diff --git a/README.md b/README.md index c2a237bf..4d5d965f 100644 --- a/README.md +++ b/README.md @@ -2,64 +2,81 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -This project is intended to provide a simple way of providing a mechanism to develop for OSDU using the Azure Cloud. -## Project Principals +[Open Subsurface Data Universe](https://osduforum.org) (OSDU) is a standard data platform that brings together a diverse array of subsurface and well data. It enables the energy industry to access and analyze data across various sources efficiently. This project aims to provide a streamlined approach for developing and working directly with [OSDU](https://community.opengroup.org/osdu/platform) using the [Azure Cloud Platform](https://azure.microsoft.com/). -The guiding principal we have for this project is to focus on providing a solution to allow for an easy way to develop for OSDU using the Azure cloud. It is not intended to support any kind of a production scenario and no support for this solution is provided. It is built with the following 2 pillars of the [Azure Well-Architected-Framework](https://learn.microsoft.com/en-us/azure/well-architected/what-is-well-architected-framework) kept in mind. -1. Cost Optimization -- A cost optimized solution with cost in mind but accepting the tradeoff of security. -2. Security -- The intent is to provide a feature enabled solution to increase levels of security as best as possible. +## Project Principles -Additionally, the solution is desired to be easy to use and to support that is built with support for [Github Codespaces](https://github.com/features/codespaces) along with the [Azure Developer CLI](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/). +The guiding principle of this project is to offer an accessible solution for facilitating direct engagement with the OSDU codebase on Azure in a minimal fashio. This solution is not intended for production use and does not come with official support. Our approach aligns with two key pillars from the [Azure Well-Architected Framework](https://learn.microsoft.com/en-us/azure/well-architected/what-is-well-architected-framework): + +1. Cost Optimization -- We aim to create a cost-effective solution, balancing cost with security considerations. +2. Security -- Our goal is to enhance security levels within the constraints of a development-focused solution. + +To support ease of use, the project integrates closely with [Github Codespaces](https://github.com/features/codespaces) and the [Azure Developer CLI](https://learn.microsoft.com/en-us/azure/developer/azure-developer-cli/), facilitating seamless development and innovation on the OSDU platform. ## Setup -__Features__ +### Registering Azure Features -This solution makes use of features in Azure that are in Public Preview and might require some features to be registered for use. +This solution utilizes Azure features that are currently in Public Preview. Certain features need to be registered before use. -Register the _AzureServiceMeshPreview_ feature flag by using the az feature register command: +**Step 1: Register the AzureServiceMeshPreview feature** +Use the `az feature register` command to register the _AzureServiceMeshPreview_ feature flag: ```bash az feature register --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview" ``` -It takes a few minutes for the feature to register. Verify the registration status by using the az feature show command: +It may take a few minutes for the feature to register. + + +**Step 2: Verify the Registration Status** + +Confirm the registration status using the az feature show command: ```bash az feature show --namespace "Microsoft.ContainerService" --name "AzureServiceMeshPreview" ``` -When the status reflects Registered, refresh the registration of the Microsoft.ContainerService resource provider by using the az provider register command: +Look for a status that indicates Registered. + +**Step 3: Refresh the Resource Provider** + +Once registered, refresh the Microsoft.ContainerService resource provider: ```bash az provider register --namespace Microsoft.ContainerService ``` -This solution uses Resource Group Scoped Deployments which is an Alpha Feature for the Azure Developer CLI. +### Enabling Alpha Features for Azure Developer CLI + +**Resource Group Scoped Deployments** + +This solution uses Resource