vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-25 17:43:46 +01:00
parent e066715b9b
commit 0727fca591
124 changed files with 1848 additions and 1796 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/code-server/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

58
apps/code-server/index.yaml
View File

@@ -6,11 +6,21 @@ metadata:
name: code-server name: code-server
description: null description: null
options: options:
app-group:
default: dev
examples:
- dev
type: string
sub-domain: sub-domain:
default: code default: code
examples: examples:
- code - code
type: string type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
storage: storage:
default: default:
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
@@ -38,30 +48,10 @@ options:
- Block - Block
type: string type: string
type: object type: object
issuer: domain-name:
default: letsencrypt-prod default: your_company.com
examples: examples:
- letsencrypt-prod - your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
app-group:
default: dev
examples:
- dev
type: string
no-editor:
default: false
examples:
- false
type: boolean
domain:
default: your-company
examples:
- your-company
type: string type: string
images: images:
default: default:
@@ -102,15 +92,20 @@ options:
type: number type: number
type: object type: object
type: object type: object
timezone: domain:
default: Europe/Paris default: your-company
examples: examples:
- Europe/Paris - your-company
type: string type: string
domain-name: no-editor:
default: your_company.com default: false
examples: examples:
- your_company.com - false
type: boolean
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string type: string
admin: admin:
default: default:
@@ -127,6 +122,11 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
timezone:
default: Europe/Paris
examples:
- Europe/Paris
type: string
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
apps/dbgate/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

149
apps/dbgate/index.yaml
View File

@@ -6,7 +6,7 @@ metadata:
name: dbgate name: dbgate
description: null description: null
options: options:
maria: mongo:
default: [] default: []
examples: examples:
- [] - []
@@ -35,21 +35,48 @@ options:
type: string type: string
type: object type: object
type: array type: array
storage:
default:
accessMode: ReadWriteOnce
size: 1Gi
type: Filesystem
examples:
- accessMode: ReadWriteOnce
size: 1Gi
type: Filesystem
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 1Gi
type: string
type:
default: Filesystem
enum:
- Filesystem
- Block
type: string
type: object
domain: domain:
default: your-company default: your-company
examples: examples:
- your-company - your-company
type: string type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub-domain: sub-domain:
default: dbgate default: dbgate
examples: examples:
- dbgate - dbgate
type: string type: string
app-group:
default: dev
examples:
- dev
type: string
pg: pg:
default: [] default: []
examples: examples:
@@ -79,35 +106,16 @@ options:
type: string type: string
type: object type: object
type: array type: array
mongo: domain-name:
default: [] default: your_company.com
examples: examples:
- [] - your_company.com
items: type: string
properties: app-group:
dbname: default: dev
default: '' examples:
type: string - dev
name: type: string
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
images: images:
default: default:
dbgate: dbgate:
@@ -147,11 +155,6 @@ options:
type: string type: string
type: object type: object
type: object type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
redis: redis:
default: [] default: []
examples: examples:
@@ -166,47 +169,41 @@ options:
type: string type: string
type: object type: object
type: array type: array
domain-name: ingress-class:
default: your_company.com default: traefik
examples: examples:
- your_company.com - traefik
type: string type: string
storage: maria:
default: default: []
accessMode: ReadWriteOnce
size: 1Gi
type: Filesystem
examples: examples:
- accessMode: ReadWriteOnce - []
size: 1Gi items:
type: Filesystem properties:
properties: dbname:
accessMode: default: ''
default: ReadWriteOnce type: string
enum: name:
- ReadWriteOnce default: ''
- ReadOnlyMany type: string
- ReadWriteMany namespace:
type: string default: ''
size: type: string
default: 1Gi secret:
type: string properties:
type: key:
default: Filesystem default: ''
enum: type: string
- Filesystem name:
- Block default: ''
type: string type: string
type: object type: object
issuer: username:
default: letsencrypt-prod default: ''
examples: type: string
- letsencrypt-prod type: object
type: string type: array
dependencies: dependencies:
- dist: null
category: share
component: authentik-forward
- dist: null - dist: null
category: core category: core
component: secret-generator component: secret-generator

322
apps/dolibarr/index.yaml
View File

@@ -6,84 +6,6 @@ metadata:
name: dolibarr name: dolibarr
description: null description: null
options: options:
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.12
type: string
storage:
default: 2Gi
type: string
type: object
sub-domain:
default: erp
examples:
- erp
type: string
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
user-groups:
default:
- admin: true
name: dolibarr-admin
examples:
- - admin: true
name: dolibarr-admin
items:
properties:
admin:
type: boolean
name:
type: string
type: object
type: array
log-level:
default: 5
examples:
- 5
type: integer
parameters: parameters:
default: default:
MAIN_LANG_DEFAULT: auto MAIN_LANG_DEFAULT: auto
@@ -94,6 +16,14 @@ options:
default: auto default: auto
type: string type: string
type: object type: object
modules:
default:
- societe
examples:
- - societe
items:
type: string
type: array
images: images:
default: default:
dolibarr: dolibarr:
@@ -159,6 +89,120 @@ options:
type: string type: string
type: object type: object
type: object type: object
sub-domain:
default: erp
examples:
- erp
type: string
resources:
default:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 100Mi
examples:
- limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 100Mi
properties:
limits:
default:
cpu: 200m
memory: 256Mi
properties:
cpu:
default: 200m
type: string
memory:
default: 256Mi
type: string
type: object
requests:
default:
cpu: 50m
memory: 100Mi
properties:
cpu:
default: 50m
type: string
memory:
default: 100Mi
type: string
type: object
type: object
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.12
type: string
storage:
default: 2Gi
type: string
type: object
app-group:
default: ''
examples:
- ''
type: string
backups: backups:
default: default:
enable: false enable: false
@@ -265,31 +309,11 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
domain: domain:
default: your-company default: your-company
examples: examples:
- your-company - your-company
type: string type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
app-group:
default: ''
examples:
- ''
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
storage: storage:
default: default:
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
@@ -317,75 +341,51 @@ options:
- block - block
type: string type: string
type: object type: object
resources: ingress-class:
default: default: traefik
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 100Mi
examples: examples:
- limits: - traefik
cpu: 200m type: string
memory: 256Mi log-level:
requests: default: 5
cpu: 50m
memory: 100Mi
properties:
limits:
default:
cpu: 200m
memory: 256Mi
properties:
cpu:
default: 200m
type: string
memory:
default: 256Mi
type: string
type: object
requests:
default:
cpu: 50m
memory: 100Mi
properties:
cpu:
default: 50m
type: string
memory:
default: 100Mi
type: string
type: object
type: object
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples: examples:
- replicas: 1 - 5
storage: 5Gi type: integer
version: '14' user-groups:
default:
- admin: true
name: dolibarr-admin
examples:
- - admin: true
name: dolibarr-admin
items:
properties:
admin:
type: boolean
name:
type: string
type: object
type: array
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties: properties:
replicas: avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1 default: 1
type: integer type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object type: object
modules:
default:
- societe
examples:
- - societe
items:
type: string
type: array
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

