diff --git a/apps/dbgate/configs.tf b/apps/dbgate/configs.tf index 58f5486..d10099b 100644 --- a/apps/dbgate/configs.tf +++ b/apps/dbgate/configs.tf @@ -52,6 +52,7 @@ locals { "OAUTH_LOGOUT" = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/end-session/" "OAUTH_LOGIN_FIELD" = "nickname" "OAUTH_SCOPE" = "email" + "NODE_EXTRA_CA_CERTS" = "/etc/local-ca/ca.crt" } connections = join(",", concat(local.pg_conns, local.maria_conns, local.mongo_conns, local.redis_conns)) connection_vars = merge(local.pg_vars, local.maria_vars, local.mongo_vars, local.redis_vars) @@ -66,7 +67,7 @@ resource "kubectl_manifest" "dbgate-config" { name: "${var.component}-${var.instance}" namespace: "${var.namespace}" labels: ${jsonencode(local.common-labels)} - data: ${jsonencode(var.use-oauth?merge(local.oauth_config, local.connection_vars):local.connection_vars)} + data: ${jsonencode(merge(local.oauth_config, local.connection_vars))} EOF } diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index b65fb50..46a4da7 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -6,10 +6,10 @@ metadata: name: dbgate description: null options: - domain-name: - default: your_company.com + issuer: + default: letsencrypt-prod examples: - - your_company.com + - letsencrypt-prod type: string storage: default: @@ -38,103 +38,6 @@ options: - Block type: string type: object - use-oauth: - default: false - examples: - - false - type: boolean - mongo: - default: [] - examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array - ingress-class: - default: traefik - examples: - - traefik - type: string - sub-domain: - default: dbgate - examples: - - dbgate - type: string - pg: - default: [] - examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - redis: - default: [] - examples: - - [] - items: - properties: - name: - default: '' - type: string - namespace: - default: '' - type: string - type: object - type: array - app-group: - default: dev - examples: - - dev - type: string maria: default: [] examples: @@ -164,11 +67,6 @@ options: type: string type: object type: array - domain: - default: your-company - examples: - - your-company - type: string images: default: dbgate: @@ -208,6 +106,103 @@ options: type: string type: object type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + sub-domain: + default: dbgate + examples: + - dbgate + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + app-group: + default: dev + examples: + - dev + type: string + redis: + default: [] + examples: + - [] + items: + properties: + name: + default: '' + type: string + namespace: + default: '' + type: string + type: object + type: array + domain: + default: your-company + examples: + - your-company + type: string + mongo: + default: [] + examples: + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array + pg: + default: [] + examples: + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array dependencies: - dist: null category: share diff --git a/apps/dbgate/presentation.tf b/apps/dbgate/presentation.tf index 0ba4a1b..6916fb1 100644 --- a/apps/dbgate/presentation.tf +++ b/apps/dbgate/presentation.tf @@ -37,7 +37,7 @@ module "ingress" { ingress-class = var.ingress-class labels = local.common-labels dns-names = local.dns-names - middlewares = var.use-oauth?[]:["forward-${local.app-name}"] + middlewares = [] service = local.service providers = { kubectl = kubectl @@ -51,14 +51,13 @@ module "application" { app-group = var.app-group dns-name = local.dns-name icon = local.icon - protocol_provider = var.use-oauth?module.oauth2[0].provider-id:module.forward[0].provider-id + protocol_provider = module.oauth2.provider-id providers = { authentik = authentik } } module "oauth2" { - count = var.use-oauth?1:0 source = "/dist/modules/oauth2" component = var.component instance = var.instance @@ -72,34 +71,3 @@ module "oauth2" { authentik = authentik } } - -provider "restapi" { - uri = "http://authentik.${var.domain}-auth.svc/api/v3/" - headers = local.request_headers - create_method = "PATCH" - update_method = "PATCH" - destroy_method = "PATCH" - write_returns_object = true - id_attribute = "name" -} - -module "forward" { - count = var.use-oauth?0:1 - source = "/dist/modules/forward" - component = var.component - instance = var.instance - domain = var.domain - namespace = var.namespace - ingress-class = var.ingress-class - labels = local.common-labels - dns-names = local.dns-names - service = local.service - icon = local.icon - request_headers = local.request_headers - providers = { - restapi = restapi - http = http - kubectl = kubectl - authentik = authentik - } -} diff --git a/meta/domain-devspaces/apps.tf b/meta/domain-devspaces/apps.tf index 6769955..2e543fd 100644 --- a/meta/domain-devspaces/apps.tf +++ b/meta/domain-devspaces/apps.tf @@ -29,7 +29,6 @@ locals { ) }, { for k, v in var.apps.okd : k => v if k!