diff --git a/clusters/cl01tl/applications/homepage/values.yaml b/clusters/cl01tl/applications/homepage/values.yaml index 2a06f5a79..7a7a1d5b2 100644 --- a/clusters/cl01tl/applications/homepage/values.yaml +++ b/clusters/cl01tl/applications/homepage/values.yaml @@ -239,12 +239,6 @@ homepage: href: https://mail-cl01tl.boreal-beaufort.ts.net siteMonitor: http://roundcube.roundcube:80 statusStyle: dot - - Project Planning: - icon: taiga.png - description: Taiga - href: https://taiga-cl01tl.boreal-beaufort.ts.net/discover - siteMonitor: http://taiga-front.taiga:80 - statusStyle: dot - Web Design: icon: https://raw.githubusercontent.com/penpot/penpot/362d4ea47f06d169dd6e0a34cb9d141200e646e6/frontend/resources/images/icons/penpot-logo-icon.svg description: Penpot diff --git a/clusters/cl01tl/applications/taiga/Chart.yaml b/clusters/cl01tl/applications/taiga/Chart.yaml deleted file mode 100644 index fae5d9626..000000000 --- a/clusters/cl01tl/applications/taiga/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v2 -name: taiga -version: 1.0.0 -description: Taiga -keywords: - - taiga - - kanban - - project management -home: https://wiki.alexlebens.dev/doc/taiga-Jw0Q08PKQ5 -sources: - - https://github.com/taigaio - - https://github.com/rabbitmq/rabbitmq-server - - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/alexlebens/taiga-front-docker-oidc/pkgs/container/taiga-front-docker-oidc - - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template - - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq - - https://github.com/alexlebens/helm-charts/charts/postgres-cluster -maintainers: - - name: alexlebens -dependencies: - - name: app-template - alias: taiga - repository: https://bjw-s.github.io/helm-charts/ - version: 3.4.0 - - name: rabbitmq - version: 14.7.0 - repository: https://charts.bitnami.com/bitnami - alias: async-rabbitmq - - name: rabbitmq - version: 14.7.0 - repository: https://charts.bitnami.com/bitnami - alias: events-rabbitmq - - name: postgres-cluster - alias: postgres-16-cluster - version: 3.9.0 - repository: http://alexlebens.github.io/helm-charts -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/taiga.png -appVersion: 6.8.1 diff --git a/clusters/cl01tl/applications/taiga/templates/external-secret.yaml b/clusters/cl01tl/applications/taiga/templates/external-secret.yaml deleted file mode 100644 index 3dc803356..000000000 --- a/clusters/cl01tl/applications/taiga/templates/external-secret.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: taiga-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: key - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/taiga/key - metadataPolicy: None - property: key - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: taiga-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: auth - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: client - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: secret - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: taiga-async-rabbitmq-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-async-rabbitmq-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/taiga/rabbitmq/async - metadataPolicy: None - property: password - - secretKey: erlang - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/taiga/rabbitmq/async - metadataPolicy: None - property: erlang - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: taiga-events-rabbitmq-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-events-rabbitmq-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: password - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/taiga/rabbitmq/events - metadataPolicy: None - property: password - - secretKey: erlang - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/taiga/rabbitmq/events - metadataPolicy: None - property: erlang - ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: taiga-postgresql-16-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-postgresql-16-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: database - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /aws/keys/cl01tl-taiga-postgresql - metadataPolicy: None - property: access_key - - secretKey: ACCESS_SECRET_KEY - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /aws/keys/cl01tl-taiga-postgresql - metadataPolicy: None - property: secret_key diff --git a/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml deleted file mode 100644 index fd01c8534..000000000 --- a/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml +++ /dev/null @@ -1,40 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: taiga-static - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-static - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi - ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: taiga-media - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: taiga-media - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: storage - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - volumeMode: Filesystem - storageClassName: nfs-client - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Gi diff --git a/clusters/cl01tl/applications/taiga/values.yaml b/clusters/cl01tl/applications/taiga/values.yaml deleted file mode 100644 index 49a965bf0..000000000 --- a/clusters/cl01tl/applications/taiga/values.yaml +++ /dev/null @@ -1,422 +0,0 @@ -taiga: - controllers: - front: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - front: - image: - repository: ghcr.io/alexlebens/taiga-front-docker-oidc - tag: 6.8.1 - pullPolicy: IfNotPresent - env: - - name: TAIGA_URL - value: https://taiga-cl01tl.boreal-beaufort.ts.net - - name: PUBLIC_REGISTER_ENABLED - value: false - - name: ENABLE_GITHUB_AUTH - value: false - - name: ENABLE_GITLAB_AUTH - value: false - - name: ENABLE_OIDC - value: true - - name: ENABLE_SLACK - value: false - - name: ENABLE_GITHUB_IMPORTER - value: false - - name: ENABLE_JIRA_IMPORTER - value: false - - name: ENABLE_TRELLO_IMPORTER - value: false - resources: - requests: - cpu: 100m - memory: 128Mi - back: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - back: - image: - repository: ghcr.io/alexlebens/taiga-back-docker-oidc - tag: 6.8.1 - pullPolicy: IfNotPresent - env: - - name: TAIGA_SECRET_KEY - valueFrom: - secretKeyRef: - name: taiga-key-secret - key: key - - name: ENABLE_TELEMETRY - value: false - - name: PUBLIC_REGISTER_ENABLED - value: false - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: dbname - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: host - - name: OIDC_ENABLED - value: "True" - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: taiga-oidc-secret - key: client - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: taiga-oidc-secret - key: secret - - name: OIDC_SCOPES - value: openid profile email - - name: OIDC_SIGN_ALGO - value: RS256 - - name: OIDC_BASE_URL - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - - name: OIDC_JWKS_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/taiga/jwks/ - - name: OIDC_AUTHORIZATION_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - - name: OIDC_TOKEN_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - - name: OIDC_USER_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - - name: ENABLE_GITHUB_AUTH - value: "false" - - name: ENABLE_GITLAB_AUTH - value: "false" - - name: ENABLE_SLACK - value: "false" - - name: ENABLE_GITHUB_IMPORTER - value: "False" - - name: ENABLE_JIRA_IMPORTER - value: "False" - - name: RABBITMQ_USER - value: taiga - - name: RABBITMQ_PASS - valueFrom: - secretKeyRef: - name: taiga-async-rabbitmq-secret - key: password - - name: TAIGA_SITES_DOMAIN - value: taiga-cl01tl.boreal-beaufort.ts.net - - name: TAIGA_SITES_SCHEME - value: https - - name: SESSION_COOKIE_SECURE - value: "True" - - name: CSRF_COOKIE_SECURE - value: "True" - resources: - requests: - cpu: 100m - memory: 512Mi - async: - image: - repository: ghcr.io/alexlebens/taiga-back-docker-oidc - tag: 6.8.1 - pullPolicy: IfNotPresent - command: - - /taiga-back/docker/async_entrypoint.sh - env: - - name: TAIGA_SECRET_KEY - valueFrom: - secretKeyRef: - name: taiga-key-secret - key: key - - name: ENABLE_TELEMETRY - value: false - - name: PUBLIC_REGISTER_ENABLED - value: false - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: password - - name: POSTGRES_DB - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: dbname - - name: POSTGRES_HOST - valueFrom: - secretKeyRef: - name: taiga-postgresql-16-cluster-app - key: host - - name: OIDC_ENABLED - value: "True" - - name: OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: taiga-oidc-secret - key: client - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: taiga-oidc-secret - key: secret - - name: OIDC_SCOPES - value: openid profile email - - name: OIDC_SIGN_ALGO - value: RS256 - - name: OIDC_BASE_URL - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/ - - name: OIDC_JWKS_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/taiga/jwks/ - - name: OIDC_AUTHORIZATION_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/authorize/ - - name: OIDC_TOKEN_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/token/ - - name: OIDC_USER_ENDPOINT - value: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/userinfo/ - - name: ENABLE_GITHUB_AUTH - value: "false" - - name: ENABLE_GITLAB_AUTH - value: "false" - - name: ENABLE_SLACK - value: "false" - - name: ENABLE_GITHUB_IMPORTER - value: "False" - - name: ENABLE_JIRA_IMPORTER - value: "False" - - name: RABBITMQ_USER - value: taiga - - name: RABBITMQ_PASS - valueFrom: - secretKeyRef: - name: taiga-async-rabbitmq-secret - key: password - - name: TAIGA_SITES_DOMAIN - value: taiga-cl01tl.boreal-beaufort.ts.net - - name: TAIGA_SITES_SCHEME - value: https - - name: SESSION_COOKIE_SECURE - value: "True" - - name: CSRF_COOKIE_SECURE - value: "True" - resources: - requests: - cpu: 100m - memory: 512Mi - events: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - events: - image: - repository: taigaio/taiga-events - tag: 6.7.0 - pullPolicy: IfNotPresent - env: - - name: TAIGA_SECRET_KEY - valueFrom: - secretKeyRef: - name: taiga-key-secret - key: key - - name: RABBITMQ_USER - value: taiga - - name: RABBITMQ_PASS - valueFrom: - secretKeyRef: - name: taiga-events-rabbitmq-secret - key: password - - name: APP_PORT - value: 3023 - resources: - requests: - cpu: 100m - memory: 128Mi - protected: - type: deployment - replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 - containers: - main: - image: - repository: taigaio/taiga-protected - tag: 6.8.1 - pullPolicy: IfNotPresent - env: - - name: SECRET_KEY - valueFrom: - secretKeyRef: - name: taiga-key-secret - key: key - - name: MAX_AGE - value: 360 - resources: - requests: - cpu: 100m - memory: 256Mi - serviceAccount: - create: true - service: - front: - controller: front - ports: - front: - port: 80 - targetPort: 80 - protocol: HTTP - back: - controller: back - ports: - back: - port: 8000 - targetPort: 8000 - protocol: HTTP - events: - controller: events - ports: - events: - port: 8888 - targetPort: 8888 - protocol: HTTP - app: - port: 3023 - targetPort: 3023 - protocol: HTTP - protected: - controller: protected - ports: - protected: - port: 8003 - targetPort: 8003 - protocol: HTTP - ingress: - tailscale: - enabled: true - className: tailscale - hosts: - - host: taiga-cl01tl - paths: - - path: / - pathType: Prefix - service: - name: taiga-front - port: 80 - - path: /api - pathType: Prefix - service: - name: taiga-back - port: 8000 - pathType: ImplementationSpecific - - path: /admin - pathType: Prefix - service: - name: taiga-back - port: 8000 - pathType: ImplementationSpecific - - path: /oidc - pathType: Prefix - service: - name: taiga-back - port: 8000 - pathType: ImplementationSpecific - - path: /events - pathType: Prefix - service: - name: taiga-events - port: 8888 - pathType: ImplementationSpecific - - path: /media - pathType: Prefix - service: - name: taiga-protected - port: 8003 - pathType: ImplementationSpecific - tls: - - hosts: - - taiga-cl01tl - persistence: - static: - existingClaim: taiga-static - advancedMounts: - back: - back: - - path: /taiga-back/static - readOnly: false - back: - async: - - path: /taiga-back/static - readOnly: false - media: - existingClaim: taiga-media - advancedMounts: - back: - back: - - path: /taiga-back/media - readOnly: false - back: - async: - - path: /taiga-back/media - readOnly: false -async-rabbitmq: - auth: - username: taiga - existingPasswordSecret: taiga-async-rabbitmq-secret - existingSecretPasswordKey: password - existingErlangSecret: taiga-async-rabbitmq-secret - existingSecretErlangKey: erlang - extraConfiguration: |- - default_vhost = taiga - default_permissions.configure = .* - default_permissions.read = .* - default_permissions.write = .* -events-rabbitmq: - auth: - username: taiga - existingPasswordSecret: taiga-events-rabbitmq-secret - existingSecretPasswordKey: password - existingErlangSecret: taiga-events-rabbitmq-secret - existingSecretErlangKey: erlang - extraConfiguration: |- - default_vhost = taiga - default_permissions.configure = .* - default_permissions.read = .* - default_permissions.write = .* -postgres-16-cluster: - mode: standalone - cluster: - walStorage: - storageClass: local-path - storage: - storageClass: local-path - monitoring: - enabled: true - prometheusRule: - enabled: false - backup: - enabled: true - endpointURL: https://s3.us-east-2.amazonaws.com - destinationPath: s3://cl01tl-postgresql-backups/taiga - endpointCredentials: taiga-postgresql-16-cluster-backup-secret - backupIndex: 1 - retentionPolicy: 14d