platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: separate dex staging/prod dbs

Browse Source
This commit is contained in:
Jonas Juselius
2024-02-12 15:08:43 +01:00
parent bbb40bd3d0
commit f8d7f9e29c
9 changed files with 298 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/dex/base/cluster.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: dexdb
spec:
enableSuperuserAccess: true
instances: 2
logLevel: info
storage:
pvcTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: managed-nfs-storage
volumeMode: Filesystem
resizeInUseVolumes: true
size: 1Gi
charts/dex/base/config.yaml
-138
View File
@@ -1,138 +0,0 @@
issuer: https://idp.oceanbox.io/dex
# storage:
# type: postgres
# config:
# host: dexdb-rw
# port: 5432
# database: app
# user: app
# password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
# ssl:
# mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://auth.srv.oceanbox.io/realms/oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.srv.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.srv.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.srv.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.beta.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
charts/dex/base/kustomization.yaml
+2 -7
View File
@@ -1,7 +1,2 @@
# namePrefix: staging- resources:
generatorOptions: - cluster.yaml
disableNameSuffixHash: true
secretGenerator:
- name: dex-config
files:
- config.yaml
charts/dex/prod/config.yaml
+131 -3
View File
@@ -1,10 +1,138 @@
issuer: https://idp.oceanbox.io/dex
storage: storage:
type: postgres type: postgres
config: config:
host: dexdb-rw host: prod-dexdb-rw
port: 5432 port: 5432
database: prod database: app
user: dex user: app
password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
ssl: ssl:
mode: disable mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://auth.srv.oceanbox.io/realms/oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.srv.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.srv.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.srv.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.beta.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
charts/dex/prod/kustomization.yaml
+3 -1
View File
@@ -1,7 +1,9 @@
# namePrefix: staging- namePrefix: prod-
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
secretGenerator: secretGenerator:
- name: dex-config - name: dex-config
files: files:
- config.yaml - config.yaml
resources:
- ../base
charts/dex/resources/dexdb-cluster.yaml
-42
View File
@@ -1,42 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
annotations:
linkerd.io/inject: disabled
name: dexdb
spec:
enableSuperuserAccess: true
instances: 2
logLevel: info
bootstrap:
initdb:
database: prod
owner: dex
storage:
pvcTemplate:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: managed-nfs-storage
volumeMode: Filesystem
resizeInUseVolumes: true
size: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: dexdb-nodeport
spec:
ports:
- name: psql
nodePort: 30432
port: 5432
protocol: TCP
targetPort: 5432
selector:
cnpg.io/cluster: dexdb
cnpg.io/instanceName: dexdb-1
sessionAffinity: None
type: NodePort
charts/dex/staging/cluster_patch.yaml
+3
View File
@@ -0,0 +1,3 @@
- op: replace
path: /spec/instances
value: 1
charts/dex/staging/config.yaml
+131 -3
View File
@@ -1,10 +1,138 @@
issuer: https://idp.oceanbox.io/dex
storage: storage:
type: postgres type: postgres
config: config:
host: dexdb-rw host: staging-dexdb-rw
port: 5432 port: 5432
database: staging database: app
user: dex user: app
password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx
ssl: ssl:
mode: disable mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://auth.srv.oceanbox.io/realms/oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.srv.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.srv.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.beta.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.srv.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.beta.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
charts/dex/staging/kustomization.yaml
+9 -1
View File
@@ -1,7 +1,15 @@
# namePrefix: staging- namePrefix: staging-
generatorOptions: generatorOptions:
disableNameSuffixHash: true disableNameSuffixHash: true
secretGenerator: secretGenerator:
- name: dex-config - name: dex-config
files: files:
- config.yaml - config.yaml
patches:
- target:
group: postgresql.cnpg.io
version: v1
kind: Cluster
path: cluster_patch.yaml
resources:
- ../base