upstream: upgrade nix, helm upstream, GHA

.envrc

@@ -1,2 +1,2 @@
-nix_direnv_watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix" "./parse.nix"
+watch_file "./nix/env.nix" "./nix/fmt.nix" "./nix/packages.nix" "./nix/shells.nix" "./nix/pre-commit.nix" "./flake.nix" "./parse.nix"
 use flake

.github/workflows/deployment.yaml

@@ -6,11 +6,13 @@ on:
 jobs:
   precommit:
     name: Pre-commit Check
-    runs-on: ubuntu-22.04
+    runs-on:
+      - nscloud-ubuntu-22.04-amd64-4x8-with-cache
+      - nscloud-cache-size-50gb
+      - nscloud-cache-tag-sulfoxide-fluorine-nix-store-cache
+      - nscloud-git-mirror-1gb
     steps:
-      - uses: actions/checkout@v3
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: AtomiCloud/actions.setup-nix@v1.2.1
       - name: Run pre-commit
         run: nix develop .#ci -c ./scripts/ci/pre-commit.sh
 
@@ -19,12 +21,14 @@ jobs:
     needs:
       - precommit
     if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
+    runs-on:
+      - nscloud-ubuntu-22.04-amd64-4x8-with-cache
+      - nscloud-cache-size-50gb
+      - nscloud-cache-tag-sulfoxide-fluorine-releaser-nix-store-cache
+      - nscloud-git-mirror-1gb
     steps:
-      - uses: actions/checkout@v3
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
-      - uses: rlespinasse/github-slug-action@v3.x
+      - uses: AtomiCloud/actions.setup-nix@v1.2.1
+      - uses: AtomiCloud/actions.cache-npm@v1.0.1
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

chart/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: sulfoxide-bromine
   repository: oci://ghcr.io/atomicloud/sulfoxide.bromine
-  version: 1.2.3
-digest: sha256:f2fdc64db17b1f198bada642722a49910a615657a72622c2ed87e0b1683d8be6
-generated: "2023-10-21T00:49:40.154995+08:00"
+  version: 1.5.1
+digest: sha256:4ec580b8421d83638af37fe60a573a5bef09c0eb053dad1820a5e15c85492706
+generated: "2024-08-11T14:23:17.465025+08:00"

chart/Chart.yaml

@@ -6,5 +6,5 @@ version: 1.19.0
 appVersion: "0.1.0"
 dependencies:
   - name: sulfoxide-bromine
-    version: 1.2.3
+    version: 1.5.1
     repository: oci://ghcr.io/atomicloud/sulfoxide.bromine

chart/README.md

@@ -8,7 +8,7 @@ Helm chart to deploy all different types OTEL Collectors for infrastructure tele
 
 | Repository | Name | Version |
 |------------|------|---------|
-| oci://ghcr.io/atomicloud/sulfoxide.bromine | sulfoxide-bromine | 1.2.3 |
+| oci://ghcr.io/atomicloud/sulfoxide.bromine | sulfoxide-bromine | 1.5.1 |
 
 ## Values
 
@@ -74,10 +74,10 @@ Helm chart to deploy all different types OTEL Collectors for infrastructure tele
 | secretAnnotation | object | `{"argocd.argoproj.io/sync-wave":"-2"}` | Secret Annotations (External Secrets) to control synchronization |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | YAML Anchor for SecurityContext |
 | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"silicon"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) |
-| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":"SULFOXIDE_SILICON"},"storeName":"doppler-silicon"}` | Create SecretStore via secret of secrets pattern |
-| sulfoxide-bromine.rootSecret | object | `{"ref":"SULFOXIDE_SILICON"}` | Secret of Secrets reference |
-| sulfoxide-bromine.rootSecret.ref | string | `"SULFOXIDE_SILICON"` | DOPPLER Token Reference |
-| sulfoxide-bromine.storeName | string | `"doppler-silicon"` | Store name to create |
+| sulfoxide-bromine | object | `{"annotations":{"argocd.argoproj.io/sync-wave":"-3"},"rootSecret":{"ref":{"clientId":"SULFOXIDE_SILICON_CLIENT_ID","clientSecret":"SULFOXIDE_SILICON_CLIENT_SECRET"}},"storeName":"silicon"}` | Create SecretStore via secret of secrets pattern |
+| sulfoxide-bromine.rootSecret | object | `{"ref":{"clientId":"SULFOXIDE_SILICON_CLIENT_ID","clientSecret":"SULFOXIDE_SILICON_CLIENT_SECRET"}}` | Secret of Secrets reference |
+| sulfoxide-bromine.rootSecret.ref | object | `{"clientId":"SULFOXIDE_SILICON_CLIENT_ID","clientSecret":"SULFOXIDE_SILICON_CLIENT_SECRET"}` | Infisical Token Reference |
+| sulfoxide-bromine.storeName | string | `"silicon"` | Store name to create |
 | ta | object | `{"createRole":true,"serviceAccount":{"create":true,"name":"otel-collector-ta-sa"}}` | Configuration for Target Allocator |
 | ta.createRole | bool | `true` | Enable creation of target allocator roles |
 | ta.serviceAccount | object | `{"create":true,"name":"otel-collector-ta-sa"}` | Service account for target allocation |
@@ -87,4 +87,4 @@ Helm chart to deploy all different types OTEL Collectors for infrastructure tele
 | tempoEndpoint | string | `"https://otlp-gateway-prod-ap-southeast-1.grafana.net/otlp"` | Grafana Cloud Tempo Endpoint |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.1](https://github.com/norwoodj/helm-docs/releases/v1.11.1)
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

