From aee9782ca7ecd8e8bb61e470d33c199041e3cd1f Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Mon, 3 Mar 2025 18:07:25 -0600 Subject: [PATCH] add outline --- .../cl01tl/applications/outline/Chart.yaml | 49 ++++ .../outline/templates/external-secret.yaml | 226 ++++++++++++++++++ .../outline/templates/http-route.yaml | 30 +++ .../cl01tl/applications/outline/values.yaml | 205 ++++++++++++++++ 4 files changed, 510 insertions(+) create mode 100644 clusters/cl01tl/applications/outline/Chart.yaml create mode 100644 clusters/cl01tl/applications/outline/templates/external-secret.yaml create mode 100644 clusters/cl01tl/applications/outline/templates/http-route.yaml create mode 100644 clusters/cl01tl/applications/outline/values.yaml diff --git a/clusters/cl01tl/applications/outline/Chart.yaml b/clusters/cl01tl/applications/outline/Chart.yaml new file mode 100644 index 000000000..5696e1afd --- /dev/null +++ b/clusters/cl01tl/applications/outline/Chart.yaml @@ -0,0 +1,49 @@ +apiVersion: v2 +name: outline +version: 1.0.0 +description: Outline +keywords: + - outline + - wiki + - documentation +home: https://wiki.alexlebens.dev/doc/outline-JOaS8Mn0Bt +sources: + - https://github.com/outline/outline + - https://github.com/minio/operator + - https://github.com/valkey-io/valkey + - https://github.com/cloudflare/cloudflared + - https://github.com/cloudnative-pg/cloudnative-pg + - https://hub.docker.com/r/outlinewiki/outline + - https://github.com/bjw-s/helm-charts/tree/main/charts/other/app-template + - https://github.com/minio/operator/tree/master/helm/tenant + - https://github.com/bitnami/charts/tree/main/bitnami/valkey + - https://github.com/alexlebens/helm-charts/charts/cloudflared + - https://github.com/alexlebens/helm-charts/charts/postgres-cluster +maintainers: + - name: alexlebens +dependencies: + - name: app-template + alias: outline + repository: https://bjw-s.github.io/helm-charts/ + version: 3.7.1 + - name: tenant + alias: minio + version: 7.0.0 + repository: https://operator.min.io/ + - name: valkey + version: 2.4.0 + repository: https://charts.bitnami.com/bitnami + - name: cloudflared + alias: cloudflared-outline + repository: http://alexlebens.github.io/helm-charts + version: 1.14.0 + - name: cloudflared + alias: cloudflared-minio + repository: http://alexlebens.github.io/helm-charts + version: 1.14.0 + - name: postgres-cluster + alias: postgres-17-cluster + version: 4.2.0 + repository: http://alexlebens.github.io/helm-charts +icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/outline.png +appVersion: 0.81.1 diff --git a/clusters/cl01tl/applications/outline/templates/external-secret.yaml b/clusters/cl01tl/applications/outline/templates/external-secret.yaml new file mode 100644 index 000000000..f00d96e0d --- /dev/null +++ b/clusters/cl01tl/applications/outline/templates/external-secret.yaml @@ -0,0 +1,226 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-key-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-key-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: secret-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/key + metadataPolicy: None + property: secret-key + - secretKey: utils-key + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/key + metadataPolicy: None + property: utils-key + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: client + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/outline + metadataPolicy: None + property: client + - secretKey: secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/outline + metadataPolicy: None + property: secret + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-minio-user-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-minio-user-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: AWS_ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/minio/auth + metadataPolicy: None + property: AWS_ACCESS_KEY_ID + - secretKey: AWS_SECRET_ACCESS_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/minio/auth + metadataPolicy: None + property: AWS_SECRET_ACCESS_KEY + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-minio-root-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-minio-root-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/minio/config + metadataPolicy: None + property: root-config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-minio-config-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-minio-config-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: config.env + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/outline/minio/config + metadataPolicy: None + property: config.env + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/outline + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-minio-cloudflared-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-cloudflared-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: cf-tunnel-token + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cloudflare/tunnels/outline-minio + metadataPolicy: None + property: token + +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: outline-postgresql-17-cluster-backup-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: outline-postgresql-17-cluster-backup-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: database + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: ACCESS_KEY_ID + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: access + - secretKey: ACCESS_SECRET_KEY + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /digital-ocean/home-infra/postgres-backups + metadataPolicy: None + property: secret diff --git a/clusters/cl01tl/applications/outline/templates/http-route.yaml b/clusters/cl01tl/applications/outline/templates/http-route.yaml new file mode 100644 index 000000000..c80aa321b --- /dev/null +++ b/clusters/cl01tl/applications/outline/templates/http-route.yaml @@ -0,0 +1,30 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http-route-outline-minio + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: http-route-outline-minio + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - minio-outline.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: minio-outline-console + port: 9090 + weight: 100 diff --git a/clusters/cl01tl/applications/outline/values.yaml b/clusters/cl01tl/applications/outline/values.yaml new file mode 100644 index 000000000..f009afa8f --- /dev/null +++ b/clusters/cl01tl/applications/outline/values.yaml @@ -0,0 +1,205 @@ +outline: + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: outlinewiki/outline + tag: 0.82.0 + pullPolicy: IfNotPresent + env: + - name: NODE_ENV + value: production + - name: URL + value: https://wiki.alexlebens.dev + - name: PORT + value: 3000 + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: outline-key-secret + key: secret-key + - name: UTILS_SECRET + valueFrom: + secretKeyRef: + name: outline-key-secret + key: utils-key + - name: POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: outline-postgresql-17-cluster-app + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: outline-postgresql-17-cluster-app + key: password + - name: POSTGRES_DATABASE_NAME + valueFrom: + secretKeyRef: + name: outline-postgresql-17-cluster-app + key: dbname + - name: POSTGRES_DATABASE_HOST + valueFrom: + secretKeyRef: + name: outline-postgresql-17-cluster-app + key: host + - name: POSTGRES_DATABASE_PORT + valueFrom: + secretKeyRef: + name: outline-postgresql-17-cluster-app + key: port + - name: DATABASE_URL + value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME) + - name: DATABASE_URL_TEST + value: postgres://$(POSTGRES_USERNAME):$(POSTGRES_PASSWORD)@$(POSTGRES_DATABASE_HOST):$(POSTGRES_DATABASE_PORT)/$(POSTGRES_DATABASE_NAME)-test + - name: DATABASE_CONNECTION_POOL_MIN + value: "2" + - name: DATABASE_CONNECTION_POOL_MAX + value: "20" + - name: PGSSLMODE + value: disable + - name: REDIS_URL + value: redis://outline-valkey-primary.outline:6379 + - name: FILE_STORAGE + value: s3 + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: outline-minio-user-secret + key: AWS_ACCESS_KEY_ID + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: outline-minio-user-secret + key: AWS_SECRET_ACCESS_KEY + - name: AWS_REGION + value: us-east-1 + - name: AWS_S3_UPLOAD_BUCKET_NAME + value: outline + - name: AWS_S3_UPLOAD_BUCKET_URL + value: https://outline-storage.alexlebens.dev/outline + - name: AWS_S3_ACCELERATE_URL + value: https://outline-storage.alexlebens.dev/outline + - name: AWS_S3_FORCE_PATH_STYLE + value: false + - name: AWS_S3_ACL + value: private + - name: FILE_STORAGE_UPLOAD_MAX_SIZE + value: "26214400" + - name: FORCE_HTTPS + value: false + - name: ENABLE_UPDATES + value: false + - name: WEB_CONCURRENCY + value: 1 + - name: FILE_STORAGE_IMPORT_MAX_SIZE + value: 5120000 + - name: LOG_LEVEL + value: info + - name: DEFAULT_LANGUAGE + value: en_US + - name: RATE_LIMITER_ENABLED + value: false + - name: DEVELOPMENT_UNSAFE_INLINE_CSP + value: false + - name: OIDC_CLIENT_ID + valueFrom: + secretKeyRef: + name: outline-oidc-secret + key: client + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: outline-oidc-secret + key: secret + - name: OIDC_AUTH_URI + value: https://auth.alexlebens.dev/application/o/authorize/ + - name: OIDC_TOKEN_URI + value: https://auth.alexlebens.dev/application/o/token/ + - name: OIDC_USERINFO_URI + value: https://auth.alexlebens.dev/application/o/userinfo/ + - name: OIDC_USERNAME_CLAIM + value: email + - name: OIDC_DISPLAY_NAME + value: Authentik + - name: OIDC_SCOPES + value: openid profile email + resources: + requests: + cpu: 10m + memory: 512Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 3000 + targetPort: 3000 + protocol: HTTP +minio: + existingSecret: + name: outline-minio-root-secret + tenant: + name: minio-outline + configuration: + name: outline-minio-config-secret + pools: + - servers: 3 + name: pool + volumesPerServer: 2 + size: 10Gi + storageClassName: ceph-block + mountPath: /export + subPath: /data + metrics: + enabled: true + port: 9000 + protocol: http + certificate: + requestAutoCert: false + ingress: + console: + enabled: false +valkey: + architecture: standalone + auth: + enabled: false + usePasswordFiles: false + primary: + persistence: + enabled: false + replica: + persistence: + enabled: false +cloudflared-outline: + existingSecretName: outline-cloudflared-secret + name: cloudflared-outline +cloudflared-minio: + existingSecretName: outline-minio-cloudflared-secret + name: cloudflared-minio +postgres-17-cluster: + mode: recovery + cluster: + walStorage: + storageClass: local-path + storage: + storageClass: local-path + monitoring: + enabled: true + recovery: + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster + endpointCredentials: outline-postgresql-17-cluster-backup-secret + backup: + enabled: false + endpointURL: https://nyc3.digitaloceanspaces.com + destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-17-cluster + endpointCredentials: outline-postgresql-17-cluster-backup-secret + backupIndex: 2