diff --git a/deploy/argocd/application.yaml b/deploy/argocd/application.yaml new file mode 100644 index 0000000..ced1e4a --- /dev/null +++ b/deploy/argocd/application.yaml @@ -0,0 +1,37 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: mas + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: https://gitea0213.kro.kr/bluemayne/mas.git + targetRevision: main + path: deploy/argocd + + destination: + server: https://kubernetes.default.svc + namespace: argocd + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + + syncOptions: + - CreateNamespace=true + + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + + revisionHistoryLimit: 10 + diff --git a/deploy/argocd/kustomization.yaml b/deploy/argocd/kustomization.yaml new file mode 100644 index 0000000..7941720 --- /dev/null +++ b/deploy/argocd/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + # App of Apps Application + - application.yaml + + # MAS Application + - mas.yaml + diff --git a/deploy/argocd/mas.yaml b/deploy/argocd/mas.yaml index 279b05c..90b5c5b 100644 --- a/deploy/argocd/mas.yaml +++ b/deploy/argocd/mas.yaml @@ -3,11 +3,13 @@ kind: Application metadata: name: mas namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: https://gitea0213.kro.kr/bluemayne/mas.git - targetRevision: HEAD + targetRevision: main path: deploy/k8s destination: server: https://kubernetes.default.svc @@ -16,6 +18,14 @@ spec: automated: prune: true selfHeal: true + allowEmpty: false syncOptions: - - CreateNamespace=true + - CreateNamespace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 10 diff --git a/deploy/k8s/deployment.yaml b/deploy/k8s/deployment.yaml index c108a70..d2d296a 100644 --- a/deploy/k8s/deployment.yaml +++ b/deploy/k8s/deployment.yaml @@ -45,10 +45,12 @@ spec: - name: GROQ_API_BASE value: "https://api.groq.com/openai/v1" - name: DATABASE_URL + value: "postgresql+asyncpg://mas_user:$(POSTGRES_PASSWORD)@postgresql.postgresql.svc.cluster.local:5432/mas" + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: mas-postgres - key: database-url + key: password - name: REDIS_URL value: "redis://redis:6379/0" resources: diff --git a/deploy/k8s/kustomization.yaml b/deploy/k8s/kustomization.yaml index 389615f..4ed8688 100644 --- a/deploy/k8s/kustomization.yaml +++ b/deploy/k8s/kustomization.yaml @@ -7,6 +7,7 @@ resources: - namespace.yaml - ../vault/mas-api-keys.yaml - ../vault/mas-postgres.yaml + - ../vault/postgresql-root-password.yaml - deployment.yaml - service.yaml - ingress.yaml diff --git a/deploy/vault/mas-postgres.yaml b/deploy/vault/mas-postgres.yaml index 2ce74c0..207fd1c 100644 --- a/deploy/vault/mas-postgres.yaml +++ b/deploy/vault/mas-postgres.yaml @@ -12,14 +12,6 @@ spec: name: mas-postgres creationPolicy: Owner data: - - secretKey: database-url - remoteRef: - key: mas/postgres - property: DATABASE_URL - - secretKey: username - remoteRef: - key: mas/postgres - property: USERNAME - secretKey: password remoteRef: key: mas/postgres diff --git a/deploy/vault/postgresql-root-password.yaml b/deploy/vault/postgresql-root-password.yaml new file mode 100644 index 0000000..38a676d --- /dev/null +++ b/deploy/vault/postgresql-root-password.yaml @@ -0,0 +1,19 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: postgresql-root-password + namespace: mas +spec: + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: vault-backend + target: + name: postgresql-root-password + creationPolicy: Owner + data: + - secretKey: password + remoteRef: + key: databases/postgresql + property: PASSWORD +