From bbb40bd3d061ba5a1a8432a55a504f50b4126d1a Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 12 Feb 2024 13:56:27 +0100 Subject: [PATCH] fix: separate dex staging/prod configs --- charts/dex/{config => base}/config.yaml | 20 ++++++------- .../dex/{config => base}/kustomization.yaml | 0 charts/dex/manifests/config.yaml | 29 ++++++++++++------ charts/dex/prod/config.yaml | 10 +++++++ charts/dex/prod/kustomization.yaml | 7 +++++ charts/dex/resources/dexdb-cluster.yaml | 30 +++---------------- charts/dex/staging/config.yaml | 10 +++++++ charts/dex/staging/kustomization.yaml | 7 +++++ 8 files changed, 68 insertions(+), 45 deletions(-) rename charts/dex/{config => base}/config.yaml (95%) rename charts/dex/{config => base}/kustomization.yaml (100%) create mode 100644 charts/dex/prod/config.yaml create mode 100644 charts/dex/prod/kustomization.yaml create mode 100644 charts/dex/staging/config.yaml create mode 100644 charts/dex/staging/kustomization.yaml diff --git a/charts/dex/config/config.yaml b/charts/dex/base/config.yaml similarity index 95% rename from charts/dex/config/config.yaml rename to charts/dex/base/config.yaml index 377b3ce4..d9f6314b 100644 --- a/charts/dex/config/config.yaml +++ b/charts/dex/base/config.yaml @@ -1,14 +1,14 @@ issuer: https://idp.oceanbox.io/dex -storage: - type: postgres - config: - host: dexdb-rw - port: 5432 - database: app - user: app - password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx - ssl: - mode: disable +# storage: +# type: postgres +# config: +# host: dexdb-rw +# port: 5432 +# database: app +# user: app +# password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx +# ssl: +# mode: disable web: http: 127.0.0.1:5556 telemetry: diff --git a/charts/dex/config/kustomization.yaml b/charts/dex/base/kustomization.yaml similarity index 100% rename from charts/dex/config/kustomization.yaml rename to charts/dex/base/kustomization.yaml diff --git a/charts/dex/manifests/config.yaml b/charts/dex/manifests/config.yaml index b6ae8c27..13a74587 100644 --- a/charts/dex/manifests/config.yaml +++ b/charts/dex/manifests/config.yaml @@ -1,14 +1,25 @@ apiVersion: argoproj.io/v1alpha1 -kind: Application +kind: ApplicationSet metadata: name: dex-config namespace: argocd spec: - project: atlantis - destination: - server: https://kubernetes.default.svc - namespace: idp - sources: - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: dev - path: charts/dex/config + generators: + - list: + elements: + - cluster: https://kubernetes.default.svc + env: prod + - cluster: https://kubernetes.default.svc + env: staging + template: + metadata: + name: '{{ env }}-dex-config' + spec: + project: atlantis + destination: + server: https://kubernetes.default.svc + namespace: idp + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: dev + path: 'charts/dex/{{ env }}' diff --git a/charts/dex/prod/config.yaml b/charts/dex/prod/config.yaml new file mode 100644 index 00000000..13e2483e --- /dev/null +++ b/charts/dex/prod/config.yaml @@ -0,0 +1,10 @@ +storage: + type: postgres + config: + host: dexdb-rw + port: 5432 + database: prod + user: dex + password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx + ssl: + mode: disable diff --git a/charts/dex/prod/kustomization.yaml b/charts/dex/prod/kustomization.yaml new file mode 100644 index 00000000..26ff73cf --- /dev/null +++ b/charts/dex/prod/kustomization.yaml @@ -0,0 +1,7 @@ +# namePrefix: staging- +generatorOptions: + disableNameSuffixHash: true +secretGenerator: + - name: dex-config + files: + - config.yaml diff --git a/charts/dex/resources/dexdb-cluster.yaml b/charts/dex/resources/dexdb-cluster.yaml index 7819846a..e6fa0e46 100644 --- a/charts/dex/resources/dexdb-cluster.yaml +++ b/charts/dex/resources/dexdb-cluster.yaml @@ -8,12 +8,10 @@ spec: enableSuperuserAccess: true instances: 2 logLevel: info - # bootstrap: - # initdb: - # database: archivistdb - # owner: archivist - # secret: - # name: archivistdb-secret + bootstrap: + initdb: + database: prod + owner: dex storage: pvcTemplate: accessModes: @@ -25,26 +23,6 @@ spec: volumeMode: Filesystem resizeInUseVolumes: true size: 1Gi - # superuserSecret: - # name: dexdb-secret -# --- -# apiVersion: v1 -# data: -# # phei2beiRei0 -# password: cGhlaTJiZWlSZWkwCg== -# username: YXJjaGl2aXN0Cg== -# kind: Secret -# metadata: -# name: archivistdb-secret -# type: kubernetes.io/basic-auth -# --- -# apiVersion: v1 -# data: -# password: ZW4gdG8gdHJlIGZpcmUK -# kind: Secret -# metadata: -# name: dexdb-secret -# type: kubernetes.io/basic-auth --- apiVersion: v1 kind: Service diff --git a/charts/dex/staging/config.yaml b/charts/dex/staging/config.yaml new file mode 100644 index 00000000..7afc9f1a --- /dev/null +++ b/charts/dex/staging/config.yaml @@ -0,0 +1,10 @@ +storage: + type: postgres + config: + host: dexdb-rw + port: 5432 + database: staging + user: dex + password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx + ssl: + mode: disable diff --git a/charts/dex/staging/kustomization.yaml b/charts/dex/staging/kustomization.yaml new file mode 100644 index 00000000..26ff73cf --- /dev/null +++ b/charts/dex/staging/kustomization.yaml @@ -0,0 +1,7 @@ +# namePrefix: staging- +generatorOptions: + disableNameSuffixHash: true +secretGenerator: + - name: dex-config + files: + - config.yaml