Skip to content
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{{- if eq (include "understack.isEnabled" (list $.Values.site "nautobot_worker")) "true" }}
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ printf "%s-%s" $.Release.Name "nautobot-worker" }}
finalizers:
- resources-finalizer.argocd.argoproj.io
annotations:
argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
Comment thread
skrobul marked this conversation as resolved.
{{- include "understack.appLabelsBlock" $ | nindent 2 }}
spec:
destination:
namespace: nautobot
server: {{ $.Values.cluster_server }}
project: understack
sources:
- chart: nautobot
helm:
fileParameters:
- name: nautobot.config
path: {{ $.Values.site.nautobot_worker.nautobot_config }}
ignoreMissingValueFiles: true
releaseName: nautobot-worker
valueFiles:
- $understack/components/nautobot-worker/values.yaml
- $deploy/{{ include "understack.deploy_path" $ }}/nautobot-worker/values.yaml
{{- with index $.Values.appLabels "understack.rackspace.com/partition" }}
values: |
workers:
default:
enabled: false
{{ . }}:
enabled: true
taskQueues: {{ . | quote }}
{{- end }}
repoURL: https://nautobot.github.io/helm-charts/
targetRevision: 2.5.6

- path: components/nautobot-worker
ref: understack
repoURL: {{ include "understack.understack_url" $ }}
targetRevision: {{ include "understack.understack_ref" $ }}
kustomize:
patches:
- patch: |
- op: replace
path: /data/UNDERSTACK_PARTITION
value: "{{ index $.Values.appLabels "understack.rackspace.com/partition" | default "" }}"
target:
kind: ConfigMap
name: cluster-data
- path: {{ include "understack.deploy_path" $ }}/nautobot-worker
ref: deploy
repoURL: {{ include "understack.deploy_url" $ }}
targetRevision: {{ include "understack.deploy_ref" $ }}
syncPolicy:
automated:
prune: true
selfHeal: true
managedNamespaceMetadata:
annotations:
argocd.argoproj.io/sync-options: Delete=false
syncOptions:
- CreateNamespace=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
- ApplyOutOfSyncOnly=true
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
helm:
fileParameters:
- name: nautobot.config
path: $understack/components/nautobot/nautobot_config.py
path: {{ $.Values.global.nautobot.nautobot_config }}
ignoreMissingValueFiles: true
releaseName: nautobot
valueFiles:
Expand Down
12 changes: 12 additions & 0 deletions charts/argocd-understack/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@ global:
# -- Enable/disable deploying Nautobot
# @default -- false
enabled: false
# -- config file to use for Nautobot scoped to either $understack or $deploy repo
# @default -- $understack/components/nautobot/nautobot_config.py
nautobot_config: '$understack/components/nautobot/nautobot_config.py'

# -- Nautobot API token generation jobs
nautobot_api_tokens:
Expand Down Expand Up @@ -556,6 +559,15 @@ site:
# @default -- false
enabled: false

# -- Nautobot Celery workers (site-level, connects to global Nautobot)
nautobot_worker:
# -- Enable/disable deploying Nautobot workers at the site level
# @default -- false
enabled: false
# -- config file to use for Nautobot scoped to either $understack or $deploy repo
# @default -- $understack/components/nautobot/nautobot_config.py
nautobot_config: '$understack/components/nautobot/nautobot_config.py'

# -- SNMP exporter for network device monitoring
snmp_exporter:
# -- Enable/disable deploying SNMP exporter
Expand Down
5 changes: 2 additions & 3 deletions components/envoy-configs/templates/gw-external.yaml.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,11 @@ spec:
{{- range .Values.routes.tls }}
{{- $listenerName := .name | default (index (splitList "." .fqdn) 0) }}
- name: {{ $listenerName }}
port: {{ $.Values.gateways.external.port | default 443 }}
port: {{ .gatewayPort | default ($.Values.gateways.external.port | default 443) }}
protocol: TLS
hostname: {{ .fqdn | quote }}
tls:
mode: Passthrough
certificateRefs:
- name: {{ $listenerName }}-tls
allowedRoutes:
namespaces:
{{- if .selector }}
Expand All @@ -52,6 +50,7 @@ spec:
from: {{ .from | default "All" }}
{{- end }}
{{- end }}

{{- if .Values.gateways.external.serviceAnnotations }}
infrastructure:
parametersRef:
Expand Down
6 changes: 6 additions & 0 deletions components/envoy-configs/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,12 @@
"type": "string",
"description": "Namespace where the httproute will be installed (same as backend service)"
},
"gatewayPort": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"description": "Port exposed on the gateway for this TLS passthrough listener. Defaults to the external gateway port (443) if not specified."
},
"service": {
"type": "object",
"description": "Kubernetes service backend configuration for the route",
Expand Down
10 changes: 10 additions & 0 deletions components/nautobot-worker/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

configMapGenerator:
- name: cluster-data
literals:
- UNDERSTACK_PARTITION=""
options:
disableNameSuffixHash: true
68 changes: 68 additions & 0 deletions components/nautobot-worker/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# Nautobot Worker (site-level)
#
# Deploys only Celery workers that connect back to the global Nautobot
# database and Redis. The web server is disabled because it lives on
# the global cluster. Redis and PostgreSQL are disabled because the
# workers reach the global instances over the network.
---

# Disable the Nautobot web server — workers only
nautobot:
enabled: false
replicaCount: 0

db:
engine: "django.db.backends.postgresql"
# Override in deploy repo values to point at the global CNPG service
host: ""
port: 5432
name: "app"
user: "app"
existingSecret: "nautobot-db"
existingSecretPasswordKey: "password"

django:
existingSecret: nautobot-django

superUser:
enabled: false

redis:
# Override in deploy repo values to point at the global Redis service
host: ""
port: 6379
ssl: false
username: ""

celery:
enabled: true
concurrency: 2
replicaCount: 1
extraEnvVarsCM:
- cluster-data
extraEnvVarsSecret:
- nautobot-django
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 120
timeoutSeconds: 60
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 120
timeoutSeconds: 60

# Disable celery beat — scheduling runs on the global cluster only
workers:
beat:
enabled: false

# Do not deploy local Redis — use the global instance
redis:
enabled: false

# Do not deploy local PostgreSQL — use the global CNPG instance
postgresql:
enabled: false

ingress:
enabled: false
Loading
Loading