feat: add openfga app and kustomizations

2024-08-27 15:09:40 +02:00
parent 29fc43f796
commit ed71d76790
9 changed files with 159 additions and 0 deletions
@@ -0,0 +1,47 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
  name: openfga
  namespace: argocd
 spec:
  goTemplate: true
  generators:
  - list:
      elements:
      - cluster: https://kubernetes.default.svc
        env: prod
        hostname: openfga.adm.oceanbox.io
        autoSync: false
        prune: true
      - cluster: https://kubernetes.default.svc
        env: staging
        hostname: openfga.dev.oceanbox.io
        autoSync: true
        prune: true
  template:
    metadata:
      name: '{{ .env }}-openfga'
    spec:
      project: aux
      destination:
        namespace: idp
        server: '{{ .cluster }}'
      source:
        repoURL: https://gitlab.com/oceanbox/manifests.git
        targetRevision: main
        path: kustomizations/openfga
        plugin:
          name: kustomize-helm-with-rewrite
          parameters:
          - name: env
            string: '{{ .env }}'
          - name: hostname
            string: '{{ .hostname }}'
  templatePatch: |
    {{- if .autoSync }}
    spec:
      syncPolicy:
        automated:
          prune: {{ .prune }}
          selfHeal: false
    {{- end }}
@@ -10,5 +10,6 @@ helm repo add cerbos https://download.cerbos.dev/helm-charts
 helm repo add dapr https://dapr.github.io/helm-charts/
 helm repo add ncsa https://opensource.ncsa.illinois.edu/charts
 helm repo add dex https://charts.dexidp.io
 helm repo add openfga https://openfga.github.io/helm-charts
 helm repo update
@@ -0,0 +1,19 @@
 apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: openfga-db
 spec:
  enableSuperuserAccess: true
  instances: 2
  logLevel: info
  storage:
    pvcTemplate:
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 1Gi
      storageClassName: managed-nfs-storage
      volumeMode: Filesystem
    resizeInUseVolumes: true
    size: 1Gi
@@ -0,0 +1,5 @@
 generatorOptions:
  disableNameSuffixHash: true
 resources:
  - cluster.yaml
  - _manifest.yaml
@@ -0,0 +1,3 @@
 namePrefix: prod-
 resources:
  - ../base
@@ -0,0 +1,3 @@
 - op: replace
  path: /spec/instances
  value: 1
@@ -0,0 +1,9 @@
 namePrefix: staging-
 patches:
  - target:
      group: postgresql.cnpg.io
      version: v1
      kind: Cluster
    path: cluster_patch.yaml
 resources:
  - ../base
@@ -0,0 +1,36 @@
 replicaCount: 2
 datastore:
  engine: postgres
  uri: postgres://prod-openfga-db.idp.svc.cluster.local:5432/app?sslmode=disable
 postgresql:
  enabled: true
  auth:
    username: app
    existingSecret: prod-openfga-db-app
    secretKeys:
       userPasswordKey: password
 playground:
  enabled: false
  port: 3000
 ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
  hosts:
    - host: a11n.srv.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
   - secretName: staging-openfga-tls
     hosts:
       - a11n.srv.oceanbox.io
@@ -0,0 +1,36 @@
 replicaCount: 1
 datastore:
  engine: postgres
  uri: postgres://staging-openfga-db.idp.svc.cluster.local:5432/app?sslmode=disable
 postgresql:
  enabled: true
  auth:
    username: app
    existingSecret: staging-openfga-db-app
    secretKeys:
       userPasswordKey: password
 playground:
  enabled: true
  port: 3000
 ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
  hosts:
    - host: a11n.dev.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
   - secretName: staging-openfga-tls
     hosts:
       - a11n.dev.oceanbox.io