alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

convert to use app-template

Browse Source
This commit is contained in:
Alex Lebens
2024-06-01 18:09:01 -05:00
parent 3bb9876901
commit 9eb665fc40
4 changed files with 471 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
clusters/cl01tl/applications/taiga/Chart.yaml
View File

@@ -1,17 +1,33 @@
apiVersion: v2
name: taiga
version: 1.0.0
description: Taiga
keywords:
- kanban
- project management
sources:
- https://github.com/taigaio
- https://github.com/rabbitmq/rabbitmq-server
- https://github.com/alexlebens/helm-charts/charts/taiga
- https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: taiga
version: 0.2.3
repository: http://alexlebens.github.io/helm-charts
- name: app-template
alias: taiga
repository: https://bjw-s.github.io/helm-charts/
version: 3.2.1
- name: rabbitmq
version: 14.1.5
repository: https://charts.bitnami.com/bitnami
alias: async-rabbitmq
- name: rabbitmq
version: 14.1.5
repository: https://charts.bitnami.com/bitnami
alias: events-rabbitmq
- name: postgres-cluster
alias: postgres-16-cluster
version: 3.1.0
repository: http://alexlebens.github.io/helm-charts
icon: https://avatars.githubusercontent.com/u/6905422?s=200&v=4
appVersion: 6.7.7

61
clusters/cl01tl/applications/taiga/templates/external-secret.yaml
View File

@@ -18,7 +18,7 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /taiga/key
key: /cl01tl/taiga/key
metadataPolicy: None
property: key
@@ -32,7 +32,7 @@ metadata:
app.kubernetes.io/name: taiga-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/component: auth
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
@@ -53,55 +53,6 @@ spec:
key: /authentik/oidc/taiga
metadataPolicy: None
property: secret
- secretKey: scopes
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: scopes
- secretKey: signatureAlgorithm
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: signatureAlgorithm
- secretKey: baseUrl
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: baseUrl
- secretKey: jwksEndpoint
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: jwksEndpoint
- secretKey: authorizationEndpoint
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: authorizationEndpoint
- secretKey: tokenEndpoint
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: tokenEndpoint
- secretKey: userEndpoint
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/taiga
metadataPolicy: None
property: userEndpoint
---
apiVersion: external-secrets.io/v1beta1
@@ -124,14 +75,14 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /taiga/rabbitmq/async
key: /cl01tl/taiga/rabbitmq/async
metadataPolicy: None
property: password
- secretKey: erlang
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /taiga/rabbitmq/async
key: /cl01tl/taiga/rabbitmq/async
metadataPolicy: None
property: erlang
@@ -156,14 +107,14 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /taiga/rabbitmq/events
key: /cl01tl/taiga/rabbitmq/events
metadataPolicy: None
property: password
- secretKey: erlang
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /taiga/rabbitmq/events
key: /cl01tl/taiga/rabbitmq/events
metadataPolicy: None
property: erlang

40
clusters/cl01tl/applications/taiga/templates/persistent-volume-claim.yaml Normal file
View File

@@ -0,0 +1,40 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: taiga-static
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: taiga-static
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: taiga-media
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: taiga-media
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: storage
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeMode: Filesystem
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi

532
clusters/cl01tl/applications/taiga/values.yaml
View File

@@ -1,139 +1,417 @@
taiga:
controllers:
front:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
front:
image:
repository: ghcr.io/alexlebens/taiga-front-docker-oidc
tag: 6.7.7
pullPolicy: IfNotPresent
env:
- name: TAIGA_URL
value: https://taiga.alexlebens.net
- name: PUBLIC_REGISTER_ENABLED
value: false
- name: ENABLE_GITHUB_AUTH
value: false
- name: ENABLE_GITLAB_AUTH
value: false
- name: ENABLE_OIDC
value: true
- name: ENABLE_SLACK
value: false
- name: ENABLE_GITHUB_IMPORTER
value: false
- name: ENABLE_JIRA_IMPORTER
value: false
- name: ENABLE_TRELLO_IMPORTER
value: false
resources:
requests:
cpu: 100m
memory: 256Mi
back:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
back:
image:
repository: ghcr.io/alexlebens/taiga-back-docker-oidc
tag: 6.7.3
pullPolicy: IfNotPresent
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: taiga-key-secret
key: key
- name: ENABLE_TELEMETRY
value: false
- name: PUBLIC_REGISTER_ENABLED
value: false
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: password
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: dbname
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: host
- name: OIDC_ENABLED
value: "True"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: taiga-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: taiga-oidc-secret
key: secret
- name: OIDC_SCOPES
value: openid profile email
- name: OIDC_SIGN_ALGO
value: RS256
- name: OIDC_BASE_URL
value: https://authentik.alexlebens.net/application/o/
- name: OIDC_JWKS_ENDPOINT
value: https://authentik.alexlebens.net/application/o/taiga/jwks/
- name: OIDC_AUTHORIZATION_ENDPOINT
value: https://authentik.alexlebens.net/application/o/authorize/
- name: OIDC_TOKEN_ENDPOINT
value: https://authentik.alexlebens.net/application/o/token/
- name: OIDC_USER_ENDPOINT
value: https://authentik.alexlebens.net/application/o/userinfo/
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "false"
- name: ENABLE_GITHUB_IMPORTER
value: "False"
- name: ENABLE_JIRA_IMPORTER
value: "False"
- name: ENABLE_JIRA_IMPORTER
value: "False"
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: taiga-async-rabbitmq-secret
key: password
- name: TAIGA_SITES_DOMAIN
value: taiga.alexlebens.net
- name: TAIGA_SITES_SCHEME
value: https
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
resources:
requests:
cpu: 100m
memory: 256Mi
async:
image:
repository: ghcr.io/alexlebens/taiga-back-docker-oidc
tag: 6.7.3
pullPolicy: IfNotPresent
command:
- /taiga-back/docker/async_entrypoint.sh
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: taiga-key-secret
key: key
- name: ENABLE_TELEMETRY
value: false
- name: PUBLIC_REGISTER_ENABLED
value: false
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: password
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: dbname
- name: POSTGRES_HOST
valueFrom:
secretKeyRef:
name: taiga-postgresql-16-cluster-app
key: host
- name: OIDC_ENABLED
value: "True"
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: taiga-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: taiga-oidc-secret
key: secret
- name: OIDC_SCOPES
value: openid profile email
- name: OIDC_SIGN_ALGO
value: RS256
- name: OIDC_BASE_URL
value: https://authentik.alexlebens.net/application/o/
- name: OIDC_JWKS_ENDPOINT
value: https://authentik.alexlebens.net/application/o/taiga/jwks/
- name: OIDC_AUTHORIZATION_ENDPOINT
value: https://authentik.alexlebens.net/application/o/authorize/
- name: OIDC_TOKEN_ENDPOINT
value: https://authentik.alexlebens.net/application/o/token/
- name: OIDC_USER_ENDPOINT
value: https://authentik.alexlebens.net/application/o/userinfo/
- name: ENABLE_GITHUB_AUTH
value: "false"
- name: ENABLE_GITLAB_AUTH
value: "false"
- name: ENABLE_SLACK
value: "false"
- name: ENABLE_GITHUB_IMPORTER
value: "False"
- name: ENABLE_JIRA_IMPORTER
value: "False"
- name: ENABLE_JIRA_IMPORTER
value: "False"
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: taiga-async-rabbitmq-secret
key: password
- name: TAIGA_SITES_DOMAIN
value: taiga.alexlebens.net
- name: TAIGA_SITES_SCHEME
value: https
- name: SESSION_COOKIE_SECURE
value: "True"
- name: CSRF_COOKIE_SECURE
value: "True"
resources:
requests:
cpu: 100m
memory: 256Mi
events:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
events:
image:
repository: taigaio/taiga-events
tag: 6.7.0
pullPolicy: IfNotPresent
env:
- name: TAIGA_SECRET_KEY
valueFrom:
secretKeyRef:
name: taiga-key-secret
key: key
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
valueFrom:
secretKeyRef:
name: taiga-events-rabbitmq-secret
key: password
- name: APP_PORT
value: 3023
resources:
requests:
cpu: 100m
memory: 256Mi
