Deploy Kite service to staging (#7269)

* Deploy Kite to public staging

Signed-off-by: Bryan Ramos <[email protected]>

* Delete from production-downstream

Signed-off-by: Bryan Ramos <[email protected]>

* Ignore auto-populated openshift field for route

May cause issues when syncing.

Signed-off-by: Bryan Ramos <[email protected]>

---------

Signed-off-by: Bryan Ramos <[email protected]>

Author: CryptoRodeo

argo-cd-apps/base/member/infra-deployments/konflux-kite/konflux-kite.yaml

@@ -24,17 +24,16 @@ spec:
       name: konflux-kite-{{nameNormalized}}
     spec:
       ignoreDifferences:
-        # Ignore generated ConfigMap and Secret names with hash suffixes
+        # Ignore generated ConfigMap with hash suffixes
         - kind: ConfigMap
           group: ""
           name: kite-config-*
           jsonPointers:
             - /data
-        - kind: Secret
-          group: ""
-          name: kite-database-credentials-*
+        - group: route.openshift.io
+          kind: Route
           jsonPointers:
-            - /data
+            - /spec/tls/destinationCACertificate
       project: default
       source:
         path: "{{values.sourceRoot}}/{{values.environment}}/{{values.clusterDir}}"

argo-cd-apps/overlays/konflux-public-staging/delete-applications.yaml

@@ -11,9 +11,3 @@ kind: ApplicationSet
 metadata:
   name: nvme-storage-configurator
 $patch: delete
----
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: konflux-kite
-$patch: delete

argo-cd-apps/overlays/production-downstream/delete-applications.yaml

@@ -41,3 +41,9 @@ kind: ApplicationSet
 metadata:
   name: kueue
 $patch: delete
+---
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: konflux-kite
+$patch: delete

argo-cd-apps/overlays/staging-downstream/delete-applications.yaml

@@ -36,3 +36,10 @@ kind: ApplicationSet
 metadata:
   name: kubearchive
 $patch: delete
+---
+# At this time we're starting with external staging
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: konflux-kite
+$patch: delete

components/konflux-kite/base/deployment.yaml

@@ -58,12 +58,27 @@ spec:
             valueFrom:
               secretKeyRef:
                 name: kite-database-credentials
-                key: password
+                key: DB_PASSWORD
           - name: KITE_DB_USER
             valueFrom:
               secretKeyRef:
                 name: kite-database-credentials
-                key: username
+                key: DB_USER
+          - name: KITE_DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_HOST
+          - name: KITE_DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_PORT
+          - name: KITE_DB_NAME
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_NAME
         resources:
           requests:
             memory: 128Mi
@@ -98,12 +113,27 @@ spec:
             valueFrom:
               secretKeyRef:
                 name: kite-database-credentials
-                key: password
+                key: DB_PASSWORD
           - name: KITE_DB_USER
             valueFrom:
               secretKeyRef:
                 name: kite-database-credentials
-                key: username
+                key: DB_USER
+          - name: KITE_DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_HOST
+          - name: KITE_DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_PORT
+          - name: KITE_DB_NAME
+            valueFrom:
+              secretKeyRef:
+                name: kite-database-credentials
+                key: DB_NAME
         startupProbe:
           httpGet:
             path: /health

components/konflux-kite/base/external-secrets/database-secret.yaml

@@ -17,4 +17,11 @@ spec:
   target:
     creationPolicy: Owner
     deletionPolicy: Delete
-    name: database-secret
+    name: kite-database-credentials
+    template:
+      data:
+        DB_USER: '{{ index . "db.user" }}'
+        DB_PASSWORD: '{{ index . "db.password" }}'
+        DB_HOST: '{{ index . "db.host" }}'
+        DB_PORT: "5432"
+        DB_NAME: '{{ index . "db.name" }}'

components/konflux-kite/base/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   - rbac.yaml
   - deployment.yaml
   - service.yaml
+  - routes.yaml
 
 namespace: konflux-kite
 
@@ -16,10 +17,6 @@ configMapGenerator:
       - KITE_PROJECT_ENV=production
       - KITE_HOST=0.0.0.0
       - KITE_PORT=8080
-      - KITE_DB_HOST=postgresql
-      - KITE_DB_PORT=5432
-      - KITE_DB_USER=kite
-      - KITE_DB_NAME=issuesdb
       - KITE_DB_SSL_MODE=require
       - KITE_LOG_LEVEL=info
       - KITE_LOG_FORMAT=json
@@ -32,10 +29,14 @@ configMapGenerator:
       - KITE_IDLE_TIMEOUT=60s
       - KITE_SHUTDOWN_TIMEOUT=10s
 
+# Not using external secrets here for development env.
 secretGenerator:
   - name: kite-database-credentials
     namespace: konflux-kite
     type: Opaque
     literals:
-      - username=kite
-      - password=postgres
+      - DB_USER=kite
+      - DB_PASSWORD=postgres
+      - DB_HOST=postgresql
+      - DB_PORT=5432
+      - DB_NAME=issuesdb

components/konflux-kite/base/routes.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: konflux-kite-api
+  namespace: konflux-kite
+  labels:
+    app: konflux-kite
+    component: backend
+  annotations:
+    # Use the auto-generated TLS certificate
+    service.beta.openshift.io/serving-cert-secret-name: konflux-kite-tls
+spec:
+  to:
+    kind: Service
+    name: konflux-kite
+    weight: 100
+  port:
+    targetPort: http
+  tls:
+    termination: edge
+    destinationCACertificate: ""
+  wildcardPolicy: None

components/konflux-kite/development/kustomization.yaml

@@ -15,10 +15,6 @@ configMapGenerator:
       - KITE_PROJECT_ENV=development
       - KITE_HOST=0.0.0.0
       - KITE_PORT=8080
-      - KITE_DB_HOST=postgresql
-      - KITE_DB_PORT=5432
-      - KITE_DB_USER=kite
-      - KITE_DB_NAME=issuesdb
       - KITE_DB_SSL_MODE=disable
       - KITE_LOG_LEVEL=debug
       - KITE_LOG_FORMAT=text
@@ -34,16 +30,6 @@ configMapGenerator:
       - KITE_SHUTDOWN_TIMEOUT=10s
     behavior: replace
 
-# Keep the same database credentials as base, or override if needed
-secretGenerator:
-  - name: kite-database-credentials
-    namespace: konflux-kite
-    type: Opaque
-    behavior: replace
-    literals:
-      - username=kite
-      - password=postgres
-
 patches:
   # Development-specific patches
   - patch: |-
@@ -64,4 +50,4 @@ patches:
                     memory: 256Mi
                   requests:
                     cpu: 50m
-                    memory: 128Mi
+                    memory: 128Mi

components/konflux-kite/development/postgresql.yaml

@@ -43,17 +43,17 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: kite-database-credentials
-                  key: username
+                  key: DB_USER
             - name: POSTGRESQL_PASSWORD
               valueFrom:
                 secretKeyRef:
                   name: kite-database-credentials
-                  key: password
+                  key: DB_PASSWORD
             - name: POSTGRESQL_DATABASE
               valueFrom:
-                configMapKeyRef:
-                  name: kite-config
-                  key: KITE_DB_NAME
+                secretKeyRef:
+                  name: kite-database-credentials
+                  key: DB_NAME
           volumeMounts:
             - name: postgresql-data
               mountPath: /var/lib/pgsql/data