From 0727fca59140af008c76c47de95b9c9b0a565674 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Thu, 25 Jan 2024 17:43:46 +0100 Subject: [PATCH] fix --- apps/code-server/datas.tf | 2 + apps/code-server/index.yaml | 58 +-- apps/dbgate/datas.tf | 2 + apps/dbgate/index.yaml | 149 ++++--- apps/dolibarr/index.yaml | 322 +++++++-------- apps/dolibarr/ldap.tf | 5 +- apps/gitea/datas.tf | 2 + apps/gitea/index.rhai | 2 +- apps/gitea/index.yaml | 366 ++++++++--------- apps/gramo/datas.tf | 2 + apps/gramo/index.yaml | 50 +-- apps/k8s-api/datas.tf | 2 + apps/k8s-api/index.yaml | 22 +- .../apps_v1_Deployment_nextcloud-metrics.yaml | 8 +- .../apps_v1_Deployment_nextcloud.yaml | 294 +++++++------- ..._v1_HorizontalPodAutoscaler_nextcloud.yaml | 2 +- apps/nextcloud/datas.tf | 2 + apps/nextcloud/index.yaml | 376 +++++++++--------- ...oreos.com_v1_ServiceMonitor_nextcloud.yaml | 2 +- .../v1_ConfigMap_nextcloud-config.yaml | 2 +- .../v1_ConfigMap_nextcloud-nginxconfig.yaml | 245 +++++------- ...istentVolumeClaim_nextcloud-nextcloud.yaml | 2 +- .../v1_Service_nextcloud-metrics.yaml | 2 +- apps/nextcloud/v1_Service_nextcloud.yaml | 2 +- apps/okd/datas.tf | 2 + apps/okd/index.yaml | 66 +-- apps/traefik-ui/datas.tf | 2 + apps/traefik-ui/index.yaml | 20 +- apps/woodpecker/datas.tf | 2 + apps/woodpecker/gitea_token.tf | 6 + apps/woodpecker/index.yaml | 102 ++--- meta/domain-erp/apps.tf | 6 +- meta/domain-erp/index.yaml | 84 ++-- meta/domain-monitor/index.yaml | 288 +++++++------- monitor/alertmanager/datas.tf | 2 + monitor/alertmanager/index.yaml | 56 +-- ...ertmanager-kube-promethe-alertmanager.yaml | 4 +- ...ager-kube-promethe-alertmanager.rules.yaml | 4 +- ...ertmanager-kube-promethe-alertmanager.yaml | 4 +- ...r-kube-promethe-alertmanager-overview.yaml | 4 +- ...ertmanager-kube-promethe-alertmanager.yaml | 4 +- ...ertmanager-kube-promethe-alertmanager.yaml | 4 +- monitor/grafana/datas.tf | 2 + monitor/grafana/index.yaml | 84 ++-- ...te-metrics-kube-pr-kube-state-metrics.yaml | 4 +- ...usRule_prometheus-community-kube-etcd.yaml | 4 +- ...ube-kube-apiserver-availability.rules.yaml | 4 +- ...ty-kube-kube-apiserver-burnrate.rules.yaml | 4 +- ...y-kube-kube-apiserver-histogram.rules.yaml | 4 +- ...us-community-kube-kube-apiserver-slos.yaml | 4 +- ...s-community-kube-kube-scheduler.rules.yaml | 4 +- ...-kubernetes-system-controller-manager.yaml | 4 +- ...nity-kube-kubernetes-system-scheduler.yaml | 4 +- ...r_prometheus-community-kube-apiserver.yaml | 4 +- ...ommunity-kube-kube-controller-manager.yaml | 4 +- ...r_prometheus-community-kube-kube-etcd.yaml | 4 +- ...metheus-community-kube-kube-scheduler.yaml | 4 +- ...p_prometheus-community-kube-apiserver.yaml | 4 +- ...eus-community-kube-controller-manager.yaml | 4 +- ...figMap_prometheus-community-kube-etcd.yaml | 4 +- ...p_prometheus-community-kube-scheduler.yaml | 4 +- ...ommunity-kube-kube-controller-manager.yaml | 4 +- ...e_prometheus-community-kube-kube-etcd.yaml | 4 +- ...metheus-community-kube-kube-scheduler.yaml | 4 +- ...rter-kube-prometh-node-exporter.rules.yaml | 4 +- ...e-exporter-kube-prometh-node-exporter.yaml | 4 +- ...de-exporter-kube-prometh-node-network.yaml | 4 +- ...node-exporter-kube-prometh-node.rules.yaml | 4 +- ...er-kube-prometh-node-cluster-rsrc-use.yaml | 4 +- ...e-exporter-kube-prometh-node-rsrc-use.yaml | 4 +- ...de-exporter-kube-prometh-nodes-darwin.yaml | 4 +- ...gMap_node-exporter-kube-prometh-nodes.yaml | 4 +- monitor/prometheus/datas.tf | 2 + monitor/prometheus/index.yaml | 76 ++-- ...metheus-kube-prometheus-kubelet.rules.yaml | 4 +- ...ometheus-kubernetes-system-kube-proxy.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...or_prometheus-kube-prometheus-coredns.yaml | 4 +- ...prometheus-kube-prometheus-kube-proxy.yaml | 4 +- ...or_prometheus-kube-prometheus-kubelet.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...us-kube-prometheus-grafana-datasource.yaml | 4 +- ...rometheus-kube-prometheus-k8s-coredns.yaml | 4 +- ...ap_prometheus-kube-prometheus-kubelet.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...gMap_prometheus-kube-prometheus-proxy.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...prometheus-kube-prometheus-prometheus.yaml | 4 +- ...ce_prometheus-kube-prometheus-coredns.yaml | 4 +- ...prometheus-kube-prometheus-kube-proxy.yaml | 4 +- share/accounts-management/datas.tf | 2 + share/accounts-management/index.yaml | 24 +- share/authentik-forward/datas.tf | 2 + share/authentik-forward/index.yaml | 14 +- share/authentik-forward/outpost-forward.tf | 3 +- share/authentik-ldap/datas.tf | 2 + share/authentik-ldap/outpost-ldap.tf | 3 +- .../apps_v1_Deployment_authentik-server.yaml | 12 +- .../apps_v1_Deployment_authentik-worker.yaml | 12 +- ...izontalPodAutoscaler_authentik-server.yaml | 4 +- ...izontalPodAutoscaler_authentik-worker.yaml | 4 +- share/authentik/datas.tf | 2 + share/authentik/index.yaml | 140 +++---- ...oreos.com_v1_PrometheusRule_authentik.yaml | 4 +- ...oreos.com_v1_ServiceMonitor_authentik.yaml | 4 +- share/authentik/v1_Service_authentik.yaml | 4 +- share/dataset-pg/databases.tf | 6 +- share/dataset-pg/directus.tf | 2 + share/dataset-pg/index.yaml | 182 ++++----- share/division/datas.tf | 2 + share/division/index.yaml | 38 +- ...s.yaml => apps_v1_Deployment_coredns.yaml} | 11 +- share/dns/index.yaml | 74 ++-- ...k8s.io_v1_ClusterRoleBinding_coredns.yaml} | 8 +- ...zation.k8s.io_v1_ClusterRole_coredns.yaml} | 4 +- share/dns/v1_ConfigMap_coredns.yaml | 27 ++ ...ns.yaml => v1_ServiceAccount_coredns.yaml} | 5 +- ...s.yaml => v1_Service_coredns-metrics.yaml} | 5 +- ...s-coredns.yaml => v1_Service_coredns.yaml} | 5 +- share/organisation/gitea-user.tf | 3 + share/organisation/index.yaml | 102 ++--- share/wildduck/scim.tf | 5 +- 124 files changed, 1848 insertions(+), 1796 deletions(-) rename share/dns/{apps_v1_Deployment_coredns-coredns.yaml => apps_v1_Deployment_coredns.yaml} (90%) rename share/dns/{rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml => rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns.yaml} (81%) rename share/dns/{rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml => rbac.authorization.k8s.io_v1_ClusterRole_coredns.yaml} (90%) create mode 100644 share/dns/v1_ConfigMap_coredns.yaml rename share/dns/{v1_ServiceAccount_coredns-coredns.yaml => v1_ServiceAccount_coredns.yaml} (80%) rename share/dns/{v1_Service_coredns-coredns-metrics.yaml => v1_Service_coredns-metrics.yaml} (87%) rename share/dns/{v1_Service_coredns-coredns.yaml => v1_Service_coredns.yaml} (87%) diff --git a/apps/code-server/datas.tf b/apps/code-server/datas.tf index 856efae..d0144e6 100644 --- a/apps/code-server/datas.tf +++ b/apps/code-server/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/code-server/index.yaml b/apps/code-server/index.yaml index 3f10ba8..b54c6f0 100644 --- a/apps/code-server/index.yaml +++ b/apps/code-server/index.yaml @@ -6,11 +6,21 @@ metadata: name: code-server description: null options: + app-group: + default: dev + examples: + - dev + type: string sub-domain: default: code examples: - code type: string + ingress-class: + default: traefik + examples: + - traefik + type: string storage: default: accessMode: ReadWriteOnce @@ -38,30 +48,10 @@ options: - Block type: string type: object - issuer: - default: letsencrypt-prod + domain-name: + default: your_company.com examples: - - letsencrypt-prod - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - app-group: - default: dev - examples: - - dev - type: string - no-editor: - default: false - examples: - - false - type: boolean - domain: - default: your-company - examples: - - your-company + - your_company.com type: string images: default: @@ -102,15 +92,20 @@ options: type: number type: object type: object - timezone: - default: Europe/Paris + domain: + default: your-company examples: - - Europe/Paris + - your-company type: string - domain-name: - default: your_company.com + no-editor: + default: false examples: - - your_company.com + - false + type: boolean + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod type: string admin: default: @@ -127,6 +122,11 @@ options: default: false type: boolean type: object + timezone: + default: Europe/Paris + examples: + - Europe/Paris + type: string dependencies: - dist: null category: share diff --git a/apps/dbgate/datas.tf b/apps/dbgate/datas.tf index 72119ca..31ef2a9 100644 --- a/apps/dbgate/datas.tf +++ b/apps/dbgate/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index f820467..7e2e0ec 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -6,7 +6,7 @@ metadata: name: dbgate description: null options: - maria: + mongo: default: [] examples: - [] @@ -35,21 +35,48 @@ options: type: string type: object type: array + storage: + default: + accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 1Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 1Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object domain: default: your-company examples: - your-company type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string sub-domain: default: dbgate examples: - dbgate type: string - app-group: - default: dev - examples: - - dev - type: string pg: default: [] examples: @@ -79,35 +106,16 @@ options: type: string type: object type: array - mongo: - default: [] + domain-name: + default: your_company.com examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array + - your_company.com + type: string + app-group: + default: dev + examples: + - dev + type: string images: default: dbgate: @@ -147,11 +155,6 @@ options: type: string type: object type: object - ingress-class: - default: traefik - examples: - - traefik - type: string redis: default: [] examples: @@ -166,47 +169,41 @@ options: type: string type: object type: array - domain-name: - default: your_company.com + ingress-class: + default: traefik examples: - - your_company.com + - traefik type: string - storage: - default: - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem + maria: + default: [] examples: - - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 1Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array dependencies: -- dist: null - category: share - component: authentik-forward - dist: null category: core component: secret-generator diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index 5579464..6760182 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -6,84 +6,6 @@ metadata: name: dolibarr description: null options: - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.12 - type: string - storage: - default: 2Gi - type: string - type: object - sub-domain: - default: erp - examples: - - erp - type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - user-groups: - default: - - admin: true - name: dolibarr-admin - examples: - - - admin: true - name: dolibarr-admin - items: - properties: - admin: - type: boolean - name: - type: string - type: object - type: array - log-level: - default: 5 - examples: - - 5 - type: integer parameters: default: MAIN_LANG_DEFAULT: auto @@ -94,6 +16,14 @@ options: default: auto type: string type: object + modules: + default: + - societe + examples: + - - societe + items: + type: string + type: array images: default: dolibarr: @@ -159,6 +89,120 @@ options: type: string type: object type: object + sub-domain: + default: erp + examples: + - erp + type: string + resources: + default: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + examples: + - limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + properties: + limits: + default: + cpu: 200m + memory: 256Mi + properties: + cpu: + default: 200m + type: string + memory: + default: 256Mi + type: string + type: object + requests: + default: + cpu: 50m + memory: 100Mi + properties: + cpu: + default: 50m + type: string + memory: + default: 100Mi + type: string + type: object + type: object + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.12 + type: string + storage: + default: 2Gi + type: string + type: object + app-group: + default: '' + examples: + - '' + type: string backups: default: enable: false @@ -265,31 +309,11 @@ options: default: false type: boolean type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string domain: default: your-company examples: - your-company type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - app-group: - default: '' - examples: - - '' - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string storage: default: accessMode: ReadWriteOnce @@ -317,75 +341,51 @@ options: - block type: string type: object - resources: - default: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi + ingress-class: + default: traefik examples: - - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - properties: - limits: - default: - cpu: 200m - memory: 256Mi - properties: - cpu: - default: 200m - type: string - memory: - default: 256Mi - type: string - type: object - requests: - default: - cpu: 50m - memory: 100Mi - properties: - cpu: - default: 50m - type: string - memory: - default: 100Mi - type: string - type: object - type: object - postgres: - default: - replicas: 1 - storage: 5Gi - version: '14' + - traefik + type: string + log-level: + default: 5 examples: - - replicas: 1 - storage: 5Gi - version: '14' + - 5 + type: integer + user-groups: + default: + - admin: true + name: dolibarr-admin + examples: + - - admin: true + name: dolibarr-admin + items: + properties: + admin: + type: boolean + name: + type: string + type: object + type: array + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 properties: - replicas: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: default: 1 type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string type: object - modules: - default: - - societe - examples: - - - societe - items: - type: string - type: array dependencies: - dist: null category: share diff --git a/apps/dolibarr/ldap.tf b/apps/dolibarr/ldap.tf index 2990f10..79bb5c0 100644 --- a/apps/dolibarr/ldap.tf +++ b/apps/dolibarr/ldap.tf @@ -8,10 +8,11 @@ locals { base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name)))) base-group-dn = format("ou=groups,%s", local.base-dn) base-user-dn = format("ou=users,%s", local.base-dn) - authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] request_headers = { "Content-Type" = "application/json" - Authorization = "Bearer ${local.authentik-token}" + Authorization = "Bearer ${local.authentik_token}" } ldap-outpost-providers = jsondecode(data.http.get_ldap_outpost.response_body).results[0].providers ldap-outpost-pk = jsondecode(data.http.get_ldap_outpost.response_body).results[0].pk diff --git a/apps/gitea/datas.tf b/apps/gitea/datas.tf index 3e40c69..244ece3 100644 --- a/apps/gitea/datas.tf +++ b/apps/gitea/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/gitea/index.rhai b/apps/gitea/index.rhai index 03e7615..3681fe9 100644 --- a/apps/gitea/index.rhai +++ b/apps/gitea/index.rhai @@ -4,7 +4,7 @@ const SRC=src; const DEST=dest; fn pre_pack() { shell("helm repo add gitea-charts https://dl.gitea.io/charts/"); - shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); + shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci -a "monitoring.coreos.com/v1/ServiceMonitor" -a "monitoring.coreos.com/v1/PrometheusRule" --values values.yml >${global::SRC}/chart.yaml`); } fn post_pack() { shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`); diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index c1e0430..a7a7727 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,183 +9,16 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - default-branch: - default: main + theme: + default: gitea-modern examples: - - main - type: string - replicas: - default: 1 - examples: - - 1 - type: integer - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.12 - type: string - storage: - default: 2Gi - type: string - type: object - webhook: - default: - allowed-hosts: private - skip-tls-verify: false - examples: - - allowed-hosts: private - skip-tls-verify: false - properties: - allowed-hosts: - default: private - type: string - skip-tls-verify: - default: false - type: boolean - type: object - release: - default: 8.3.0 - examples: - - 8.3.0 - type: string - volume: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - sub-domain: - default: git - examples: - - git - type: string - domain: - default: your-company - examples: - - your-company + - gitea-modern type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object - postgres: - default: - replicas: 1 - storage: 10Gi - version: '14' - examples: - - replicas: 1 - storage: 10Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 10Gi - type: string - version: - default: '14' - type: string - type: object - disable-registration: - default: true - examples: - - true - type: boolean - ssh-port: - default: 2222 - examples: - - 2222 - type: integer - load-balancer: - default: - ip: '' - examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - push-create: - default: - org: 'true' - private: 'false' - user: 'true' - examples: - - org: 'true' - private: 'false' - user: 'true' - properties: - org: - default: 'true' - type: string - private: - default: 'false' - type: string - user: - default: 'true' - type: string - type: object images: default: gitea: @@ -225,25 +58,142 @@ options: type: string type: object type: object - app-group: - default: dev + load-balancer: + default: + ip: '' examples: - - dev - type: string - theme: - default: gitea-modern + - ip: '' + properties: + ip: + default: '' + type: string + type: object + timezone: + default: Europe/Paris examples: - - gitea-modern + - Europe/Paris type: string + admin: + default: + email: git-admin@git.your_company.com + name: gitea_admin + examples: + - email: git-admin@git.your_company.com + name: gitea_admin + properties: + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin + type: string + type: object + postgres: + default: + replicas: 1 + storage: 10Gi + version: '14' + examples: + - replicas: 1 + storage: 10Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 10Gi + type: string + version: + default: '14' + type: string + type: object + replicas: + default: 1 + examples: + - 1 + type: integer + domain: + default: your-company + examples: + - your-company + type: string + release: + default: 8.3.0 + examples: + - 8.3.0 + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.12 + type: string + storage: + default: 2Gi + type: string + type: object ssh-sub-domain: default: git examples: - git type: string - domain-name: - default: your_company.com + ssh-port: + default: 2222 examples: - - your_company.com + - 2222 + type: integer + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object + app-group: + default: dev + examples: + - dev + type: string + ingress-class: + default: traefik + examples: + - traefik type: string backups: default: @@ -351,10 +301,60 @@ options: default: false type: boolean type: object - timezone: - default: Europe/Paris + sub-domain: + default: git examples: - - Europe/Paris + - git + type: string + default-branch: + default: main + examples: + - main + type: string + push-create: + default: + org: 'true' + private: 'false' + user: 'true' + examples: + - org: 'true' + private: 'false' + user: 'true' + properties: + org: + default: 'true' + type: string + private: + default: 'false' + type: string + user: + default: 'true' + type: string + type: object + disable-registration: + default: true + examples: + - true + type: boolean + webhook: + default: + allowed-hosts: private + skip-tls-verify: false + examples: + - allowed-hosts: private + skip-tls-verify: false + properties: + allowed-hosts: + default: private + type: string + skip-tls-verify: + default: false + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com type: string dependencies: - dist: null diff --git a/apps/gramo/datas.tf b/apps/gramo/datas.tf index 856efae..d0144e6 100644 --- a/apps/gramo/datas.tf +++ b/apps/gramo/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/gramo/index.yaml b/apps/gramo/index.yaml index 673222d..0ca7aa4 100644 --- a/apps/gramo/index.yaml +++ b/apps/gramo/index.yaml @@ -6,22 +6,22 @@ metadata: name: gramo description: null options: - app-group: - default: infra - examples: - - infra - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string domain: default: your-company examples: - your-company type: string - managed: + ingress-class: + default: traefik + examples: + - traefik + type: string + sub-domain: + default: gramo + examples: + - gramo + type: string + cluster-admin: default: false examples: - false @@ -65,31 +65,31 @@ options: type: string type: object type: object - cluster-admin: + managed: default: false examples: - false type: boolean - issuer: - default: letsencrypt-prod + domain-name: + default: your_company.com examples: - - letsencrypt-prod - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - sub-domain: - default: gramo - examples: - - gramo + - your_company.com type: string namespaces: default: [] items: type: string type: array + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + app-group: + default: infra + examples: + - infra + type: string dependencies: - dist: null category: share diff --git a/apps/k8s-api/datas.tf b/apps/k8s-api/datas.tf index ac5f6fe..5fa90b2 100644 --- a/apps/k8s-api/datas.tf +++ b/apps/k8s-api/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/k8s-api/index.yaml b/apps/k8s-api/index.yaml index 5775147..3511acf 100644 --- a/apps/k8s-api/index.yaml +++ b/apps/k8s-api/index.yaml @@ -6,30 +6,30 @@ metadata: name: k8s-api description: Access to the kubernetes api options: - domain-name: - default: your_company.com + ingress-class: + default: traefik examples: - - your_company.com + - traefik type: string domain: default: your-company examples: - your-company type: string - sub-domain: - default: api - examples: - - api - type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - ingress-class: - default: traefik + domain-name: + default: your_company.com examples: - - traefik + - your_company.com + type: string + sub-domain: + default: api + examples: + - api type: string dependencies: - dist: null diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml index 3d34797..619148a 100644 --- a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml +++ b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-metrics labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics @@ -27,7 +27,7 @@ spec: spec: containers: - name: metrics-exporter - image: "xperimental/nextcloud-exporter:0.6.1" + image: "xperimental/nextcloud-exporter:0.6.2" imagePullPolicy: IfNotPresent env: - name: NEXTCLOUD_USERNAME @@ -41,8 +41,8 @@ spec: name: nextcloud key: nextcloud-password # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint - - name: NEXTCLOUD_SERVER - value: http://nextcloud:80 + - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local + value: "http://nextcloud.vynil-cloud.svc.cluster.local:80" - name: NEXTCLOUD_TIMEOUT value: 5s - name: NEXTCLOUD_TLS_SKIP_VERIFY diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml index eb2b231..1fdcf6d 100644 --- a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml +++ b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app @@ -30,154 +30,154 @@ spec: nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b spec: containers: - - name: nextcloud - image: nextcloud:27.1.3-apache - imagePullPolicy: IfNotPresent - env: - - name: POSTGRES_HOST - value: - - name: POSTGRES_DB - value: "nextcloud" - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: nextcloud-db - key: username - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud-db - key: password - - name: NEXTCLOUD_ADMIN_USER - valueFrom: - secretKeyRef: - name: nextcloud - key: nextcloud-username - - name: NEXTCLOUD_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud - key: nextcloud-password - - name: NEXTCLOUD_TRUSTED_DOMAINS - value: nextcloud.kube.home - - name: NEXTCLOUD_UPDATE - value: "1" - - name: NEXTCLOUD_DATA_DIR - value: "/var/www/html/data" - resources: - {} - volumeMounts: - - name: nextcloud-main - mountPath: /var/www/ - subPath: root - - name: nextcloud-main - mountPath: /var/www/html - subPath: html - - name: nextcloud-main - mountPath: /var/www/html/data - subPath: data - - name: nextcloud-main - mountPath: /var/www/html/config - subPath: config - - name: nextcloud-main - mountPath: /var/www/html/custom_apps - subPath: custom_apps - - name: nextcloud-main - mountPath: /var/www/tmp - subPath: tmp - - name: nextcloud-main - mountPath: /var/www/html/themes - subPath: themes - - name: nextcloud-config - mountPath: /var/www/html/config/locale.config.php - subPath: locale.config.php - - name: nextcloud-config - mountPath: /var/www/html/config/redis.config.php - subPath: redis.config.php - - name: nextcloud-config - mountPath: /var/www/html/config/.htaccess - subPath: .htaccess - - name: nextcloud-config - mountPath: /var/www/html/config/apcu.config.php - subPath: apcu.config.php - - name: nextcloud-config - mountPath: /var/www/html/config/apps.config.php - subPath: apps.config.php - - name: nextcloud-config - mountPath: /var/www/html/config/autoconfig.php - subPath: autoconfig.php - - name: nextcloud-config - mountPath: /var/www/html/config/smtp.config.php - subPath: smtp.config.php - - name: nextcloud-nginx - image: "nginx:alpine" - imagePullPolicy: IfNotPresent - ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: /status.php - port: http - httpHeaders: - - name: Host - value: "nextcloud.kube.home" - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /status.php - port: 80 - httpHeaders: - - name: Host - value: "nextcloud.kube.home" - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 + - name: nextcloud + image: nextcloud:28.0.1-apache + imagePullPolicy: IfNotPresent + env: + + - name: POSTGRES_HOST + value: + - name: POSTGRES_DB + value: "nextcloud" + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: nextcloud-db + key: username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-db + key: password + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-username + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-password + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: nextcloud.kube.home + - name: NEXTCLOUD_UPDATE + value: "1" + - name: NEXTCLOUD_DATA_DIR + value: "/var/www/html/data" + resources: + {} + volumeMounts: + - name: nextcloud-main + mountPath: /var/www/ + subPath: root + - name: nextcloud-main + mountPath: /var/www/html + subPath: html + - name: nextcloud-main + mountPath: /var/www/html/data + subPath: data + - name: nextcloud-main + mountPath: /var/www/html/config + subPath: config + - name: nextcloud-main + mountPath: /var/www/html/custom_apps + subPath: custom_apps + - name: nextcloud-main + mountPath: /var/www/tmp + subPath: tmp + - name: nextcloud-main + mountPath: /var/www/html/themes + subPath: themes + - name: nextcloud-config + mountPath: /var/www/html/config/locale.config.php + subPath: locale.config.php + - name: nextcloud-config + mountPath: /var/www/html/config/redis.config.php + subPath: redis.config.php + - name: nextcloud-config + mountPath: /var/www/html/config/.htaccess + subPath: .htaccess + - name: nextcloud-config + mountPath: /var/www/html/config/apcu.config.php + subPath: apcu.config.php + - name: nextcloud-config + mountPath: /var/www/html/config/apps.config.php + subPath: apps.config.php + - name: nextcloud-config + mountPath: /var/www/html/config/autoconfig.php + subPath: autoconfig.php + - name: nextcloud-config + mountPath: /var/www/html/config/smtp.config.php + subPath: smtp.config.php + - name: nextcloud-nginx + image: "nginx:alpine" + imagePullPolicy: IfNotPresent + ports: + - name: http + protocol: TCP + containerPort: 80 + livenessProbe: + httpGet: + path: /status.php + port: 80 + httpHeaders: + - name: Host + value: "nextcloud.kube.home" + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /status.php + port: 80 + httpHeaders: + - name: Host + value: "nextcloud.kube.home" + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 - resources: - {} - volumeMounts: - - name: nextcloud-main - mountPath: /var/www/ - subPath: root - - name: nextcloud-main - mountPath: /var/www/html - subPath: html - - name: nextcloud-main - mountPath: /var/www/html/data - subPath: data - - name: nextcloud-main - mountPath: /var/www/html/config - subPath: config - - name: nextcloud-main - mountPath: /var/www/html/custom_apps - subPath: custom_apps - - name: nextcloud-main - mountPath: /var/www/tmp - subPath: tmp - - name: nextcloud-main - mountPath: /var/www/html/themes - subPath: themes - - name: nextcloud-nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf + resources: + {} + volumeMounts: + - name: nextcloud-main + mountPath: /var/www/ + subPath: root + - name: nextcloud-main + mountPath: /var/www/html + subPath: html + - name: nextcloud-main + mountPath: /var/www/html/data + subPath: data + - name: nextcloud-main + mountPath: /var/www/html/config + subPath: config + - name: nextcloud-main + mountPath: /var/www/html/custom_apps + subPath: custom_apps + - name: nextcloud-main + mountPath: /var/www/tmp + subPath: tmp + - name: nextcloud-main + mountPath: /var/www/html/themes + subPath: themes + - name: nextcloud-nginx-config + mountPath: /etc/nginx/conf.d/ volumes: - - name: nextcloud-main - persistentVolumeClaim: - claimName: nextcloud-nextcloud - - name: nextcloud-config - configMap: - name: nextcloud-config - - name: nextcloud-nginx-config - configMap: - name: nextcloud-nginxconfig + - name: nextcloud-main + persistentVolumeClaim: + claimName: nextcloud-nextcloud + - name: nextcloud-config + configMap: + name: nextcloud-config + - name: nextcloud-nginx-config + configMap: + name: nextcloud-nginxconfig securityContext: # Will mount configuration files as www-data (id: 82) for nextcloud fsGroup: 82 diff --git a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml index a9ec239..3c93769 100644 --- a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml +++ b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf index 2726bc1..458be6c 100644 --- a/apps/nextcloud/datas.tf +++ b/apps/nextcloud/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 5dc7c67..6866190 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,26 +6,6 @@ metadata: name: nextcloud description: null options: - postgres: - default: - replicas: 1 - storage: 5Gi - version: '14' - examples: - - replicas: 1 - storage: 5Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string - type: object admin: default: name: nextcloud_admin @@ -36,126 +16,68 @@ options: default: nextcloud_admin type: string type: object - domain-name: - default: your_company.com + domain: + default: your-company examples: - - your_company.com - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod + - your-company type: string app-group: default: '' examples: - '' type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + openid-name: + default: vynil examples: - - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + - vynil + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.12 + storage: 2Gi properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - restic-key: - default: bck-password - type: string - retention: + exporter: default: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 properties: - db: - default: 30d - type: string - keepDaily: - default: 14 - type: integer - keepMonthly: - default: 12 - type: integer - keepWeekly: - default: 6 - type: integer - keepYearly: - default: 12 - type: integer - type: object - schedule: - default: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - properties: - backup: - default: 30 3 * * * - type: string - check: - default: 30 5 * * 1 - type: string - db: - default: 30 3 * * * - type: string - prune: - default: 30 1 * * 0 + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 type: string type: object - secret-key: - default: s3-secret + image: + default: quay.io/opstree/redis:v7.0.12 type: string - secret-name: - default: backup-settings + storage: + default: 2Gi type: string - use-barman: - default: false - type: boolean type: object storage: default: @@ -176,41 +98,6 @@ options: default: 10Gi type: string type: object - sub-domain: - default: files - examples: - - files - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - domain: - default: your-company - examples: - - your-company - type: string images: default: collabora: @@ -374,43 +261,131 @@ options: type: string type: object type: object - openid-name: - default: vynil - examples: - - vynil - type: string - redis: + hpa: default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.12 - storage: 2Gi + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 properties: - exporter: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + restic-key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + restic-key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + restic-key: + default: bck-password + type: string + retention: default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + properties: + backup: + default: 30 3 * * * + type: string + check: + default: 30 5 * * 1 + type: string + db: + default: 30 3 * * * + type: string + prune: + default: 30 1 * * 0 type: string type: object - image: - default: quay.io/opstree/redis:v7.0.12 + secret-key: + default: s3-secret type: string - storage: - default: 2Gi + secret-name: + default: backup-settings type: string + use-barman: + default: false + type: boolean type: object apps: default: @@ -502,6 +477,31 @@ options: default: true type: boolean type: object + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + sub-domain: + default: files + examples: + - files + type: string dependencies: - dist: null category: share diff --git a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml index 42a8411..7b792bc 100644 --- a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml +++ b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml @@ -6,7 +6,7 @@ metadata: namespace: "vynil-cloud" labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml index 6a14f7a..8546d9f 100644 --- a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml +++ b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-config labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm data: diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml index 6db28d3..ff0f856 100644 --- a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml +++ b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml @@ -5,169 +5,140 @@ metadata: name: nextcloud-nginxconfig labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm data: - nginx.conf: |- - worker_processes auto; - - error_log /var/log/nginx/error.log warn; - pid /tmp/nginx.pid; - - - events { - worker_connections 1024; + default.conf: |- + upstream php-handler { + server 127.0.0.1:9000; } + server { + listen 80; - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + # set max upload size + client_max_body_size 10G; + fastcgi_buffers 64 4K; - access_log /var/log/nginx/access.log main; + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - sendfile on; - #tcp_nopush on; + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; - keepalive_timeout 65; + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; - #gzip on; + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; - upstream php-handler { - server 127.0.0.1:9000; + # Path to the root of your installation + root /var/www/html; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } } - server { - listen 80; + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The following 6 rules are borrowed from `.htaccess` - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 /index.php$uri; } - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + try_files $uri $uri/ =404; + } - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; - # Path to the root of your installation - root /var/www/html; + try_files $fastcgi_script_name =404; - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + #fastcgi_param HTTPS on; - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - } + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The following 6 rules are borrowed from `.htaccess` + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - # Anything else is dynamically handled by Nextcloud - location ^~ /.well-known { return 301 /index.php$uri; } + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } - try_files $uri $uri/ =404; - } - - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; - - try_files $fastcgi_script_name =404; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; - - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_pass php-handler; - - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ \.(?:css|js|svg|gif)$ { - try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - location / { - try_files $uri $uri/ /index.php$request_uri; - } + location / { + try_files $uri $uri/ /index.php$request_uri; } } \ No newline at end of file diff --git a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml index f4e783a..d19d073 100644 --- a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml +++ b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app diff --git a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml index d79f28f..815f114 100644 --- a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml +++ b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-metrics labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics diff --git a/apps/nextcloud/v1_Service_nextcloud.yaml b/apps/nextcloud/v1_Service_nextcloud.yaml index 2eb339f..0920502 100644 --- a/apps/nextcloud/v1_Service_nextcloud.yaml +++ b/apps/nextcloud/v1_Service_nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.3.6 + helm.sh/chart: nextcloud-4.5.11 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app diff --git a/apps/okd/datas.tf b/apps/okd/datas.tf index 856efae..d0144e6 100644 --- a/apps/okd/datas.tf +++ b/apps/okd/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/okd/index.yaml b/apps/okd/index.yaml index 04e0415..dd8e50f 100644 --- a/apps/okd/index.yaml +++ b/apps/okd/index.yaml @@ -6,36 +6,21 @@ metadata: name: okd description: null options: - app-group: - default: infra + domain-name: + default: your_company.com examples: - - infra + - your_company.com type: string - issuer: - default: letsencrypt-prod + sub-domain: + default: okd examples: - - letsencrypt-prod + - okd type: string - ingress-class: - default: traefik + domain: + default: your-company examples: - - traefik + - your-company type: string - cluster-admin: - default: false - examples: - - false - type: boolean - managed: - default: false - examples: - - false - type: boolean - namespaces: - default: [] - items: - type: string - type: array images: default: okd: @@ -75,21 +60,36 @@ options: type: string type: object type: object - domain-name: - default: your_company.com + issuer: + default: letsencrypt-prod examples: - - your_company.com + - letsencrypt-prod type: string - domain: - default: your-company + app-group: + default: infra examples: - - your-company + - infra type: string - sub-domain: - default: okd + managed: + default: false examples: - - okd + - false + type: boolean + ingress-class: + default: traefik + examples: + - traefik type: string + cluster-admin: + default: false + examples: + - false + type: boolean + namespaces: + default: [] + items: + type: string + type: array dependencies: - dist: null category: share diff --git a/apps/traefik-ui/datas.tf b/apps/traefik-ui/datas.tf index 856efae..d0144e6 100644 --- a/apps/traefik-ui/datas.tf +++ b/apps/traefik-ui/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/traefik-ui/index.yaml b/apps/traefik-ui/index.yaml index ccb332e..3042bd2 100644 --- a/apps/traefik-ui/index.yaml +++ b/apps/traefik-ui/index.yaml @@ -6,16 +6,21 @@ metadata: name: traefik-ui description: Access to the Traefik UI options: - domain: - default: your-company - examples: - - your-company - type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string + app-group: + default: infra + examples: + - infra + type: string + domain: + default: your-company + examples: + - your-company + type: string ingress-class: default: traefik examples: @@ -31,11 +36,6 @@ options: examples: - your_company.com type: string - app-group: - default: infra - examples: - - infra - type: string dependencies: - dist: null category: share diff --git a/apps/woodpecker/datas.tf b/apps/woodpecker/datas.tf index 6d97633..acf3c3f 100644 --- a/apps/woodpecker/datas.tf +++ b/apps/woodpecker/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/apps/woodpecker/gitea_token.tf b/apps/woodpecker/gitea_token.tf index a8fc9eb..9fddbe3 100644 --- a/apps/woodpecker/gitea_token.tf +++ b/apps/woodpecker/gitea_token.tf @@ -1,3 +1,9 @@ +locals { + gitea_host = "http://gitea-http.${var.domain}-ci.svc:3000/" + gitea_username = data.kubernetes_secret_v1.gitea.data["username"] + gitea_password = data.kubernetes_secret_v1.gitea.data["password"] +} + data "kubernetes_secret_v1" "gitea" { metadata { name = "gitea-admin-user" diff --git a/apps/woodpecker/index.yaml b/apps/woodpecker/index.yaml index 11e2c93..9ff19eb 100644 --- a/apps/woodpecker/index.yaml +++ b/apps/woodpecker/index.yaml @@ -6,35 +6,46 @@ metadata: name: woodpecker description: null options: - sub-domain: - default: ci - examples: - - ci - type: string - storage-server: + storage-agent: default: - accessMode: ReadWriteOnce size: 10Gi + storageClass: '' + writeMany: 'false' examples: - - accessMode: ReadWriteOnce - size: 10Gi + - size: 10Gi + storageClass: '' + writeMany: 'false' properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string size: default: 10Gi type: string + storageClass: + default: '' + type: string + writeMany: + default: 'false' + type: string type: object admin-users: default: woodpecker,admin examples: - woodpecker,admin type: string + domain: + default: your-company + examples: + - your-company + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + app-group: + default: dev + examples: + - dev + type: string images: default: agent: @@ -132,51 +143,35 @@ options: type: string type: object type: object + storage-server: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object ingress-class: default: traefik examples: - traefik type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - domain: - default: your-company - examples: - - your-company - type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - app-group: - default: dev - examples: - - dev - type: string - storage-agent: - default: - size: 10Gi - storageClass: '' - writeMany: 'false' - examples: - - size: 10Gi - storageClass: '' - writeMany: 'false' - properties: - size: - default: 10Gi - type: string - storageClass: - default: '' - type: string - writeMany: - default: 'false' - type: string - type: object timeouts: default: default: '60' @@ -192,6 +187,11 @@ options: default: '120' type: string type: object + sub-domain: + default: ci + examples: + - ci + type: string dependencies: - dist: null category: apps diff --git a/meta/domain-erp/apps.tf b/meta/domain-erp/apps.tf index f2f9e28..88454e7 100644 --- a/meta/domain-erp/apps.tf +++ b/meta/domain-erp/apps.tf @@ -6,6 +6,10 @@ locals { "vynil.solidite.fr/issuer" = var.issuer "vynil.solidite.fr/ingress" = var.ingress-class } + annotations_default = { + "vynil.solidite.fr/default/domain_name" = var.domain-name + "vynil.solidite.fr/default/*" = var.domain-name + } global = { "domain" = var.namespace "domain-name" = var.domain-name @@ -27,7 +31,7 @@ locals { resource "kubernetes_namespace_v1" "erp-ns" { count = ( var.dolibarr.enable )? 