Group Scoped Deployments, an Alpha Feature in the Azure Developer CLI. + +Enable this feature using the following command: ```bash azd config set alpha.resourceGroupDeployments on # Enable Alpha Feature ``` -__Login__ +Note: Alpha features are experimental and might be subject to changes. Use them with this consideration. -Log into the Azure CLI from a command line and set the subscription. -If running with windows ensure that Azure Powershell is connected as well. + +### Authentication + +The Azure Developer CLI requires authentication. Log in using the following command: ```bash azd auth login ``` -__Environment Variables__ - -An environment must be created using the following environment variables. +### Environment Variables -**Environment Variables** +Set up the environment using the following variables. You can find these values in your Azure portal or by using appropriate Azure CLI commands. -An environment must be created using the following environment variables. | Variable | Purpose | | :-------------------- | :-------------------------------------- | @@ -67,16 +84,21 @@ An environment must be created using the following environment variables. | AZURE_LOCATION | The Azure Region | | AZURE_CLIENT_ID | Azure AD Application Client Id _(GUID)_ | +Initialize the environment and set the Azure Client ID: + ```bash azd init -e dev -APP_NAME= # <-- +APP_NAME= # <-- + azd env set AZURE_CLIENT_ID $(az ad app list --display-name $APP_NAME --query "[].appId" -otsv) ``` -### Workspace -The developer workspace is brought online using the azure developer cli + +## Workspace + +The solution template is provisioned using the azure developer cli. | Action | Command | | :----- | :------------------------- | @@ -84,9 +106,14 @@ The developer workspace is brought online using the azure developer cli | Stop | `azd down --purge --force` | +### Infrastructure + +The following diagram repesents the infrastructure that is deployed by this solution. + ![[0]][0] _Architecture Diagram_ + ## Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a diff --git a/software/README.md b/software/README.md deleted file mode 100644 index ef57a80f..00000000 --- a/software/README.md +++ /dev/null @@ -1 +0,0 @@ -# Gitops Application Configuration \ No newline at end of file diff --git a/software/applications/dev-sample/namespace.yaml b/software/applications/dev-sample/namespace.yaml new file mode 100644 index 00000000..2c7ea92e --- /dev/null +++ b/software/applications/dev-sample/namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dev-sample \ No newline at end of file diff --git a/software/applications/dev-sample/release.yaml b/software/applications/dev-sample/release.yaml new file mode 100644 index 00000000..79f5c8f2 --- /dev/null +++ b/software/applications/dev-sample/release.yaml @@ -0,0 +1,44 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: env-tool + namespace: dev-sample +spec: + chart: + spec: + chart: ./charts/env-debug + sourceRef: + kind: GitRepository + name: osdu-bicep + namespace: flux-system + interval: 5m0s + install: + remediation: + retries: 3 + targetNamespace: dev-sample + values: + replicaCount: 1 + nameOverride: "" + fullnameOverride: env-debug + service: + type: ClusterIP + port: 80 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 3 + targetCPUUtilizationPercentage: 80 + azure: + enabled: false + env: + - name: MESSAGE + value: Hello World! + # - name: AZURE_TENANT_ID + # secret: + # name: active-directory + # key: tenantid + # - name: WORKSPACE_ID + # secret: + # name: central-logging + # key: workspace-id \ No newline at end of file diff --git a/software/applications/elastic-search/elastic-search.yaml b/software/applications/elastic-search/elastic-search.yaml new file mode 100644 index 00000000..2944623d --- /dev/null +++ b/software/applications/elastic-search/elastic-search.yaml @@ -0,0 +1,117 @@ +# This sets up an Elasticsearch cluster with 3 nodes. +apiVersion: elasticsearch.k8s.elastic.co/v1 +kind: Elasticsearch +metadata: + name: elasticsearch-ha + namespace: elastic-search +spec: + version: 8.5.3 + nodeSets: + - name: master + count: 3 + config: + node: + roles: ["master"] + store.allow_mmap: false + podTemplate: + spec: + tolerations: + - effect: NoSchedule + key: app + value: "elasticsearch" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: agentpool + operator: In + values: + - espoolz1 + - espoolz2 + - espoolz3 + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - southcentralus-1 # THIS DEPENDS ON LOCATION + - southcentralus-2 # THIS DEPENDS ON LOCATION + - southcentralus-3 # THIS DEPENDS ON LOCATION + env: + - name: ES_JAVA_OPTS + value: "-Xms2g -Xmx2g" + + - name: coordinating + count: 3 + config: + node: + roles: [] + store.allow_mmap: false + podTemplate: + spec: + tolerations: + - effect: NoSchedule + key: app + value: "elasticsearch" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: agentpool + operator: In + values: + - espoolz1 + - espoolz2 + - espoolz3 + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - eastus2-1 # THIS DEPENDS ON LOCATION + - eastus2-2 # THIS DEPENDS ON LOCATION + - eastus2-3 # THIS DEPENDS ON LOCATION + env: + - name: ES_JAVA_OPTS + value: "-Xms2g -Xmx2g" + + - name: data + count: 6 + config: + node: + roles: ["data"] + store.allow_mmap: false + volumeClaimTemplates: + - metadata: + name: elasticsearch-data + spec: + accessModes: + - ReadWriteOnce + storageClassName: es-storageclass + podTemplate: + spec: + tolerations: + - effect: NoSchedule + key: app + value: "elasticsearch" + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: agentpool + operator: In + values: + - espoolz1 + - espoolz2 + - espoolz3 + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - eastus2-1 # THIS DEPENDS ON LOCATION + - eastus2-2 # THIS DEPENDS ON LOCATION + - eastus2-3 # THIS DEPENDS ON LOCATION + env: + - name: ES_JAVA_OPTS + value: "-Xms2g -Xmx2g" diff --git a/software/applications/elastic-search/kibana.yaml b/software/applications/elastic-search/kibana.yaml new file mode 100644 index 00000000..9ddb292a --- /dev/null +++ b/software/applications/elastic-search/kibana.yaml @@ -0,0 +1,21 @@ +apiVersion: kibana.k8s.elastic.co/v1 +kind: Kibana +metadata: + name: kibana + namespace: elastic-search +spec: + version: 8.5.3 + http: + tls: + selfSignedCertificate: + disabled: true + elasticsearchRef: + name: "elasticsearch" + count: 3 + podTemplate: + spec: + tolerations: + - key: "sku" + operator: "Equal" + value: "elasticsearch" + effect: "NoSchedule" diff --git a/software/applications/elastic-search/namespace.yaml b/software/applications/elastic-search/namespace.yaml new file mode 100644 index 00000000..fe651503 --- /dev/null +++ b/software/applications/elastic-search/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: elastic-search diff --git a/software/applications/podinfo/ingress.yaml b/software/applications/podinfo/ingress.yaml new file mode 100644 index 00000000..b40b1ff9 --- /dev/null +++ b/software/applications/podinfo/ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: podinfo + namespace: podinfo +spec: + hosts: + - "*" + gateways: + - aks-istio-ingress/istio-external-gateway + - aks-istio-ingress/istio-internal-gateway + http: + - match: + - uri: + prefix: "/" + route: + - destination: + host: "podinfo.podinfo.svc.cluster.local" + port: + number: 9898 diff --git a/software/applications/podinfo/namespace.yaml b/software/applications/podinfo/namespace.yaml new file mode 100644 index 00000000..c87e35cc --- /dev/null +++ b/software/applications/podinfo/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: podinfo + labels: + toolkit.fluxcd.io/tenant: dev-team + istio.io/rev: asm-1-18 diff --git a/software/applications/podinfo/release.yaml b/software/applications/podinfo/release.yaml new file mode 100644 index 00000000..48714775 --- /dev/null +++ b/software/applications/podinfo/release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: podinfo + namespace: podinfo +spec: + releaseName: podinfo + chart: + spec: + chart: podinfo + sourceRef: + kind: HelmRepository + name: podinfo + interval: 50m + install: + remediation: + retries: 3 + # Default values + # https://github.com/stefanprodan/podinfo/blob/master/charts/podinfo/values.yaml + values: + redis: + enabled: true + repository: public.ecr.aws/docker/library/redis + tag: 7.0.6 + ingress: + enabled: true + className: nginx diff --git a/software/applications/podinfo/source.yaml b/software/applications/podinfo/source.yaml new file mode 100644 index 00000000..1cfb34b9 --- /dev/null +++ b/software/applications/podinfo/source.