Skip to content

merge master -> prod #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
viv-4 wants to merge 145 commits into
base: prod
Choose a base branch
from
Open

merge master -> prod #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
145 commits
Select commit Hold shift + click to select a range
f74a4f2
doc(readme): add missing `cd ansible`
w-le Sep 1, 2023
0f22806
Revert "chore(etcd): remove persistence"
viv-4 Sep 15, 2023
9e3d69c
chore(postgres): remove pgpool proxy
viv-4 Oct 11, 2023
0d19ddf
feat(placeos): 2.2310.1
viv-4 Oct 11, 2023
53f6502
feat(core): use pod IP for ETCD registration
viv-4 Nov 1, 2023
4ef0583
chore(readme): update helm repos
viv-4 Nov 10, 2023
ae21925
chore(readme): update k8s version compatibility
viv-4 Nov 10, 2023
f589c97
feat(nginx): upgrade ingress-nginx and helm readme
viv-4 Nov 28, 2023
d58d0fe
fix(nginx): snippet annotation templating
viv-4 Nov 28, 2023
613777a
feat(aks): internal load balancer option with ansible
viv-4 Nov 30, 2023
2ffde7b
chore(readme): typo
viv-4 Nov 30, 2023
41ee7ee
chore(charts): update placeos
viv-4 Dec 14, 2023
ee1ba68
chore(staff): use internal PLACE_URI (#87)
viv-4 Jan 23, 2024
72dccb4
feat(frontend): use statefulset for ha (#89)
viv-4 Mar 6, 2024
96a6a11
PlaceOS 2.2404.x - Remove ETCD - Use Build Service (#90)
viv-4 Apr 25, 2024
a622a9b
chore(redis): increase default cpu limit
viv-4 May 22, 2024
18acd7f
feat(dispatch): add knx port to internal lb
viv-4 Jul 22, 2024
0680ba1
feat(dispatch): preserve remote device IP
viv-4 Jul 25, 2024
be35a76
feat(placeos): 2.2407.1
viv-4 Aug 5, 2024
395502e
chore(source): add resource request & limit
viv-4 Aug 19, 2024
b8bfbb8
feat(ops): backup, migration & update jobs
viv-4 Nov 5, 2024
78703d7
feat(ops): add secret rotate job
viv-4 Nov 7, 2024
a69541e
chore(ops): forbid concurrency on ops jobs
viv-4 Nov 7, 2024
b4b136f
Feat/metrics (#91)
viv-4 Nov 7, 2024
efd4b0a
fix(ci): properly exclude tests and templates from kube-linter
viv-4 Nov 7, 2024
b7bf23f
fix(ci): quote find command
viv-4 Nov 7, 2024
3fd8946
fix(ci): escape \ in `find`
viv-4 Nov 7, 2024
265cb93
Test/ci (#92)
viv-4 Nov 7, 2024
d4530a0
chore(ops): fix secret job
viv-4 Nov 7, 2024
998fb3d
chore(upgrade): use container index in patch command
viv-4 Nov 8, 2024
aa18ea2
chore(placeos): 2.2411.0
viv-4 Nov 11, 2024
82a4657
chore(openshift): improve defaults
viv-4 Nov 11, 2024
00a9cef
chore(ops): tools container name
viv-4 Nov 11, 2024
0ab822b
chore(openshift): add default service account
viv-4 Nov 11, 2024
b8086fa
fix(openshift): service account definitions
viv-4 Nov 11, 2024
dc6a934
chore(openshift): add storageClassName to values.yaml & complete reso…
viv-4 Nov 13, 2024
9aaa186
chore(openshift): disable runAsUser
viv-4 Nov 13, 2024
626d5f7
feat(jobs): create domain
viv-4 Nov 17, 2024
231cde5
chore(jobs): add domain readme
viv-4 Nov 17, 2024
fc8034c
feat(proxy): add proxy env var placeholders
viv-4 Nov 19, 2024
6e60138
fix(nginx): correct label for affinity
viv-4 Nov 26, 2024
55d64a8
fix(metrics): node exporter limits
viv-4 Nov 28, 2024
1b4e752
chore(tempo): enable opentelemetry, disable jaeger
viv-4 Dec 6, 2024
ff3a4a1
chore(ops): handle list of job statuses
viv-4 Dec 10, 2024
a38e9e2
chore(api): update deprecated search-ingest env var
viv-4 Dec 10, 2024
d3c24dc
chore(placeos): 2.2412.2
viv-4 Dec 10, 2024
6d7c68b
chore(ops): update backup job placeos version after success
viv-4 Dec 11, 2024
9ca6121
chore(logs): remove multiline config
viv-4 Dec 11, 2024
