argocd: Move to DragonflyDB and add resource customizations
This commit is contained in:
50
argocd/redis.yaml
Normal file
50
argocd/redis.yaml
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
apiVersion: codemowers.cloud/v1beta1
|
||||||
|
kind: SecretClaim
|
||||||
|
metadata:
|
||||||
|
name: argocd-redis
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
size: 32
|
||||||
|
mapping:
|
||||||
|
- key: redis-password
|
||||||
|
value: "%(plaintext)s"
|
||||||
|
- key: REDIS_URI
|
||||||
|
value: "redis://:%(plaintext)s@argocd-redis"
|
||||||
|
---
|
||||||
|
apiVersion: dragonflydb.io/v1alpha1
|
||||||
|
kind: Dragonfly
|
||||||
|
metadata:
|
||||||
|
name: argocd-redis
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
authentication:
|
||||||
|
passwordFromSecret:
|
||||||
|
key: redis-password
|
||||||
|
name: argocd-redis
|
||||||
|
replicas: 3
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 1Gi
|
||||||
|
topologySpreadConstraints:
|
||||||
|
- maxSkew: 1
|
||||||
|
topologyKey: topology.kubernetes.io/zone
|
||||||
|
whenUnsatisfiable: DoNotSchedule
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
app: argocd-redis
|
||||||
|
app.kubernetes.io/part-of: dragonfly
|
||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: argocd-redis
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: argocd-redis
|
||||||
|
app.kubernetes.io/part-of: dragonfly
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: admin
|
||||||
@@ -5,9 +5,13 @@ global:
|
|||||||
dex:
|
dex:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
# Maybe one day switch to Redis HA?
|
redis:
|
||||||
|
enabled: false
|
||||||
redis-ha:
|
redis-ha:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
externalRedis:
|
||||||
|
host: argocd-redis
|
||||||
|
existingSecret: argocd-redis
|
||||||
|
|
||||||
server:
|
server:
|
||||||
# HTTPS is implemented by Traefik
|
# HTTPS is implemented by Traefik
|
||||||
@@ -23,20 +27,6 @@ server:
|
|||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
|
|
||||||
configfucked:
|
|
||||||
resource.customizations: |
|
|
||||||
# https://github.com/argoproj/argo-cd/issues/1704
|
|
||||||
networking.k8s.io/Ingress:
|
|
||||||
health.lua: |
|
|
||||||
hs = {}
|
|
||||||
hs.status = "Healthy"
|
|
||||||
return hs
|
|
||||||
apiextensions.k8s.io/CustomResourceDefinition:
|
|
||||||
ignoreDifferences: |
|
|
||||||
jsonPointers:
|
|
||||||
- "x-kubernetes-validations"
|
|
||||||
|
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
@@ -81,7 +71,17 @@ configs:
|
|||||||
p, role:developers, applications, update, default/camtiler, allow
|
p, role:developers, applications, update, default/camtiler, allow
|
||||||
cm:
|
cm:
|
||||||
admin.enabled: "false"
|
admin.enabled: "false"
|
||||||
|
resource.customizations: |
|
||||||
|
# https://github.com/argoproj/argo-cd/issues/1704
|
||||||
|
networking.k8s.io/Ingress:
|
||||||
|
health.lua: |
|
||||||
|
hs = {}
|
||||||
|
hs.status = "Healthy"
|
||||||
|
return hs
|
||||||
|
apiextensions.k8s.io/CustomResourceDefinition:
|
||||||
|
ignoreDifferences: |
|
||||||
|
jsonPointers:
|
||||||
|
- "x-kubernetes-validations"
|
||||||
oidc.config: |
|
oidc.config: |
|
||||||
name: OpenID Connect
|
name: OpenID Connect
|
||||||
issuer: https://auth.k-space.ee/
|
issuer: https://auth.k-space.ee/
|
||||||
|
|||||||
Reference in New Issue
Block a user