Cloud#15
Merged
Merged
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the Argo CD “App of Apps” chart to introduce a new cloud deployment mode (alongside existing proxmox), embeds all cloud-specific manifests (IngressRoutes, certificates, issuers), adds finalizers to several Application templates, and augments the README with Terraform-driven provisioning instructions.
- Add a
cloudtoggle and values directory for cloud manifests; deprecate thecertManagerExtrasblock. - Introduce IngressRoute, ClusterIssuer, and Certificate resources under
values/cloud. - Update Application templates to conditionally include
proxmoxorcloud, add finalizers, and update the globaltargetRevision. - Enhance README with unified GitOps guide and Terraform phases.
- Add a plaintext Cloudflare token secret and disable SSL verification in the test client.
Reviewed Changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| deployments/argo-apps/values/proxmox/secret.yaml | Commits a plaintext Cloudflare API token |
| client/test_client.py | Disables SSL certificate verification (verify=False) |
| deployments/argo-apps/values.yaml | Grammar in comments around proxmox vs cloud toggle |
| deployments/argo-apps/templates/cloud.yaml | Adjusted Helm if directive syntax and indentation |
| deployments/argo-apps/values/traefik.yaml | Retains large blocks of commented-out configuration |
Comments suppressed due to low confidence (3)
deployments/argo-apps/values.yaml:49
- [nitpick] This comment has grammatical errors—consider rewording to: “Enable either
proxmoxorcloud; they cannot be enabled simultaneously.”
# Must be enabled one or the another. Can not be enabled simultaneously
deployments/argo-apps/templates/cloud.yaml:1
- The Helm directive was un-indented by dropping the leading
-. Verify that this template still renders correctly and that whitespace trimming works as intended.
{{- if .Values.applications.cloud.enabled }}
deployments/argo-apps/values/traefik.yaml:3
- [nitpick] Consider removing or archiving commented-out blocks if they’re no longer needed to avoid clutter and confusion in the values file.
# Set default IP for proxmox rke2 cluster
# spec:
# loadBalancerIP: "10.69.3.3"
| namespace: cert-manager | ||
| type: Opaque | ||
| stringData: | ||
| api-token: "lyjbLan5ApshVxTktZRxgXZm3DkzQeT8vUxK_1sW" |
There was a problem hiding this comment.
Storing a plaintext Cloudflare API token in Git exposes it publicly. Consider using SealedSecrets, HashiCorp Vault, or Kubernetes External Secrets to keep tokens encrypted at rest and out of version control.
|
|
||
| response = requests.post(API_URL, json=transaction_data, headers=headers) | ||
| response = requests.post( | ||
| API_URL, json=transaction_data, headers=headers, verify=False |
There was a problem hiding this comment.
Disabling SSL verification poses a man-in-the-middle risk. It’s better to configure proper CA certificates or trust settings rather than setting verify=False.
Suggested change
| API_URL, json=transaction_data, headers=headers, verify=False | |
| API_URL, json=transaction_data, headers=headers |
…ealtime-credit-card-fraud-detection:v1.0.4
phuchoang2603
added a commit
that referenced
this pull request
Jun 15, 2025
* add finalizer * change manifest apps to proxmox * add gke terraform * separate proxmox and cloud * update docs * update value * update acme tls server * fix acme server * drop tls verify on test client * bump to v1.0.4 * ci: update Helm values.yaml and Chart.yaml to ghcr.io/phuchoang2603/realtime-credit-card-fraud-detection:v1.0.4 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
phuchoang2603
added a commit
that referenced
this pull request
Jun 17, 2025
* init commit * add notebooks and data * Colab (#1) * add link to google colab * update structure * update jupyter-lab-docker * Refactor notebook structure (#2) * reconstruct structure folder * update report on chapter * update reports document (#3) * reconstruct structure folder * update report on chapter * update report * export decision tree model and notebook (#4) * fix grammar on notebooks (#5) * export decision tree model and notebook * fix grammar * Fast api app (#6) * first commit on python fast api app * deploy test-client * first success test however, need to implement custom rules and additional features to be considered * feat: add precondition rules to block suspicious customer and terminal * success docker deploy of both test and api * Monitoring (#7) * restructure * replace node-exporter, promtail with alloy * deploy tempo for tracing * ci: update Helm values.yaml and Chart.yaml to ghcr.io/phuchoang2603/realtime-credit-card-fraud-detection:v1.0.0 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Unit test (#8) * add unit test requirements * turn off tracing when running test * update workflow * K8s monitoring (#9) * fix enviroment variable * update helm chart * bump version to 1.0.1 * ci: update Helm values.yaml and Chart.yaml to ghcr.io/phuchoang2603/realtime-credit-card-fraud-detection:v1.0.1 * add traefik and simplifies helm chart * add alloy argo cd test --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Monitoring configuration (#10) * add logging stack: alloy, loki, grafana * minor fix before argo-cd app-of-apps * Argo cd (#11) * argo-cd app of apps * fix alloy mount docker container * fix loki dns service to use rke2 * fix grafana pvc * revert to use pvc * add traefik and cert manager argocd app of apps * fix cert-manager metrics expose * update repo * update traefik load balancer ip * add prometheus chart * add tempo and finalize, i guess * wrong tempo path * try to remove loki resources config * pls works * move ingress route into unify location * in the end, still came back to kube-prometheus-stack, but only for grafana and prometheus * fix spacing * fix loki * move ingressroute config to another place * fix typo * fix typo #2 * bump traefik version * why does this keep happening to me * really angry * adapt url * reduce workload by disable prometheus operator * reorder file structure * remove foreground cascading deletion * try alloy receiver port 12345 * add alloy ingress route * update url * use metric from prometheus insteaed * fix typo * disable tls for tempo * try to disable tls * change cluster Ip to load balancer * revert back to default to ensure security * change target revison to main * bump to 1.0.2 * update document for deployment (#12) * rename to argo apps (#13) * fix workflow (#14) * fix workflow * bump to 1.0.3 * ci: update Helm values.yaml and Chart.yaml to ghcr.io/phuchoang2603/realtime-credit-card-fraud-detection:v1.0.3 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Cloud (#15) * add finalizer * change manifest apps to proxmox * add gke terraform * separate proxmox and cloud * update docs * update value * update acme tls server * fix acme server * drop tls verify on test client * bump to v1.0.4 * ci: update Helm values.yaml and Chart.yaml to ghcr.io/phuchoang2603/realtime-credit-card-fraud-detection:v1.0.4 --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Documents (#16) * change namespace * add README * change target revision temporarily * update docs * change to main * update README * bump to 1.0.5 * format Dockerfile * fix alloy endpoint * refactor: separate prod and dev requirements.txt * refactor: move fixture into separate file * simulate await api calling for pre_condition_checks * ci: add step check code coverage * rename helm-chart to helm-charts * add helm chart for traefik and cert-manager, group into api-gateway namespace * docs: change name and graph * now using lifespan event, simpler test client too * ci: experiement remove uv pip install --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.