1 : 0 metadata { - annotations = local.annotations + annotations = merge(local.annotations, local.annotations_default) labels = merge(local.common-labels, local.annotations) name = "${var.namespace}-erp" } diff --git a/meta/domain-erp/index.yaml b/meta/domain-erp/index.yaml index f97dd50..400b630 100644 --- a/meta/domain-erp/index.yaml +++ b/meta/domain-erp/index.yaml @@ -6,26 +6,6 @@ metadata: name: domain-erp description: null options: - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object backups: default: enable: false @@ -61,6 +41,48 @@ options: examples: - traefik type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string + dolibarr: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: apps + x-vynil-package: dolibarr storage-classes: default: BlockReadWriteMany: '' @@ -86,28 +108,6 @@ options: default: '' type: string type: object - domain: - default: your-company - examples: - - your-company - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - dolibarr: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: apps - x-vynil-package: dolibarr dependencies: [] providers: kubernetes: true diff --git a/meta/domain-monitor/index.yaml b/meta/domain-monitor/index.yaml index 1b54759..4ec1a03 100644 --- a/meta/domain-monitor/index.yaml +++ b/meta/domain-monitor/index.yaml @@ -6,7 +6,12 @@ metadata: name: domain-monitor description: null options: - dashboards-namespace: + domain: + default: your-company + examples: + - your-company + type: string + alerts-containers: default: enable: true examples: @@ -17,7 +22,106 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: dashboards-namespace + x-vynil-package: alerts-containers + loki: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: loki + promtail: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: promtail + kube-state-metrics: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: kube-state-metrics + dashboards-cluster: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-cluster + ingress-class: + default: traefik + examples: + - traefik + type: string + app-group: + default: monitor + examples: + - monitor + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + grafana: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: grafana + monitor-control-plan: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: monitor-control-plan + dashboards-workload: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-workload backups: default: enable: false @@ -48,7 +152,7 @@ options: default: backup-settings type: string type: object - alertmanager: + alerts-core: default: enable: true examples: @@ -59,8 +163,8 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: alertmanager - loki: + x-vynil-package: alerts-core + dashboards-namespace: default: enable: true examples: @@ -71,24 +175,39 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: loki - dashboards-workload: - default: - enable: true + x-vynil-package: dashboards-namespace + domain-name: + default: your_company.com examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-workload - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod + - your_company.com type: string + dashboards-minimal: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + x-vynil-category: monitor + x-vynil-package: dashboards-minimal + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object storage-classes: default: BlockReadWriteMany: '' @@ -114,47 +233,6 @@ options: default: '' type: string type: object - node-exporter: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: node-exporter - ingress-class: - default: traefik - examples: - - traefik - type: string - monitor-control-plan: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: monitor-control-plan - alerts-core: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: alerts-core prometheus: default: enable: true @@ -167,7 +245,7 @@ options: type: object x-vynil-category: monitor x-vynil-package: prometheus - kube-state-metrics: + alertmanager: default: enable: true examples: @@ -178,28 +256,8 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: kube-state-metrics - domain: - default: your-company - examples: - - your-company - type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - alerts-containers: + x-vynil-package: alertmanager + node-exporter: default: enable: true examples: @@ -210,65 +268,7 @@ options: type: boolean type: object x-vynil-category: monitor - x-vynil-package: alerts-containers - dashboards-minimal: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-minimal - promtail: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: promtail - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - grafana: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: grafana - app-group: - default: monitor - examples: - - monitor - type: string - dashboards-cluster: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - x-vynil-category: monitor - x-vynil-package: dashboards-cluster + x-vynil-package: node-exporter dependencies: [] providers: kubernetes: true diff --git a/monitor/alertmanager/datas.tf b/monitor/alertmanager/datas.tf index b5d4376..b7cc2bc 100644 --- a/monitor/alertmanager/datas.tf +++ b/monitor/alertmanager/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/monitor/alertmanager/index.yaml b/monitor/alertmanager/index.yaml index 17d720c..a242c27 100644 --- a/monitor/alertmanager/index.yaml +++ b/monitor/alertmanager/index.yaml @@ -6,36 +6,21 @@ metadata: name: alertmanager description: null options: - replicas: - default: 1 - examples: - - 1 - type: integer - ingress-class: - default: traefik - examples: - - traefik - type: string - listenLocal: - default: false - examples: - - false - type: boolean sub-domain: default: alertmanager examples: - alertmanager type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string app-group: default: monitor examples: - monitor type: string - logLevel: - default: info - examples: - - info - type: string images: default: alertmanager: @@ -75,15 +60,10 @@ options: type: string type: object type: object - issuer: - default: letsencrypt-prod + logLevel: + default: info examples: - - letsencrypt-prod - type: string - domain: - default: your-company - examples: - - your-company + - info type: string domain-name: default: your_company.com @@ -95,6 +75,26 @@ options: examples: - 120h type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + listenLocal: + default: false + examples: + - false + type: boolean + domain: + default: your-company + examples: + - your-company + type: string + replicas: + default: 1 + examples: + - 1 + type: integer dependencies: - dist: null category: share diff --git a/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml b/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml index c2bc098..46ce7ef 100644 --- a/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml +++ b/monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" spec: diff --git a/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml b/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml index 6aca347..58dffb6 100644 --- a/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml +++ b/monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" spec: diff --git a/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml b/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml index bfe0415..aaf094e 100644 --- a/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml +++ b/monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" spec: diff --git a/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml b/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml index d3bb531..ddd41c4 100644 --- a/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml +++ b/monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" data: diff --git a/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml b/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml index 77b9eee..eda6028 100644 --- a/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml +++ b/monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" data: diff --git a/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml b/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml index 9296671..d10ced8 100644 --- a/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml +++ b/monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: alertmanager - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "alertmanager" heritage: "Helm" automountServiceAccountToken: true \ No newline at end of file diff --git a/monitor/grafana/datas.tf b/monitor/grafana/datas.tf index c2a3b26..af51d56 100644 --- a/monitor/grafana/datas.tf +++ b/monitor/grafana/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/monitor/grafana/index.yaml b/monitor/grafana/index.yaml index ee3bf31..6f02b4e 100644 --- a/monitor/grafana/index.yaml +++ b/monitor/grafana/index.yaml @@ -6,6 +6,35 @@ metadata: name: grafana description: null options: + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object + sub-domain: + default: grafana + examples: + - grafana + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string images: default: busybox: @@ -103,59 +132,30 @@ options: type: string type: object type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - sub-domain: - default: grafana - examples: - - grafana - type: string - volume: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - app-group: - default: monitor - examples: - - monitor - type: string ingress-class: default: traefik examples: - traefik type: string + domain: + default: your-company + examples: + - your-company + type: string admin_name: default: grafana_admin examples: - grafana_admin type: string - domain: - default: your-company + app-group: + default: monitor examples: - - your-company + - monitor + type: string + domain-name: + default: your_company.com + examples: + - your_company.com type: string dependencies: [] providers: diff --git a/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml b/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml index ffbcf50..e3a2a62 100644 --- a/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml +++ b/monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: kube-state-metrics - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "kube-state-metrics" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml index 4a38d0c..611d723 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml index 30a3497..ee40b07 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml index 1e76836..fb16c9a 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml index 285541c..74396bd 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml index 1dae924..ae593a7 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml index 9c243d3..33c1319 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml index 5a5c966..951e038 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml index 51e7a43..f02012d 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml index 3937be1..962fdde 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml index f41b11a..fe1888c 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml index abbd892..06ddb7d 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml index d663cfe..a4260e6 100644 --- a/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml +++ b/monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" spec: diff --git a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml index 2726512..6c4130a 100644 --- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml +++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" data: diff --git a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml index 6d215b7..a9b2cd6 100644 --- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml +++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" data: diff --git a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml index fd34471..89de251 100644 --- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml +++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" data: diff --git a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml index 1aff53e..c5635f7 100644 --- a/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml +++ b/monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" data: diff --git a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml index a826c2c..e3370e5 100644 --- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml +++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" namespace: kube-system diff --git a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml index 3efa218..c189147 100644 --- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml +++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" namespace: kube-system diff --git a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml index 3fbe253..4d209b2 100644 --- a/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml +++ b/monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus-community - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus-community" heritage: "Helm" namespace: kube-system diff --git a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml index 0163827..cb2ab79 100644 --- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml +++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" spec: diff --git a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml index 8a50aa4..fb29b8e 100644 --- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml +++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" spec: diff --git a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml index 8142493..7341b5f 100644 --- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml +++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" spec: diff --git a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml index 7c03f2c..fe8fed4 100644 --- a/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml +++ b/monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" spec: diff --git a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml index 02bf43d..255ca74 100644 --- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml +++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" data: diff --git a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml index cd2ed96..3cb87c9 100644 --- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml +++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" data: diff --git a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml index 809d1f6..b9ea944 100644 --- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml +++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" data: diff --git a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml index 019c91f..51eedbe 100644 --- a/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml +++ b/monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: node-exporter - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "node-exporter" heritage: "Helm" data: diff --git a/monitor/prometheus/datas.tf b/monitor/prometheus/datas.tf index 7e6ba67..0bb6ac9 100644 --- a/monitor/prometheus/datas.tf +++ b/monitor/prometheus/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/monitor/prometheus/index.yaml b/monitor/prometheus/index.yaml index 1d60340..5c04bca 100644 --- a/monitor/prometheus/index.yaml +++ b/monitor/prometheus/index.yaml @@ -6,51 +6,26 @@ metadata: name: prometheus description: null options: - alertmanager: - default: alertmanager-alertmanager + listenLocal: + default: false examples: - - alertmanager-alertmanager + - false + type: boolean + retention: + default: 10d + examples: + - 10d type: string sub-domain: default: prometheus examples: - prometheus type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain: - default: your-company - examples: - - your-company - type: string - shards: - default: 1 - examples: - - 1 - type: integer ingress-class: default: traefik examples: - traefik type: string - enableAdminAPI: - default: false - examples: - - false - type: boolean - app-group: - default: monitor - examples: - - monitor - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string images: default: prometheus: @@ -90,12 +65,37 @@ options: type: string type: object type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain: + default: your-company + examples: + - your-company + type: string replicas: default: 1 examples: - 1 type: integer - listenLocal: + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + app-group: + default: monitor + examples: + - monitor + type: string + alertmanager: + default: alertmanager-alertmanager + examples: + - alertmanager-alertmanager + type: string + enableAdminAPI: default: false examples: - false @@ -105,11 +105,11 @@ options: examples: - info type: string - retention: - default: 10d + shards: + default: 1 examples: - - 10d - type: string + - 1 + type: integer dependencies: - dist: null category: share diff --git a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml index 132717f..c7b750e 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml index a3ae2c1..69295e1 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml index 9c95c18..5474a69 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml index 3c879b2..125e13d 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml index dcdfd8d..59455cf 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml index ff62b2a..55d1acf 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml @@ -8,9 +8,9 @@ metadata: app: kube-prometheus-stack-kubelet app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml index 64eb756..e1c49f1 100644 --- a/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" spec: diff --git a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml index c086ad0..f7e1d3b 100644 --- a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml @@ -8,9 +8,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" roleRef: diff --git a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml index 7677286..a820419 100644 --- a/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml @@ -8,9 +8,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" rules: diff --git a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml index 98a8c41..c40a6be 100644 --- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml +++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml @@ -10,9 +10,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: diff --git a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml index 0cdd8c8..0ea5b20 100644 --- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml +++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: diff --git a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml index 66e3d5b..9579597 100644 --- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml +++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: diff --git a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml index fe7eaf7..751b7ef 100644 --- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: diff --git a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml index 3fc85d4..443b1e3 100644 --- a/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml +++ b/monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml @@ -12,9 +12,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: diff --git a/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml index be03ff2..4fc5bbe 100644 --- a/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml @@ -10,9 +10,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" data: \ No newline at end of file diff --git a/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml b/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml index ed28374..9fe0791 100644 --- a/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml +++ b/monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" \ No newline at end of file diff --git a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml index c815d59..cc6c34e 100644 --- a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml +++ b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" namespace: kube-system diff --git a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml index 02f11d1..85ca323 100644 --- a/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml +++ b/monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml @@ -9,9 +9,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/instance: prometheus - app.kubernetes.io/version: "56.0.3" + app.kubernetes.io/version: "56.0.4" app.kubernetes.io/part-of: kube-prometheus-stack - chart: kube-prometheus-stack-56.0.3 + chart: kube-prometheus-stack-56.0.4 release: "prometheus" heritage: "Helm" namespace: kube-system diff --git a/share/accounts-management/datas.tf b/share/accounts-management/datas.tf index 5f9c468..5fbc842 100644 --- a/share/accounts-management/datas.tf +++ b/share/accounts-management/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/share/accounts-management/index.yaml b/share/accounts-management/index.yaml index 22ca2bd..f3a41fa 100644 --- a/share/accounts-management/index.yaml +++ b/share/accounts-management/index.yaml @@ -6,18 +6,6 @@ metadata: name: accounts-management description: null options: - employes: - default: - apps: [] - examples: - - apps: [] - properties: - apps: - default: [] - items: - type: string - type: array - type: object domain: default: your-company examples: @@ -57,6 +45,18 @@ options: default: false type: boolean type: object + employes: + default: + apps: [] + examples: + - apps: [] + properties: + apps: + default: [] + items: + type: string + type: array + type: object dependencies: - dist: null category: share diff --git a/share/authentik-forward/datas.tf b/share/authentik-forward/datas.tf index 5f9c468..5fbc842 100644 --- a/share/authentik-forward/datas.tf +++ b/share/authentik-forward/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/share/authentik-forward/index.yaml b/share/authentik-forward/index.yaml index 7788c8a..75a42c5 100644 --- a/share/authentik-forward/index.yaml +++ b/share/authentik-forward/index.yaml @@ -11,23 +11,23 @@ options: examples: - letsencrypt-prod type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string ingress-class: default: traefik examples: - traefik type: string - sub-domain: - default: null domain: default: your-company examples: - your-company type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + sub-domain: + default: null dependencies: - dist: null category: share diff --git a/share/authentik-forward/outpost-forward.tf b/share/authentik-forward/outpost-forward.tf index f771af4..d4cd993 100644 --- a/share/authentik-forward/outpost-forward.tf +++ b/share/authentik-forward/outpost-forward.tf @@ -1,9 +1,8 @@ locals { request_headers = { "Content-Type" = "application/json" - Authorization = "Bearer ${local.authentik-token}" + Authorization = "Bearer ${local.authentik_token}" } - authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] forward-outpost-json = jsondecode(data.http.get_forward_outpost.response_body).results forward-outpost-providers = length(local.forward-outpost-json)>0?