5
apps/dolibarr/ldap.tf
View File

@@ -8,10 +8,11 @@ locals {
base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name)))) base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name))))
base-group-dn = format("ou=groups,%s", local.base-dn) base-group-dn = format("ou=groups,%s", local.base-dn)
base-user-dn = format("ou=users,%s", local.base-dn) base-user-dn = format("ou=users,%s", local.base-dn)
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
request_headers = { request_headers = {
"Content-Type" = "application/json" "Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}" Authorization = "Bearer ${local.authentik_token}"
} }
ldap-outpost-providers = jsondecode(data.http.get_ldap_outpost.response_body).results[0].providers ldap-outpost-providers = jsondecode(data.http.get_ldap_outpost.response_body).results[0].providers
ldap-outpost-pk = jsondecode(data.http.get_ldap_outpost.response_body).results[0].pk ldap-outpost-pk = jsondecode(data.http.get_ldap_outpost.response_body).results[0].pk

2
apps/gitea/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

2
apps/gitea/index.rhai
View File

@@ -4,7 +4,7 @@ const SRC=src;
const DEST=dest; const DEST=dest;
fn pre_pack() { fn pre_pack() {
shell("helm repo add gitea-charts https://dl.gitea.io/charts/"); shell("helm repo add gitea-charts https://dl.gitea.io/charts/");
shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci --values values.yml >${global::SRC}/chart.yaml`); shell(`helm template gitea --version 9.5.0 gitea-charts/gitea --namespace=vynil-ci -a "monitoring.coreos.com/v1/ServiceMonitor" -a "monitoring.coreos.com/v1/PrometheusRule" --values values.yml >${global::SRC}/chart.yaml`);
} }
fn post_pack() { fn post_pack() {
shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`); shell(`rm -f ${global::DEST}/v1_Pod_gitea-test-connection.yaml`);

366
apps/gitea/index.yaml
View File

@@ -9,183 +9,16 @@ metadata:
A painless self-hosted Git service. A painless self-hosted Git service.
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
options: options:
default-branch: theme:
default: main default: gitea-modern
examples: examples:
- main - gitea-modern
type: string
replicas:
default: 1
examples:
- 1
type: integer
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.12
type: string
storage:
default: 2Gi
type: string
type: object
webhook:
default:
allowed-hosts: private
skip-tls-verify: false
examples:
- allowed-hosts: private
skip-tls-verify: false
properties:
allowed-hosts:
default: private
type: string
skip-tls-verify:
default: false
type: boolean
type: object
release:
default: 8.3.0
examples:
- 8.3.0
type: string
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
sub-domain:
default: git
examples:
- git
type: string
domain:
default: your-company
examples:
- your-company
type: string type: string
issuer: issuer:
default: letsencrypt-prod default: letsencrypt-prod
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
admin:
default:
email: git-admin@git.your_company.com
name: gitea_admin
examples:
- email: git-admin@git.your_company.com
name: gitea_admin
properties:
email:
default: git-admin@git.your_company.com
type: string
name:
default: gitea_admin
type: string
type: object
postgres:
default:
replicas: 1
storage: 10Gi
version: '14'
examples:
- replicas: 1
storage: 10Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 10Gi
type: string
version:
default: '14'
type: string
type: object
disable-registration:
default: true
examples:
- true
type: boolean
ssh-port:
default: 2222
examples:
- 2222
type: integer
load-balancer:
default:
ip: ''
examples:
- ip: ''
properties:
ip:
default: ''
type: string
type: object
push-create:
default:
org: 'true'
private: 'false'
user: 'true'
examples:
- org: 'true'
private: 'false'
user: 'true'
properties:
org:
default: 'true'
type: string
private:
default: 'false'
type: string
user:
default: 'true'
type: string
type: object
images: images:
default: default:
gitea: gitea:
@@ -225,25 +58,142 @@ options:
type: string type: string
type: object type: object
type: object type: object
app-group: load-balancer:
default: dev default:
ip: ''
examples: examples:
- dev - ip: ''
type: string properties:
theme: ip:
default: gitea-modern default: ''
type: string
type: object
timezone:
default: Europe/Paris
examples: examples:
- gitea-modern - Europe/Paris
type: string type: string
admin:
default:
email: git-admin@git.your_company.com
name: gitea_admin
examples:
- email: git-admin@git.your_company.com
name: gitea_admin
properties:
email:
default: git-admin@git.your_company.com
type: string
name:
default: gitea_admin
type: string
type: object
postgres:
default:
replicas: 1
storage: 10Gi
version: '14'
examples:
- replicas: 1
storage: 10Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 10Gi
type: string
version:
default: '14'
type: string
type: object
replicas:
default: 1
examples:
- 1
type: integer
domain:
default: your-company
examples:
- your-company
type: string
release:
default: 8.3.0
examples:
- 8.3.0
type: string
redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties:
exporter:
default:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
properties:
enabled:
default: true
type: boolean
image:
default: quay.io/opstree/redis-exporter:v1.44.0
type: string
type: object
image:
default: quay.io/opstree/redis:v7.0.12
type: string
storage:
default: 2Gi
type: string
type: object
ssh-sub-domain: ssh-sub-domain:
default: git default: git
examples: examples:
- git - git
type: string type: string
domain-name: ssh-port:
default: your_company.com default: 2222
examples: examples:
- your_company.com - 2222
type: integer
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
app-group:
default: dev
examples:
- dev
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string type: string
backups: backups:
default: default:
@@ -351,10 +301,60 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
timezone: sub-domain:
default: Europe/Paris default: git
examples: examples:
- Europe/Paris - git
type: string
default-branch:
default: main
examples:
- main
type: string
push-create:
default:
org: 'true'
private: 'false'
user: 'true'
examples:
- org: 'true'
private: 'false'
user: 'true'
properties:
org:
default: 'true'
type: string
private:
default: 'false'
type: string
user:
default: 'true'
type: string
type: object
disable-registration:
default: true
examples:
- true
type: boolean
webhook:
default:
allowed-hosts: private
skip-tls-verify: false
examples:
- allowed-hosts: private
skip-tls-verify: false
properties:
allowed-hosts:
default: private
type: string
skip-tls-verify:
default: false
type: boolean
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string type: string
dependencies: dependencies:
- dist: null - dist: null