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: podinfo + namespace: podinfo +spec: + interval: 5m + url: https://stefanprodan.github.io/podinfo diff --git a/software/components/cert-manager/namespace.yaml b/software/components/cert-manager/namespace.yaml new file mode 100644 index 00000000..446feb57 --- /dev/null +++ b/software/components/cert-manager/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager + labels: + toolkit.fluxcd.io/tenant: sre-team diff --git a/software/components/cert-manager/release.yaml b/software/components/cert-manager/release.yaml new file mode 100644 index 00000000..26dbbd0e --- /dev/null +++ b/software/components/cert-manager/release.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: cert-manager + namespace: cert-manager +spec: + interval: 30m + chart: + spec: + chart: cert-manager + version: "1.13.x" + sourceRef: + kind: HelmRepository + name: cert-manager + namespace: cert-manager + interval: 12h + values: + installCRDs: true diff --git a/software/components/cert-manager/source.yaml b/software/components/cert-manager/source.yaml new file mode 100644 index 00000000..a5d217a0 --- /dev/null +++ b/software/components/cert-manager/source.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: cert-manager + namespace: cert-manager +spec: + interval: 24h + url: https://charts.jetstack.io diff --git a/software/components/elastic-operator/namespace.yaml b/software/components/elastic-operator/namespace.yaml new file mode 100644 index 00000000..9b903530 --- /dev/null +++ b/software/components/elastic-operator/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: elastic-system + labels: + toolkit.fluxcd.io/tenant: sre-team + istio-injection: enabled diff --git a/software/components/elastic-operator/release.yaml b/software/components/elastic-operator/release.yaml new file mode 100644 index 00000000..d5606bf0 --- /dev/null +++ b/software/components/elastic-operator/release.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: elastic-operator + namespace: elastic-system +spec: + interval: 30m + chart: + spec: + chart: ./deploy/eck-operator + sourceRef: + kind: GitRepository + name: elastic-operator + namespace: elastic-system + interval: 12h + # values: + # podLabels: + # traffic.sidecar.istio.io/excludeInboundPorts: "9443" + # traffic.sidecar.istio.io/includeInboundPorts: '*' diff --git a/software/components/elastic-operator/source.yaml b/software/components/elastic-operator/source.yaml new file mode 100644 index 00000000..85a73557 --- /dev/null +++ b/software/components/elastic-operator/source.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: elastic-operator + namespace: elastic-system +spec: + interval: 5m + url: https://github.com/elastic/cloud-on-k8s + ref: + branch: "2.5" + ignore: | + # exclude all + /* + !/deploy/eck-operator diff --git a/software/components/ingress-nginx/cluster-issuer.yaml b/software/components/ingress-nginx/cluster-issuer.yaml new file mode 100644 index 00000000..5bbc6721 --- /dev/null +++ b/software/components/ingress-nginx/cluster-issuer.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt + namespace: ingress-nginx +spec: + acme: + # Replace the email address with your own contact email + email: danielscholl@users.noreply.github.com + server: https://acme-staging-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: letsencrypt-nginx + solvers: + - http01: + ingress: + class: nginx diff --git a/software/components/ingress-nginx/namespace.yaml b/software/components/ingress-nginx/namespace.yaml new file mode 100644 index 00000000..071d095b --- /dev/null +++ b/software/components/ingress-nginx/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: ingress-nginx + labels: + toolkit.fluxcd.io/tenant: sre-team diff --git a/software/components/ingress-nginx/release.yaml b/software/components/ingress-nginx/release.yaml new file mode 100644 index 00000000..269e992c --- /dev/null +++ b/software/components/ingress-nginx/release.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: ingress-nginx + namespace: ingress-nginx +spec: + interval: 30m + chart: + spec: + chart: ingress-nginx + version: "*" + sourceRef: + kind: HelmRepository + name: ingress-nginx + namespace: ingress-nginx + interval: 12h + values: + controller: + service: + type: "NodePort" + admissionWebhooks: + enabled: false diff --git a/software/components/ingress-nginx/source.yaml b/software/components/ingress-nginx/source.yaml new file mode 100644 index 00000000..461a1ed0 --- /dev/null +++ b/software/components/ingress-nginx/source.