(contains(local.forward-outpost-json[0].providers, authentik_provider_proxy.provider_forward.id)?local.forward-outpost-json[0].providers:concat(local.forward-outpost-json[0].providers, [authentik_provider_proxy.provider_forward.id])):[authentik_provider_proxy.provider_forward.id] } diff --git a/share/authentik-ldap/datas.tf b/share/authentik-ldap/datas.tf index 5f9c468..5fbc842 100644 --- a/share/authentik-ldap/datas.tf +++ b/share/authentik-ldap/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/share/authentik-ldap/outpost-ldap.tf b/share/authentik-ldap/outpost-ldap.tf index da52503..e0b97fa 100644 --- a/share/authentik-ldap/outpost-ldap.tf +++ b/share/authentik-ldap/outpost-ldap.tf @@ -1,9 +1,8 @@ locals { request_headers = { "Content-Type" = "application/json" - Authorization = "Bearer ${local.authentik-token}" + Authorization = "Bearer ${local.authentik_token}" } - authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] ldap-outpost-json = jsondecode(data.http.get_ldap_outpost.response_body).results ldap-outpost-prividers = length(local.ldap-outpost-json)>0?(contains(local.ldap-outpost-json[0].providers, authentik_provider_ldap.provider_ldap.id)?local.ldap-outpost-json[0].providers:concat(local.ldap-outpost-json[0].providers, [authentik_provider_ldap.provider_ldap.id])):[authentik_provider_ldap.provider_ldap.id] } diff --git a/share/authentik/apps_v1_Deployment_authentik-server.yaml b/share/authentik/apps_v1_Deployment_authentik-server.yaml index 794879e..6138bb0 100644 --- a/share/authentik/apps_v1_Deployment_authentik-server.yaml +++ b/share/authentik/apps_v1_Deployment_authentik-server.yaml @@ -4,13 +4,15 @@ kind: Deployment metadata: name: authentik-server labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "server" spec: + strategy: + {} selector: matchLabels: app.kubernetes.io/name: authentik @@ -22,16 +24,16 @@ spec: app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik app.kubernetes.io/component: "server" - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" annotations: - goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd + goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0 spec: enableServiceLinks: true securityContext: {} containers: - name: authentik - image: "ghcr.io/goauthentik/server:2023.8.3" + image: "ghcr.io/goauthentik/server:2023.10.6" imagePullPolicy: "IfNotPresent" args: ["server"] env: diff --git a/share/authentik/apps_v1_Deployment_authentik-worker.yaml b/share/authentik/apps_v1_Deployment_authentik-worker.yaml index 2ca9cd8..d7d6db8 100644 --- a/share/authentik/apps_v1_Deployment_authentik-worker.yaml +++ b/share/authentik/apps_v1_Deployment_authentik-worker.yaml @@ -4,13 +4,15 @@ kind: Deployment metadata: name: authentik-worker labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "worker" spec: + strategy: + {} selector: matchLabels: app.kubernetes.io/name: authentik @@ -22,9 +24,9 @@ spec: app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik app.kubernetes.io/component: "worker" - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" annotations: - goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd + goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0 spec: serviceAccountName: authentik enableServiceLinks: true @@ -32,7 +34,7 @@ spec: {} containers: - name: authentik - image: "ghcr.io/goauthentik/server:2023.8.3" + image: "ghcr.io/goauthentik/server:2023.10.6" imagePullPolicy: "IfNotPresent" args: ["worker"] env: diff --git a/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-server.yaml b/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-server.yaml index 605a0e7..289885e 100644 --- a/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-server.yaml +++ b/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-server.yaml @@ -4,10 +4,10 @@ kind: HorizontalPodAutoscaler metadata: name: authentik-server labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "server" spec: diff --git a/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-worker.yaml b/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-worker.yaml index 9d4c4ec..731f5dd 100644 --- a/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-worker.yaml +++ b/share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-worker.yaml @@ -4,10 +4,10 @@ kind: HorizontalPodAutoscaler metadata: name: authentik-worker labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "worker" spec: diff --git a/share/authentik/datas.tf b/share/authentik/datas.tf index 4179d9d..42b778e 100644 --- a/share/authentik/datas.tf +++ b/share/authentik/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index c2aa383..af46326 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,51 +6,11 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object - admin: - default: - email: auth-admin - examples: - - email: auth-admin - properties: - email: - default: auth-admin - type: string - type: object domain: default: your-company examples: - your-company type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string backups: default: enable: false @@ -130,16 +90,26 @@ options: default: false type: boolean type: object - sub-domain: - default: auth + postgres: + default: + replicas: 1 + storage: 8Gi + version: '14' examples: - - auth - type: string - loglevel: - default: info - examples: - - info - type: string + - replicas: 1 + storage: 8Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 8Gi + type: string + version: + default: '14' + type: string + type: object issuer: default: letsencrypt-prod examples: @@ -183,11 +153,6 @@ options: default: 8Gi type: string type: object - geoip: - default: /geoip/GeoLite2-City.mmdb - examples: - - /geoip/GeoLite2-City.mmdb - type: string image: default: project: goauthentik @@ -218,25 +183,60 @@ options: default: 2023.8.3 type: string type: object - postgres: - default: - replicas: 1 - storage: 8Gi - version: '14' + domain-name: + default: your_company.com examples: - - replicas: 1 - storage: 8Gi - version: '14' + - your_company.com + type: string + admin: + default: + email: auth-admin + examples: + - email: auth-admin properties: - replicas: - default: 1 + email: + default: auth-admin + type: string + type: object + sub-domain: + default: auth + examples: + - auth + type: string + geoip: + default: /geoip/GeoLite2-City.mmdb + examples: + - /geoip/GeoLite2-City.mmdb + type: string + loglevel: + default: info + examples: + - info + type: string + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false + examples: + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false + properties: + port: + default: 587 type: integer - storage: - default: 8Gi - type: string - version: - default: '14' - type: string + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean type: object dependencies: - dist: null diff --git a/share/authentik/monitoring.coreos.com_v1_PrometheusRule_authentik.yaml b/share/authentik/monitoring.coreos.com_v1_PrometheusRule_authentik.yaml index fde4c83..6f6e765 100644 --- a/share/authentik/monitoring.coreos.com_v1_PrometheusRule_authentik.yaml +++ b/share/authentik/monitoring.coreos.com_v1_PrometheusRule_authentik.yaml @@ -4,10 +4,10 @@ kind: PrometheusRule metadata: name: authentik labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm spec: groups: diff --git a/share/authentik/monitoring.coreos.com_v1_ServiceMonitor_authentik.yaml b/share/authentik/monitoring.coreos.com_v1_ServiceMonitor_authentik.yaml index d34f03e..31f6171 100644 --- a/share/authentik/monitoring.coreos.com_v1_ServiceMonitor_authentik.yaml +++ b/share/authentik/monitoring.coreos.com_v1_ServiceMonitor_authentik.yaml @@ -4,10 +4,10 @@ kind: ServiceMonitor metadata: name: authentik labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm spec: endpoints: diff --git a/share/authentik/v1_Service_authentik.yaml b/share/authentik/v1_Service_authentik.yaml index 1025246..2191e0e 100644 --- a/share/authentik/v1_Service_authentik.yaml +++ b/share/authentik/v1_Service_authentik.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: authentik labels: - helm.sh/chart: authentik-2023.8.3 + helm.sh/chart: authentik-2023.10.6 app.kubernetes.io/name: authentik app.kubernetes.io/instance: authentik - app.kubernetes.io/version: "2023.8.3" + app.kubernetes.io/version: "2023.10.6" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP diff --git a/share/dataset-pg/databases.tf b/share/dataset-pg/databases.tf index d988bfb..1fd3e2d 100644 --- a/share/dataset-pg/databases.tf +++ b/share/dataset-pg/databases.tf @@ -13,9 +13,9 @@ data "kubernetes_secret_v1" "postgresql_password" { } } locals { - pg-username = data.kubernetes_secret_v1.postgresql_password.data["username"] - pg-password = data.kubernetes_secret_v1.postgresql_password.data["password"] - pg-host = "${var.instance}-${var.component}-rw.${var.namespace}.svc" + pg_username = data.kubernetes_secret_v1.postgresql_password.data["username"] + pg_password = data.kubernetes_secret_v1.postgresql_password.data["password"] + pg_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc" sorted-db-name = reverse(distinct(sort([ for db in var.databases: db.name diff --git a/share/dataset-pg/directus.tf b/share/dataset-pg/directus.tf index 0ebdfd4..d98012d 100644 --- a/share/dataset-pg/directus.tf +++ b/share/dataset-pg/directus.