e2f4100
chore(metrics): change network arrows
viv-4 Jan 13, 2025
3ca3628
chore(logs): cleanup containerd logs
viv-4 Jan 20, 2025
8710898
chore(logging): limit promtail output to placeos namespace
viv-4 Jan 20, 2025
2caf2eb
chore(promtail): reduce label cardinality
viv-4 Jan 21, 2025
497568f
feat(logs): add json expressions
viv-4 Jan 21, 2025
58ec33f
feat(dashboards): improve placeos metrics dashboard
viv-4 Jan 21, 2025
564628f
chore(metrics): readme - placeos logging format
viv-4 Jan 21, 2025
48a756c
chore(metrics): disable tempo
viv-4 Jan 21, 2025
2ceb51e
feat(metrics): add cpu,mem,vol % for alerting
viv-4 Jan 22, 2025
1884001
feat(alerts): add basic basic alerts and chat config template
viv-4 Jan 22, 2025
f36963c
fix(backup): fail job on backup failure
viv-4 Feb 13, 2025
cce6a26
fix(backup): failure check string
viv-4 Feb 13, 2025
ffe11c4
chore(backup): preserve pod logs while checking for failure
viv-4 Feb 13, 2025
4f8aa2c
feat(metrics): driver exec count + times
viv-4 Feb 17, 2025
b0c42d2
fix(ci): template helm files for linting (#93)
viv-4 Feb 17, 2025
6ed3fde
fix(metrics): driver exec json parsing
viv-4 Feb 17, 2025
f3bc605
feat(ci): lint placeos chart (#94)
viv-4 Feb 17, 2025
785adb2
chore(ci): bump kube-linter version
viv-4 Feb 17, 2025
fa9fee2
feat(frontend): use unprivileged nginx alpine
viv-4 Feb 18, 2025
ecc9548
fix(security): nginx nonroot & remove privilege escalation
viv-4 Feb 18, 2025
f8e64b9
fix(security): nginx sidecar use httpDepoyment securityContext
viv-4 Feb 18, 2025
affd9de
chore(resources): add init & dispatch resouces
viv-4 Feb 18, 2025
00abacd
fix(security): frontend & nginx read only root filesyetem
viv-4 Feb 18, 2025
37a1910
fix(frontend): read only root filesytem
viv-4 Feb 18, 2025
7c55099
fix(security): api read only root filesyetem
viv-4 Feb 19, 2025
6d756d8
fix(security): core read only root filesyetem
viv-4 Feb 19, 2025
36932d2
feat(health): identify liveness and readiness requests with querey pa…
viv-4 Mar 6, 2025
f39d292
feat(metrics): improve request status & driver stats
viv-4 Mar 17, 2025
c07a9e6
chore(metrics): improve error count panels
viv-4 Mar 18, 2025
752a83f
fix(metrics): time step for error panels
viv-4 Mar 18, 2025
460a35a
chore(openshift): lower elastic volume size
viv-4 Mar 25, 2025
1231104
chore(openshift): service account name template value
viv-4 Mar 25, 2025
07dc9e1
chore(metrics): driver running errors
viv-4 Mar 27, 2025
b9d5867
feat(alerts): add error alert rules
viv-4 Apr 2, 2025
6c53107
chore(grafana): error alert filename typo
viv-4 Apr 3, 2025
630b42a
feat(db): cnpg postgres dashboard
viv-4 Apr 13, 2025
a176b85
fix(db): postgres dashbaord uid
viv-4 Apr 13, 2025
1cd5694
feat(jobs): add user
viv-4 Apr 15, 2025
b6a1281
chore(ansible): add nginx annotation risk level
viv-4 Apr 30, 2025
8aa95fb
fix(arm): update redis and elastic for arm images
KesterJJ Apr 30, 2025
aea79da
chore(ingress): update nginx chart version
KesterJJ Apr 30, 2025
6acf55d
Merge branch 'prod' into master
viv-4 Apr 30, 2025
ed7faf6
chore(resources): dev resources
viv-4 Apr 30, 2025
6eac6f0
fix(helm): use specific elastic and redis version tags
viv-4 May 7, 2025
a0c2039
chore(helm): update charts
viv-4 May 12, 2025
6418d75
chore(metrics): prometheus chart resources
viv-4 May 12, 2025
f7c08d1
chore(metrics): kube-state-metrics & memcached resources
viv-4 May 12, 2025
9ae0b01
chore(pods): add/update placeos pod priority class definitions
viv-4 May 12, 2025
272104c