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: ingress-nginx + namespace: ingress-nginx +spec: + interval: 24h + url: https://kubernetes.github.io/ingress-nginx diff --git a/software/components/istio-ingress/gateway.yaml b/software/components/istio-ingress/gateway.yaml new file mode 100644 index 00000000..1a6ea4cf --- /dev/null +++ b/software/components/istio-ingress/gateway.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: istio-external-gateway + namespace: aks-istio-ingress +spec: + selector: + istio: aks-istio-ingressgateway-external + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: istio-internal-gateway + namespace: aks-istio-ingress +spec: + selector: + istio: aks-istio-ingressgateway-internal + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" diff --git a/software/components/istio-ingress/self-issuer.yaml b/software/components/istio-ingress/self-issuer.yaml new file mode 100644 index 00000000..783f2cf0 --- /dev/null +++ b/software/components/istio-ingress/self-issuer.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: aks-istio-system +spec: + selfSigned: {} diff --git a/software/components/istio-operator/namespace.yaml b/software/components/istio-operator/namespace.yaml new file mode 100644 index 00000000..de678e06 --- /dev/null +++ b/software/components/istio-operator/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: istio-system + labels: + toolkit.fluxcd.io/tenant: sre-team diff --git a/software/components/istio-operator/release.yaml b/software/components/istio-operator/release.yaml new file mode 100644 index 00000000..f7384405 --- /dev/null +++ b/software/components/istio-operator/release.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: istio-base + namespace: istio-system +spec: + releaseName: istio-base + chart: + spec: + chart: manifests/charts/base + sourceRef: + kind: GitRepository + name: istio + namespace: istio-system + interval: 1h0m0s + install: + remediation: + retries: 3 +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: istio-operator + namespace: istio-system +spec: + releaseName: istio-operator + chart: + spec: + chart: manifests/charts/istio-operator + sourceRef: + kind: GitRepository + name: istio + namespace: istio-system + interval: 1h0m0s + install: + remediation: + retries: 3 + values: + hub: "docker.io/istio" + tag: "1.17.8" diff --git a/software/components/istio-operator/source.yaml b/software/components/istio-operator/source.yaml new file mode 100644 index 00000000..9ce40446 --- /dev/null +++ b/software/components/istio-operator/source.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: istio + namespace: istio-system +spec: + interval: 30m + url: https://github.com/istio/istio + ref: + branch: master + tag: 1.15.1 diff --git a/software/configuration/elastic/storage-class.yaml b/software/configuration/elastic/storage-class.yaml new file mode 100644 index 00000000..b324375f --- /dev/null +++ b/software/configuration/elastic/storage-class.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: es-storageclass + namespace: elastic-system +parameters: + kind: Managed #we will use Azure managed disks + storageaccounttype: Premium_LRS #use premium managed disk + tags: costcenter=dev,app=elasticsearch #add tags so all disks related to our application are tagged +provisioner: kubernetes.io/azure-disk +reclaimPolicy: Retain #changed from default "Delete" to "Retain" so we can retain the disks even if the claim is deleted +volumeBindingMode: WaitForFirstConsumer diff --git a/software/configuration/istio-profile/profile.yaml b/software/configuration/istio-profile/profile.yaml new file mode 100644 index 00000000..6e0a7d9c --- /dev/null +++ b/software/configuration/istio-profile/profile.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: install.istio.io/v1alpha1 +kind: IstioOperator +metadata: + name: istio-profile + namespace: istio-system +spec: + profile: default + hub: "docker.io/istio" + tag: "1.15.1" + components: + pilot: + enabled: true + cni: + enabled: false + ingressGateways: + - name: istio-ingressgateway + enabled: true + k8s: + hpaSpec: + minReplicas: 2 + egressGateways: + - name: istio-egressgateway + enabled: false diff --git a/software/configuration/istio-profile/self-issuer.yaml b/software/configuration/istio-profile/self-issuer.yaml new file mode 100644 index 00000000..14e5b8c5 --- /dev/null +++ b/software/configuration/istio-profile/self-issuer.