From 32d4ce25ab9b68ba56f8974693147bb8d8d7c3dd Mon Sep 17 00:00:00 2001 From: Darwin Rinderer Date: Wed, 10 Jan 2024 11:57:32 -0500 Subject: [PATCH] Adding sealedsecret --- .../prod/helium/entity-invalidator.yaml | 18 ++++++++++++++---- .../web-cluster/prod/helium/metadata.yaml | 7 +++---- .../prod/helium/sealed-cloudflare-secrets.yaml | 16 ++++++++++++++++ .../sdlc/helium/entity-invalidator.yaml | 2 +- 4 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 manifests/web-cluster/prod/helium/sealed-cloudflare-secrets.yaml diff --git a/manifests/web-cluster/prod/helium/entity-invalidator.yaml b/manifests/web-cluster/prod/helium/entity-invalidator.yaml index def2ae54..d797f344 100644 --- a/manifests/web-cluster/prod/helium/entity-invalidator.yaml +++ b/manifests/web-cluster/prod/helium/entity-invalidator.yaml @@ -10,7 +10,7 @@ spec: failedJobsHistoryLimit: 3 jobTemplate: spec: - backoffLimit: 3 + backoffLimit: 10 template: metadata: labels: @@ -21,7 +21,7 @@ spec: serviceAccountName: invalidation-role containers: - name: entity-invalidator - image: public.ecr.aws/v0j6k5v6/entity-invalidator:0.0.7 + image: public.ecr.aws/v0j6k5v6/entity-invalidator:0.0.8 imagePullPolicy: IfNotPresent env: - name: PGHOST @@ -36,5 +36,15 @@ spec: value: monitoring - name: PGSSLMODE value: no-verify - - name: CLOUDFRONT_DISTRIBUTION - value: EO5ODEGCJ6FK + - name: DOMAIN + value: https://entities.nft.helium.io + - name: CLOUDFLARE_API_TOKEN + valueFrom: + secretKeyRef: + name: cloudflare-secrets + key: CLOUDFLARE_API_TOKEN + - name: CLOUDFLARE_ZONE_ID + valueFrom: + secretKeyRef: + name: cloudflare-secrets + key: CLOUDFLARE_ZONE_ID \ No newline at end of file diff --git a/manifests/web-cluster/prod/helium/metadata.yaml b/manifests/web-cluster/prod/helium/metadata.yaml index dfcbdc21..2a483f23 100644 --- a/manifests/web-cluster/prod/helium/metadata.yaml +++ b/manifests/web-cluster/prod/helium/metadata.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: public-monitoring-rds-read-replica-monitoring-user-access containers: - name: metadata - image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.25 + image: public.ecr.aws/v0j6k5v6/entity-metadata-service:0.0.29 imagePullPolicy: IfNotPresent ports: - containerPort: 8081 @@ -98,8 +98,7 @@ metadata: annotations: nginx.ingress.kubernetes.io/limit-rps: "50" nginx.ingress.kubernetes.io/limit-burst-multiplier: "50" - external-dns.alpha.kubernetes.io/hostname: "d2sqvm859jhkhq.cloudfront.net" - external-dns.alpha.kubernetes.io/ingress-hostname-source: "annotation-only" + external-dns.alpha.kubernetes.io/exclude: "true" # Tell external-dns not to manage DNS for metadata ingress since it's being handled out of band in Cloudflare spec: ingressClassName: nginx rules: @@ -124,7 +123,7 @@ spec: apiVersion: apps/v1 kind: Deployment name: metadata - minReplicas: 2 + minReplicas: 4 maxReplicas: 15 metrics: - type: Resource diff --git a/manifests/web-cluster/prod/helium/sealed-cloudflare-secrets.yaml b/manifests/web-cluster/prod/helium/sealed-cloudflare-secrets.yaml new file mode 100644 index 00000000..3f0a0324 --- /dev/null +++ b/manifests/web-cluster/prod/helium/sealed-cloudflare-secrets.yaml @@ -0,0 +1,16 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: cloudflare-secrets + namespace: helium +spec: + encryptedData: + CLOUDFLARE_API_TOKEN: AgAj97/MLN+98MR9ucSoeLP1PGnGJYI7s2xlbb6cU0Gd5nx6sphDvxY0Y5kv9MiIkwDkN76dfXyqPulQSObB+1RLErMRr72230cQWVzZeLokO0HRupP9jDVkVB3OoK/G0NCwbM7kNz9K88hdVXXI1ujo+wBMhTsede+EKbj5mgYTrYVnlQG7suGaT8BPqRJUnYfcHnmbymJmE5E9RQILoTZPOCKgXwLIs7d2Azzg0OmR2eTYdtKMa6xYb4yEbtRao5se9MKi4tXukA6/1eA04LidfmbOcpTbkVLJDKCVmO98j6TGUjHZLKKOIIRZax5Y9LvaGc2eA4f4+nJh7mZGPwWccyLELYr5L/VwZr4g6FCbRtGewa9+wH6cT+rH3C8AjiJvPAyatZjx6skovN81Bh+cUS4nmB4Yt4Zdto26rr5n7yBz9S/XahRl/eMf96XY44leeQ1MzJzNohMuFFU7guqB50qpEPsfZGez4aN7ljSH7nivUPAGI6mq+YclqxS2zkTOZZUsaO0rNfOzOVZtJezyl27TsprkjJmcgMIS/xyfst4sxkDzPBoEaaAZXNOb3ZQQjh/CIMUSfXS0RNZNMIByFMG0J5G8NIyivohU3DjjrqkPmIvdMqHK/hydofKJnSUwsSvMIc8KG2JGeOpvlhRc70LNfrzelPyT0Z/RCvqR2DUoG2CSB2tA+cT02JKaNkc10SC2jPdfgBeIIAAxlHtfFZiv7372oEKBJefnkpm+/iNFr0svYSRg + CLOUDFLARE_ZONE_ID: AgA1+j7amtBq5eVvxXwkFfFPm93upKxViJZIoGdfcn8g9QMIAP0dg5LhXG/AyXGiNyik2Pwviapa4YPn7D1N5IKaYIHcyI4Xt9GrFEvRl5BpZQvZzpVl88EXpJTwuFZZEPa/2CUGRYM/tBE3XmH3wyGG3k98u7gW/1bjrOGsHYlMrWK4T53c1qM3mI5aBIXmomL3Y61SvE3fAbKxsDoyRFX4tghK42Fcd3qgDnnv+Fm4usU/ZUo8Kx7KOE2QZAAN9WETbPXeq/X38lssObTKQ+tRMEn+aNK0rtmP8DGpLXfs5BThnqpGiIlKHqIsyHW32JB4bqnal6/KfsmunDrm7l9zS7hYerEWkoT9NksdOQhb7uhgJS0gheFnsmv7OXNONlW6hQ2g/U+Ui4hfpcy43yK7/ZHhIUBhs+GHENP65unn/7x0g63NQjk3YOq7uwVbN1/RpNcXg8m7j/nFlSQ3ZJ8ayMtv7OXjcbAfDOpbJa/aeL9Qnd9ef9nolDsYbr590Po6n++TgIepUvC4US8OH+yX/3JS6Zhmp78DTPGaQfKj60+OwxDb90XdD2QSr9BaBVPkJHx/v+wC8eF34yUiScd40j9ytGyj7uRvUestkCSXGLxa4Gw66IIZQVnKhKiCXkyijt2T2vAcDM+B7dlRXcupKwXMiLP8r5iF7c0PvspVSMwZMfN9hZike2DbtKIATCzsjUh28zrzLS6NcpUGKswvY+WIFNfTH/LELdnaOSuUUg== + template: + metadata: + creationTimestamp: null + name: cloudflare-secrets + namespace: helium + type: Opaque \ No newline at end of file diff --git a/manifests/web-cluster/sdlc/helium/entity-invalidator.yaml b/manifests/web-cluster/sdlc/helium/entity-invalidator.yaml index 7f9c48df..14ec2afb 100644 --- a/manifests/web-cluster/sdlc/helium/entity-invalidator.yaml +++ b/manifests/web-cluster/sdlc/helium/entity-invalidator.yaml @@ -10,7 +10,7 @@ spec: failedJobsHistoryLimit: 3 jobTemplate: spec: - backoffLimit: 3 + backoffLimit: 10 template: metadata: labels: