Merge branch 'main' into APL-537

Author: ElderMatt

charts/otomi-db/values.yaml

@@ -21,25 +21,8 @@ clusterAffinity:
     topologyKey: kubernetes.io/hostname
     podAntiAffinityType: preferred
 
-# Example for backups: 
-# clusterBackup:
-#   backup:
-#     barmanObjectStore:
-#       destinationPath: s3://bucket/
-#       endpointURL: "http://minio.minio.svc.cluster.local:9000"
-#       s3Credentials:
-#         accessKeyId:
-#           name: minio-creds
-#           key: MINIO_ACCESS_KEY
-#         secretAccessKey:
-#           name: minio-creds
-#           key: MINIO_SECRET_KEY
-
 clusterSpec:
-  bootstrap:
-    initdb:
-      database: app
-      owner: app
+  bootstrap: {}
 
 backup:
   enabled: false
@@ -53,4 +36,4 @@ backup:
   minioLocal:
     destinationPath: ""
   linode:
-    destinationPath: ""
+    destinationPath: ""

helmfile.d/helmfile-03.init.yaml

@@ -17,7 +17,7 @@ releases:
     namespace: argocd
     labels:
       app: core
-    <<: *default 
+    <<: *default
   - name: otomi-operator
     installed: true
     namespace: otomi-operator
@@ -57,6 +57,12 @@ releases:
       pkg: apl-gitea-operator
       app: core
     <<: *default
+  - name: harbor-artifacts
+    installed: {{ $a | get "harbor.enabled" }}
+    namespace: harbor
+    labels:
+      pkg: harbor
+    <<: *raw
   - name: apl-harbor-operator-artifacts
     installed: {{ $a | get "harbor.enabled" }}
     namespace: apl-harbor-operator

helmfile.d/helmfile-04.databases.yaml

@@ -27,7 +27,7 @@ releases:
       pkg: keycloak
     <<: *otomiDb
   - name: gitea-otomi-db
-    installed: {{ or $v.databases.gitea.useOtomiDB  $v.databases.gitea.imported }}
+    installed: true
     namespace: gitea
     labels:
       pkg: gitea

helmfile.d/helmfile-09.init.yaml

@@ -10,8 +10,6 @@ bases:
 {{ readFile "snippets/templates.gotmpl" }}
 {{- $v := .Values }}
 {{- $a := $v.apps }}
-{{- $h := $a.harbor }}
-{{- $k := $a.keycloak }}
 
 releases:
   - name: knative-serving-artifacts
@@ -40,12 +38,6 @@ releases:
     labels:
       pkg: minio
     <<: *default
-  - name: harbor-artifacts
-    installed: {{ $h | get "enabled" }}
-    namespace: harbor
-    labels:
-      pkg: harbor
-    <<: *raw
   - name: tekton-triggers
     installed: true
     namespace: tekton-pipelines
@@ -58,4 +50,4 @@ releases:
     namespace: otomi-pipelines
     labels:
       app: core
-    <<: *default
+    <<: *default

helmfile.d/snippets/defaults.yaml

@@ -14,7 +14,7 @@ environments:
                   memory: 64Mi
                 limits:
                   cpu: 200m
-                  memory: 256Mi              
+                  memory: 256Mi
             _rawValues: {}
           argocd:
             controllerStatusProcessors: 20
@@ -249,7 +249,7 @@ environments:
                     condition: (
                         container.image.repository in (
                           docker.io/gitea/gitea
-                        ) or (k8s.ns.name = "keycloak")  
+                        ) or (k8s.ns.name = "keycloak")
                       )
                   - macro: user_known_create_files_below_dev_activities
                     condition: (
@@ -881,7 +881,7 @@ environments:
                   cpu: 100m
                   memory: 256Mi
             persistence:
-                master: 
+                master:
                   size: 1Gi
                 sentinel:
                   size: 1Gi
@@ -1037,7 +1037,7 @@ environments:
                   memory: 24Mi
                 limits:
                   cpu: 100m
-                  memory: 128Mi              
+                  memory: 128Mi
             _rawValues: {}
           otel:
             enabled: false
@@ -1261,9 +1261,10 @@ environments:
         databases:
           keycloak:
             imageName: null
-            imported: false
             size: 5Gi
             replicas: 2
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1276,6 +1277,8 @@ environments:
             size: 5Gi
             replicas: 2
             coreDatabase: registry
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1285,10 +1288,10 @@ environments:
                 memory: 192Mi
           gitea:
             imageName: null
-            useOtomiDB: true
-            imported: false
             size: 5Gi
             replicas: 2
+            recovery: {}
+            externalClusters: []
             resources:
               limits:
                 cpu: "200m"
@@ -1303,12 +1306,23 @@ environments:
           database:
             harbor:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: harbor
             gitea:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: gitea
             keycloak:
               enabled: false
+              retentionPolicy: 7d
+              schedule: 0 0 * * *
+              pathSuffix: keycloak
           gitea:
             enabled: false
+            retentionPolicy: 7d
+            schedule: 0 0 * * *
         cluster:
           provider: linode
           name: apl

src/cmd/bootstrap.ts

@@ -74,7 +74,7 @@ export const bootstrapSops = async (
     obj.keys = publicKey
     if (privateKey && !process.env.SOPS_AGE_KEY) {
       process.env.SOPS_AGE_KEY = privateKey
-      await deps.writeFile(`${env.ENV_DIR}/.secrets`, `SOPS_AGE_KEY=${privateKey}`)
+      await deps.writeFile(`${envDir}/.secrets`, `SOPS_AGE_KEY=${privateKey}`)
     }
   }
 
