427 lines
		
	
	
		
			13 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			427 lines
		
	
	
		
			13 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| taiga:
 | |
|   controllers:
 | |
|     front:
 | |
|       type: deployment
 | |
|       replicas: 1
 | |
|       strategy: Recreate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         front:
 | |
|           image:
 | |
|             repository: ghcr.io/alexlebens/taiga-front-docker-oidc
 | |
|             tag: 6.8.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: TAIGA_URL
 | |
|               value: https://taiga.alexlebens.net
 | |
|             - name: PUBLIC_REGISTER_ENABLED
 | |
|               value: false
 | |
|             - name: ENABLE_GITHUB_AUTH
 | |
|               value: false
 | |
|             - name: ENABLE_GITLAB_AUTH
 | |
|               value: false
 | |
|             - name: ENABLE_OIDC
 | |
|               value: true
 | |
|             - name: ENABLE_SLACK
 | |
|               value: false
 | |
|             - name: ENABLE_GITHUB_IMPORTER
 | |
|               value: false
 | |
|             - name: ENABLE_JIRA_IMPORTER
 | |
|               value: false
 | |
|             - name: ENABLE_TRELLO_IMPORTER
 | |
|               value: false
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     back:
 | |
|       type: deployment
 | |
|       replicas: 1
 | |
|       strategy: Recreate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         back:
 | |
|           image:
 | |
|             repository: ghcr.io/alexlebens/taiga-back-docker-oidc
 | |
|             tag: 6.8.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: TAIGA_SECRET_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-key-secret
 | |
|                   key: key
 | |
|             - name: ENABLE_TELEMETRY
 | |
|               value: false
 | |
|             - name: PUBLIC_REGISTER_ENABLED
 | |
|               value: false
 | |
|             - name: POSTGRES_USER
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: username
 | |
|             - name: POSTGRES_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: password
 | |
|             - name: POSTGRES_DB
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: dbname
 | |
|             - name: POSTGRES_HOST
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: host
 | |
|             - name: OIDC_ENABLED
 | |
|               value: "True"
 | |
|             - name: OIDC_CLIENT_ID
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-oidc-secret
 | |
|                   key: client
 | |
|             - name: OIDC_CLIENT_SECRET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-oidc-secret
 | |
|                   key: secret
 | |
|             - name: OIDC_SCOPES
 | |
|               value: openid profile email
 | |
|             - name: OIDC_SIGN_ALGO
 | |
|               value: RS256
 | |
|             - name: OIDC_BASE_URL
 | |
|               value: https://authentik.alexlebens.net/application/o/
 | |
|             - name: OIDC_JWKS_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/taiga/jwks/
 | |
|             - name: OIDC_AUTHORIZATION_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/authorize/
 | |
|             - name: OIDC_TOKEN_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/token/
 | |
|             - name: OIDC_USER_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/userinfo/
 | |
|             - name: ENABLE_GITHUB_AUTH
 | |
|               value: "false"
 | |
|             - name: ENABLE_GITLAB_AUTH
 | |
|               value: "false"
 | |
|             - name: ENABLE_SLACK
 | |
|               value: "false"
 | |
|             - name: ENABLE_GITHUB_IMPORTER
 | |
|               value: "False"
 | |
|             - name: ENABLE_JIRA_IMPORTER
 | |
|               value: "False"
 | |
|             - name: RABBITMQ_USER
 | |
|               value: taiga
 | |
|             - name: RABBITMQ_PASS
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-async-rabbitmq-secret
 | |
|                   key: password
 | |
|             - name: TAIGA_SITES_DOMAIN
 | |
|               value: taiga.alexlebens.net
 | |
|             - name: TAIGA_SITES_SCHEME
 | |
|               value: https
 | |
|             - name: SESSION_COOKIE_SECURE
 | |
|               value: "True"
 | |
|             - name: CSRF_COOKIE_SECURE
 | |
|               value: "True"
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 512Mi
 | |
|         async:
 | |
|           image:
 | |
|             repository: ghcr.io/alexlebens/taiga-back-docker-oidc
 | |
|             tag: 6.8.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           command:
 | |
|             - /taiga-back/docker/async_entrypoint.sh