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] directus-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "directus" }) diff --git a/share/dataset-pg/index.yaml b/share/dataset-pg/index.yaml index 4e28aa3..ebb5bee 100644 --- a/share/dataset-pg/index.yaml +++ b/share/dataset-pg/index.yaml @@ -6,11 +6,99 @@ metadata: name: dataset-pg description: null options: + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + retention: + default: + db: 30d + properties: + db: + default: 30d + type: string + type: object + schedule: + default: + db: 0 3 * * * + properties: + db: + default: 0 3 * * * + type: string + type: object + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object domain: default: your-company examples: - your-company type: string + sub-domain: + default: dataset-pg + examples: + - dataset-pg + type: string + app-group: + default: api + examples: + - api + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + storage: + default: 8Gi + examples: + - 8Gi + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + databases: + default: [] + items: + properties: + name: + default: db + type: string + type: object + type: array roles: default: [] items: @@ -20,16 +108,6 @@ options: type: string type: object type: array - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - storage: - default: 8Gi - examples: - - 8Gi - type: string extentions: default: directus: @@ -211,94 +289,16 @@ options: type: object type: object type: object - domain-name: - default: your_company.com + issuer: + default: letsencrypt-prod examples: - - your_company.com - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - sub-domain: - default: dataset-pg - examples: - - dataset-pg - type: string - databases: - default: [] - items: - properties: - name: - default: db - type: string - type: object - type: array - app-group: - default: api - examples: - - api + - letsencrypt-prod type: string replicas: default: 1 examples: - 1 type: integer - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - retention: - default: - db: 30d - properties: - db: - default: 30d - type: string - type: object - schedule: - default: - db: 0 3 * * * - properties: - db: - default: 0 3 * * * - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object dependencies: - dist: null category: dbo diff --git a/share/division/datas.tf b/share/division/datas.tf index 5f9c468..5fbc842 100644 --- a/share/division/datas.tf +++ b/share/division/datas.tf @@ -1,4 +1,6 @@ locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace diff --git a/share/division/index.yaml b/share/division/index.yaml index f0ee586..9616b8f 100644 --- a/share/division/index.yaml +++ b/share/division/index.yaml @@ -6,25 +6,6 @@ metadata: name: division description: null options: - domain: - default: your-company - examples: - - your-company - type: string - parent: - default: employes - enum: - - employes - - clients - - fournisseurs - examples: - - employes - type: string - apps: - default: [] - items: - type: string - type: array teams: default: [] items: @@ -39,6 +20,25 @@ options: type: string type: object type: array + apps: + default: [] + items: + type: string + type: array + parent: + default: employes + enum: + - employes + - clients + - fournisseurs + examples: + - employes + type: string + domain: + default: your-company + examples: + - your-company + type: string dependencies: - dist: null category: share diff --git a/share/dns/apps_v1_Deployment_coredns-coredns.yaml b/share/dns/apps_v1_Deployment_coredns.yaml similarity index 90% rename from share/dns/apps_v1_Deployment_coredns-coredns.yaml rename to share/dns/apps_v1_Deployment_coredns.yaml index e9a84f6..fa65e03 100644 --- a/share/dns/apps_v1_Deployment_coredns-coredns.yaml +++ b/share/dns/apps_v1_Deployment_coredns.yaml @@ -2,11 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: coredns-coredns + name: coredns + namespace: vynil-infra labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" @@ -31,11 +32,11 @@ spec: app.kubernetes.io/name: coredns app.kubernetes.io/instance: "coredns" annotations: - checksum/config: 227befce6fdf2b7aa0d9ef5ddca758639bbf97aacfcb812a93b6a0ac0c4eb4cc + checksum/config: 0dab27d2f5ecab7eb1c5816eff68a352ab76e84b7b285c1ab1520b184d7d9b31 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' spec: terminationGracePeriodSeconds: 30 - serviceAccountName: coredns-coredns + serviceAccountName: coredns dnsPolicy: Default containers: - name: "coredns" @@ -83,7 +84,7 @@ spec: volumes: - name: config-volume configMap: - name: coredns-coredns + name: coredns items: - key: Corefile path: Corefile \ No newline at end of file diff --git a/share/dns/index.yaml b/share/dns/index.yaml index 4702b31..bb598ec 100644 --- a/share/dns/index.yaml +++ b/share/dns/index.yaml @@ -6,40 +6,16 @@ metadata: name: dns description: null options: - image: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: coredns/coredns - tag: 1.11.1 - examples: - - pullPolicy: IfNotPresent - registry: docker.io - repository: coredns/coredns - tag: 1.11.1 - properties: - pullPolicy: - default: IfNotPresent - enum: - - Always - - Never - - IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: coredns/coredns - type: string - tag: - default: 1.11.1 - type: string - type: object domain-name: default: your_company.com examples: - your_company.com type: string + sub-domain: + default: dns + examples: + - dns + type: string zones: default: [] items: @@ -88,21 +64,45 @@ options: type: string type: object type: array - sub-domain: - default: dns + image: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: coredns/coredns + tag: 1.11.1 examples: - - dns + - pullPolicy: IfNotPresent + registry: docker.io + repository: coredns/coredns + tag: 1.11.1 + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: coredns/coredns + type: string + tag: + default: 1.11.1 + type: string + type: object + domain: + default: your-company + examples: + - your-company type: string forward: default: 192.168.1.254 examples: - 192.168.1.254 type: string - domain: - default: your-company - examples: - - your-company - type: string dependencies: [] providers: kubernetes: true diff --git a/share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml b/share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns.yaml similarity index 81% rename from share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml rename to share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns.yaml index 12c71c5..621e737 100644 --- a/share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml +++ b/share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: coredns-coredns + name: coredns labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" @@ -14,8 +14,8 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: coredns-coredns + name: coredns subjects: - kind: ServiceAccount - name: coredns-coredns + name: coredns namespace: vynil-infra \ No newline at end of file diff --git a/share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml b/share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns.yaml similarity index 90% rename from share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml rename to share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns.yaml index 7ad660a..e5ec45c 100644 --- a/share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml +++ b/share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: coredns-coredns + name: coredns labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" diff --git a/share/dns/v1_ConfigMap_coredns.yaml b/share/dns/v1_ConfigMap_coredns.yaml new file mode 100644 index 0000000..f011df1 --- /dev/null +++ b/share/dns/v1_ConfigMap_coredns.yaml @@ -0,0 +1,27 @@ +# Source: coredns/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: vynil-infra + labels: + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/instance: "coredns" + helm.sh/chart: "coredns-1.29.0" + k8s-app: coredns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" + app.kubernetes.io/name: coredns +data: + Corefile: |- + .:53 { + errors { + consolidate 5m ".* i/o timeout$" warning + consolidate 30s "^Failed to .+" + } + health { + lameduck 5s + } + ready + file /etc/coredns/toto.db toto + } \ No newline at end of file diff --git a/share/dns/v1_ServiceAccount_coredns-coredns.yaml b/share/dns/v1_ServiceAccount_coredns.yaml similarity index 80% rename from share/dns/v1_ServiceAccount_coredns-coredns.yaml rename to share/dns/v1_ServiceAccount_coredns.yaml index 3773c3f..75aec14 100644 --- a/share/dns/v1_ServiceAccount_coredns-coredns.yaml +++ b/share/dns/v1_ServiceAccount_coredns.yaml @@ -3,11 +3,12 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: coredns-coredns + name: coredns + namespace: vynil-infra labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" diff --git a/share/dns/v1_Service_coredns-coredns-metrics.yaml b/share/dns/v1_Service_coredns-metrics.yaml similarity index 87% rename from share/dns/v1_Service_coredns-coredns-metrics.yaml rename to share/dns/v1_Service_coredns-metrics.yaml index fc9b7e6..55c5553 100644 --- a/share/dns/v1_Service_coredns-coredns-metrics.yaml +++ b/share/dns/v1_Service_coredns-metrics.yaml @@ -2,11 +2,12 @@ apiVersion: v1 kind: Service metadata: - name: coredns-coredns-metrics + name: coredns-metrics + namespace: vynil-infra labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" diff --git a/share/dns/v1_Service_coredns-coredns.yaml b/share/dns/v1_Service_coredns.yaml similarity index 87% rename from share/dns/v1_Service_coredns-coredns.yaml rename to share/dns/v1_Service_coredns.yaml index 821f884..008de77 100644 --- a/share/dns/v1_Service_coredns-coredns.yaml +++ b/share/dns/v1_Service_coredns.yaml @@ -2,11 +2,12 @@ apiVersion: v1 kind: Service metadata: - name: coredns-coredns + name: coredns + namespace: vynil-infra labels: app.kubernetes.io/managed-by: "Helm" app.kubernetes.io/instance: "coredns" - helm.sh/chart: "coredns-1.27.1" + helm.sh/chart: "coredns-1.29.0" k8s-app: coredns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" diff --git a/share/organisation/gitea-user.tf b/share/organisation/gitea-user.tf index 7d88a9f..02fc2f1 100644 --- a/share/organisation/gitea-user.tf +++ b/share/organisation/gitea-user.tf @@ -1,5 +1,8 @@ locals { needUser = length(local.sorted-stages)>0 && var.haveGitea + gitea_host = "http://gitea-http.${var.domain}-ci.svc:3000/" + gitea_username = data.kubernetes_secret_v1.gitea.data["username"] + gitea_password = data.kubernetes_secret_v1.gitea.data["password"] } data "kubernetes_secret_v1" "gitea" { diff --git a/share/organisation/index.yaml b/share/organisation/index.yaml index b03232a..1e186cf 100644 --- a/share/organisation/index.yaml +++ b/share/organisation/index.yaml @@ -6,11 +6,27 @@ metadata: name: organisation description: null options: - domain-name: - default: your_company.com - examples: - - your_company.com - type: string + datasets: + default: [] + items: + properties: + engine: + default: pg + type: string + name: + default: '' + type: string + type: object + type: array + stages: + default: [] + items: + properties: + name: + default: prod + type: string + type: object + type: array ingress-class: default: traefik examples: @@ -21,15 +37,26 @@ options: examples: - false type: boolean - stages: - default: [] - items: - properties: - name: - default: prod - type: string - type: object - type: array + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string backups: default: enable: false @@ -60,53 +87,26 @@ options: default: backup-settings type: string type: object - datasets: - default: [] - items: - properties: - engine: - default: pg - type: string - name: - default: '' - type: string - type: object - type: array + app-group: + default: dev + examples: + - dev + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string domain: default: your-company examples: - your-company type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string gitea-ssh-domain: default: '' examples: - '' type: string - app-group: - default: dev - examples: - - dev - type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object dependencies: [] providers: kubernetes: true diff --git a/share/wildduck/scim.tf b/share/wildduck/scim.tf index c740fa8..d16d316 100644 --- a/share/wildduck/scim.tf +++ b/share/wildduck/scim.tf @@ -24,10 +24,11 @@ resource "authentik_provider_scim" "scim" { // Work-around missing features in the provider locals { - authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] request_headers = { "Content-Type" = "application/json" - Authorization = "Bearer ${local.authentik-token}" + Authorization = "Bearer ${local.authentik_token}" } }