feat: add fornix

2025-12-10 15:42:31 +01:00
parent b323c48c18
commit 0779d405c6
18 changed files with 563 additions and 0 deletions
@@ -0,0 +1,2 @@
+fornix:
+  enabled: true
@@ -0,0 +1,4 @@
+fornix:
+  enabled: false
+  autosync: false
+  env: {{ .Environment.Name }}
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml
+
@@ -0,0 +1,40 @@
+{
+  "oidc": {
+    "issuer": "https://idp.app.local/dex",
+    "authorization_endpoint": "https://idp.app.local/dex/auth",
+    "token_endpoint": "https://idp.app.local/dex/token",
+    "jwks_uri": "https://idp.app.local/dex/keys",
+    "userinfo_endpoint": "https://idp.app.local/dex/userinfo",
+    "device_authorization_endpoint": "https://idp.app.local/dex/device/code",
+    "clientId": "app",
+    "clientSecret": "secret",
+    "scopes": [
+      "openid",
+      "email",
+      "offline_access",
+      "profile"
+    ]
+  },
+  "redis": "localhost:6379,user=default,password=secret",
+  "sso": {
+    "cookieDomain": "localhost",
+    "signedOutRedirectUri": "https://idp.app.local/dex/static/logout.html",
+    "appDomain": "app",
+    "dataProtectionKeys": "DataProtection-Keys"
+  },
+  "allowedOrigins": [
+    "https://fornix.hel1.oceanbox.io"
+  ],
+  "plainAuthUsers": [
+    {
+      "username": "",
+      "password": "",
+      "groups": [
+        ""
+      ],
+      "roles": [
+        ""
+      ]
+    }
+  ]
+}
@@ -0,0 +1,8 @@
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+  - name: fornix-appsettings
+    files:
+      - appsettings.json
+resources:
+  - ../base
@@ -0,0 +1,43 @@
+{{ if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.fornix.env }}-fornix
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/compare-options: ServerSideDiff=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ .Values.fornix.env }}-atlantis
+    server: https://kubernetes.default.svc
+  project: default
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: {{ .Values.fornix.env }}
+      - name: HELMFILE_FILE_PATH
+        value: fornix.yaml.gotmpl
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: main
+    ref: values
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    {{- if .Values.fornix.autosync }}
+    automated:
+      prune: true
+      selfHeal: false
+    {{- end }}
+{{- end }}
+
@@ -0,0 +1,34 @@
+replicaCount: 1
+image:
+  tag: v1.0.1
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    oceanbox.io/expose: internal
+  hosts:
+    - host: fornix.dev.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+    - host: fornix.dev.tos.obx
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - fornix.dev.oceanbox.io
+        - fornix.dev.tos.obx
+      secretName: fornix-tls
+volumes:
+  - name: appsettings
+    configMap:
+      name: fornix-appsettings
+volumeMounts:
+  - name: appsettings
+    mountPath: "/app/appsettings.json"
+    readOnly: true
+    subPath: appsettings.json