 | |
|           env:
 | |
|             - name: TAIGA_SECRET_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-key-secret
 | |
|                   key: key
 | |
|             - name: ENABLE_TELEMETRY
 | |
|               value: false
 | |
|             - name: PUBLIC_REGISTER_ENABLED
 | |
|               value: false
 | |
|             - name: POSTGRES_USER
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: username
 | |
|             - name: POSTGRES_PASSWORD
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: password
 | |
|             - name: POSTGRES_DB
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: dbname
 | |
|             - name: POSTGRES_HOST
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-postgresql-16-cluster-app
 | |
|                   key: host
 | |
|             - name: OIDC_ENABLED
 | |
|               value: "True"
 | |
|             - name: OIDC_CLIENT_ID
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-oidc-secret
 | |
|                   key: client
 | |
|             - name: OIDC_CLIENT_SECRET
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-oidc-secret
 | |
|                   key: secret
 | |
|             - name: OIDC_SCOPES
 | |
|               value: openid profile email
 | |
|             - name: OIDC_SIGN_ALGO
 | |
|               value: RS256
 | |
|             - name: OIDC_BASE_URL
 | |
|               value: https://authentik.alexlebens.net/application/o/
 | |
|             - name: OIDC_JWKS_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/taiga/jwks/
 | |
|             - name: OIDC_AUTHORIZATION_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/authorize/
 | |
|             - name: OIDC_TOKEN_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/token/
 | |
|             - name: OIDC_USER_ENDPOINT
 | |
|               value: https://authentik.alexlebens.net/application/o/userinfo/
 | |
|             - name: ENABLE_GITHUB_AUTH
 | |
|               value: "false"
 | |
|             - name: ENABLE_GITLAB_AUTH
 | |
|               value: "false"
 | |
|             - name: ENABLE_SLACK
 | |
|               value: "false"
 | |
|             - name: ENABLE_GITHUB_IMPORTER
 | |
|               value: "False"
 | |
|             - name: ENABLE_JIRA_IMPORTER
 | |
|               value: "False"
 | |
|             - name: RABBITMQ_USER
 | |
|               value: taiga
 | |
|             - name: RABBITMQ_PASS
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-async-rabbitmq-secret
 | |
|                   key: password
 | |
|             - name: TAIGA_SITES_DOMAIN
 | |
|               value: taiga.alexlebens.net
 | |
|             - name: TAIGA_SITES_SCHEME
 | |
|               value: https
 | |
|             - name: SESSION_COOKIE_SECURE
 | |
|               value: "True"
 | |
|             - name: CSRF_COOKIE_SECURE
 | |
|               value: "True"
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 512Mi
 | |
|     events:
 | |
|       type: deployment
 | |
|       replicas: 1
 | |
|       strategy: Recreate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         events:
 | |
|           image:
 | |
|             repository: taigaio/taiga-events
 | |
|             tag: 6.7.0
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: TAIGA_SECRET_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-key-secret
 | |
|                   key: key
 | |
|             - name: RABBITMQ_USER
 | |
|               value: taiga
 | |
|             - name: RABBITMQ_PASS
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-events-rabbitmq-secret
 | |
|                   key: password
 | |
|             - name: APP_PORT
 | |
|               value: 3023
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 128Mi
 | |
|     protected:
 | |
|       type: deployment
 | |
|       replicas: 1
 | |
|       strategy: Recreate
 | |
|       revisionHistoryLimit: 3
 | |
|       containers:
 | |
|         main:
 | |
|           image:
 | |
|             repository: taigaio/taiga-protected
 | |
|             tag: 6.8.1
 | |
|             pullPolicy: IfNotPresent
 | |
|           env:
 | |
|             - name: SECRET_KEY
 | |
|               valueFrom:
 | |
|                 secretKeyRef:
 | |
|                   name: taiga-key-secret
 | |
|                   key: key
 | |
|             - name: MAX_AGE
 | |
|               value: 360
 | |
|           resources:
 | |
|             requests:
 | |
|               cpu: 100m
 | |
|               memory: 256Mi
 | |
|   serviceAccount:
 | |
|     create: true
 | |
|   service:
 | |
|     front:
 | |
|       controller: front
 | |
|       ports:
 | |
|         front:
 | |
|           port: 80
 | |
|           targetPort: 80
 | |
