From b71193dd91f44f2f66620ff1e554d770c4da5899 Mon Sep 17 00:00:00 2001 From: Georgiana Dolocan Date: Wed, 4 Dec 2024 14:43:41 +0200 Subject: [PATCH] Add maap support and basic general config --- config/clusters/maap/cluster.yaml | 37 ++++++++++++++++ .../maap/enc-deployer-credentials.secret.json | 25 +++++++++++ .../maap/enc-support.secret.values.yaml | 17 ++++++++ config/clusters/maap/support.values.yaml | 42 +++++++++++++++++++ 4 files changed, 121 insertions(+) create mode 100644 config/clusters/maap/cluster.yaml create mode 100644 config/clusters/maap/enc-deployer-credentials.secret.json create mode 100644 config/clusters/maap/enc-support.secret.values.yaml create mode 100644 config/clusters/maap/support.values.yaml diff --git a/config/clusters/maap/cluster.yaml b/config/clusters/maap/cluster.yaml new file mode 100644 index 000000000..c0a00cdab --- /dev/null +++ b/config/clusters/maap/cluster.yaml @@ -0,0 +1,37 @@ +name: maap +provider: aws # https://916098889494.signin.aws.amazon.com/console +aws: + key: enc-deployer-credentials.secret.json + clusterType: eks + clusterName: maap + region: us-west-2 + billing: + paid_by_us: false +support: + helm_chart_values_files: + - support.values.yaml + - enc-support.secret.values.yaml +hubs: + [] + # Uncomment the lines below once the support infrastructure was deployed and + # you are ready to add the first cluster + + # - name: staging + # # Tip: consider changing this to something more human friendly + # display_name: "maap - staging" + # domain: staging.maap.2i2c.cloud + # helm_chart: basehub + # helm_chart_values_files: + # - common.values.yaml + # - staging.values.yaml + # - enc-staging.secret.values.yaml + + # - name: prod + # # Tip: consider changing this to something more human friendly + # display_name: "maap - prod" + # domain: prod.maap.2i2c.cloud + # helm_chart: basehub + # helm_chart_values_files: + # - common.values.yaml + # - prod.values.yaml + # - enc-prod.secret.values.yaml diff --git a/config/clusters/maap/enc-deployer-credentials.secret.json b/config/clusters/maap/enc-deployer-credentials.secret.json new file mode 100644 index 000000000..26f2d8e9a --- /dev/null +++ b/config/clusters/maap/enc-deployer-credentials.secret.json @@ -0,0 +1,25 @@ +{ + "AccessKey": { + "AccessKeyId": "ENC[AES256_GCM,data:JMiFl1UnzusCQNlEOBsYvHa+9Uo=,iv:CC0kCAIAbQXtJE4aWfvXd63FWVSuO9To2L8aKkHRgo4=,tag:r2ZlXvm+UtsVyim0WI0M9Q==,type:str]", + "SecretAccessKey": "ENC[AES256_GCM,data:w6Agme4BM109uRDH2CXIp9ffqeD6xXe/Rw6ed2X8uN42CecK1vamNQ==,iv:7eEROA5OrThNMgq9dsHeVyFFsSUbksmt1kA0f5dBDXA=,tag:5UD9cGGNEKvw20Cril4evw==,type:str]", + "UserName": "ENC[AES256_GCM,data:GcAK1BJTZVmJGoVxeRb4zErA7RA371Y=,iv:6udAmDeSfJ2DO8j+/aINVF4PSjhQs+j5BxBSA2llB9Y=,tag:zYLlltSLTCH01wxrr5mffg==,type:str]" + }, + "sops": { + "kms": null, + "gcp_kms": [ + { + "resource_id": "projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs", + "created_at": "2024-12-04T12:21:40Z", + "enc": "CiUA4OM7eOtAu8gt5nq+Tr+m64LsqMU7YruHfYzFWFswrGfKO5SgEkkAnGhyNghFbi9rWO0BUsWs199nUCTeQOOebtO8KFEMrbH5bejuZDyjRar2fU3WyUKxlBRuywgZySqZgJ9Ut+LDL+c2LdWZD+Qz" + } + ], + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2024-12-04T12:21:41Z", + "mac": "ENC[AES256_GCM,data:kuyRynza4+RG2CGJyYQgUqjLAEZiCrjRvTpR/ciO0yKoRhFzykkbg12J/1y4M4eqlsezvUfyqE+EUtsBaISH1mg8nIuchHi6sRz9XAjQeLX3cwrEPlItH7sUjjGOTbRhcHna+zXVoM2q6gxIpEdNaNq/vPtAKs9TGCRRkw1NfSQ=,iv:RvP7hU6/6kJOBStTO5FEACDPwDA5tBYvjEptdGDRcOA=,tag:as4VS4owv5yZ2c0s+lbZ8A==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/config/clusters/maap/enc-support.secret.values.yaml b/config/clusters/maap/enc-support.secret.values.yaml new file mode 100644 index 000000000..b1ae64f29 --- /dev/null +++ b/config/clusters/maap/enc-support.secret.values.yaml @@ -0,0 +1,17 @@ +prometheusIngressAuthSecret: + username: ENC[AES256_GCM,data:1Fs5zwh1wn4/8KWnSoswC/KiW/1jw8CJxUSnOLne6KRI1W9uftsJt43FmRdzQMqsiadc291Jo74/YWBFBC1khw==,iv:ouHNVDQcyfsHQ7zj144fVEfqQX7oIez0uLmCDeO47dw=,tag:MxKMSNP+DVTBdQbBRIxA+Q==,type:str] + password: ENC[AES256_GCM,data:qtItFIiARguwpejHWHBDSoKOl4uilmXgEkC4nBonqqWoCkMBHBDFCAr7qbH+fwep+1+yNUkuDXKJE6l0zp/gqw==,iv:8Pcbr2lulRPc0wPYOtgLez2lBLa+PKfxmd/SA75VLpY=,tag:mzZukJ3yv+IPxxDO22O9Sg==,type:str] +sops: + kms: [] + gcp_kms: + - resource_id: projects/two-eye-two-see/locations/global/keyRings/sops-keys/cryptoKeys/similar-hubs + created_at: "2024-12-04T11:17:12Z" + enc: CiUA4OM7eInxKKOnVMfm7f3ZEMUF8+vdF7TSx3WQo65HugraH6wMEkkAnGhyNpIACP7jUyAu/WPOXEmSwhwAXVaQGCMbgWbeuh0A+qvSUieMHE53t/VCgGa5n0Dnitr/jqchmhNaJQfs4GyoxgF3RbAp + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-12-04T11:17:12Z" + mac: ENC[AES256_GCM,data:9hrfgDF4tkpynItWcIkFTIGF8GRxeCXm0vcdMwcuNAx4E/vC/WMKxES3LFK2ygNzSljKZ3C76F3ipHjEioognquZQoEZWF22tAcJHFfc1VGa9iR6Dh22z4X33UcEZFELXBDJUPI01YWEOybqx74Khd13Yo8ht61vnUsDEbvEPTY=,iv:EwWG5H90WIEoX1T46DDaSvascSafppbtRvQPW9byerY=,tag:wDIatpNvUyHBzLSqzhabkQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/config/clusters/maap/support.values.yaml b/config/clusters/maap/support.values.yaml new file mode 100644 index 000000000..a80ae4598 --- /dev/null +++ b/config/clusters/maap/support.values.yaml @@ -0,0 +1,42 @@ +prometheusIngressAuthSecret: + enabled: true + +prometheus: + server: + ingress: + enabled: true + hosts: + - prometheus.maap.2i2c.cloud + tls: + - secretName: prometheus-tls + hosts: + - prometheus.maap.2i2c.cloud + +grafana: + grafana.ini: + server: + root_url: https://grafana.maap.2i2c.cloud/ + auth.github: + enabled: true + allowed_organizations: 2i2c-org + ingress: + hosts: + - grafana.maap.2i2c.cloud + tls: + - secretName: grafana-tls + hosts: + - grafana.maap.2i2c.cloud + +aws-ce-grafana-backend: + enabled: true + envBasedConfig: + clusterName: maap + serviceAccount: + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::916098889494:role/aws_ce_grafana_backend_iam_role + +cluster-autoscaler: + enabled: true + autoDiscovery: + clusterName: maap + awsRegion: us-west-2