chore(pods): add third-party pod priority class definitions
viv-4 May 12, 2025
1736086
chore(pods): add third-party pod priority class definitions
viv-4 May 12, 2025
992704e
fix(helm): third-party pod prio value
viv-4 May 12, 2025
cbfa2a4
fix(proxy): remove empty proxy env vars
viv-4 May 13, 2025
a165daa
fix(proxy): ansible - remove empty proxy env vars
viv-4 May 13, 2025
5876d4f
chore(metrics): remove redundant memcached resources
viv-4 May 14, 2025
64c8aca
chore(upgrade): fix job name output
viv-4 May 14, 2025
a415602
feat(metrics): ingress-nginx dashboards
viv-4 May 23, 2025
cbeee5d
fix(jobs): base64 secret values
viv-4 May 26, 2025
5db96ac
feat(network): grafana -> influx network policy
viv-4 May 26, 2025
62241d5
chore(placeos): bump version to 2.2504.2
viv-4 Jun 6, 2025
1d61523
chore(ci): bump azure/setup-helm version
viv-4 Jun 6, 2025
115aac2
feat(grafana): add subpath ingress config
viv-4 Jun 11, 2025
1131ffc
chore(readme): typo
viv-4 Jun 11, 2025
e154333
chore(grafana): custom ingress path type & cert values
viv-4 Jun 24, 2025
9b4bd57
feat(postgres): upgrade to v17
viv-4 Jul 3, 2025
ef21577
chore(jobs): secret rotate job tag & image pull policy
viv-4 Jul 8, 2025
e4158bc
chore(dashboard): increase network io panel width
viv-4 Jul 10, 2025
9ede52f
feat(affinity): placeos anti-affinity rules
viv-4 Jul 15, 2025
57e5757
feat(affinity): elastic anti-affinity rules
viv-4 Jul 15, 2025
e00b4f6
chore(readme): update required versions
viv-4 Jul 30, 2025
60f1d1c
chore(readme): bump ansible version
viv-4 Jul 31, 2025
4a06b71
fix(ansible): define release name for releasevars role
viv-4 Jul 31, 2025
8302ec9
fix(ansible): use kubernetes.core collection
viv-4 Jul 31, 2025
3d6a143
chore(aws): add aws to ansible readme
viv-4 Jul 31, 2025
b0ae89f
fix(aws): use gp2 (default) storage class
viv-4 Jul 31, 2025
51ace51
chore(init): keep init pod logs available for 1 hour
viv-4 Aug 6, 2025
d50be6c
Revert "chore(init): keep init pod logs available for 1 hour"
viv-4 Aug 7, 2025
cb30d24
chore: update PlaceOS version to 2507 (#99)
KesterJJ Aug 5, 2025
067f220
feat(ops): add local postgres backup cron job
viv-4 Aug 13, 2025
ca881b9
feat(ops): restart cron
viv-4 Sep 12, 2025
dbd39af
feat(core): CORE_HOST use internal pod DNS
viv-4 Sep 12, 2025
a4bac98
chore(core): revert CORE_HOST to pod IP
viv-4 Sep 24, 2025
7edfef2
chore(placeos): 2.2509.2
viv-4 Sep 24, 2025
afbb9ea
chore(metrics): use legacy repo
viv-4 Oct 6, 2025
a44561f
feat(templates): add cluster-info configmap and instructions
viv-4 Oct 16, 2025
a291dc4
feat(templates): add cluster-info configmap and instructions (charts)
viv-4 Oct 16, 2025
9c5bf8c
chore(images): use bitnamilegacy repo
viv-4 Oct 16, 2025
d97f1fb
fix(bitnami): allow custom image repos
viv-4 Oct 16, 2025
9fb4676
fix(images): seperate registry value
viv-4 Oct 16, 2025
ef5f6cd
feat(placeos): 2.2511.1
viv-4 Nov 19, 2025
6438651
feat(jobs): add db restore job
viv-4 Jan 20, 2026
45f3a02
chore(ingress): increase api ingress proxy read timeout
viv-4 Feb 11, 2026
f76b2ce
chore(ansible): allow secret value override
viv-4 Feb 16, 2026
eb98e8a
feat(ansible): get deployed secret & cluster-info values on upgrade
viv-4 Feb 16, 2026
b64f630
feat(placeos): 2.2602.5
viv-4 Feb 16, 2026
4c8d128
chore(redis): buffer limits
viv-4 Feb 16, 2026
ad08bbb
fix(gke): elastic memory typo
viv-4 Feb 17, 2026
6d32bb6
feat(ansible): base variables
viv-4 Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ jobs:
mv charts/placeos/Chart.yaml.tmp charts/placeos/Chart.yaml