@@ -87,21 +87,21 @@ export const bootstrapSops = async (
   d.info('Copying sops related files')
   // add sops related files
   const file = '.gitattributes'
-  await deps.copyFile(`${rootDir}/.values/${file}`, `${env.ENV_DIR}/${file}`)
+  await deps.copyFile(`${rootDir}/.values/${file}`, `${envDir}/${file}`)
 
   // prepare some credential files the first time and crypt some
   if (!exists) {
     if (isCli || env.OTOMI_DEV) {
       // first time so we know we have values
-      const secretsFile = `${env.ENV_DIR}/.secrets`
+      const secretsFile = `${envDir}/.secrets`
       d.log(`Creating secrets file: ${secretsFile}`)
       if (provider === 'google') {
         // and we also assume the correct values are given by using '!' (we want to err when not set)
         const serviceKeyJson = JSON.parse(values.kms.sops!.google!.accountJson as string)
         // and set it in env for later decryption
         process.env.GCLOUD_SERVICE_KEY = values.kms.sops!.google!.accountJson
         d.log('Creating gcp-key.json for vscode.')
-        await deps.writeFile(`${env.ENV_DIR}/gcp-key.json`, JSON.stringify(serviceKeyJson))
+        await deps.writeFile(`${envDir}/gcp-key.json`, JSON.stringify(serviceKeyJson))
         d.log(`Creating credentials file: ${secretsFile}`)
         await deps.writeFile(secretsFile, `GCLOUD_SERVICE_KEY=${JSON.stringify(JSON.stringify(serviceKeyJson))}`)
       } else if (provider === 'aws') {

tests/fixtures/env/settings/platformBackups.yaml

@@ -8,16 +8,46 @@ spec:
             enabled: true
             retentionPolicy: 7d
             schedule: 0 0 * * *
+            pathSuffix: gitea
         harbor:
             enabled: true
             retentionPolicy: 7d
             schedule: 0 0 * * *
+            pathSuffix: harbor-1
+            recovery:
+                source: harbor-backup
+                database: registry
+                owner: harbor
+            externalClusters:
+                - name: harbor-backup
+                  barmanObjectStore:
+                      serverName: harbor-otomi-db
+                      destinationPath: s3://my-clusterid-harbor/harbor
+                      endpointURL: https://nl-ams-1.linodeobjects.com
+                      s3Credentials:
+                          accessKeyId:
+                              name: linode-creds
+                              key: S3_STORAGE_ACCOUNT
+                          secretAccessKey:
+                              name: linode-creds
+                              key: S3_STORAGE_KEY
+                      wal:
+                          compression: gzip
+                          maxParallel: 8
+                      data:
+                          compression: gzip
         keycloak:
             enabled: true
             retentionPolicy: 7d
             schedule: 0 0 * * *
+            pathSuffix: keycloak-1
+            recovery:
+                backup:
+                    name: keycloak-backup
+                database: keycloak
+                owner: keycloak
     gitea:
         enabled: true
         retentionPolicy: 7d
-        schedule: 0 0 0 * * *
+        schedule: 0 0 * * *
     persistentVolumes: {}

values-changes.yaml

@@ -336,6 +336,9 @@ changes:
       - databases.harbor.resources.limits.cpu: '200m'
       - databases.harbor.resources.requests.memory: '192Mi'
       - databases.harbor.resources.requests.cpu: '200m'
-  - version: 34
+  - version: 33
     deletions:
+      - 'databases.keycloak.imported'
+      - 'databases.gitea.imported'
+      - 'databases.gitea.useOtomiDB'
       - 'teamConfig.{team}.services[].type'

values-schema.yaml

@@ -1646,7 +1646,7 @@ properties:
             $ref: '#/definitions/email'
           issuer:
             description: |
-              Indicates the origin of the wildcard certificate. 
+              Indicates the origin of the wildcard certificate.
               The custom-ca - cert-manager uses the customRootCA to generate wildcard certificate.
               The letsencrypt - cert-manager requests certificate from letsencrypt endpoint.
               The byo-wildcard-cert allows users to bring their own trusted wildcard certificate (cert-manager not involved)
@@ -3159,6 +3159,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: harbor
           gitea:
             title: Gitea
             properties:
@@ -3171,6 +3175,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: gitea
           keycloak:
             title: Keycloak
             properties:
@@ -3183,6 +3191,10 @@ properties:
                 $ref: '#/definitions/backupRetentionPolicy'
               schedule:
                 $ref: '#/definitions/backupSchedule'
+              pathSuffix:
+                type: string
+                pattern: '^[a-z0-9]([-a-z0-9]*[a-z0-9])$'
+                default: keycloak
       persistentVolumes:
         type: object
         description: Create backups of persistent volumes
@@ -3284,9 +3296,16 @@ properties:
           replicas:
             type: integer
             default: 2
-          imported:
-            type: boolean
-            default: false
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
       harbor:
         title: Harbor
         properties:
@@ -3297,22 +3316,36 @@ properties:
           replicas:
             type: integer
             default: 2
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
       gitea:
         title: gitea
         properties:
-          useOtomiDB:
-            type: boolean
-            default: false
           size:
             type: string
           resources:
             $ref: '#/definitions/resources'
           replicas:
             type: integer
             default: 2
-          imported:
-            type: boolean
-            default: false
+          recovery:
+            type: object
+            additionalProperties: true
+            default: {}
+          externalClusters:
+            type: array
+            items:
+              type: object
+              additionalProperties: true
+            default: []
   teamConfig:
     additionalProperties: false
     patternProperties: