add outline

2025-02-19 21:14:17 -06:00
parent ec3b6f346c
commit a2c8fdcab9
3 changed files with 483 additions and 0 deletions
--- a/clusters/cl01tl/applications/outline/Chart.yaml
+++ b/clusters/cl01tl/applications/outline/Chart.yaml
@@ -0,0 +1,49 @@
+apiVersion: v2
+name: outline
+version: 1.0.0
+description: Outline
+keywords:
+  - outline
+  - wiki
+  - documentation
+home: https://wiki.alexlebens.dev/doc/outline-JOaS8Mn0Bt
+sources:
+  - https://github.com/outline/outline
+  - https://github.com/minio/operator
+  - https://github.com/valkey-io/valkey
+  - https://github.com/cloudflare/cloudflared
+  - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://hub.docker.com/r/outlinewiki/outline
+  - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template
+  - https://github.com/minio/operator/tree/master/helm/tenant
+  - https://github.com/bitnami/charts/tree/main/bitnami/valkey
+  - https://github.com/alexlebens/helm-charts/charts/cloudflared
+  - https://github.com/alexlebens/helm-charts/charts/postgres-cluster
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: outline
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.6.1
+  - name: tenant
+    alias: minio
+    version: 7.0.0
+    repository: https://operator.min.io/
+  - name: valkey
+    version: 2.2.3
+    repository: https://charts.bitnami.com/bitnami
+  - name: cloudflared
+    alias: cloudflared-outline
+    repository: http://alexlebens.github.io/helm-charts
+    version: 1.13.0
+  - name: cloudflared
+    alias: cloudflared-minio
+    repository: http://alexlebens.github.io/helm-charts
+    version: 1.13.0
+  - name: postgres-cluster
+    alias: postgres-17-cluster
+    version: 4.1.4
+    repository: http://alexlebens.github.io/helm-charts
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/outline.png
+appVersion: 0.81.1
--- a/clusters/cl01tl/applications/outline/templates/external-secret.yaml
+++ b/clusters/cl01tl/applications/outline/templates/external-secret.yaml
@@ -0,0 +1,226 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-key-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: secret-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/key
+        metadataPolicy: None
+        property: secret-key
+    - secretKey: utils-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/key
+        metadataPolicy: None
+        property: utils-key
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: client
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/outline
+        metadataPolicy: None
+        property: client
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/outline
+        metadataPolicy: None
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-user-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-user-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/auth
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/auth
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-root-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-root-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/config
+        metadataPolicy: None
+        property: root-config.env
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/config
+        metadataPolicy: None
+        property: config.env
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/outline
+        metadataPolicy: None
+        property: token
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/outline-minio
+        metadataPolicy: None
+        property: token
+
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: outline-postgresql-17-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: database
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: secret
--- a/clusters/cl01tl/applications/outline/values.yaml
+++ b/clusters/cl01tl/applications/outline/values.yaml
@@ -0,0 +1,208 @@
+outline:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: outlinewiki/outline
+            tag: 0.81.1
+            pullPolicy: IfNotPresent
+          env:
+            - name: NODE_ENV
+              value: production
+            - name: URL
+              value: https://wiki.alexlebens.dev
+            - name: PORT
+              value: 3000
+            - name: SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: outline-key-secret
+                  key: secret-key
+            - name: UTILS_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: outline-key-secret
+                  key: utils-key
+            - name: POSTGRES_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: outline-postgresql-17-cluster-app
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: outline-postgresql-17-cluster-app
+                  key: password
+            - name: POSTGRES_DATABASE_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: outline-postgresql-17-cluster-app