2
apps/gramo/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

50
apps/gramo/index.yaml
View File

@@ -6,22 +6,22 @@ metadata:
name: gramo name: gramo
description: null description: null
options: options:
app-group:
default: infra
examples:
- infra
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
domain: domain:
default: your-company default: your-company
examples: examples:
- your-company - your-company
type: string type: string
managed: ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: gramo
examples:
- gramo
type: string
cluster-admin:
default: false default: false
examples: examples:
- false - false
@@ -65,31 +65,31 @@ options:
type: string type: string
type: object type: object
type: object type: object
cluster-admin: managed:
default: false default: false
examples: examples:
- false - false
type: boolean type: boolean
issuer: domain-name:
default: letsencrypt-prod default: your_company.com
examples: examples:
- letsencrypt-prod - your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: gramo
examples:
- gramo
type: string type: string
namespaces: namespaces:
default: [] default: []
items: items:
type: string type: string
type: array type: array
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
app-group:
default: infra
examples:
- infra
type: string
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
apps/k8s-api/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

22
apps/k8s-api/index.yaml
View File

@@ -6,30 +6,30 @@ metadata:
name: k8s-api name: k8s-api
description: Access to the kubernetes api description: Access to the kubernetes api
options: options:
domain-name: ingress-class:
default: your_company.com default: traefik
examples: examples:
- your_company.com - traefik
type: string type: string
domain: domain:
default: your-company default: your-company
examples: examples:
- your-company - your-company
type: string type: string
sub-domain:
default: api
examples:
- api
type: string
issuer: issuer:
default: letsencrypt-prod default: letsencrypt-prod
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
ingress-class: domain-name:
default: traefik default: your_company.com
examples: examples:
- traefik - your_company.com
type: string
sub-domain:
default: api
examples:
- api
type: string type: string
dependencies: dependencies:
- dist: null - dist: null

8
apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-metrics name: nextcloud-metrics
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics app.kubernetes.io/component: metrics
@@ -27,7 +27,7 @@ spec:
spec: spec:
containers: containers:
- name: metrics-exporter - name: metrics-exporter
image: "xperimental/nextcloud-exporter:0.6.1" image: "xperimental/nextcloud-exporter:0.6.2"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: NEXTCLOUD_USERNAME - name: NEXTCLOUD_USERNAME
@@ -41,8 +41,8 @@ spec:
name: nextcloud name: nextcloud
key: nextcloud-password key: nextcloud-password
# NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
- name: NEXTCLOUD_SERVER - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local
value: http://nextcloud:80 value: "http://nextcloud.vynil-cloud.svc.cluster.local:80"
- name: NEXTCLOUD_TIMEOUT - name: NEXTCLOUD_TIMEOUT
value: 5s value: 5s
- name: NEXTCLOUD_TLS_SKIP_VERIFY - name: NEXTCLOUD_TLS_SKIP_VERIFY