="enable" }) dbgate = merge({ - "use-oauth" = var.issuer == "letsencrypt-prod" "pg" = concat( flatten([for ds in local.sorted-datasets: [for db in lookup(ds, "databases", []): { "name" = "${ds.name}-dataset-pg" @@ -41,6 +40,16 @@ locals { "key" = "POSGRESQL_PASSWORD" } }] if ds.engine=="pg"]), + flatten([for ds in local.sorted-datasets: { + "name" = "${ds.name}-dataset-pg" + "namespace" = ds.namespace + "dbname" = ds.name + "username" = ds.name + "secret" = { + "name" = "${ds.name}-dataset-pg-app" + "key" = "password" + } + } if ds.engine=="pg"]), flatten([for org in local.sorted-organisations: flatten([for stage in lookup(org, "stages", []): flatten([for ds in org.datasets: [for db in lookup(ds, "databases", []):{ "name" = "${ds.name}-dataset-pg" "namespace" = "${var.domain}-${org.name}-${stage.name}" @@ -51,6 +60,16 @@ locals { "key" = "POSGRESQL_PASSWORD" } }] if ds.engine=="pg"])])]), + flatten([for org in local.sorted-organisations: flatten([for stage in lookup(org, "stages", []): flatten([for ds in org.datasets: { + "name" = "${ds.name}-dataset-pg" + "namespace" = "${var.domain}-${org.name}-${stage.name}" + "dbname" = ds.name + "username" = ds.name + "secret" = { + "name" = "${ds.name}-dataset-pg-app" + "key" = "password" + } + } if ds.engine=="pg"])])]), var.external-pgs ) "maria" = concat( diff --git a/meta/domain-devspaces/index.yaml b/meta/domain-devspaces/index.yaml index c816eec..f91a640 100644 --- a/meta/domain-devspaces/index.yaml +++ b/meta/domain-devspaces/index.yaml @@ -6,201 +6,6 @@ metadata: name: domain-devspaces description: null options: - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - app-group: - default: dev - examples: - - dev - type: string - organisations: - default: [] - examples: - - [] - items: - properties: - datasets: - default: [] - items: - properties: - databases: - default: [] - items: - properties: - name: - default: db - type: string - type: object - type: array - engine: - default: pg - type: string - name: - default: '' - type: string - type: object - type: array - name: - default: '' - type: string - stages: - default: [] - items: - properties: - name: - default: prod - type: string - type: object - type: array - type: object - type: array - domain: - default: your-company - examples: - - your-company - type: string - external-mongos: - default: [] - examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object - stations: - default: [] - examples: - - [] - items: - properties: - name: - default: '' - type: string - organisations: - default: [] - items: - type: string - type: array - type: object - type: array - images: - default: - codeserver: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.15 - examples: - - codeserver: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.15 - properties: - codeserver: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/code-server - tag: 4.15 - properties: - pullPolicy: - default: IfNotPresent - enum: - - Always - - Never - - IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: sebt3/code-server - type: string - tag: - default: 4.15 - type: number - type: object - type: object - stations-sub-domain: - default: code - examples: - - code - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string external-redis: default: [] examples: @@ -220,31 +25,11 @@ options: examples: - your_company.com type: string - storage-classes: - default: - BlockReadWriteMany: '' - BlockReadWriteOnce: '' - FilesystemReadWriteMany: '' - FilesystemReadWriteOnce: '' + stations-sub-domain: + default: code examples: - - BlockReadWriteMany: '' - BlockReadWriteOnce: '' - FilesystemReadWriteMany: '' - FilesystemReadWriteOnce: '' - properties: - BlockReadWriteMany: - default: '' - type: string - BlockReadWriteOnce: - default: '' - type: string - FilesystemReadWriteMany: - default: '' - type: string - FilesystemReadWriteOnce: - default: '' - type: string - type: object + - code + type: string apps: default: dbgate: @@ -298,6 +83,66 @@ options: type: boolean type: object type: object + images: + default: + codeserver: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.15 + examples: + - codeserver: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.15 + properties: + codeserver: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/code-server + tag: 4.15 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: sebt3/code-server + type: string + tag: + default: 4.15 + type: number + type: object + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + stations: + default: [] + examples: + - [] + items: + properties: + name: + default: '' + type: string + organisations: + default: [] + items: + type: string + type: array + type: object + type: array external-marias: default: [] examples: @@ -353,6 +198,161 @@ options: type: string type: object type: array + ingress-class: + default: traefik + examples: + - traefik + type: string + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + organisations: + default: [] + examples: + - [] + items: + properties: + datasets: + default: [] + items: + properties: + databases: + default: [] + items: + properties: + name: + default: db + type: string + type: object + type: array + engine: + default: pg + type: string + name: + default: '' + type: string + type: object + type: array + name: + default: '' + type: string + stages: + default: [] + items: + properties: + name: + default: prod + type: string + type: object + type: array + type: object + type: array + external-mongos: + default: [] + examples: + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + app-group: + default: dev + examples: + - dev + type: string dependencies: [] providers: kubernetes: true