11 changed files with 25 additions and 78 deletions
--- a/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml
+++ b/clusters/atlas/flux-system/applications/bstein-dev-home/image-automation.yaml
@ -13,14 +13,14 @@ spec:
  git:
    checkout:
      ref:
-        branch: feature/bstein-dev-home
+        branch: feature/ci-gitops
    commit:
      author:
        email: ops@bstein.dev
        name: flux-bot
      messageTemplate: "chore(bstein-dev-home): update images to {{range .Updated.Images}}{{.}}{{end}}"
    push:
-      branch: feature/bstein-dev-home
+      branch: feature/ci-gitops
  update:
    strategy: Setters
    path: services/bstein-dev-home
--- a/clusters/atlas/flux-system/gotk-sync.yaml
+++ b/clusters/atlas/flux-system/gotk-sync.yaml
@ -8,7 +8,7 @@ metadata:
 spec:
  interval: 1m0s
  ref:
-    branch: feature/bstein-dev-home
+    branch: feature/ci-gitops
  secretRef:
    name: flux-system-gitea
  url: ssh://git@scm.bstein.dev:2242/bstein/titan-iac.git
--- a/scripts/dashboards_render_atlas.py
+++ b/scripts/dashboards_render_atlas.py
@ -204,9 +204,7 @@ STUCK_TERMINATING_EXPR = (
    ')) '
    "or on() vector(0)"
 )
-UPTIME_WINDOW = "365d"
-# Keep the subquery step coarse so we don't request an excessive number of points.
-UPTIME_STEP = "1h"
+UPTIME_WINDOW = "30d"
 TRAEFIK_READY_EXPR = (
    "("
    'sum(kube_deployment_status_replicas_available{namespace=~"traefik|kube-system",deployment="traefik"})'
@ -227,7 +225,7 @@ NODE_TIEBREAKER = " + ".join(
    f"({node_filter(node)}) * 1e-6 * {idx}"
    for idx, node in enumerate(CONTROL_ALL + WORKER_NODES, start=1)
 )
-UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:{UPTIME_STEP}])"
+UPTIME_AVG_EXPR = f"avg_over_time(({UPTIME_AVAIL_EXPR})[{UPTIME_WINDOW}:5m])"
 UPTIME_PERCENT_EXPR = UPTIME_AVG_EXPR
 UPTIME_NINES_EXPR = f"-log10(1 - clamp_max({UPTIME_AVG_EXPR}, 0.999999999))"
 UPTIME_THRESHOLDS = {
@ -737,12 +735,12 @@ def build_overview():
        },
        {
            "id": 27,
-            "title": "Atlas Availability",
+            "title": "Atlas Availability (30d)",
            "expr": UPTIME_PERCENT_EXPR,
            "kind": "stat",
            "thresholds": UPTIME_PERCENT_THRESHOLDS,
            "unit": "percentunit",
-            "decimals": 4,
+            "decimals": 3,
            "text_mode": "value",
        },
        {
--- a/services/bstein-dev-home/image.yaml
+++ b/services/bstein-dev-home/image.yaml
@ -16,9 +16,12 @@ metadata:
 spec:
  imageRepositoryRef:
    name: bstein-dev-home-frontend
+  filterTags:
+    pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
+    extract: '$version'
  policy:
    semver:
-      range: ">=0.1.0-0"
+      range: ">=0.1.0"
 ---
 apiVersion: image.toolkit.fluxcd.io/v1beta2
 kind: ImageRepository
@ -37,6 +40,9 @@ metadata:
 spec:
  imageRepositoryRef:
    name: bstein-dev-home-backend
+  filterTags:
+    pattern: '^v?(?P<version>[0-9]+\\.[0-9]+\\.[0-9]+(?:[-.][0-9A-Za-z]+)?)$'
+    extract: '$version'
  policy:
    semver:
-      range: ">=0.1.0-0"
+      range: ">=0.1.0"
--- a/services/bstein-dev-home/kustomization.yaml
+++ b/services/bstein-dev-home/kustomization.yaml
@ -12,6 +12,6 @@ resources:
  - ingress.yaml
 images:
  - name: registry.bstein.dev/bstein/bstein-dev-home-frontend
-    newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"}
+    newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"}
  - name: registry.bstein.dev/bstein/bstein-dev-home-backend
-    newTag: 0.1.0-11 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
+    newTag: latest # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"}
--- a/services/crypto/monerod/ingress.yaml
+++ b/services/crypto/monerod/ingress.yaml
@ -1,25 +0,0 @@
-# services/crypto/monerod/ingress.yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: monerod
-  namespace: crypto
-  annotations:
-    kubernetes.io/ingress.class: traefik
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-    cert-manager.io/cluster-issuer: letsencrypt
-spec:
-  tls:
-    - hosts: [ "monero.bstein.dev" ]
-      secretName: monero-bstein-dev-tls
-  rules:
-    - host: monero.bstein.dev
-      http:
-        paths:
-          - pathType: Prefix
-            path: /
-            backend:
-              service:
-                name: monerod
-                port: { number: 18081 }
--- a/services/crypto/monerod/kustomization.yaml
+++ b/services/crypto/monerod/kustomization.yaml
@ -6,4 +6,3 @@ resources:
  - cm-release-keys.yaml
