From ed71d76790155a3180f8151b9b5ab0323d490bc1 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Tue, 27 Aug 2024 15:09:40 +0200
Subject: [PATCH] feat: add openfga app and kustomizations

---
 applications/openfga.yaml                     | 47 +++++++++++++++++++
 .../init-helm-repos.sh                        |  1 +
 kustomizations/openfga/base/cluster.yaml      | 19 ++++++++
 .../openfga/base/kustomization.yaml           |  5 ++
 .../openfga/prod/kustomization.yaml           |  3 ++
 .../openfga/staging/cluster_patch.yaml        |  3 ++
 .../openfga/staging/kustomization.yaml        |  9 ++++
 kustomizations/openfga/values-prod.yaml       | 36 ++++++++++++++
 kustomizations/openfga/values-staging.yaml    | 36 ++++++++++++++
 9 files changed, 159 insertions(+)
 create mode 100644 applications/openfga.yaml
 create mode 100644 kustomizations/openfga/base/cluster.yaml
 create mode 100644 kustomizations/openfga/base/kustomization.yaml
 create mode 100644 kustomizations/openfga/prod/kustomization.yaml
 create mode 100644 kustomizations/openfga/staging/cluster_patch.yaml
 create mode 100644 kustomizations/openfga/staging/kustomization.yaml
 create mode 100644 kustomizations/openfga/values-prod.yaml
 create mode 100644 kustomizations/openfga/values-staging.yaml

diff --git a/applications/openfga.yaml b/applications/openfga.yaml
new file mode 100644
index 00000000..bd062347
--- /dev/null
+++ b/applications/openfga.yaml
@@ -0,0 +1,47 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: openfga
+  namespace: argocd
+spec:
+  goTemplate: true
+  generators:
+  - list:
+      elements:
+      - cluster: https://kubernetes.default.svc
+        env: prod
+        hostname: openfga.adm.oceanbox.io
+        autoSync: false
+        prune: true
+      - cluster: https://kubernetes.default.svc
+        env: staging
+        hostname: openfga.dev.oceanbox.io
+        autoSync: true
+        prune: true
+  template:
+    metadata:
+      name: '{{ .env }}-openfga'
+    spec:
+      project: aux
+      destination:
+        namespace: idp
+        server: '{{ .cluster }}'
+      source:
+        repoURL: https://gitlab.com/oceanbox/manifests.git
+        targetRevision: main
+        path: kustomizations/openfga
+        plugin:
+          name: kustomize-helm-with-rewrite
+          parameters:
+          - name: env
+            string: '{{ .env }}'
+          - name: hostname
+            string: '{{ .hostname }}'
+  templatePatch: |
+    {{- if .autoSync }}
+    spec:
+      syncPolicy:
+        automated:
+          prune: {{ .prune }}
+          selfHeal: false
+    {{- end }}
diff --git a/argocd/kustomize-helm-with-rewrite/init-helm-repos.sh b/argocd/kustomize-helm-with-rewrite/init-helm-repos.sh
index b18a61e5..24b6c387 100644
--- a/argocd/kustomize-helm-with-rewrite/init-helm-repos.sh
+++ b/argocd/kustomize-helm-with-rewrite/init-helm-repos.sh
@@ -10,5 +10,6 @@ helm repo add cerbos https://download.cerbos.dev/helm-charts
 helm repo add dapr https://dapr.github.io/helm-charts/
 helm repo add ncsa https://opensource.ncsa.illinois.edu/charts
 helm repo add dex https://charts.dexidp.io
+helm repo add openfga https://openfga.github.io/helm-charts
 
 helm repo update
diff --git a/kustomizations/openfga/base/cluster.yaml b/kustomizations/openfga/base/cluster.yaml
new file mode 100644
index 00000000..05c28a4c
--- /dev/null
+++ b/kustomizations/openfga/base/cluster.yaml
@@ -0,0 +1,19 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: openfga-db
+spec:
+  enableSuperuserAccess: true
+  instances: 2
+  logLevel: info
+  storage:
+    pvcTemplate:
+      accessModes:
+      - ReadWriteOnce
+      resources:
+        requests:
+          storage: 1Gi
+      storageClassName: managed-nfs-storage
+      volumeMode: Filesystem
+    resizeInUseVolumes: true
+    size: 1Gi
diff --git a/kustomizations/openfga/base/kustomization.yaml b/kustomizations/openfga/base/kustomization.yaml
new file mode 100644
index 00000000..699bc6a6
--- /dev/null
+++ b/kustomizations/openfga/base/kustomization.yaml
@@ -0,0 +1,5 @@
+generatorOptions:
+  disableNameSuffixHash: true
+resources:
+  - cluster.yaml
+  - _manifest.yaml
diff --git a/kustomizations/openfga/prod/kustomization.yaml b/kustomizations/openfga/prod/kustomization.yaml
new file mode 100644
index 00000000..de96953d
--- /dev/null
+++ b/kustomizations/openfga/prod/kustomization.yaml
@@ -0,0 +1,3 @@
+namePrefix: prod-
+resources:
+  - ../base
diff --git a/kustomizations/openfga/staging/cluster_patch.yaml b/kustomizations/openfga/staging/cluster_patch.yaml
new file mode 100644
index 00000000..965bd964
--- /dev/null
+++ b/kustomizations/openfga/staging/cluster_patch.yaml
@@ -0,0 +1,3 @@
+- op: replace
+  path: /spec/instances
+  value: 1
diff --git a/kustomizations/openfga/staging/kustomization.yaml b/kustomizations/openfga/staging/kustomization.yaml
new file mode 100644
index 00000000..423514ef
--- /dev/null
+++ b/kustomizations/openfga/staging/kustomization.yaml
@@ -0,0 +1,9 @@
+namePrefix: staging-
+patches:
+  - target:
+      group: postgresql.cnpg.io
+      version: v1
+      kind: Cluster
+    path: cluster_patch.yaml
+resources:
+  - ../base
diff --git a/kustomizations/openfga/values-prod.yaml b/kustomizations/openfga/values-prod.yaml
new file mode 100644
index 00000000..f6a980f1
--- /dev/null
+++ b/kustomizations/openfga/values-prod.yaml
@@ -0,0 +1,36 @@
+replicaCount: 2
+
+datastore:
+  engine: postgres
+  uri: postgres://prod-openfga-db.idp.svc.cluster.local:5432/app?sslmode=disable
+
+postgresql:
+  enabled: true
+  auth:
+    username: app
+    existingSecret: prod-openfga-db-app
+    secretKeys:
+       userPasswordKey: password
+
+playground:
+  enabled: false
+  port: 3000
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  hosts:
+    - host: a11n.srv.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+   - secretName: staging-openfga-tls
+     hosts:
+       - a11n.srv.oceanbox.io
+
+
diff --git a/kustomizations/openfga/values-staging.yaml b/kustomizations/openfga/values-staging.yaml
new file mode 100644
index 00000000..782b0899
--- /dev/null
+++ b/kustomizations/openfga/values-staging.yaml
@@ -0,0 +1,36 @@
+replicaCount: 1
+
+datastore:
+  engine: postgres
+  uri: postgres://staging-openfga-db.idp.svc.cluster.local:5432/app?sslmode=disable
+
+postgresql:
+  enabled: true
+  auth:
+    username: app
+    existingSecret: staging-openfga-db-app
+    secretKeys:
+       userPasswordKey: password
+
+playground:
+  enabled: true
+  port: 3000
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  hosts:
+    - host: a11n.dev.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+   - secretName: staging-openfga-tls
+     hosts:
+       - a11n.dev.oceanbox.io
+
+