Genesis

README.md

@@ -0,0 +1,8 @@
+# Cluster Deployments
+
+* [ara-server](https://ara.recordsansible.org/)
+* [c19d](https://gitlab.com/smsvc/c19d/)
+
+## Installation
+
+see [argocd-init.yaml in k8s/baseline](https://git.smsvc.net/k8s/baseline/src/branch/main/argocd-init.yml)

manifests/ara-server+cronjob.yml

@@ -0,0 +1,105 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ara-server
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://lib42.github.io/charts
+    targetRevision: "0.3.*"
+    chart: ara
+    helm:
+      values: |
+        ingress:
+          enabled: true
+          hosts:
+            - ara.k8s.smsvc.net
+        persistentVolumes:
+          enabled: true
+          size: 128Mi
+          storageClassName: local-path
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: ara
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 5m
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cronjob-serviceaccount
+  namespace: ara
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ingress-patch-role
+  namespace: ara
+rules:
+  - apiGroups: ["", "extensions", "networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "list", "watch", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ingress-patch-rolebinding
+  namespace: ara
+subjects:
+  - kind: ServiceAccount
+    name: cronjob-serviceaccount
+    namespace: ara
+roleRef:
+  kind: Role
+  name: ingress-patch-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: update-ingress-whitelist
+  namespace: ara
+spec:
+  schedule: '@hourly'
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: cronjob-serviceaccount
+          restartPolicy: Never
+          containers:
+            - name: update-ingress-whitelist
+              image: portainer/kubectl-shell
+              command:
+                - /bin/bash
+                - -c
+                - |
+                  date
+                  DOMAIN=smark.ddns.net
+                  while true; do
+                    IP=$(nslookup $DOMAIN | grep -A1 $DOMAIN | awk 'END {print $NF}')
+                    [[ -n "$IP" ]] && break
+                    sleep 10
+                  done
+                  set -x
+                  kubectl -n ara patch ingress ara-ara-server-ingress --type='json' --patch='[
+                    {
+                      "op": "replace",
+                      "path": "/metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range",
+                      "value":"'$IP'"
+                    }
+                  ]'

manifests/c19d.yml

@@ -0,0 +1,23 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: c19d
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://gitlab.com/smsvc/c19d/covid19data-infrastructure.git
+    targetRevision: HEAD
+    path: k8s-manifests
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: c19d
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true