4dd68859d8
- .sops.yaml with 3 age keys (admin, dev, prod) - infra/gitea/values/*.enc.yaml — per-env encrypted Helm values - infra/kargo/values/*.enc.yaml — per-env encrypted Kargo admin secrets - kargo/credentials/*.enc.yaml — per-env encrypted git credentials (ksops) - infra/kargo-credentials/ — ArgoCD app for deploying Kargo creds via ksops - All repoURLs point to deploy-app-kargo-private Structure from deploy-app-kargo (reference), adapted for SOPS workflow
38 lines
1.4 KiB
YAML
38 lines
1.4 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: AnalysisTemplate
|
|
metadata:
|
|
name: prod-health-check
|
|
namespace: infra
|
|
spec:
|
|
metrics:
|
|
- name: pod-health
|
|
successCondition: result == "healthy"
|
|
provider:
|
|
job:
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: kargo-verifier
|
|
containers:
|
|
- name: check
|
|
image: alpine/k8s:1.35.1
|
|
command: [sh, -c]
|
|
args:
|
|
- |
|
|
set -e
|
|
echo "Checking pod health..."
|
|
cm=$(kubectl get pods -n cert-manager --no-headers 2>/dev/null | grep -c Running || echo 0)
|
|
echo "cert-manager running pods: $cm"
|
|
ar=$(kubectl get pods -n argo-rollouts --no-headers 2>/dev/null | grep -c Running || echo 0)
|
|
echo "argo-rollouts running pods: $ar"
|
|
gt=$(kubectl get pods -n gitea --no-headers 2>/dev/null | grep -c Running || echo 0)
|
|
echo "gitea running pods: $gt"
|
|
if [ "$cm" -ge 1 ] && [ "$ar" -ge 1 ] && [ "$gt" -ge 1 ]; then
|
|
echo "healthy"
|
|
else
|
|
echo "unhealthy"
|
|
exit 1
|
|
fi
|
|
restartPolicy: Never
|
|
backoffLimit: 2
|