+                  key: dbname
+            - name: POSTGRES_DATABASE_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: outline-postgresql-17-cluster-app
+                  key: host
+            - name: POSTGRES_DATABASE_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: outline-postgresql-17-cluster-app
+                  key: port
+            - name: DATABASE_URL
+              value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)
+            - name: DATABASE_URL_TEST
+              value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test
+            - name: DATABASE_CONNECTION_POOL_MIN
+              value: "2"
+            - name: DATABASE_CONNECTION_POOL_MAX
+              value: "20"
+            - name: PGSSLMODE
+              value: disable
+            - name: REDIS_URL
+              value: redis://outline-valkey-primary.outline:6379
+            - name: FILE_STORAGE
+              value: s3
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: outline-minio-user-secret
+                  key: AWS_ACCESS_KEY_ID
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: outline-minio-user-secret
+                  key: AWS_SECRET_ACCESS_KEY
+            - name: AWS_REGION
+              value: us-east-1
+            - name: AWS_S3_UPLOAD_BUCKET_NAME
+              value: outline
+            - name: AWS_S3_UPLOAD_BUCKET_URL
+              value: https://outline-storage.alexlebens.dev/outline
+            - name: AWS_S3_ACCELERATE_URL
+              value: https://outline-storage.alexlebens.dev/outline
+            - name: AWS_S3_FORCE_PATH_STYLE
+              value: false
+            - name: AWS_S3_ACL
+              value: private
+            - name: FILE_STORAGE_UPLOAD_MAX_SIZE
+              value: "26214400"
+            - name: FORCE_HTTPS
+              value: false
+            - name: ENABLE_UPDATES
+              value: false
+            - name: WEB_CONCURRENCY
+              value: 1
+            - name: FILE_STORAGE_IMPORT_MAX_SIZE
+              value: 5120000
+            - name: LOG_LEVEL
+              value: info
+            - name: DEFAULT_LANGUAGE
+              value: en_US
+            - name: RATE_LIMITER_ENABLED
+              value: false
+            - name: DEVELOPMENT_UNSAFE_INLINE_CSP
+              value: false
+            - name: OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: outline-oidc-secret
+                  key: client
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: outline-oidc-secret
+                  key: secret
+            - name: OIDC_AUTH_URI
+              value: https://auth.alexlebens.dev/application/o/authorize/
+            - name: OIDC_TOKEN_URI
+              value: https://auth.alexlebens.dev/application/o/token/
+            - name: OIDC_USERINFO_URI
+              value: https://auth.alexlebens.dev/application/o/userinfo/
+            - name: OIDC_USERNAME_CLAIM
+              value: email
+            - name: OIDC_DISPLAY_NAME
+              value: Authentik
+            - name: OIDC_SCOPES
+              value: openid profile email
+          resources:
+            requests:
+              cpu: 10m
+              memory: 512Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 3000
+          targetPort: 3000
+          protocol: HTTP
+minio:
+  existingSecret:
+    name: outline-minio-root-secret
+  tenant:
+    name: minio-outline
+    configuration:
+      name: outline-minio-config-secret
+    pools:
+      - servers: 3
+        name: pool
+        volumesPerServer: 2
+        size: 10Gi
+        storageClassName: ceph-block
+    mountPath: /export
+    subPath: /data
+    metrics:
+      enabled: true
+      port: 9000
+      protocol: http
+    certificate:
+      requestAutoCert: false
+  ingress:
+    console:
+      enabled: true
+      ingressClassName: tailscale
+      tls:
+        - secretName: minio-outline-cl01tl
+          hosts:
+            - minio-outline-cl01tl
+      host: minio-outline-cl01tl
+      path: /
+      pathType: Prefix
+valkey:
+  architecture: standalone
+  auth:
+    enabled: false
+  primary:
+    persistence:
+      enabled: false
+  replica:
+    persistence:
+      enabled: false
+cloudflared-outline:
+  existingSecretName: outline-cloudflared-secret
+  name: cloudflared-outline
+cloudflared-minio:
+  existingSecretName: outline-minio-cloudflared-secret
+  name: cloudflared-minio
+postgres-17-cluster:
+  mode: standalone
+  cluster:
+    walStorage:
+      storageClass: local-path
+    storage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+  backup:
+    enabled: true
+    endpointURL: https://nyc3.digitaloceanspaces.com
+    destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster
+    endpointCredentials: outline-postgresql-17-cluster-backup-secret
+    backupIndex: 1