init

clusters/cl01tl/applications/outline/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: outline
+version: 1.0.0
+sources:
+  - https://github.com/outline/outline
+  - https://github.com/minio/operator
+  - https://github.com/alexlebens/helm-charts/charts/outline
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+dependencies:
+  - name: outline
+    version: 0.6.1
+    repository: http://alexlebens.github.io/helm-charts
+  - name: tenant
+    version: 5.0.15
+    alias: minio
+    repository: https://operator.min.io/
+  - name: postgres-cluster
+    alias: postgres-16-cluster
+    version: 3.0.0
+    repository: http://alexlebens.github.io/helm-charts
+appVersion: v0.75.2

clusters/cl01tl/applications/outline/templates/external-secret.yaml

@@ -0,0 +1,176 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: secret-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/key
+        metadataPolicy: None
+        property: secret-key
+    - secretKey: utils-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/key
+        metadataPolicy: None
+        property: utils-key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/outline
+        metadataPolicy: None
+        property: client
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/outline
+        metadataPolicy: None
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-bucket-user-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-bucket-user-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/minio/auth
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/minio/auth
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-root-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-bucket-auth-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/minio/root
+        metadataPolicy: None
+        property: config.env
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-bucket-auth-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /outline/minio/config
+        metadataPolicy: None
+        property: config.env
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-postgresql-16-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-outline-postgresql
+        metadataPolicy: None
+        property: access_key
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /aws/keys/cl01tl-outline-postgresql
+        metadataPolicy: None
+        property: secret_key

clusters/cl01tl/applications/outline/values.yaml

@@ -0,0 +1,123 @@
+outline:
+  ingress:
+    enabled: true
+    className: traefik
+    annotations:
+      traefik.ingress.kubernetes.io/router.entrypoints: websecure
+      traefik.ingress.kubernetes.io/router.tls: "true"
+      cert-manager.io/cluster-issuer: letsencrypt-issuer
+    host: outline.alexlebens.net
+  persistence:
+    type: s3
+    s3:
+      credentialsSecret: outline-bucket-user-secret
+      region: us-east-1
+      bucketName: outline
+      bucketUrl: https://minio-outline-api.alexlebens.net/outline
+      forcePathStyle: false
+  outline:
+    url: https://outline.alexlebens.net
+    secretKey:
+      existingSecretName: outline-key-secret
+      existingSecretKey: secret-key
+    utilsSecret:
+      existingSecretName: outline-key-secret
+      existingSecretKey: utils-key
+    database:
+      usernameSecret:
+        existingSecretName: outline-postgresql-16-cluster-app
+        existingSecretKey: username
+      passwordSecret:
+        existingSecretName: outline-postgresql-16-cluster-app
+        existingSecretKey: password
+      databaseName:
+        existingSecretName: outline-postgresql-16-cluster-app
+        existingSecretKey: dbname
+      databaseHost:
+        existingSecretName: outline-postgresql-16-cluster-app
+        existingSecretKey: host
+      databasePort:
+        existingSecretName: outline-postgresql-16-cluster-app
+        existingSecretKey: port
+    auth:
+      oidc:
+        enabled: true
+        clientId:
+          existingSecretName: outline-oidc-secret
+          existingSecretKey: client
+        clientSecret:
+          existingSecretName: outline-oidc-secret
+          existingSecretKey: secret
+        authUri: https://authentik.alexlebens.net/application/o/authorize/
+        tokenUri: https://authentik.alexlebens.net/application/o/token/
+        userinfoUri: https://authentik.alexlebens.net/application/o/userinfo/
+        usernameClaim: email
+        displayName: Authentik
+        scopes: openid profile email
+minio:
+  existingSecret:
+    name: outline-minio-root-secret
+  tenant:
+    name: minio-outline
+    configuration:
+      name: outline-minio-config-secret
+    pools:
+      - servers: 3
+        name: pool
+        volumesPerServer: 2
+        size: 10Gi
+        storageClassName: ceph-block
+    mountPath: /export
+    subPath: /data
+    metrics:
+      enabled: true
+      port: 9000
+      protocol: http
+    certificate:
+      requestAutoCert: false
+  ingress:
+    api:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      tls:
+        - secretName: minio-outline-api-secret-tls
+          hosts:
+            - minio-outline-api.alexlebens.net
+      host: minio-outline-api.alexlebens.net
+      path: /
+      pathType: Prefix
+    console:
+      enabled: true
+      ingressClassName: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      tls:
+        - secretName: minio-outline-console-secret-tls
+          hosts:
+            - minio-outline.alexlebens.net
+      host: minio-outline.alexlebens.net
+      path: /
+      pathType: Prefix
+postgres-16-cluster:
+  mode: standalone
+  kubernetesClusterName: cl01tl
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+  backup:
+    enabled: true
+    endpointURL: https://s3.us-east-2.amazonaws.com
+    destinationPath: s3://cl01tl-postgresql-backups/outline
+    endpointCredentials: outline-postgresql-16-cluster-backup-secret
+    backupIndex: 1
+    retentionPolicy: 14d