feat: SOPS + age encrypted secrets structure
- .sops.yaml with 3 age keys (admin, dev, prod) - infra/gitea/values/*.enc.yaml — per-env encrypted Helm values - infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets - kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops) - infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops - All repoURLs point to deploy-app-kargo-private Structure from deploy-app-kargo (reference), adapted for SOPS workflow
This commit is contained in:
XoR
37
kargo/infra/verification/prod-health-check.yaml
Normal file
37
kargo/infra/verification/prod-health-check.yaml
Normal file
@@ -0,0 +1,37 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AnalysisTemplate
|
||||
metadata:
|
||||
name: prod-health-check
|
||||
namespace: infra
|
||||
spec:
|
||||
metrics:
|
||||
- name: pod-health
|
||||
successCondition: result == "healthy"
|
||||
provider:
|
||||
job:
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
serviceAccountName: kargo-verifier
|
||||
containers:
|
||||
- name: check
|
||||
image: alpine/k8s:1.35.1
|
||||
command: [sh, -c]
|
||||
args:
|
||||
- |
|
||||
set -e
|
||||
echo "Checking pod health..."
|
||||
cm=$(kubectl get pods -n cert-manager --no-headers 2>/dev/null | grep -c Running || echo 0)
|
||||
echo "cert-manager running pods: $cm"
|
||||
ar=$(kubectl get pods -n argo-rollouts --no-headers 2>/dev/null | grep -c Running || echo 0)
|
||||
echo "argo-rollouts running pods: $ar"
|
||||
gt=$(kubectl get pods -n gitea --no-headers 2>/dev/null | grep -c Running || echo 0)
|
||||
echo "gitea running pods: $gt"
|
||||
if [ "$cm" -ge 1 ] && [ "$ar" -ge 1 ] && [ "$gt" -ge 1 ]; then
|
||||
echo "healthy"
|
||||
else
|
||||
echo "unhealthy"
|
||||
exit 1
|
||||
fi
|
||||
restartPolicy: Never
|
||||
backoffLimit: 2
|
||||
Reference in New Issue
Block a user