From 8ed9c2fab33786cdfd6b6ab0b7d899fa6feb6825 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sun, 12 May 2024 12:21:07 +0200 Subject: [PATCH] fix --- meta/domain-auth/index.yaml | 6 ++ meta/domain-mail/index.yaml | 2 + share/wildduck/application.tf | 2 +- share/wildduck/common.tf | 12 +++ share/wildduck/index.yaml | 138 ++++++++++++++++++---------------- share/wildduck/mongo.tf | 2 +- share/wildduck/redis.tf | 4 +- share/wildduck/scim.tf | 2 +- 8 files changed, 99 insertions(+), 69 deletions(-) create mode 100644 share/wildduck/common.tf diff --git a/meta/domain-auth/index.yaml b/meta/domain-auth/index.yaml index e7d078d..35fe0c7 100644 --- a/meta/domain-auth/index.yaml +++ b/meta/domain-auth/index.yaml @@ -21,6 +21,8 @@ options: default: true type: boolean type: object + x-vynil-category: share + x-vynil-package: authentik authentik-forward: default: enable: false @@ -31,6 +33,8 @@ options: default: false type: boolean type: object + x-vynil-category: share + x-vynil-package: authentik-forward authentik-ldap: default: enable: false @@ -41,6 +45,8 @@ options: default: false type: boolean type: object + x-vynil-category: share + x-vynil-package: authentik-ldap backups: default: enable: false diff --git a/meta/domain-mail/index.yaml b/meta/domain-mail/index.yaml index e9af4c7..7369f3e 100644 --- a/meta/domain-mail/index.yaml +++ b/meta/domain-mail/index.yaml @@ -134,6 +134,8 @@ options: default: true type: boolean type: object + x-vynil-category: share + x-vynil-package: wildduck dependencies: [] providers: kubernetes: true diff --git a/share/wildduck/application.tf b/share/wildduck/application.tf index e7f5ca8..c607c2e 100644 --- a/share/wildduck/application.tf +++ b/share/wildduck/application.tf @@ -12,7 +12,7 @@ resource "authentik_group" "groups" { resource "authentik_application" "prj_app" { name = "${var.instance}" - slug = "${var.component}-${var.instance}" + slug = "${var.instance}-${var.component}" #protocol_provider = authentik_provider_oauth2.oauth2.id group = var.app_group backchannel_providers = [authentik_provider_scim.scim.id] diff --git a/share/wildduck/common.tf b/share/wildduck/common.tf new file mode 100644 index 0000000..c2cc880 --- /dev/null +++ b/share/wildduck/common.tf @@ -0,0 +1,12 @@ + +locals { + common_labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index c942165..86bf0cd 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,6 +6,56 @@ metadata: name: wildduck description: null options: + additional-domains: + default: [] + items: + type: string + type: array + app_group: + default: '' + examples: + - '' + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string images: default: haraka: @@ -283,61 +333,43 @@ options: type: string type: object type: object - domain: - default: your-company + ingress_class: + default: traefik examples: - - your-company - type: string - domain_name: - default: your_company.com - examples: - - your_company.com + - traefik type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - app_group: - default: '' - examples: - - '' - type: string - backups: + mongo: default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings + version: 6.0.13 examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings + - version: 6.0.13 properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings + version: + default: 6.0.13 type: string type: object - ingress_class: - default: traefik + redis: + default: + exporter: + enabled: true examples: - - traefik - type: string + - exporter: + enabled: true + properties: + exporter: + default: + enabled: true + properties: + enabled: + default: true + type: boolean + type: object + type: object storage: default: redis: @@ -360,28 +392,6 @@ options: examples: - mail type: string - redis: - default: - exporter: - enabled: true - examples: - - exporter: - enabled: true - properties: - exporter: - default: - enabled: true - properties: - enabled: - default: true - type: boolean - type: object - type: object - additional-domains: - default: [] - items: - type: string - type: array dependencies: - dist: null category: dbo diff --git a/share/wildduck/mongo.tf b/share/wildduck/mongo.tf index 40e0c20..58d19de 100644 --- a/share/wildduck/mongo.tf +++ b/share/wildduck/mongo.tf @@ -40,7 +40,7 @@ resource "kubectl_manifest" "prj_mongo" { spec: members: 1 type: ReplicaSet - version: "7.0.2" + version: "${var.mongo.version}" statefulSet: spec: template: diff --git a/share/wildduck/redis.tf b/share/wildduck/redis.tf index da0d5c2..7d7bb8a 100644 --- a/share/wildduck/redis.tf +++ b/share/wildduck/redis.tf @@ -5,7 +5,7 @@ locals { } resource "kubectl_manifest" "prj_redis" { yaml_body = <<-EOF - apiVersion: "redis.redis.opstreelabs.in/v1beta1" + apiVersion: "redis.redis.opstreelabs.in/v1beta2" kind: "Redis" metadata: name: "${var.instance}-${var.component}-redis" @@ -25,7 +25,7 @@ resource "kubectl_manifest" "prj_redis" { redisExporter: enabled: ${var.redis.exporter.enabled} image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" - securityContext: + podSecurityContext: runAsUser: 1000 fsGroup: 1000 EOF diff --git a/share/wildduck/scim.tf b/share/wildduck/scim.tf index d16d316..818c06c 100644 --- a/share/wildduck/scim.tf +++ b/share/wildduck/scim.tf @@ -14,7 +14,7 @@ data "authentik_property_mapping_scim" "group" { } resource "authentik_provider_scim" "scim" { - name = "${var.component}-${var.instance}-scim" + name = "${var.instance}-${var.component}-scim" url = "http://${var.instance}-scimgateway.${var.namespace}.svc.cluster.local/scim" token = local.secrets.authentik property_mappings = [data.authentik_property_mapping_scim.user.id]