From 9eb665fc40825aeda57a3964918f874d7fe6fe9d Mon Sep 17 00:00:00 2001 From: alexlebens Date: Sat, 1 Jun 2024 18:09:01 -0500 Subject: [PATCH] convert to use app-template --- clusters/cl01tl/applications/taiga/Chart.yaml | 24 +- .../taiga/templates/external-secret.yaml | 61 +- .../templates/persistent-volume-claim.yaml | 40 ++ .../cl01tl/applications/taiga/values.yaml | 532 +++++++++++++----- 4 files changed, 471 insertions(+), 186 deletions(-) create mode 100644 clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml diff --git a/clusters/cl01tl/applications/taiga/Chart.yaml b/clusters/cl01tl/applications/taiga/Chart.yaml index 6b492fd61..21e9302fd 100644 --- a/clusters/cl01tl/applications/taiga/Chart.yaml +++ b/clusters/cl01tl/applications/taiga/Chart.yaml @@ -1,17 +1,33 @@ apiVersion: v2 name: taiga version: 1.0.0 +description: Taiga +keywords: + - kanban + - project management sources: - https://github.com/taigaio - https://github.com/rabbitmq/rabbitmq-server - - https://github.com/alexlebens/helm-charts/charts/taiga + - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens dependencies: - - name: taiga - version: 0.2.3 - repository: http://alexlebens.github.io/helm-charts + - name: app-template + alias: taiga + repository: https://bjw-s.github.io/helm-charts/ + version: 3.2.1 + - name: rabbitmq + version: 14.1.5 + repository: https://charts.bitnami.com/bitnami + alias: async-rabbitmq + - name: rabbitmq + version: 14.1.5 + repository: https://charts.bitnami.com/bitnami + alias: events-rabbitmq - name: postgres-cluster alias: postgres-16-cluster version: 3.1.0 repository: http://alexlebens.github.io/helm-charts +icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4 appVersion: 6.7.7 diff --git a/clusters/cl01tl/applications/taiga/templates/external-secret.yaml b/clusters/cl01tl/applications/taiga/templates/external-secret.yaml index c5ed5f665..3dc803356 100644 --- a/clusters/cl01tl/applications/taiga/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/taiga/templates/external-secret.yaml @@ -18,7 +18,7 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /taiga/key + key: /cl01tl/taiga/key metadataPolicy: None property: key @@ -32,7 +32,7 @@ metadata: app.kubernetes.io/name: taiga-oidc-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web + app.kubernetes.io/component: auth app.kubernetes.io/part-of: {{ .Release.Name }} spec: secretStoreRef: @@ -53,55 +53,6 @@ spec: key: /authentik/oidc/taiga metadataPolicy: None property: secret - - secretKey: scopes - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: scopes - - secretKey: signatureAlgorithm - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: signatureAlgorithm - - secretKey: baseUrl - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: baseUrl - - secretKey: jwksEndpoint - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: jwksEndpoint - - secretKey: authorizationEndpoint - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: authorizationEndpoint - - secretKey: tokenEndpoint - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: tokenEndpoint - - secretKey: userEndpoint - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/taiga - metadataPolicy: None - property: userEndpoint --- apiVersion: external-secrets.io/v1beta1 @@ -124,14 +75,14 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /taiga/rabbitmq/async + key: /cl01tl/taiga/rabbitmq/async metadataPolicy: None property: password - secretKey: erlang remoteRef: conversionStrategy: Default decodingStrategy: None - key: /taiga/rabbitmq/async + key: /cl01tl/taiga/rabbitmq/async metadataPolicy: None property: erlang @@ -156,14 +107,14 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /taiga/rabbitmq/events + key: /cl01tl/taiga/rabbitmq/events metadataPolicy: None property: password - secretKey: erlang remoteRef: conversionStrategy: Default decodingStrategy: None - key: /taiga/rabbitmq/events + key: /cl01tl/taiga/rabbitmq/events metadataPolicy: None property: erlang diff --git a/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml b/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml new file mode 100644 index 000000000..fd01c8534 --- /dev/null +++ b/clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml @@ -0,0 +1,40 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: taiga-static + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: taiga-static + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeMode: Filesystem + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: taiga-media + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: taiga-media + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: storage + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + volumeMode: Filesystem + storageClassName: nfs-client + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi diff --git a/clusters/cl01tl/applications/taiga/values.yaml b/clusters/cl01tl/applications/taiga/values.yaml index b03654b6f..4840a1a3c 100644 --- a/clusters/cl01tl/applications/taiga/values.yaml +++ b/clusters/cl01tl/applications/taiga/values.yaml @@ -1,139 +1,417 @@ taiga: + controllers: + front: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + front: + image: + repository: ghcr.io/alexlebens/taiga-front-docker-oidc + tag: 6.7.7 + pullPolicy: IfNotPresent + env: + - name: TAIGA_URL + value: https://taiga.alexlebens.net + - name: PUBLIC_REGISTER_ENABLED + value: false + - name: ENABLE_GITHUB_AUTH + value: false + - name: ENABLE_GITLAB_AUTH + value: false + - name: ENABLE_OIDC + value: true + - name: ENABLE_SLACK + value: false + - name: ENABLE_GITHUB_IMPORTER + value: false + - name: ENABLE_JIRA_IMPORTER + value: false + - name: ENABLE_TRELLO_IMPORTER + value: false + resources: + requests: + cpu: 100m + memory: 256Mi + back: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + back: + image: + repository: ghcr.io/alexlebens/taiga-back-docker-oidc + tag: 6.7.3 + pullPolicy: IfNotPresent + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: taiga-key-secret + key: key + - name: ENABLE_TELEMETRY + value: false + - name: PUBLIC_REGISTER_ENABLED + value: false + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: dbname + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: host + - name: OIDC_ENABLED + value: "True" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: taiga-oidc-secret + key: client + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: taiga-oidc-secret + key: secret + - name: OIDC_SCOPES + value: openid profile email + - name: OIDC_SIGN_ALGO + value: RS256 + - name: OIDC_BASE_URL + value: https://authentik.alexlebens.net/application/o/ + - name: OIDC_JWKS_ENDPOINT + value: https://authentik.alexlebens.net/application/o/taiga/jwks/ + - name: OIDC_AUTHORIZATION_ENDPOINT + value: https://authentik.alexlebens.net/application/o/authorize/ + - name: OIDC_TOKEN_ENDPOINT + value: https://authentik.alexlebens.net/application/o/token/ + - name: OIDC_USER_ENDPOINT + value: https://authentik.alexlebens.net/application/o/userinfo/ + - name: ENABLE_GITHUB_AUTH + value: "false" + - name: ENABLE_GITLAB_AUTH + value: "false" + - name: ENABLE_SLACK + value: "false" + - name: ENABLE_GITHUB_IMPORTER + value: "False" + - name: ENABLE_JIRA_IMPORTER + value: "False" + - name: ENABLE_JIRA_IMPORTER + value: "False" + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: taiga-async-rabbitmq-secret + key: password + - name: TAIGA_SITES_DOMAIN + value: taiga.alexlebens.net + - name: TAIGA_SITES_SCHEME + value: https + - name: SESSION_COOKIE_SECURE + value: "True" + - name: CSRF_COOKIE_SECURE + value: "True" + resources: + requests: + cpu: 100m + memory: 256Mi + async: + image: + repository: ghcr.io/alexlebens/taiga-back-docker-oidc + tag: 6.7.3 + pullPolicy: IfNotPresent + command: + - /taiga-back/docker/async_entrypoint.sh + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: taiga-key-secret + key: key + - name: ENABLE_TELEMETRY + value: false + - name: PUBLIC_REGISTER_ENABLED + value: false + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: password + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: dbname + - name: POSTGRES_HOST + valueFrom: + secretKeyRef: + name: taiga-postgresql-16-cluster-app + key: host + - name: OIDC_ENABLED + value: "True" + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: taiga-oidc-secret + key: client + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: taiga-oidc-secret + key: secret + - name: OIDC_SCOPES + value: openid profile email + - name: OIDC_SIGN_ALGO + value: RS256 + - name: OIDC_BASE_URL + value: https://authentik.alexlebens.net/application/o/ + - name: OIDC_JWKS_ENDPOINT + value: https://authentik.alexlebens.net/application/o/taiga/jwks/ + - name: OIDC_AUTHORIZATION_ENDPOINT + value: https://authentik.alexlebens.net/application/o/authorize/ + - name: OIDC_TOKEN_ENDPOINT + value: https://authentik.alexlebens.net/application/o/token/ + - name: OIDC_USER_ENDPOINT + value: https://authentik.alexlebens.net/application/o/userinfo/ + - name: ENABLE_GITHUB_AUTH + value: "false" + - name: ENABLE_GITLAB_AUTH + value: "false" + - name: ENABLE_SLACK + value: "false" + - name: ENABLE_GITHUB_IMPORTER + value: "False" + - name: ENABLE_JIRA_IMPORTER + value: "False" + - name: ENABLE_JIRA_IMPORTER + value: "False" + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: taiga-async-rabbitmq-secret + key: password + - name: TAIGA_SITES_DOMAIN + value: taiga.alexlebens.net + - name: TAIGA_SITES_SCHEME + value: https + - name: SESSION_COOKIE_SECURE + value: "True" + - name: CSRF_COOKIE_SECURE + value: "True" + resources: + requests: + cpu: 100m + memory: 256Mi + events: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + events: + image: + repository: taigaio/taiga-events + tag: 6.7.0 + pullPolicy: IfNotPresent + env: + - name: TAIGA_SECRET_KEY + valueFrom: + secretKeyRef: + name: taiga-key-secret + key: key + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + valueFrom: + secretKeyRef: + name: taiga-events-rabbitmq-secret + key: password + - name: APP_PORT + value: 3023 + resources: + requests: + cpu: 100m + memory: 256Mi + protected: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: taigaio/taiga-protected + tag: 6.7.0 + pullPolicy: IfNotPresent + env: + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: taiga-key-secret + key: key + - name: MAX_AGE + value: 360 + resources: + requests: + cpu: 100m + memory: 256Mi serviceAccount: create: true - secretKey: - existingSecretName: taiga-key-secret - existingSecretKey: key - createInitialUser: false - enableTelemetry: false - publicRegisterEnabled: false - postgresql: - existingSecretName: taiga-postgresql-16-cluster-app - usernameKey: username - passwordKey: password - databaseNameKey: dbname - hostKey: host - portKey: port - oidc: - enabled: true - existingSecretName: taiga-oidc-secret - scopesKey: scopes - signatureAlgorithmKey: signatureAlgorithm - clientIdKey: client - clientSecretKey: secret - baseUrlKey: baseUrl - jwksEndpointKey: jwksEndpoint - authorizationEndpointKey: authorizationEndpoint - tokenEndpointKey: tokenEndpoint - userEndpointKey: userEndpoint - back: - image: - repository: ghcr.io/alexlebens/taiga-back-docker-oidc - tag: latest - pullPolicy: Always - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 1Gi - livenessProbe: - enabled: true - readinessProbe: - enabled: true - async: - image: - repository: ghcr.io/alexlebens/taiga-back-docker-oidc - tag: latest - pullPolicy: Always - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 1Gi - livenessProbe: - enabled: true - readinessProbe: - enabled: true - async-rabbitmq: - auth: - username: taiga - existingPasswordSecret: taiga-async-rabbitmq-secret - existingSecretPasswordKey: password - existingErlangSecret: taiga-async-rabbitmq-secret - existingSecretErlangKey: erlang - events: - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 1Gi - livenessProbe: - enabled: false - readinessProbe: - enabled: false - events-rabbitmq: - auth: - username: taiga - existingPasswordSecret: taiga-events-rabbitmq-secret - existingSecretPasswordKey: password - existingErlangSecret: taiga-events-rabbitmq-secret - existingSecretErlangKey: erlang - protected: - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 1Gi - livenessProbe: - enabled: false - readinessProbe: - enabled: false - front: - image: - repository: ghcr.io/alexlebens/taiga-front-docker-oidc - tag: latest - pullPolicy: Always - resources: - requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 500m - memory: 1Gi - livenessProbe: - enabled: true - readinessProbe: - enabled: true + service: + front: + controller: front + ports: + front: + port: 80 + targetPort: 80 + protocol: HTTP + back: + controller: back + ports: + back: + port: 8000 + targetPort: 8000 + protocol: HTTP + events: + controller: events + ports: + events: + port: 8888 + targetPort: 8888 + protocol: HTTP + app: + port: 3023 + targetPort: 3023 + protocol: HTTP + protected: + controller: protected + ports: + protected: + port: 8003 + targetPort: 8003 + protocol: HTTP ingress: - enabled: true - annotations: - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: letsencrypt-issuer - className: traefik - host: taiga.alexlebens.net + main: + className: traefik + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: letsencrypt-issuer + hosts: + - host: taiga.alexlebens.net + paths: + - path: / + pathType: Prefix + service: + name: taiga-front + port: 80 + - path: /api + pathType: Prefix + service: + name: taiga-back + port: 8000 + pathType: ImplementationSpecific + - path: /admin + pathType: Prefix + service: + name: taiga-back + port: 8000 + pathType: ImplementationSpecific + - path: /oidc + pathType: Prefix + service: + name: taiga-back + port: 8000 + pathType: ImplementationSpecific + - path: /events + pathType: Prefix + service: + name: taiga-events + port: 8888 + pathType: ImplementationSpecific + - path: /media + pathType: Prefix + service: + name: taiga-protected + port: 8003 + pathType: ImplementationSpecific + tls: + - secretName: taiga-secret-tls + hosts: + - taiga.alexlebens.net persistence: static: - enabled: true - storageClass: nfs-client - accessMode: ReadWriteMany - size: 1Gi + existingClaim: taiga-static + advancedMounts: + back: + back: + - path: /taiga-back/static + readOnly: false + back: + async: + - path: /taiga-back/static + readOnly: false media: - enabled: true - storageClass: nfs-client - accessMode: ReadWriteMany - size: 1Gi + existingClaim: taiga-media + advancedMounts: + back: + back: + - path: /taiga-back/media + readOnly: false + back: + async: + - path: /taiga-back/media + readOnly: false +async-rabbitmq: + auth: + username: taiga + existingPasswordSecret: taiga-async-rabbitmq-secret + existingSecretPasswordKey: password + existingErlangSecret: taiga-async-rabbitmq-secret + existingSecretErlangKey: erlang + extraConfiguration: |- + default_vhost = taiga + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* +events-rabbitmq: + auth: + username: taiga + existingPasswordSecret: taiga-events-rabbitmq-secret + existingSecretPasswordKey: password + existingErlangSecret: taiga-events-rabbitmq-secret + existingSecretErlangKey: erlang + extraConfiguration: |- + default_vhost = taiga + default_permissions.configure = .* + default_permissions.read = .* + default_permissions.write = .* postgres-16-cluster: mode: standalone - kubernetesClusterName: cl01tl cluster: walStorage: storageClass: local-path