294
apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud name: nextcloud
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app app.kubernetes.io/component: app
@@ -30,154 +30,154 @@ spec:
nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
spec: spec:
containers: containers:
- name: nextcloud - name: nextcloud
image: nextcloud:27.1.3-apache image: nextcloud:28.0.1-apache
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
env: env:
- name: POSTGRES_HOST
value: - name: POSTGRES_HOST
- name: POSTGRES_DB value:
value: "nextcloud" - name: POSTGRES_DB
- name: POSTGRES_USER value: "nextcloud"
valueFrom: - name: POSTGRES_USER
secretKeyRef: valueFrom:
name: nextcloud-db secretKeyRef:
key: username name: nextcloud-db
- name: POSTGRES_PASSWORD key: username
valueFrom: - name: POSTGRES_PASSWORD
secretKeyRef: valueFrom:
name: nextcloud-db secretKeyRef:
key: password name: nextcloud-db
- name: NEXTCLOUD_ADMIN_USER key: password
valueFrom: - name: NEXTCLOUD_ADMIN_USER
secretKeyRef: valueFrom:
name: nextcloud secretKeyRef:
key: nextcloud-username name: nextcloud
- name: NEXTCLOUD_ADMIN_PASSWORD key: nextcloud-username
valueFrom: - name: NEXTCLOUD_ADMIN_PASSWORD
secretKeyRef: valueFrom:
name: nextcloud secretKeyRef:
key: nextcloud-password name: nextcloud
- name: NEXTCLOUD_TRUSTED_DOMAINS key: nextcloud-password
value: nextcloud.kube.home - name: NEXTCLOUD_TRUSTED_DOMAINS
- name: NEXTCLOUD_UPDATE value: nextcloud.kube.home
value: "1" - name: NEXTCLOUD_UPDATE
- name: NEXTCLOUD_DATA_DIR value: "1"
value: "/var/www/html/data" - name: NEXTCLOUD_DATA_DIR
resources: value: "/var/www/html/data"
{} resources:
volumeMounts: {}
- name: nextcloud-main volumeMounts:
mountPath: /var/www/ - name: nextcloud-main
subPath: root mountPath: /var/www/
- name: nextcloud-main subPath: root
mountPath: /var/www/html - name: nextcloud-main
subPath: html mountPath: /var/www/html
- name: nextcloud-main subPath: html
mountPath: /var/www/html/data - name: nextcloud-main
subPath: data mountPath: /var/www/html/data
- name: nextcloud-main subPath: data
mountPath: /var/www/html/config - name: nextcloud-main
subPath: config mountPath: /var/www/html/config
- name: nextcloud-main subPath: config
mountPath: /var/www/html/custom_apps - name: nextcloud-main
subPath: custom_apps mountPath: /var/www/html/custom_apps
- name: nextcloud-main subPath: custom_apps
mountPath: /var/www/tmp - name: nextcloud-main
subPath: tmp mountPath: /var/www/tmp
- name: nextcloud-main subPath: tmp
mountPath: /var/www/html/themes - name: nextcloud-main
subPath: themes mountPath: /var/www/html/themes
- name: nextcloud-config subPath: themes
mountPath: /var/www/html/config/locale.config.php - name: nextcloud-config
subPath: locale.config.php mountPath: /var/www/html/config/locale.config.php
- name: nextcloud-config subPath: locale.config.php
mountPath: /var/www/html/config/redis.config.php - name: nextcloud-config
subPath: redis.config.php mountPath: /var/www/html/config/redis.config.php
- name: nextcloud-config subPath: redis.config.php
mountPath: /var/www/html/config/.htaccess - name: nextcloud-config
subPath: .htaccess mountPath: /var/www/html/config/.htaccess
- name: nextcloud-config subPath: .htaccess
mountPath: /var/www/html/config/apcu.config.php - name: nextcloud-config
subPath: apcu.config.php mountPath: /var/www/html/config/apcu.config.php
- name: nextcloud-config subPath: apcu.config.php
mountPath: /var/www/html/config/apps.config.php - name: nextcloud-config
subPath: apps.config.php mountPath: /var/www/html/config/apps.config.php
- name: nextcloud-config subPath: apps.config.php
mountPath: /var/www/html/config/autoconfig.php - name: nextcloud-config
subPath: autoconfig.php mountPath: /var/www/html/config/autoconfig.php
- name: nextcloud-config subPath: autoconfig.php
mountPath: /var/www/html/config/smtp.config.php - name: nextcloud-config
subPath: smtp.config.php mountPath: /var/www/html/config/smtp.config.php
- name: nextcloud-nginx subPath: smtp.config.php
image: "nginx:alpine" - name: nextcloud-nginx
imagePullPolicy: IfNotPresent image: "nginx:alpine"
ports: imagePullPolicy: IfNotPresent
- name: http ports:
containerPort: 80 - name: http
protocol: TCP protocol: TCP
livenessProbe: containerPort: 80
httpGet: livenessProbe:
path: /status.php httpGet:
port: http path: /status.php
httpHeaders: port: 80
- name: Host httpHeaders:
value: "nextcloud.kube.home" - name: Host
initialDelaySeconds: 10 value: "nextcloud.kube.home"
periodSeconds: 10 initialDelaySeconds: 10
timeoutSeconds: 5 periodSeconds: 10
successThreshold: 1 timeoutSeconds: 5
failureThreshold: 3 successThreshold: 1
readinessProbe: failureThreshold: 3
httpGet: readinessProbe:
path: /status.php httpGet:
port: 80 path: /status.php
httpHeaders: port: 80
- name: Host httpHeaders:
value: "nextcloud.kube.home" - name: Host
initialDelaySeconds: 10 value: "nextcloud.kube.home"
periodSeconds: 10 initialDelaySeconds: 10
timeoutSeconds: 5 periodSeconds: 10
successThreshold: 1 timeoutSeconds: 5
failureThreshold: 3 successThreshold: 1
failureThreshold: 3
resources: resources:
{} {}
volumeMounts: volumeMounts:
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/ mountPath: /var/www/
subPath: root subPath: root
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/html mountPath: /var/www/html
subPath: html subPath: html
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/html/data mountPath: /var/www/html/data
subPath: data subPath: data
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/html/config mountPath: /var/www/html/config
subPath: config subPath: config
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/html/custom_apps mountPath: /var/www/html/custom_apps
subPath: custom_apps subPath: custom_apps
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/tmp mountPath: /var/www/tmp
subPath: tmp subPath: tmp
- name: nextcloud-main - name: nextcloud-main
mountPath: /var/www/html/themes mountPath: /var/www/html/themes
subPath: themes subPath: themes
- name: nextcloud-nginx-config - name: nextcloud-nginx-config
mountPath: /etc/nginx/nginx.conf mountPath: /etc/nginx/conf.d/
subPath: nginx.conf
volumes: volumes:
- name: nextcloud-main - name: nextcloud-main
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-nextcloud claimName: nextcloud-nextcloud
- name: nextcloud-config - name: nextcloud-config
configMap: configMap:
name: nextcloud-config name: nextcloud-config
- name: nextcloud-nginx-config - name: nextcloud-nginx-config
configMap: configMap:
name: nextcloud-nginxconfig name: nextcloud-nginxconfig
securityContext: securityContext:
# Will mount configuration files as www-data (id: 82) for nextcloud # Will mount configuration files as www-data (id: 82) for nextcloud
fsGroup: 82 fsGroup: 82