chart/values.entei.amber.yaml

@@ -0,0 +1,103 @@
+serviceTree:
+  landscape: &landscape entei
+  cluster: &cluster amber
+
+tags: &tags
+  atomi.cloud/landscape: *landscape
+  atomi.cloud/cluster: *cluster
+
+landscape: *landscape
+cluster: *cluster
+
+taEndpoint: entei-silicon-target-allocator-targetallocator
+
+apps:
+
+  # done
+  target-allocator:
+    spec:
+      mode: statefulset
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 100m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+  otlp:
+    spec:
+      mode: daemonset
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: "0"
+          memory: "0"
+      podAnnotations:
+        <<: *tags
+
+  kubelet-stats:
+    collector: kubelet-stats-node-ip.yaml
+    spec:
+      mode: daemonset
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: "0"
+          memory: "0"
+      podAnnotations:
+        <<: *tags
+
+  # done
+  container-logs:
+    spec:
+      mode: daemonset
+      resources:
+        requests:
+          cpu: "0"
+          memory: "0"
+        limits:
+          cpu: 250m
+          memory: 1Gi
+      podAnnotations:
+        <<: *tags
+
+
+  k8s-cluster:
+    collector: k8s-cluster.yaml
+    spec:
+      mode: deployment
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+  # done
+  k8s-events:
+    spec:
+      mode: deployment
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+

chart/values.entei.topaz.yaml

@@ -0,0 +1,103 @@
+serviceTree:
+  landscape: &landscape entei
+  cluster: &cluster topaz
+
+tags: &tags
+  atomi.cloud/landscape: *landscape
+  atomi.cloud/cluster: *cluster
+
+landscape: *landscape
+cluster: *cluster
+
+taEndpoint: entei-silicon-target-allocator-targetallocator
+
+apps:
+
+  # done
+  target-allocator:
+    spec:
+      mode: statefulset
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 100m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+  otlp:
+    spec:
+      mode: daemonset
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: "0"
+          memory: "0"
+      podAnnotations:
+        <<: *tags
+
+  kubelet-stats:
+    collector: kubelet-stats-node-ip.yaml
+    spec:
+      mode: daemonset
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: "0"
+          memory: "0"
+      podAnnotations:
+        <<: *tags
+
+  # done
+  container-logs:
+    spec:
+      mode: daemonset
+      resources:
+        requests:
+          cpu: "0"
+          memory: "0"
+        limits:
+          cpu: 250m
+          memory: 1Gi
+      podAnnotations:
+        <<: *tags
+
+
+  k8s-cluster:
+    collector: k8s-cluster.yaml
+    spec:
+      mode: deployment
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+  # done
+  k8s-events:
+    spec:
+      mode: deployment
+      replicas: 1
+      resources:
+        limits:
+          cpu: 250m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 256Mi
+      podAnnotations:
+        <<: *tags
+
+

chart/values.yaml

@@ -112,11 +112,13 @@ sulfoxide-bromine:
   annotations:
     argocd.argoproj.io/sync-wave: "-3"
   # -- Store name to create
-  storeName: doppler-silicon
+  storeName: silicon
   # -- Secret of Secrets reference
   rootSecret:
-    # -- DOPPLER Token Reference
-    ref: "SULFOXIDE_SILICON"
+    # -- Infisical Token Reference
+    ref:
+      clientId: SULFOXIDE_SILICON_CLIENT_ID
+      clientSecret: SULFOXIDE_SILICON_CLIENT_SECRET
 
 # -- Secret Annotations (External Secrets) to control synchronization
 secretAnnotation: