dependencies:
+- name: fleet
+  repository: https://fleetdm.github.io/fleet/charts
+  version: 6.2.4
diff --git a/gitops/argocd/charts/mdm/fleet/templates/credentials.yaml b/gitops/argocd/charts/mdm/fleet/templates/credentials.yaml
@@ -0,0 +1,59 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  labels:
+    app: fleet
+  name: fleet-database-credentials
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: akeyless
+  target:
+    name: fleet-database-credentials
+    creationPolicy: Owner
+  data:
+  - secretKey: password
+    remoteRef:
+      key: FLEET_MARIADB_PASSWORD
+  # - secretKey: rootPassword
+  #   remoteRef:
+  #     key: FLEET_MARIADB_ROOT_PASSWORD
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  labels:
+    app: fleet
+  name: fleet-cache-credentials
+  namespace: {{ .Release.Namespace }}
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: akeyless
+  target:
+    name: fleet-cache-credentials
+    creationPolicy: Owner
+  data:
+  - secretKey: password
+    remoteRef:
+      key: FLEET_REDIS_PASSWORD
diff --git a/gitops/argocd/charts/mdm/fleet/templates/dragonflydb.yaml b/gitops/argocd/charts/mdm/fleet/templates/dragonflydb.yaml
@@ -0,0 +1,56 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+# yaml-language-server: $schema=https://lds-schemas.pages.dev/dragonflydb.io/dragonfly_v1alpha1.json
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  labels:
+    app: fleet
+  name: fleet-cache
+  namespace: {{ .Release.Namespace }}
+spec:
+  authentication:
+    passwordFromSecret:
+      name: fleet-cache-credentials
+      key: password
+  replicas: 1
+  args:
+    - "--proactor_threads=1"
+    - "--cluster_mode=emulated"
+    # - "--maxmemory=$(MAX_MEMORY)Mi"
+  # env:
+  #   - name: MAX_MEMORY
+  #     valueFrom:
+  #       resourceFieldRef:
+  #         resource: limits.memory
+  #         divisor: 1Mi
+  resources:
+    requests:
+      cpu: 50m
+      memory: 100Mi
+    limits:
+      # cpu: 600m
+      memory: 500Mi
+  # snapshot:
+  #   cron: "*/5 * * * *"
+  #   persistentVolumeClaimSpec:
+  #     accessModes:
+  #     - ReadWriteOnce
+  #     resources:
+  #       requests:
+  #         storage: 1Gi
diff --git a/gitops/argocd/charts/mdm/fleet/templates/ingress.yaml b/gitops/argocd/charts/mdm/fleet/templates/ingress.yaml
@@ -0,0 +1,48 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.ingress.enabled -}}
+{{ range $_, $ingress := .Values.ingress.entries -}}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  {{- with $ingress.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 -}}
+  {{- end }}
+  labels:
+    app: fleet
+    {{- with $ingress.labels }}
+    {{- toYaml . | nindent 4 -}}
+    {{- end }}
+  name: {{ $ingress.name }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  ingressClassName: {{ $ingress.className }}
+  rules:
+  - host: {{ $ingress.host }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: fleet-service
+            port:
+              number: 8080
+{{ end }}
+{{- end }}
diff --git a/gitops/argocd/charts/mdm/fleet/templates/mysql.yaml b/gitops/argocd/charts/mdm/fleet/templates/mysql.yaml
@@ -0,0 +1,134 @@
+# Copyright (C) Nicolas Lamirault <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+apiVersion: moco.cybozu.com/v1beta2
+kind: MySQLCluster
+metadata:
+  labels:
+    app: fleet
+  name: {{ .Values.fleet.database.database }}-db
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 1
+  # backupPolicyName: {{ .Values.fleet.database.database }}-db
+  # collectors is a list of collector flag names.
+  # See https://github.com/prometheus/mysqld_exporter/blob/master/README.md#collector-flags for all available collectors.
+  collectors:
+  - binlog_size
+  - engine_innodb_status
+  - info_schema.innodb_metrics
+  podTemplate:
+    spec:
+      # Make the data directory writable. If moco-init fails with "Permission denied", uncomment the following settings.
+      # securityContext:
+      #   fsGroup: 10000
+      #   fsGroupChangePolicy: "OnRootMismatch"  # available since k8s 1.20
+      containers:
+      - name: mysqld
+        image: {{ .Values.database.image }}
+        resources:
+          {{- toYaml .Values.database.resources | nindent 10 }}
+  volumeClaimTemplates:
+  - metadata:
+      name: mysql-data
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      storageClassName: {{ .Values.database.pvc.storageClassName }}
+      resources:
+        requests:
+          storage: {{ .Values.database.pvc.size }}
+# ---
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   labels:
+#     app: fleet
+#   name: {{ .Values.fleet.database.database }}-db-daily-backup
+#   namespace: {{ .Release.Namespace }}
+# spec:
+#   accessModes:
+#   - ReadWriteOnce
+#   storageClassName: local-path
+#   resources:
+#     requests:
+#       storage: 5Gi
+# ---
+# apiVersion: moco.cybozu.com/v1beta2
+# kind: BackupPolicy
+# metadata:
+#   labels:
+#     app: fleet
+#   name: {{ .Values.fleet.database.database }}-db-daily
+#   namespace: {{ .Release.Namespace }}
+# spec:
+#   schedule: "@daily"
+#   jobConfig:
+#     serviceAccountName: default
+#     bucketConfig:
+#       bucketName: "moco"
+#       endpointURL: https://s3.cleeb.net
+#       usePathStyle: true
+#       region: us-east-1
+#       envFrom:
+#       - secretRef:
+#           name: {{ .Values.fleet.database.database }}-db-backup
+#       workVolume:
+#         persistentVolumeClaim:
+#           claimName: {{ .Values.fleet.database.database }}-db-daily-backup
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    app: fleet
+  name: {{ .Values.fleet.database.database }}-db
+  namespace: {{ .Release.Namespace }}
+spec:
+  template:
+    spec:
+      containers:
+      - name: fleet-db
+        image: mysql
+        env:
+        - name: DB_ADMIN_USERNAME
+          value: moco-writable
+        - name: DB_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: moco-{{ .Values.fleet.database.database }}-db
+              key: WRITABLE_PASSWORD
+        - name: DB_NAME
+          value: "{{ .Values.fleet.database.database }}"
+        - name: DB_USERNAME
+          value: "{{ .Values.fleet.database.username }}"
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: fleet-database-credentials
+              key: password
+        - name: DB_HOST
+          value: moco-{{ .Values.fleet.database.username }}-db-primary
+        command:
+        - /usr/bin/bash
+        - "-c"
+        - |
+          NAME=sandbox
+          mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "CREATE USER IF NOT EXISTS '${DB_USERNAME}'@'%' IDENTIFIED BY '${DB_PASSWORD}'" &&
+          mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "CREATE DATABASE IF NOT EXISTS ${DB_NAME}" &&
+          mysql -h ${DB_HOST} -u ${DB_ADMIN_USERNAME} -p"${DB_ADMIN_PASSWORD}" -e "GRANT ALL ON ${DB_NAME}.* TO '${DB_USERNAME}'@'%'"
+      restartPolicy: Never
+  # backoffLimit: 1