vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-25 17:43:46 +01:00
parent e066715b9b
commit 0727fca591
124 changed files with 1848 additions and 1796 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
share/accounts-management/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

24
share/accounts-management/index.yaml
View File

@@ -6,18 +6,6 @@ metadata:
name: accounts-management
description: null
options:
employes:
default:
apps: []
examples:
- apps: []
properties:
apps:
default: []
items:
type: string
type: array
type: object
domain:
default: your-company
examples:
@@ -57,6 +45,18 @@ options:
default: false
type: boolean
type: object
employes:
default:
apps: []
examples:
- apps: []
properties:
apps:
default: []
items:
type: string
type: array
type: object
dependencies:
- dist: null
category: share

2
share/authentik-forward/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

14
share/authentik-forward/index.yaml
View File

@@ -11,23 +11,23 @@ options:
examples:
- letsencrypt-prod
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: null
domain:
default: your-company
examples:
- your-company
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
sub-domain:
default: null
dependencies:
- dist: null
category: share

3
share/authentik-forward/outpost-forward.tf
View File

@@ -1,9 +1,8 @@
locals {
request_headers = {
"Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}"
Authorization = "Bearer ${local.authentik_token}"
}
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
forward-outpost-json = jsondecode(data.http.get_forward_outpost.response_body).results
forward-outpost-providers = length(local.forward-outpost-json)>0?(contains(local.forward-outpost-json[0].providers, authentik_provider_proxy.provider_forward.id)?local.forward-outpost-json[0].providers:concat(local.forward-outpost-json[0].providers, [authentik_provider_proxy.provider_forward.id])):[authentik_provider_proxy.provider_forward.id]
}

2
share/authentik-ldap/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

3
share/authentik-ldap/outpost-ldap.tf
View File

@@ -1,9 +1,8 @@
locals {
request_headers = {
"Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}"
Authorization = "Bearer ${local.authentik_token}"
}
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
ldap-outpost-json = jsondecode(data.http.get_ldap_outpost.response_body).results
ldap-outpost-prividers = length(local.ldap-outpost-json)>0?(contains(local.ldap-outpost-json[0].providers, authentik_provider_ldap.provider_ldap.id)?local.ldap-outpost-json[0].providers:concat(local.ldap-outpost-json[0].providers, [authentik_provider_ldap.provider_ldap.id])):[authentik_provider_ldap.provider_ldap.id]
}

12
share/authentik/apps_v1_Deployment_authentik-server.yaml
View File

@@ -4,13 +4,15 @@ kind: Deployment
metadata:
name: authentik-server
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: "server"
spec:
strategy:
{}
selector:
matchLabels:
app.kubernetes.io/name: authentik
@@ -22,16 +24,16 @@ spec:
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/component: "server"
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
annotations:
goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd
goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0
spec:
enableServiceLinks: true
securityContext:
{}
containers:
- name: authentik
image: "ghcr.io/goauthentik/server:2023.8.3"
image: "ghcr.io/goauthentik/server:2023.10.6"
imagePullPolicy: "IfNotPresent"
args: ["server"]
env:

12
share/authentik/apps_v1_Deployment_authentik-worker.yaml
View File

@@ -4,13 +4,15 @@ kind: Deployment
metadata:
name: authentik-worker
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: "worker"
spec:
strategy:
{}
selector:
matchLabels:
app.kubernetes.io/name: authentik
@@ -22,9 +24,9 @@ spec:
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/component: "worker"
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
annotations:
goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd
goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0
spec:
serviceAccountName: authentik
enableServiceLinks: true
@@ -32,7 +34,7 @@ spec:
{}
containers:
- name: authentik
image: "ghcr.io/goauthentik/server:2023.8.3"
image: "ghcr.io/goauthentik/server:2023.10.6"
imagePullPolicy: "IfNotPresent"
args: ["worker"]
env:

4
share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-server.yaml
View File

@@ -4,10 +4,10 @@ kind: HorizontalPodAutoscaler
metadata:
name: authentik-server
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: "server"
spec:

4
share/authentik/autoscaling_v2_HorizontalPodAutoscaler_authentik-worker.yaml
View File

@@ -4,10 +4,10 @@ kind: HorizontalPodAutoscaler
metadata:
name: authentik-worker
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: "worker"
spec:

2
share/authentik/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

140
share/authentik/index.yaml
View File

@@ -6,51 +6,11 @@ metadata:
name: authentik
description: authentik is an open-source Identity Provider focused on flexibility and versatility
options:
email:
default:
port: 587
timeout: 30
use_ssl: false
use_tls: false
examples:
- port: 587
timeout: 30
use_ssl: false
use_tls: false
properties:
port:
default: 587
type: integer
timeout:
default: 30
type: integer
use_ssl:
default: false
type: boolean
use_tls:
default: false
type: boolean
type: object
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
email:
default: auth-admin
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
backups:
default:
enable: false
@@ -130,16 +90,26 @@ options:
default: false
type: boolean
type: object
sub-domain:
default: auth
postgres:
default:
replicas: 1
storage: 8Gi
version: '14'
examples:
- auth
type: string
loglevel:
default: info
examples:
- info
type: string
- replicas: 1
storage: 8Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 8Gi
type: string
version:
default: '14'
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
@@ -183,11 +153,6 @@ options:
default: 8Gi
type: string
type: object
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
image:
default:
project: goauthentik
@@ -218,25 +183,60 @@ options:
default: 2023.8.3
type: string
type: object
postgres:
default:
replicas: 1
storage: 8Gi
version: '14'
domain-name:
default: your_company.com
examples:
- replicas: 1
storage: 8Gi
version: '14'
- your_company.com
type: string
admin:
default:
email: auth-admin
examples:
- email: auth-admin
properties:
replicas:
default: 1
email:
default: auth-admin
type: string
type: object
sub-domain:
default: auth
examples:
- auth
type: string
geoip:
default: /geoip/GeoLite2-City.mmdb
examples:
- /geoip/GeoLite2-City.mmdb
type: string
loglevel:
default: info
examples:
- info
type: string
email:
default:
port: 587
timeout: 30
use_ssl: false
use_tls: false
examples:
- port: 587
timeout: 30
use_ssl: false
use_tls: false
properties:
port:
default: 587
type: integer
storage:
default: 8Gi
type: string
version:
default: '14'
type: string
timeout:
default: 30
type: integer
use_ssl:
default: false
type: boolean
use_tls:
default: false
type: boolean
type: object
dependencies:
- dist: null

4
share/authentik/monitoring.coreos.com_v1_PrometheusRule_authentik.yaml
View File

@@ -4,10 +4,10 @@ kind: PrometheusRule
metadata:
name: authentik
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
spec:
groups:

4
share/authentik/monitoring.coreos.com_v1_ServiceMonitor_authentik.yaml
View File

@@ -4,10 +4,10 @@ kind: ServiceMonitor
metadata:
name: authentik
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
spec:
endpoints:

4
share/authentik/v1_Service_authentik.yaml
View File

@@ -4,10 +4,10 @@ kind: Service
metadata:
name: authentik
labels:
helm.sh/chart: authentik-2023.8.3
helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3"
app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP

6
share/dataset-pg/databases.tf
View File

@@ -13,9 +13,9 @@ data "kubernetes_secret_v1" "postgresql_password" {
}
}
locals {
pg-username = data.kubernetes_secret_v1.postgresql_password.data["username"]
pg-password = data.kubernetes_secret_v1.postgresql_password.data["password"]
pg-host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
pg_username = data.kubernetes_secret_v1.postgresql_password.data["username"]
pg_password = data.kubernetes_secret_v1.postgresql_password.data["password"]
pg_host = "${var.instance}-${var.component}-rw.${var.namespace}.svc"
sorted-db-name = reverse(distinct(sort([
for db in var.databases: db.name

2
share/dataset-pg/directus.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
directus-labels = merge(local.common-labels, {
"app.kubernetes.io/component" = "directus"
})

