alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

init

Browse Source
This commit is contained in:
Alex Lebens
2024-05-22 12:49:28 -05:00
commit 35b77bb0df
219 changed files with 9997 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
clusters/cl01tl/applications/penpot/values.yaml Normal file
View File

@@ -0,0 +1,135 @@
penpot:
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: penpot.alexlebens.net
tls:
- secretName: penpot-secret-tls
hosts:
- penpot.alexlebens.net
persistence:
enabled: true
storageClass: ceph-block
size: 8Gi
accessModes:
- ReadWriteOnce
config:
publicURI: https://penpot.alexlebens.net
flags: enable-registration enable-insecure-register enable-login enable-login-with-oidc disable-demo-users disable-demo-warning
apiSecretKey:
existingSecretName: penpot-key-secret
existingSecretKey: key
postgresql:
host: penpot-postgresql-16-cluster-rw.penpot.svc.cluster.local
port: 5432
database: app
existingSecret: penpot-postgresql-16-cluster-app
secretKeys:
usernameKey: username
passwordKey: password
redis:
host: penpot-redis-headless.penpot.svc.cluster.local
port: 6379
database: 0
assets:
storageBackend: assets-s3
s3:
region: us-east-1
bucket: penpot
endpointURI: https://minio-penpot-api.alexlebens.net/penpot
existingSecret: penpot-bucket-user-secret
secretKeys:
accessKeyIDKey: AWS_ACCESS_KEY_ID
secretAccessKey: AWS_SECRET_ACCESS_KEY
telemetryEnabled: false
providers:
oidc:
enabled: true
baseURI: https://authentik.alexlebens.net/application/o/
authURI: https://authentik.alexlebens.net/application/o/authorize/
tokenURI: https://authentik.alexlebens.net/application/o/token/
userURI: https://authentik.alexlebens.net/application/o/userinfo/
roles: ""
rolesAttribute: ""
scopes: "openid profile email"
nameAttribute: preferred_username
emailAttribute: email
existingSecret: penpot-oidc-secret
secretKeys:
oidcClientIDKey: client
oidcClientSecretKey: secret
redis:
architecture: standalone
auth:
enabled: false
minio:
existingSecret:
name: penpot-minio-root-secret
tenant:
name: minio-penpot
configuration:
name: penpot-minio-config-secret
pools:
- servers: 3
name: pool
volumesPerServer: 2
size: 10Gi
storageClassName: ceph-block
mountPath: /export
subPath: /data
metrics:
enabled: true
port: 9000
protocol: http
certificate:
requestAutoCert: false
ingress:
api:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
tls:
- secretName: minio-penpot-api-secret-tls
hosts:
- minio-penpot-api.alexlebens.net
host: minio-penpot-api.alexlebens.net
path: /
pathType: Prefix
console:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
tls:
- secretName: minio-penpot-console-secret-tls
hosts:
- minio-penpot.alexlebens.net
host: minio-penpot.alexlebens.net
path: /
pathType: Prefix
postgres-16-cluster:
mode: standalone
kubernetesClusterName: cl01tl
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://s3.us-east-2.amazonaws.com
destinationPath: s3://cl01tl-postgresql-backups/penpot
endpointCredentials: penpot-postgresql-16-cluster-backup-secret
backupIndex: 1
retentionPolicy: 14d