protected:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: taigaio/taiga-protected
tag: 6.7.0
pullPolicy: IfNotPresent
env:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: taiga-key-secret
key: key
- name: MAX_AGE
value: 360
resources:
requests:
cpu: 100m
memory: 256Mi
serviceAccount:
create: true
secretKey:
existingSecretName: taiga-key-secret
existingSecretKey: key
createInitialUser: false
enableTelemetry: false
publicRegisterEnabled: false
postgresql:
existingSecretName: taiga-postgresql-16-cluster-app
usernameKey: username
passwordKey: password
databaseNameKey: dbname
hostKey: host
portKey: port
oidc:
enabled: true
existingSecretName: taiga-oidc-secret
scopesKey: scopes
signatureAlgorithmKey: signatureAlgorithm
clientIdKey: client
clientSecretKey: secret
baseUrlKey: baseUrl
jwksEndpointKey: jwksEndpoint
authorizationEndpointKey: authorizationEndpoint
tokenEndpointKey: tokenEndpoint
userEndpointKey: userEndpoint
back:
image:
repository: ghcr.io/alexlebens/taiga-back-docker-oidc
tag: latest
pullPolicy: Always
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
livenessProbe:
enabled: true
readinessProbe:
enabled: true
async:
image:
repository: ghcr.io/alexlebens/taiga-back-docker-oidc
tag: latest
pullPolicy: Always
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
livenessProbe:
enabled: true
readinessProbe:
enabled: true
async-rabbitmq:
auth:
username: taiga
existingPasswordSecret: taiga-async-rabbitmq-secret
existingSecretPasswordKey: password
existingErlangSecret: taiga-async-rabbitmq-secret
existingSecretErlangKey: erlang
events:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
livenessProbe:
enabled: false
readinessProbe:
enabled: false
events-rabbitmq:
auth:
username: taiga
existingPasswordSecret: taiga-events-rabbitmq-secret
existingSecretPasswordKey: password
existingErlangSecret: taiga-events-rabbitmq-secret
existingSecretErlangKey: erlang
protected:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
livenessProbe:
enabled: false
readinessProbe:
enabled: false
front:
image:
repository: ghcr.io/alexlebens/taiga-front-docker-oidc
tag: latest
pullPolicy: Always
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 1Gi
livenessProbe:
enabled: true
readinessProbe:
enabled: true
service:
front:
controller: front
ports:
front:
port: 80
targetPort: 80
protocol: HTTP
back:
controller: back
ports:
back:
port: 8000
targetPort: 8000
protocol: HTTP
events:
controller: events
ports:
events:
port: 8888
targetPort: 8888
protocol: HTTP
app:
port: 3023
targetPort: 3023
protocol: HTTP
protected:
controller: protected
ports:
protected:
port: 8003
targetPort: 8003
protocol: HTTP
ingress:
enabled: true
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
className: traefik
host: taiga.alexlebens.net
main:
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
hosts:
- host: taiga.alexlebens.net
paths:
- path: /
pathType: Prefix
service:
name: taiga-front
port: 80
- path: /api
pathType: Prefix
service:
name: taiga-back
port: 8000
pathType: ImplementationSpecific
- path: /admin
pathType: Prefix
service:
name: taiga-back
port: 8000
pathType: ImplementationSpecific
- path: /oidc
pathType: Prefix
service:
name: taiga-back
port: 8000
pathType: ImplementationSpecific
- path: /events
pathType: Prefix
service:
name: taiga-events
port: 8888
pathType: ImplementationSpecific
- path: /media
pathType: Prefix
service:
name: taiga-protected
port: 8003
pathType: ImplementationSpecific
tls:
- secretName: taiga-secret-tls
hosts:
- taiga.alexlebens.net
persistence:
static:
enabled: true
storageClass: nfs-client
accessMode: ReadWriteMany
size: 1Gi
existingClaim: taiga-static
advancedMounts:
back:
back:
- path: /taiga-back/static
readOnly: false
back:
async:
- path: /taiga-back/static
readOnly: false
media:
enabled: true
storageClass: nfs-client
accessMode: ReadWriteMany
size: 1Gi
existingClaim: taiga-media
advancedMounts:
back:
back:
- path: /taiga-back/media
readOnly: false
back:
async:
- path: /taiga-back/media
readOnly: false
async-rabbitmq:
auth:
username: taiga
existingPasswordSecret: taiga-async-rabbitmq-secret
existingSecretPasswordKey: password
existingErlangSecret: taiga-async-rabbitmq-secret
existingSecretErlangKey: erlang
extraConfiguration: |-
default_vhost = taiga
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
events-rabbitmq:
auth:
username: taiga
existingPasswordSecret: taiga-events-rabbitmq-secret
existingSecretPasswordKey: password
existingErlangSecret: taiga-events-rabbitmq-secret
existingSecretErlangKey: erlang
extraConfiguration: |-
default_vhost = taiga
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
postgres-16-cluster:
mode: standalone
kubernetesClusterName: cl01tl
cluster:
walStorage:
storageClass: local-path