182
share/dataset-pg/index.yaml
View File

@@ -6,11 +6,99 @@ metadata:
name: dataset-pg
description: null
options:
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
retention:
default:
db: 30d
properties:
db:
default: 30d
type: string
type: object
schedule:
default:
db: 0 3 * * *
properties:
db:
default: 0 3 * * *
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
sub-domain:
default: dataset-pg
examples:
- dataset-pg
type: string
app-group:
default: api
examples:
- api
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
storage:
default: 8Gi
examples:
- 8Gi
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
databases:
default: []
items:
properties:
name:
default: db
type: string
type: object
type: array
roles:
default: []
items:
@@ -20,16 +108,6 @@ options:
type: string
type: object
type: array
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
storage:
default: 8Gi
examples:
- 8Gi
type: string
extentions:
default:
directus:
@@ -211,94 +289,16 @@ options:
type: object
type: object
type: object
domain-name:
default: your_company.com
issuer:
default: letsencrypt-prod
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: dataset-pg
examples:
- dataset-pg
type: string
databases:
default: []
items:
properties:
name:
default: db
type: string
type: object
type: array
app-group:
default: api
examples:
- api
- letsencrypt-prod
type: string
replicas:
default: 1
examples:
- 1
type: integer
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
retention:
db: 30d
schedule:
db: 0 3 * * *
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
retention:
default:
db: 30d
properties:
db:
default: 30d
type: string
type: object
schedule:
default:
db: 0 3 * * *
properties:
db:
default: 0 3 * * *
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
dependencies:
- dist: null
category: dbo

2
share/division/datas.tf
View File

@@ -1,4 +1,6 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace

38
share/division/index.yaml
View File

@@ -6,25 +6,6 @@ metadata:
name: division
description: null
options:
domain:
default: your-company
examples:
- your-company
type: string
parent:
default: employes
enum:
- employes
- clients
- fournisseurs
examples:
- employes
type: string
apps:
default: []
items:
type: string
type: array
teams:
default: []
items:
@@ -39,6 +20,25 @@ options:
type: string
type: object
type: array
apps:
default: []
items:
type: string
type: array
parent:
default: employes
enum:
- employes
- clients
- fournisseurs
examples:
- employes
type: string
domain:
default: your-company
examples:
- your-company
type: string
dependencies:
- dist: null
category: share

11
share/dns/apps_v1_Deployment_coredns-coredns.yaml → share/dns/apps_v1_Deployment_coredns.yaml
View File

@@ -2,11 +2,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: coredns-coredns
name: coredns
namespace: vynil-infra
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
@@ -31,11 +32,11 @@ spec:
app.kubernetes.io/name: coredns
app.kubernetes.io/instance: "coredns"
annotations:
checksum/config: 227befce6fdf2b7aa0d9ef5ddca758639bbf97aacfcb812a93b6a0ac0c4eb4cc
checksum/config: 0dab27d2f5ecab7eb1c5816eff68a352ab76e84b7b285c1ab1520b184d7d9b31
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
terminationGracePeriodSeconds: 30
serviceAccountName: coredns-coredns
serviceAccountName: coredns
dnsPolicy: Default
containers:
- name: "coredns"
@@ -83,7 +84,7 @@ spec:
volumes:
- name: config-volume
configMap:
name: coredns-coredns
name: coredns
items:
- key: Corefile
path: Corefile

74
share/dns/index.yaml
View File

@@ -6,40 +6,16 @@ metadata:
name: dns
description: null
options:
image:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.11.1
examples:
- pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.11.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: coredns/coredns
type: string
tag:
default: 1.11.1
type: string
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
sub-domain:
default: dns
examples:
- dns
type: string
zones:
default: []
items:
@@ -88,21 +64,45 @@ options:
type: string
type: object
type: array
sub-domain:
default: dns
image:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.11.1
examples:
- dns
- pullPolicy: IfNotPresent
registry: docker.io
repository: coredns/coredns
tag: 1.11.1
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: coredns/coredns
type: string
tag:
default: 1.11.1
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
forward:
default: 192.168.1.254
examples:
- 192.168.1.254
type: string
domain:
default: your-company
examples:
- your-company
type: string
dependencies: []
providers:
kubernetes: true

