platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

refactor: split applications and charts into separte folders

Browse Source
This commit is contained in:
Jonas Juselius
2024-02-06 12:12:56 +01:00
parent 10a06fd058
commit 7450a9903e
231 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/dex/config/config.yaml
+137
View File
@@ -0,0 +1,137 @@
issuer: https://idp.oceanbox.io/dex
storage:
type: postgres
config:
host: dexdb-rw
port: 5432
database: dex_db
user: dex
password: crafter keenness gilled sprinkled
ssl:
mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://keycloak.dev.oceanbox.io/realms/Oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.svc.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.svc.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.dev.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
charts/dex/config/kustomization.yaml
+7
View File
@@ -0,0 +1,7 @@
# namePrefix: staging-
generatorOptions:
disableNameSuffixHash: true
configmapGenerator:
- name: dex-config
files:
- config.yaml
charts/dex/manifests/config.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: dex
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-dex-config'
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: dex/config
kustomization:
namePrefix: '{{ env }}-'
charts/dex/manifests/dex.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: dex
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostanme: idp.srv.oceanbox.io
- cluster: https://kubernetes.default.svc
env: staging
hostanme: idp.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-dex'
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://charts.dexidp.io
targetRevision: 0.16.0
chart: dex
helm:
valueFiles:
- $values/dex/values.yaml
- $values/dex/{{ env }}-values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
ref: values
charts/dex/manifests/resources.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex-resources
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: idp
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: dex/resources
charts/dex/prod-values.yaml
+17
View File
@@ -0,0 +1,17 @@
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: idp.srv.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: prod-dex-tls
hosts:
- idp.srv.oceanbox.io
charts/dex/resources/allow-dex-external-access.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-external-idp
spec:
egress:
- toFQDNs:
- matchName: gitlab.com
- matchPattern: '*.gitlab.com'
- matchName: login.microsoftonline.com
- matchName: graph.microsoft.com
endpointSelector:
matchLabels:
app.kubernetes.io/name: cerbos
charts/dex/resources/dex-volumes.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-oceanbox-dex
spec:
accessModes:
- ReadOnlyMany
capacity:
storage: 50M
mountOptions:
- vers=4.2
- soft
nfs:
path: /oceanbox/pv-oceanbox-dex
server: 10.255.241.210
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: oceanbox-dex
spec:
accessModes:
- ReadOnlyMany
resources:
requests:
storage: 50M
storageClassName: ""
volumeMode: Filesystem
volumeName: pv-oceanbox-dex
charts/dex/resources/dexdb-cluster.yaml
+64
View File
@@ -0,0 +1,64 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
annotations:
linkerd.io/inject: disabled
name: dexdb
spec:
enableSuperuserAccess: true
instances: 2
logLevel: info
# bootstrap:
# initdb:
# database: archivistdb
# owner: archivist
# secret:
# name: archivistdb-secret
storage:
pvcTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: managed-nfs-storage
volumeMode: Filesystem
resizeInUseVolumes: true
size: 1Gi
# superuserSecret:
# name: dexdb-secret
# ---
# apiVersion: v1
# data:
# # phei2beiRei0
# password: cGhlaTJiZWlSZWkwCg==
# username: YXJjaGl2aXN0Cg==
# kind: Secret
# metadata:
# name: archivistdb-secret
# type: kubernetes.io/basic-auth
# ---
# apiVersion: v1
# data:
# password: ZW4gdG8gdHJlIGZpcmUK
# kind: Secret
# metadata:
# name: dexdb-secret
# type: kubernetes.io/basic-auth
---
apiVersion: v1
kind: Service
metadata:
name: dexdb-nodeport
spec:
ports:
- name: psql
nodePort: 30432
port: 5432
protocol: TCP
targetPort: 5432
selector:
cnpg.io/cluster: dexdb
cnpg.io/instanceName: dexdb-1
sessionAffinity: None
type: NodePort
charts/dex/staging-values.yaml
+17
View File
@@ -0,0 +1,17 @@
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: idp.beta.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: staging-dex-tls
hosts:
- idp.beta.oceanbox.io
charts/dex/templates
Submodule
+1
Submodule charts/dex/templates added at 1fd8cd005f
charts/dex/values.yaml
+37
View File
@@ -0,0 +1,37 @@
replicaCount: 1
https:
enabled: false
grpc:
enabled: false
configSecret:
create: false
name: dex-config
config: {}
volumes:
- name: web
persistentVolumeClaim:
claimName: oceanbox-dex
volumeMounts:
- name: web
mountPath: /srv/dex/web
envVars: []
service:
annotations: {}
type: ClusterIP
clusterIP: ""
ports:
http:
port: 5556
nodePort:
https:
port: 5554
nodePort:
grpc:
port: 5557
nodePort:
serviceMonitor:
enabled: true