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: istio-system +spec: + selfSigned: {} diff --git a/stamp/README.md b/stamp/README.md deleted file mode 100644 index 7e2e6b0c..00000000 --- a/stamp/README.md +++ /dev/null @@ -1 +0,0 @@ -# Gitops Platform Configuration \ No newline at end of file diff --git a/stamp/applications/kustomize.yaml b/stamp/applications/kustomize.yaml new file mode 100644 index 00000000..ee958a10 --- /dev/null +++ b/stamp/applications/kustomize.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: osdu-bicep + namespace: flux-system +spec: + interval: 5m0s + ref: + branch: main + url: https://github.com/azure/osdu-bicep +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: application-component-podinfo + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/applications/podinfo + prune: true + wait: true + healthChecks: + - kind: Deployment + name: podinfo + namespace: podinfo + - kind: Deployment + name: podinfo-redis + namespace: podinfo +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: application-component-elastic-search + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/applications/elastic-search + prune: true + wait: true +# --- +# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +# kind: Kustomization +# metadata: +# name: application-component-devsample +# namespace: flux-system +# spec: +# interval: 1h +# retryInterval: 1m +# timeout: 5m +# sourceRef: +# kind: GitRepository +# name: flux-system +# path: ./software/applications/dev-sample +# prune: true +# wait: true diff --git a/stamp/components/kustomize.yaml b/stamp/components/kustomize.yaml new file mode 100644 index 00000000..922e25e9 --- /dev/null +++ b/stamp/components/kustomize.yaml @@ -0,0 +1,133 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: software-component-certificates + namespace: flux-system +spec: + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/components/cert-manager + prune: true + wait: true + healthChecks: + - kind: Deployment + name: cert-manager + namespace: cert-manager +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: software-component-elastic + namespace: flux-system +spec: + dependsOn: + - name: software-component-certificates + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/components/elastic-operator + prune: true + wait: true + healthChecks: + - kind: StatefulSet + name: elastic-system + namespace: elastic-operator +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: software-configuration-elastic + namespace: flux-system +spec: + dependsOn: + - name: software-component-elastic + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/configuration/elastic + prune: true +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: software-component-istio + namespace: flux-system +spec: + dependsOn: + - name: software-component-certificates + interval: 1h + retryInterval: 1m + timeout: 5m + sourceRef: + kind: GitRepository + name: flux-system + path: ./software/components/istio-ingress + prune: true + wait: true + healthChecks: + - kind: Gateway + name: istio-external-gateway + namespace: aks-istio-ingress + - kind: Gateway + name: istio-internal-gateway + namespace: aks-istio-ingress +########### +# The following will deploy Istio from OpenSource +########### +# --- +# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +# kind: Kustomization +# metadata: +# name: software-component-istio +# namespace: flux-system +# spec: +# dependsOn: +# - name: software-component-certificates +# interval: 1h +# retryInterval: 1m +# timeout: 5m +# sourceRef: +# kind: GitRepository +# name: flux-system +# path: ./software/components/istio-operator +# prune: true +# wait: true +# healthChecks: +# - kind: Deployment +# name: istio-system +# namespace: istio-operator +# --- +# apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +# kind: Kustomization +# metadata: +# name: software-configuration-istio +# namespace: flux-system +# spec: +# dependsOn: +# - name: software-component-istio +# interval: 1h +# retryInterval: 1m +# timeout: 5m +# sourceRef: +# kind: GitRepository +# name: flux-system +# path: ./software/configuration/istio-profile +# prune: true +# healthChecks: +# - kind: Deployment +# name: istiod +# namespace: istio-system +# - kind: Deployment +# name: istio-ingressgateway +# namespace: istio-system