2
apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud name: nextcloud
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app app.kubernetes.io/component: app

2
apps/nextcloud/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

376
apps/nextcloud/index.yaml
View File

@@ -6,26 +6,6 @@ metadata:
name: nextcloud name: nextcloud
description: null description: null
options: options:
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
admin: admin:
default: default:
name: nextcloud_admin name: nextcloud_admin
@@ -36,126 +16,68 @@ options:
default: nextcloud_admin default: nextcloud_admin
type: string type: string
type: object type: object
domain-name: domain:
default: your_company.com default: your-company
examples: examples:
- your_company.com - your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string type: string
app-group: app-group:
default: '' default: ''
examples: examples:
- '' - ''
type: string type: string
backups: openid-name:
default: default: vynil
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples: examples:
- enable: false - vynil
endpoint: '' type: string
key-id-key: s3-id issuer:
restic-key: bck-password default: letsencrypt-prod
retention: examples:
db: 30d - letsencrypt-prod
keepDaily: 14 type: string
keepMonthly: 12 domain-name:
keepWeekly: 6 default: your_company.com
keepYearly: 12 examples:
schedule: - your_company.com
backup: 30 3 * * * type: string
check: 30 5 * * 1 ingress-class:
db: 30 3 * * * default: traefik
prune: 30 1 * * 0 examples:
secret-key: s3-secret - traefik
secret-name: backup-settings type: string
use-barman: false redis:
default:
exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples:
- exporter:
enabled: true
image: quay.io/opstree/redis-exporter:v1.44.0
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties: properties:
enable: exporter:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
default: default:
db: 30d enabled: true
keepDaily: 14 image: quay.io/opstree/redis-exporter:v1.44.0
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties: properties:
db: enabled:
default: 30d default: true
type: string type: boolean
keepDaily: image:
default: 14 default: quay.io/opstree/redis-exporter:v1.44.0
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
type: string type: string
type: object type: object
secret-key: image:
default: s3-secret default: quay.io/opstree/redis:v7.0.12
type: string type: string
secret-name: storage:
default: backup-settings default: 2Gi
type: string type: string
use-barman:
default: false
type: boolean
type: object type: object
storage: storage:
default: default:
@@ -176,41 +98,6 @@ options:
default: 10Gi default: 10Gi
type: string type: string
type: object type: object
sub-domain:
default: files
examples:
- files
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
domain:
default: your-company
examples:
- your-company
type: string
images: images:
default: default:
collabora: collabora:
@@ -374,43 +261,131 @@ options:
type: string type: string
type: object type: object
type: object type: object
openid-name: hpa:
default: vynil
examples:
- vynil
type: string
redis:
default: default:
exporter: avg-cpu: 50
enabled: true max-replicas: 5
image: quay.io/opstree/redis-exporter:v1.44.0 min-replicas: 1
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
examples: examples:
- exporter: - avg-cpu: 50
enabled: true max-replicas: 5
image: quay.io/opstree/redis-exporter:v1.44.0 min-replicas: 1
image: quay.io/opstree/redis:v7.0.12
storage: 2Gi
properties: properties:
exporter: avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
default: default:
enabled: true db: 30d
image: quay.io/opstree/redis-exporter:v1.44.0 keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties: properties:
enabled: db:
default: true default: 30d
type: boolean type: string
image: keepDaily:
default: quay.io/opstree/redis-exporter:v1.44.0 default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
type: string type: string
type: object type: object
image: secret-key:
default: quay.io/opstree/redis:v7.0.12 default: s3-secret
type: string type: string
storage: secret-name:
default: 2Gi default: backup-settings
type: string type: string
use-barman:
default: false
type: boolean
type: object type: object
apps: apps:
default: default:
@@ -502,6 +477,31 @@ options:
default: true default: true
type: boolean type: boolean
type: object type: object
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
sub-domain:
default: files
examples:
- files
type: string
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
View File

@@ -6,7 +6,7 @@ metadata:
namespace: "vynil-cloud" namespace: "vynil-cloud"
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics app.kubernetes.io/component: metrics

2
apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-config name: nextcloud-config
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
data: data:

245
apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
View File

@@ -5,169 +5,140 @@ metadata:
name: nextcloud-nginxconfig name: nextcloud-nginxconfig
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
data: data:
nginx.conf: |- default.conf: |-
worker_processes auto; upstream php-handler {
server 127.0.0.1:9000;
error_log /var/log/nginx/error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 1024;
} }
server {
listen 80;
http { # HSTS settings
include /etc/nginx/mime.types; # WARNING: Only add the preload option once you read about
default_type application/octet-stream; # the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # set max upload size
'$status $body_bytes_sent "$http_referer" ' client_max_body_size 10G;
'"$http_user_agent" "$http_x_forwarded_for"'; fastcgi_buffers 64 4K;
access_log /var/log/nginx/access.log main; # Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
sendfile on; # Pagespeed is not supported by Nextcloud, so if your server is built
#tcp_nopush on; # with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
keepalive_timeout 65; # HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
#gzip on; # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
upstream php-handler { # Path to the root of your installation
server 127.0.0.1:9000; root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
} }
server { location = /robots.txt {
listen 80; allow all;
log_not_found off;
access_log off;
}
# HSTS settings # Make a regex exception for `/.well-known` so that clients can still
# WARNING: Only add the preload option once you read about # access it despite the existence of the regex rule
# the consequences in https://hstspreload.org/. This option # `location ~ /(\.|autotest|...)` which would otherwise handle requests
# will add the domain to a hardcoded list that is shipped # for `/.well-known`.
# in all major browsers and getting removed from this list location ^~ /.well-known {
# could take several months. # The following 6 rules are borrowed from `.htaccess`
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size location = /.well-known/carddav { return 301 /remote.php/dav/; }
client_max_body_size 10G; location = /.well-known/caldav { return 301 /remote.php/dav/; }
fastcgi_buffers 64 4K; # Anything else is dynamically handled by Nextcloud
location ^~ /.well-known { return 301 /index.php$uri; }
# Enable gzip but do not remove ETag headers try_files $uri $uri/ =404;
gzip on; }
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Pagespeed is not supported by Nextcloud, so if your server is built # Rules borrowed from `.htaccess` to hide certain paths from clients
# with the `ngx_pagespeed` module, uncomment this line to disable it. location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
#pagespeed off; location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# HTTP response headers borrowed from Nextcloud `.htaccess` # Ensure this block, which passes PHP files to the PHP process, is above the blocks
add_header Referrer-Policy "no-referrer" always; # which handle static assets (as seen below). If this block is not declared first,
add_header X-Content-Type-Options "nosniff" always; # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
add_header X-Download-Options "noopen" always; # to the URI, resulting in a HTTP 500 error response.
add_header X-Frame-Options "SAMEORIGIN" always; location ~ \.php(?:$|/) {
add_header X-Permitted-Cross-Domain-Policies "none" always; # Required for legacy support
add_header X-Robots-Tag "noindex, nofollow" always; rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_hide_header X-Powered-By; set $path_info $fastcgi_path_info;
# Path to the root of your installation try_files $fastcgi_script_name =404;
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri` include fastcgi_params;
# here as the fallback means that Nginx always exhibits the desired behaviour fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# when a client requests a path that corresponds to a directory that exists fastcgi_param PATH_INFO $path_info;
# on the server. In particular, if that directory contains an index.php file, #fastcgi_param HTTPS on;
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
location = / { fastcgi_param front_controller_active true; # Enable pretty urls
if ( $http_user_agent ~ ^DavClnt ) { fastcgi_pass php-handler;
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt { fastcgi_intercept_errors on;
allow all; fastcgi_request_buffering off;
log_not_found off; }
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still location ~ \.(?:css|js|svg|gif)$ {
# access it despite the existence of the regex rule try_files $uri /index.php$request_uri;
# `location ~ /(\.|autotest|...)` which would otherwise handle requests expires 6M; # Cache-Control policy borrowed from `.htaccess`
# for `/.well-known`. access_log off; # Optional: Don't log access to assets
location ^~ /.well-known { }
# The following 6 rules are borrowed from `.htaccess`
location = /.well-known/carddav { return 301 /remote.php/dav/; } location ~ \.woff2?$ {
location = /.well-known/caldav { return 301 /remote.php/dav/; } try_files $uri /index.php$request_uri;
# Anything else is dynamically handled by Nextcloud expires 7d; # Cache-Control policy borrowed from `.htaccess`
location ^~ /.well-known { return 301 /index.php$uri; } access_log off; # Optional: Don't log access to assets
}
try_files $uri $uri/ =404; location / {
} try_files $uri $uri/ /index.php$request_uri;
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
} }
} }

2
apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-nextcloud name: nextcloud-nextcloud
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app app.kubernetes.io/component: app

2
apps/nextcloud/v1_Service_nextcloud-metrics.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud-metrics name: nextcloud-metrics
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: metrics app.kubernetes.io/component: metrics

2
apps/nextcloud/v1_Service_nextcloud.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: nextcloud name: nextcloud
labels: labels:
app.kubernetes.io/name: nextcloud app.kubernetes.io/name: nextcloud
helm.sh/chart: nextcloud-4.3.6 helm.sh/chart: nextcloud-4.5.11
app.kubernetes.io/instance: nextcloud app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: app app.kubernetes.io/component: app

2
apps/okd/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

66
apps/okd/index.yaml
View File

@@ -6,36 +6,21 @@ metadata:
name: okd name: okd
description: null description: null
options: options:
app-group: domain-name:
default: infra default: your_company.com
examples: examples:
- infra - your_company.com
type: string type: string
issuer: sub-domain:
default: letsencrypt-prod default: okd
examples: examples:
- letsencrypt-prod - okd
type: string type: string
ingress-class: domain:
default: traefik default: your-company
examples: examples:
- traefik - your-company
type: string type: string
cluster-admin:
default: false
examples:
- false
type: boolean
managed:
default: false
examples:
- false
type: boolean
namespaces:
default: []
items:
type: string
type: array
images: images:
default: default:
okd: okd:
@@ -75,21 +60,36 @@ options:
type: string type: string
type: object type: object
type: object type: object
domain-name: issuer:
default: your_company.com default: letsencrypt-prod
examples: examples:
- your_company.com - letsencrypt-prod
type: string type: string
domain: app-group:
default: your-company default: infra
examples: examples:
- your-company - infra
type: string type: string
sub-domain: managed:
default: okd default: false
examples: examples:
- okd - false
type: boolean
ingress-class:
default: traefik
examples:
- traefik
type: string type: string
cluster-admin:
default: false
examples:
- false
type: boolean
namespaces:
default: []
items:
type: string
type: array
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
apps/traefik-ui/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

20
apps/traefik-ui/index.yaml
View File

@@ -6,16 +6,21 @@ metadata:
name: traefik-ui name: traefik-ui
description: Access to the Traefik UI description: Access to the Traefik UI
options: options:
domain:
default: your-company
examples:
- your-company
type: string
issuer: issuer:
default: letsencrypt-prod default: letsencrypt-prod
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
app-group:
default: infra
examples:
- infra
type: string
domain:
default: your-company
examples:
- your-company
type: string
ingress-class: ingress-class:
default: traefik default: traefik
examples: examples:
@@ -31,11 +36,6 @@ options:
examples: examples:
- your_company.com - your_company.com
type: string type: string
app-group:
default: infra
examples:
- infra
type: string
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
apps/woodpecker/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

6
apps/woodpecker/gitea_token.tf
View File

@@ -1,3 +1,9 @@
locals {
gitea_host = "http://gitea-http.${var.domain}-ci.svc:3000/"
gitea_username = data.kubernetes_secret_v1.gitea.data["username"]
gitea_password = data.kubernetes_secret_v1.gitea.data["password"]
}
data "kubernetes_secret_v1" "gitea" { data "kubernetes_secret_v1" "gitea" {
metadata { metadata {
name = "gitea-admin-user" name = "gitea-admin-user"

102
apps/woodpecker/index.yaml
View File

@@ -6,35 +6,46 @@ metadata:
name: woodpecker name: woodpecker
description: null description: null
options: options:
sub-domain: storage-agent:
default: ci
examples:
- ci
type: string
storage-server:
default: default:
accessMode: ReadWriteOnce
size: 10Gi size: 10Gi
storageClass: ''
writeMany: 'false'
examples: examples:
- accessMode: ReadWriteOnce - size: 10Gi
size: 10Gi storageClass: ''
writeMany: 'false'
properties: properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size: size:
default: 10Gi default: 10Gi
type: string type: string
storageClass:
default: ''
type: string
writeMany:
default: 'false'
type: string
type: object type: object
admin-users: admin-users:
default: woodpecker,admin default: woodpecker,admin
examples: examples:
- woodpecker,admin - woodpecker,admin
type: string type: string
domain:
default: your-company
examples:
- your-company
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: dev
examples:
- dev
type: string
images: images:
default: default:
agent: agent:
@@ -132,51 +143,35 @@ options:
type: string type: string
type: object type: object
type: object type: object
storage-server:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
ingress-class: ingress-class:
default: traefik default: traefik
examples: examples:
- traefik - traefik
type: string type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer: issuer:
default: letsencrypt-prod default: letsencrypt-prod
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
app-group:
default: dev
examples:
- dev
type: string
storage-agent:
default:
size: 10Gi
storageClass: ''
writeMany: 'false'
examples:
- size: 10Gi
storageClass: ''
writeMany: 'false'
properties:
size:
default: 10Gi
type: string
storageClass:
default: ''
type: string
writeMany:
default: 'false'
type: string
type: object
timeouts: timeouts:
default: default:
default: '60' default: '60'
@@ -192,6 +187,11 @@ options:
default: '120' default: '120'
type: string type: string
type: object type: object
sub-domain:
default: ci
examples:
- ci
type: string
dependencies: dependencies:
- dist: null - dist: null
category: apps category: apps

6
meta/domain-erp/apps.tf
View File

@@ -6,6 +6,10 @@ locals {
"vynil.solidite.fr/issuer" = var.issuer "vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class "vynil.solidite.fr/ingress" = var.ingress-class
} }
annotations_default = {
"vynil.solidite.fr/default/domain_name" = var.domain-name
"vynil.solidite.fr/default/*" = var.domain-name
}
global = { global = {
"domain" = var.namespace "domain" = var.namespace
"domain-name" = var.domain-name "domain-name" = var.domain-name
@@ -27,7 +31,7 @@ locals {
resource "kubernetes_namespace_v1" "erp-ns" { resource "kubernetes_namespace_v1" "erp-ns" {
count = ( var.dolibarr.enable )? 1 : 0 count = ( var.dolibarr.enable )? 1 : 0
metadata { metadata {
annotations = local.annotations annotations = merge(local.annotations, local.annotations_default)
labels = merge(local.common-labels, local.annotations) labels = merge(local.common-labels, local.annotations)
name = "${var.namespace}-erp" name = "${var.namespace}-erp"
} }

84
meta/domain-erp/index.yaml
View File

@@ -6,26 +6,6 @@ metadata:
name: domain-erp name: domain-erp
description: null description: null
options: options:
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
backups: backups:
default: default:
enable: false enable: false
@@ -61,6 +41,48 @@ options:
examples: examples:
- traefik - traefik
type: string type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
dolibarr:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: apps
x-vynil-package: dolibarr
storage-classes: storage-classes:
default: default:
BlockReadWriteMany: '' BlockReadWriteMany: ''
@@ -86,28 +108,6 @@ options:
default: '' default: ''
type: string type: string
type: object type: object
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dolibarr:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: apps
x-vynil-package: dolibarr
dependencies: [] dependencies: []
providers: providers:
kubernetes: true kubernetes: true

288
meta/domain-monitor/index.yaml
View File

@@ -6,7 +6,12 @@ metadata:
name: domain-monitor name: domain-monitor
description: null description: null
options: options:
dashboards-namespace: domain:
default: your-company
examples:
- your-company
type: string
alerts-containers:
default: default:
enable: true enable: true
examples: examples:
@@ -17,7 +22,106 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: dashboards-namespace x-vynil-package: alerts-containers
loki:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: loki
promtail:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: promtail
kube-state-metrics:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: kube-state-metrics
dashboards-cluster:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-cluster
ingress-class:
default: traefik
examples:
- traefik
type: string
app-group:
default: monitor
examples:
- monitor
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
grafana:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: grafana
monitor-control-plan:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: monitor-control-plan
dashboards-workload:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-workload
backups: backups:
default: default:
enable: false enable: false
@@ -48,7 +152,7 @@ options:
default: backup-settings default: backup-settings
type: string type: string
type: object type: object
alertmanager: alerts-core:
default: default:
enable: true enable: true
examples: examples:
@@ -59,8 +163,8 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: alertmanager x-vynil-package: alerts-core
loki: dashboards-namespace:
default: default:
enable: true enable: true
examples: examples:
@@ -71,24 +175,39 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: loki x-vynil-package: dashboards-namespace
dashboards-workload: domain-name:
default: default: your_company.com
enable: true
examples: examples:
- enable: true - your_company.com
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-workload
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string type: string
dashboards-minimal:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-minimal
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
storage-classes: storage-classes:
default: default:
BlockReadWriteMany: '' BlockReadWriteMany: ''
@@ -114,47 +233,6 @@ options:
default: '' default: ''
type: string type: string
type: object type: object
node-exporter:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: node-exporter
ingress-class:
default: traefik
examples:
- traefik
type: string
monitor-control-plan:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: monitor-control-plan
alerts-core:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: alerts-core
prometheus: prometheus:
default: default:
enable: true enable: true
@@ -167,7 +245,7 @@ options:
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: prometheus x-vynil-package: prometheus
kube-state-metrics: alertmanager:
default: default:
enable: true enable: true
examples: examples:
@@ -178,28 +256,8 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: kube-state-metrics x-vynil-package: alertmanager
domain: node-exporter:
default: your-company
examples:
- your-company
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
alerts-containers:
default: default:
enable: true enable: true
examples: examples:
@@ -210,65 +268,7 @@ options:
type: boolean type: boolean
type: object type: object
x-vynil-category: monitor x-vynil-category: monitor
x-vynil-package: alerts-containers x-vynil-package: node-exporter
dashboards-minimal:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-minimal
promtail:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: promtail
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
grafana:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: grafana
app-group:
default: monitor
examples:
- monitor
type: string
dashboards-cluster:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
x-vynil-category: monitor
x-vynil-package: dashboards-cluster
dependencies: [] dependencies: []
providers: providers:
kubernetes: true kubernetes: true