8
share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns-coredns.yaml → share/dns/rbac.authorization.k8s.io_v1_ClusterRoleBinding_coredns.yaml
View File

@@ -2,11 +2,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: coredns-coredns
name: coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
@@ -14,8 +14,8 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: coredns-coredns
name: coredns
subjects:
- kind: ServiceAccount
name: coredns-coredns
name: coredns
namespace: vynil-infra

4
share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns-coredns.yaml → share/dns/rbac.authorization.k8s.io_v1_ClusterRole_coredns.yaml
View File

@@ -2,11 +2,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: coredns-coredns
name: coredns
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"

27
share/dns/v1_ConfigMap_coredns.yaml Normal file
View File

@@ -0,0 +1,27 @@
# Source: coredns/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: vynil-infra
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"
app.kubernetes.io/name: coredns
data:
Corefile: |-
.:53 {
errors {
consolidate 5m ".* i/o timeout$" warning
consolidate 30s "^Failed to .+"
}
health {
lameduck 5s
}
ready
file /etc/coredns/toto.db toto
}

5
share/dns/v1_ServiceAccount_coredns-coredns.yaml → share/dns/v1_ServiceAccount_coredns.yaml
View File

@@ -3,11 +3,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: coredns-coredns
name: coredns
namespace: vynil-infra
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"

5
share/dns/v1_Service_coredns-coredns-metrics.yaml → share/dns/v1_Service_coredns-metrics.yaml
View File

@@ -2,11 +2,12 @@
apiVersion: v1
kind: Service
metadata:
name: coredns-coredns-metrics
name: coredns-metrics
namespace: vynil-infra
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"

5
share/dns/v1_Service_coredns-coredns.yaml → share/dns/v1_Service_coredns.yaml
View File

@@ -2,11 +2,12 @@
apiVersion: v1
kind: Service
metadata:
name: coredns-coredns
name: coredns
namespace: vynil-infra
labels:
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "coredns"
helm.sh/chart: "coredns-1.27.1"
helm.sh/chart: "coredns-1.29.0"
k8s-app: coredns
kubernetes.io/cluster-service: "true"
kubernetes.io/name: "CoreDNS"

3
share/organisation/gitea-user.tf
View File

@@ -1,5 +1,8 @@
locals {
needUser = length(local.sorted-stages)>0 && var.haveGitea
gitea_host = "http://gitea-http.${var.domain}-ci.svc:3000/"
gitea_username = data.kubernetes_secret_v1.gitea.data["username"]
gitea_password = data.kubernetes_secret_v1.gitea.data["password"]
}
data "kubernetes_secret_v1" "gitea" {

102
share/organisation/index.yaml
View File

@@ -6,11 +6,27 @@ metadata:
name: organisation
description: null
options:
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
datasets:
default: []
items:
properties:
engine:
default: pg
type: string
name:
default: ''
type: string
type: object
type: array
stages:
default: []
items:
properties:
name:
default: prod
type: string
type: object
type: array
ingress-class:
default: traefik
examples:
@@ -21,15 +37,26 @@ options:
examples:
- false
type: boolean
stages:
default: []
items:
properties:
name:
default: prod
type: string
type: object
type: array
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
backups:
default:
enable: false
@@ -60,53 +87,26 @@ options:
default: backup-settings
type: string
type: object
datasets:
default: []
items:
properties:
engine:
default: pg
type: string
name:
default: ''
type: string
type: object
type: array
app-group:
default: dev
examples:
- dev
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
gitea-ssh-domain:
default: ''
examples:
- ''
type: string
app-group:
default: dev
examples:
- dev
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
dependencies: []
providers:
kubernetes: true

5
share/wildduck/scim.tf
View File

@@ -24,10 +24,11 @@ resource "authentik_provider_scim" "scim" {
// Work-around missing features in the provider
locals {
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
request_headers = {
"Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}"
Authorization = "Bearer ${local.authentik_token}"
}
}