  - deployment.yaml
  - service.yaml
-  - ingress.yaml
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@ -59,14 +59,6 @@ spec:
          cpu: 1500m
          memory: 3Gi
      javaOpts: "-Xms512m -Xmx2048m"
-      startupProbe:
-        httpGet:
-          path: /login
-          port: http
-        initialDelaySeconds: 30
-        periodSeconds: 10
-        timeoutSeconds: 5
-        failureThreshold: 20
      jenkinsUrl: https://ci.bstein.dev
      ingress:
        enabled: true
@ -79,20 +71,14 @@ spec:
          - secretName: jenkins-tls
            hosts:
              - ci.bstein.dev
-      hostAliases:
-        - ip: 38.28.125.112
-          hostnames:
-            - sso.bstein.dev
      installPlugins:
        - kubernetes
        - workflow-aggregator
        - git
-        - pipeline-utility-steps
        - configuration-as-code
        - oic-auth
        - job-dsl
        - configuration-as-code-support
-        - simple-theme-plugin
      containerEnv:
        - name: ENABLE_OIDC
          value: "true"
@ -204,23 +190,6 @@ spec:
            println("Failed to configure OIDC realm: ${e}")
            throw e
          }
-        theme.groovy: |
-          import jenkins.model.Jenkins
-          import org.codefirst.SimpleThemeDecorator
-
-          def instance = Jenkins.get()
-          def decorators = instance.getExtensionList(SimpleThemeDecorator.class)
-
-          if (decorators?.size() > 0) {
-            def theme = decorators[0]
-            theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css")
-            theme.setJsUrl("")
-            theme.setTheme("")
-            instance.save()
-            println("Applied simple-theme-plugin dark theme")
-          } else {
-            println("simple-theme-plugin not installed; skipping theme configuration")
-          }
      JCasC:
        defaultConfig: false
        securityRealm: ""
@ -295,6 +264,7 @@ spec:
                creationOfLegacyTokenEnabled: false
                tokenGenerationOnCreationEnabled: false
                usageStatisticsEnabled: true
+            unclassified:
          creds.yaml: |
            credentials:
              system:
--- a/services/monitoring/dashboards/atlas-overview.json
+++ b/services/monitoring/dashboards/atlas-overview.json
@ -213,7 +213,7 @@
    {
      "id": 27,
      "type": "stat",
-      "title": "Atlas Availability",
+      "title": "Atlas Availability (30d)",
      "datasource": {
        "type": "prometheus",
        "uid": "atlas-vm"
@ -226,7 +226,7 @@
      },
      "targets": [
        {
-          "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
+          "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])",
          "refId": "A"
        }
      ],
@ -265,7 +265,7 @@
          "custom": {
            "displayMode": "auto"
          },
-          "decimals": 4
+          "decimals": 3
        },
        "overrides": []
      },
--- a/services/monitoring/grafana-dashboard-overview.yaml
+++ b/services/monitoring/grafana-dashboard-overview.yaml
@ -222,7 +222,7 @@ data:
        {
          "id": 27,
          "type": "stat",
-          "title": "Atlas Availability",
+          "title": "Atlas Availability (30d)",
          "datasource": {
            "type": "prometheus",
            "uid": "atlas-vm"
@ -235,7 +235,7 @@ data:
          },
          "targets": [
            {
-              "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[365d:1h])",
+              "expr": "avg_over_time((min(((sum(kube_node_status_condition{condition=\"Ready\",status=\"true\",node=~\"titan-0a|titan-0b|titan-0c\"}) / 3)), ((sum(kube_deployment_status_replicas_available{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}) / clamp_min(sum(kube_deployment_spec_replicas{namespace=~\"traefik|kube-system\",deployment=\"traefik\"}), 1)))))[30d:5m])",
              "refId": "A"
            }
          ],
@ -274,7 +274,7 @@ data:
              "custom": {
                "displayMode": "auto"
              },
-              "decimals": 4
+              "decimals": 3
            },
            "overrides": []
          },
--- a/services/pegasus/deployment.yaml
+++ b/services/pegasus/deployment.yaml
@ -16,8 +16,7 @@ spec:
    metadata: { labels: { app: pegasus } }
    spec:
      nodeSelector:
-        kubernetes.io/arch: arm64
-        node-role.kubernetes.io/worker: "true"
+        kubernetes.io/arch: amd64
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532