From 38c77048fdc404740b6b16708eaab12bc373fbc3 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 3 Jun 2026 20:37:03 +0000 Subject: [PATCH] =?UTF-8?q?chore(travel-agent):=20decommission=20=E2=80=94?= =?UTF-8?q?=20merged=20into=20tripit=20[ci=20skip]?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit travel-agent's transport-to-airport + weather-brief workflows now run inside tripit (DB-driven instead of CalDAV), so the standalone CronJob stack is retired (namespace + ExternalSecret + 2 CronJobs destroyed via scripts/tg). secret/travel-agent left in Vault as an archive. Applied locally. Co-Authored-By: Claude Opus 4.8 --- stacks/travel-agent/main.tf | 157 ----------------------------- stacks/travel-agent/terragrunt.hcl | 18 ---- stacks/travel-agent/variables.tf | 5 - 3 files changed, 180 deletions(-) delete mode 100644 stacks/travel-agent/main.tf delete mode 100644 stacks/travel-agent/terragrunt.hcl delete mode 100644 stacks/travel-agent/variables.tf diff --git a/stacks/travel-agent/main.tf b/stacks/travel-agent/main.tf deleted file mode 100644 index 6df0a171..00000000 --- a/stacks/travel-agent/main.tf +++ /dev/null @@ -1,157 +0,0 @@ -locals { - namespace = "travel-agent" - image = "forgejo.viktorbarzin.me/viktor/travel-agent:${var.image_tag}" - labels = { - app = "travel-agent" - } - - # Two workflows, both scheduled in Europe/London (K8s 1.27+ honours timeZone). - workflows = { - "flight-train-check" = { - schedule = "0 8 * * *" - arg = "flight_train_check" - } - "trip-weather-brief" = { - schedule = "0 21 * * *" - arg = "trip_weather_brief" - } - } -} - -resource "kubernetes_namespace" "travel_agent" { - metadata { - name = local.namespace - labels = { - tier = local.tiers.aux - "istio-injection" = "disabled" - # Opt into Keel auto-update (inject-keel-annotations ClusterPolicy). - "keel.sh/enrolled" = "true" - } - } - lifecycle { - # KYVERNO_LIFECYCLE_V1: goldilocks-vpa-auto-mode ClusterPolicy stamps this label on every namespace - ignore_changes = [metadata[0].labels["goldilocks.fairwinds.com/vpa-update-mode"]] - } -} - -# App secrets — seed these in Vault before applying: -# secret/travel-agent -# nextcloud_caldav_url — CalDAV collection URL (Nextcloud) -# nextcloud_caldav_user — CalDAV username -# nextcloud_caldav_pass — CalDAV app password -# slack_bot_token — Slack bot token (xoxb-...) for chat.postMessage -resource "kubernetes_manifest" "external_secret" { - manifest = { - apiVersion = "external-secrets.io/v1beta1" - kind = "ExternalSecret" - metadata = { - name = "travel-agent-secrets" - namespace = local.namespace - } - spec = { - refreshInterval = "1h" - secretStoreRef = { - name = "vault-kv" - kind = "ClusterSecretStore" - } - target = { - name = "travel-agent-secrets" - creationPolicy = "Owner" - template = { - metadata = { - annotations = { - "reloader.stakater.com/match" = "true" - } - } - } - } - data = [ - { - secretKey = "NEXTCLOUD_CALDAV_URL" - remoteRef = { key = "travel-agent", property = "nextcloud_caldav_url" } - }, - { - secretKey = "NEXTCLOUD_CALDAV_USER" - remoteRef = { key = "travel-agent", property = "nextcloud_caldav_user" } - }, - { - secretKey = "NEXTCLOUD_CALDAV_PASS" - remoteRef = { key = "travel-agent", property = "nextcloud_caldav_pass" } - }, - { - secretKey = "SLACK_BOT_TOKEN" - remoteRef = { key = "travel-agent", property = "slack_bot_token" } - }, - ] - } - } - depends_on = [kubernetes_namespace.travel_agent] -} - -resource "kubernetes_cron_job_v1" "workflow" { - for_each = local.workflows - - metadata { - name = "travel-agent-${each.key}" - namespace = kubernetes_namespace.travel_agent.metadata[0].name - labels = merge(local.labels, { - component = each.key - }) - } - - spec { - schedule = each.value.schedule - timezone = "Europe/London" - concurrency_policy = "Forbid" - starting_deadline_seconds = 300 - successful_jobs_history_limit = 3 - failed_jobs_history_limit = 5 - - job_template { - metadata { - labels = merge(local.labels, { - component = each.key - }) - } - spec { - backoff_limit = 1 - ttl_seconds_after_finished = 86400 - template { - metadata { - labels = merge(local.labels, { - component = each.key - }) - } - spec { - restart_policy = "OnFailure" - image_pull_secrets { - name = "registry-credentials" - } - container { - name = "runner" - image = local.image - args = [each.value.arg] - env_from { - secret_ref { name = "travel-agent-secrets" } - } - resources { - requests = { cpu = "100m", memory = "128Mi" } - limits = { memory = "256Mi" } - } - } - } - } - } - } - } - - lifecycle { - ignore_changes = [ - spec[0].job_template[0].spec[0].template[0].spec[0].dns_config, # KYVERNO_LIFECYCLE_V1 - # Keel manages tag updates on enrolled namespaces. - spec[0].job_template[0].spec[0].template[0].spec[0].container[0].image, # KEEL_IGNORE_IMAGE - ] - } - - depends_on = [kubernetes_manifest.external_secret] -} diff --git a/stacks/travel-agent/terragrunt.hcl b/stacks/travel-agent/terragrunt.hcl deleted file mode 100644 index 6b746c65..00000000 --- a/stacks/travel-agent/terragrunt.hcl +++ /dev/null @@ -1,18 +0,0 @@ -include "root" { - path = find_in_parent_folders() -} - -dependency "platform" { - config_path = "../platform" - skip_outputs = true -} - -dependency "vault" { - config_path = "../vault" - skip_outputs = true -} - -dependency "external-secrets" { - config_path = "../external-secrets" - skip_outputs = true -} diff --git a/stacks/travel-agent/variables.tf b/stacks/travel-agent/variables.tf deleted file mode 100644 index c326700c..00000000 --- a/stacks/travel-agent/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "image_tag" { - type = string - default = "latest" - description = "travel-agent image tag. Use 8-char git SHA in CI; :latest only for local trials." -}