fix: separate dex staging/prod configs

2024-02-12 13:56:27 +01:00
parent 4c4c9be72f
commit bbb40bd3d0
8 changed files with 68 additions and 45 deletions
@@ -1,14 +1,14 @@
 issuer: https://idp.oceanbox.io/dex
-storage:
-  type: postgres
-  config:
-    host: dexdb-rw
-    port: 5432
-    database: app
-    user: app
-    password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
-    ssl:
-      mode: disable
+# storage:
+#   type: postgres
+#   config:
+#     host: dexdb-rw
+#     port: 5432
+#     database: app
+#     user: app
+#     password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
+#     ssl:
+#       mode: disable
 web:
  http: 127.0.0.1:5556
 telemetry:
@@ -1,14 +1,25 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
  name: dex-config
  namespace: argocd
 spec:
-  project: atlantis
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: idp
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: dev
-    path: charts/dex/config
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+        env: prod
+      - cluster: https://kubernetes.default.svc
+        env: staging
+  template:
+    metadata:
+      name: '{{ env }}-dex-config'
+    spec:
+      project: atlantis
+      destination:
+        server: https://kubernetes.default.svc
+        namespace: idp
+      sources:
+      - repoURL: https://gitlab.com/oceanbox/manifests.git
+        targetRevision: dev
+        path: 'charts/dex/{{ env }}'
@@ -0,0 +1,10 @@
+storage:
+  type: postgres
+  config:
+    host: dexdb-rw
+    port: 5432
+    database: prod
+    user: dex
+    password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
+    ssl:
+      mode: disable
@@ -0,0 +1,7 @@
+# namePrefix: staging-
+generatorOptions:
+  disableNameSuffixHash: true
+secretGenerator:
+  - name: dex-config
+    files:
+      - config.yaml
@@ -8,12 +8,10 @@ spec:
  enableSuperuserAccess: true
  instances: 2
  logLevel: info
-  # bootstrap:
-  #   initdb:
-  #     database: archivistdb
-  #     owner: archivist
-  #     secret:
-  #       name: archivistdb-secret
+  bootstrap:
+    initdb:
+      database: prod
+      owner: dex
  storage:
    pvcTemplate:
      accessModes:
@@ -25,26 +23,6 @@ spec:
      volumeMode: Filesystem
    resizeInUseVolumes: true
    size: 1Gi
-  # superuserSecret:
-  #   name: dexdb-secret
-# ---
-# apiVersion: v1
-# data:
-#   # phei2beiRei0
-#   password: cGhlaTJiZWlSZWkwCg==
-#   username: YXJjaGl2aXN0Cg==
-# kind: Secret
-# metadata:
-#   name: archivistdb-secret
-# type: kubernetes.io/basic-auth
-# ---
-# apiVersion: v1
-# data:
-#   password: ZW4gdG8gdHJlIGZpcmUK
-# kind: Secret
-# metadata:
-#   name: dexdb-secret
-# type: kubernetes.io/basic-auth
 ---
 apiVersion: v1
 kind: Service
@@ -0,0 +1,10 @@
+storage:
+  type: postgres
+  config:
+    host: dexdb-rw
+    port: 5432
+    database: staging
+    user: dex
+    password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
+    ssl:
+      mode: disable
@@ -0,0 +1,7 @@
+# namePrefix: staging-
+generatorOptions:
+  disableNameSuffixHash: true
+secretGenerator:
+  - name: dex-config
+    files:
+      - config.yaml