|           protocol: HTTP
 | |
|     back:
 | |
|       controller: back
 | |
|       ports:
 | |
|         back:
 | |
|           port: 8000
 | |
|           targetPort: 8000
 | |
|           protocol: HTTP
 | |
|     events:
 | |
|       controller: events
 | |
|       ports:
 | |
|         events:
 | |
|           port: 8888
 | |
|           targetPort: 8888
 | |
|           protocol: HTTP
 | |
|         app:
 | |
|           port: 3023
 | |
|           targetPort: 3023
 | |
|           protocol: HTTP
 | |
|     protected:
 | |
|       controller: protected
 | |
|       ports:
 | |
|         protected:
 | |
|           port: 8003
 | |
|           targetPort: 8003
 | |
|           protocol: HTTP
 | |
|   ingress:
 | |
|     main:
 | |
|       className: traefik
 | |
|       annotations:
 | |
|         traefik.ingress.kubernetes.io/router.entrypoints: websecure
 | |
|         traefik.ingress.kubernetes.io/router.tls: "true"
 | |
|         cert-manager.io/cluster-issuer: letsencrypt-issuer
 | |
|       hosts:
 | |
|         - host: taiga.alexlebens.net
 | |
|           paths:
 | |
|             - path: /
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                 name: taiga-front
 | |
|                 port: 80
 | |
|             - path: /api
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                   name: taiga-back
 | |
|                   port: 8000
 | |
|               pathType: ImplementationSpecific
 | |
|             - path: /admin
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                   name: taiga-back
 | |
|                   port: 8000
 | |
|               pathType: ImplementationSpecific
 | |
|             - path: /oidc
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                   name: taiga-back
 | |
|                   port: 8000
 | |
|               pathType: ImplementationSpecific
 | |
|             - path: /events
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                   name: taiga-events
 | |
|                   port: 8888
 | |
|               pathType: ImplementationSpecific
 | |
|             - path: /media
 | |
|               pathType: Prefix
 | |
|               service:
 | |
|                   name: taiga-protected
 | |
|                   port: 8003
 | |
|               pathType: ImplementationSpecific
 | |
|       tls:
 | |
|         - secretName: taiga-secret-tls
 | |
|           hosts:
 | |
|             - taiga.alexlebens.net
 | |
|   persistence:
 | |
|     static:
 | |
|       existingClaim: taiga-static
 | |
|       advancedMounts:
 | |
|         back:
 | |
|           back:
 | |
|             - path: /taiga-back/static
 | |
|               readOnly: false
 | |
|         back:
 | |
|           async:
 | |
|             - path: /taiga-back/static
 | |
|               readOnly: false
 | |
|     media:
 | |
|       existingClaim: taiga-media
 | |
|       advancedMounts:
 | |
|         back:
 | |
|           back:
 | |
|             - path: /taiga-back/media
 | |
|               readOnly: false
 | |
|         back:
 | |
|           async:
 | |
|             - path: /taiga-back/media
 | |
|               readOnly: false
 | |
| async-rabbitmq:
 | |
|   auth:
 | |
|     username: taiga
 | |
|     existingPasswordSecret: taiga-async-rabbitmq-secret
 | |
|     existingSecretPasswordKey: password
 | |
|     existingErlangSecret: taiga-async-rabbitmq-secret
 | |
|     existingSecretErlangKey: erlang
 | |
|   extraConfiguration: |-
 | |
|     default_vhost = taiga
 | |
|     default_permissions.configure = .*
 | |
|     default_permissions.read = .*
 | |
|     default_permissions.write = .*
 | |
| events-rabbitmq:
 | |
|   auth:
 | |
|     username: taiga
 | |
|     existingPasswordSecret: taiga-events-rabbitmq-secret
 | |
|     existingSecretPasswordKey: password
 | |
|     existingErlangSecret: taiga-events-rabbitmq-secret
 | |
|     existingSecretErlangKey: erlang
 | |
|   extraConfiguration: |-
 | |
|     default_vhost = taiga
 | |
|     default_permissions.configure = .*
 | |
|     default_permissions.read = .*
 | |
|     default_permissions.write = .*
 | |
| postgres-16-cluster:
 | |
|   mode: standalone
 | |
|   cluster:
 | |
|     walStorage:
 | |
|       storageClass: local-path
 | |
|     storage:
 | |
|       storageClass: local-path
 | |
|     monitoring:
 | |
|       enabled: true
 | |
|       prometheusRule:
 | |
|         enabled: false
 | |
|   backup:
 | |
|     enabled: true
 | |
|     endpointURL: https://s3.us-east-2.amazonaws.com
 | |
|     destinationPath: s3://cl01tl-postgresql-backups/taiga
 | |
|     endpointCredentials: taiga-postgresql-16-cluster-backup-secret
 | |
|     backupIndex: 1
 | |
|     retentionPolicy: 14d
 |