- name: Set Up Helm
uses: azure/setup-helm@v1
uses: azure/setup-helm@v4.3.0
with:
version: v3.16.3
version: v3.18.2

- name: Template Helm Charts
run: |
Expand Down
35 changes: 28 additions & 7 deletions ansible/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,29 +11,30 @@ Contains 4 roles:

## Prerequisites

- Ansible >= 2.9 on Python 3
- Ansible >= 2.17 on Python 3

- Openshift python library. To install `pip install openshift`

- Install the community.kubernetes Ansible collection: `ansible-galaxy collection install community.kubernetes`
- Install the kubernetes.core Ansible collection: `ansible-galaxy collection install kubernetes.core`

- Review the requirements for the [Ansible helm wrapper](https://docs.ansible.com/ansible/2.10/collections/community/kubernetes/helm_module.html)
- Review the requirements for the [Ansible helm wrapper](https://docs.ansible.com/ansible/2.10/collections/kubernetes.core/helm_module.html)

- GKE: a Cloud Armor Security must exist for the Load Balancer to associate with

Note: Tested with:

- Ansible collection `community.kubernetes:1.0.0`
- k8s versions 1.19 - 1.23
- Helm v3.3.1
- Ansible: 2.17
- Ansible collection: `kubernetes.core:6.0.0`
- Kubernetes: 1.27 - 1.33
- Helm: v3.17.3

## Executing

To deploy:

```sh
# Install reprequisites
ansible-galaxy collection install community.kubernetes
ansible-galaxy collection install kubernetes.core

# Update helm dependencies from charts directory
helm dependency update ./charts/placeos
Expand All @@ -42,6 +43,17 @@ helm dependency update ./charts/placeos
cd ansible
```

Set cluster info values in the relevant inventory `host_vars/k8s.yaml` file:
(or use `-e` flags to set when running the playbook)

```yaml
# Cluster Info ConfigMap (used by admins and upgrade jobs)
cluster_info:
name: "default" # eg. PlaceOS PROD
environment: "default" # eg. production, staging, development
region: "default" # eg. australiaeast
```

### Local deployment to k3d
```sh
# Check first be for deploying
Expand Down Expand Up @@ -74,6 +86,15 @@ ansible-playbook placeos.yaml -i inventories/aks/ -e "internalLB=true"
ansible-playbook placeos-network-policies.yaml
```

### AWS deployment
```sh
# Check first be for deploying
ansible-playbook placeos.yaml -i inventories/gke/ --check
# Define the placeDomain value when running:
ansible-playbook placeos.yaml -i inventories/gke/ -e "placeDomain={domain/{external IP.sslip.io}}"
ansible-playbook placeos-network-policies.yaml
```

To cleanup:

```sh
Expand Down
Loading
Loading