2
monitor/alertmanager/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

56
monitor/alertmanager/index.yaml
View File

@@ -6,36 +6,21 @@ metadata:
name: alertmanager name: alertmanager
description: null description: null
options: options:
replicas:
default: 1
examples:
- 1
type: integer
ingress-class:
default: traefik
examples:
- traefik
type: string
listenLocal:
default: false
examples:
- false
type: boolean
sub-domain: sub-domain:
default: alertmanager default: alertmanager
examples: examples:
- alertmanager - alertmanager
type: string type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
app-group: app-group:
default: monitor default: monitor
examples: examples:
- monitor - monitor
type: string type: string
logLevel:
default: info
examples:
- info
type: string
images: images:
default: default:
alertmanager: alertmanager:
@@ -75,15 +60,10 @@ options:
type: string type: string
type: object type: object
type: object type: object
issuer: logLevel:
default: letsencrypt-prod default: info
examples: examples:
- letsencrypt-prod - info
type: string
domain:
default: your-company
examples:
- your-company
type: string type: string
domain-name: domain-name:
default: your_company.com default: your_company.com
@@ -95,6 +75,26 @@ options:
examples: examples:
- 120h - 120h
type: string type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
listenLocal:
default: false
examples:
- false
type: boolean
domain:
default: your-company
examples:
- your-company
type: string
replicas:
default: 1
examples:
- 1
type: integer
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

4
monitor/alertmanager/monitoring.coreos.com_v1_Alertmanager_alertmanager-kube-promethe-alertmanager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/alertmanager/monitoring.coreos.com_v1_PrometheusRule_alertmanager-kube-promethe-alertmanager.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/alertmanager/monitoring.coreos.com_v1_ServiceMonitor_alertmanager-kube-promethe-alertmanager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/alertmanager/v1_ConfigMap_alertmanager-kube-promethe-alertmanager-overview.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/alertmanager/v1_Secret_alertmanager-alertmanager-kube-promethe-alertmanager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/alertmanager/v1_ServiceAccount_alertmanager-kube-promethe-alertmanager.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: alertmanager app.kubernetes.io/instance: alertmanager
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "alertmanager" release: "alertmanager"
heritage: "Helm" heritage: "Helm"
automountServiceAccountToken: true automountServiceAccountToken: true

2
monitor/grafana/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

84
monitor/grafana/index.yaml
View File

@@ -6,6 +6,35 @@ metadata:
name: grafana name: grafana
description: null description: null
options: options:
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
sub-domain:
default: grafana
examples:
- grafana
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
images: images:
default: default:
busybox: busybox:
@@ -103,59 +132,30 @@ options:
type: string type: string
type: object type: object
type: object type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
sub-domain:
default: grafana
examples:
- grafana
type: string
volume:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: monitor
examples:
- monitor
type: string
ingress-class: ingress-class:
default: traefik default: traefik
examples: examples:
- traefik - traefik
type: string type: string
domain:
default: your-company
examples:
- your-company
type: string
admin_name: admin_name:
default: grafana_admin default: grafana_admin
examples: examples:
- grafana_admin - grafana_admin
type: string type: string
domain: app-group:
default: your-company default: monitor
examples: examples:
- your-company - monitor
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string type: string
dependencies: [] dependencies: []
providers: providers:

4
monitor/kube-state-metrics/monitoring.coreos.com_v1_PrometheusRule_kube-state-metrics-kube-pr-kube-state-metrics.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: kube-state-metrics app.kubernetes.io/instance: kube-state-metrics
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "kube-state-metrics" release: "kube-state-metrics"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-etcd.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-availability.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-burnrate.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-histogram.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-apiserver-slos.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kube-scheduler.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-controller-manager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_PrometheusRule_prometheus-community-kube-kubernetes-system-scheduler.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-apiserver.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-controller-manager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-etcd.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/monitoring.coreos.com_v1_ServiceMonitor_prometheus-community-kube-kube-scheduler.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-apiserver.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-controller-manager.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-etcd.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/monitor-control-plan/v1_ConfigMap_prometheus-community-kube-scheduler.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-controller-manager.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
namespace: kube-system namespace: kube-system

4
monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-etcd.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
namespace: kube-system namespace: kube-system

4
monitor/monitor-control-plan/v1_Service_prometheus-community-kube-kube-scheduler.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus-community app.kubernetes.io/instance: prometheus-community
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus-community" release: "prometheus-community"
heritage: "Helm" heritage: "Helm"
namespace: kube-system namespace: kube-system

4
monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-exporter.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node-network.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/node-exporter/monitoring.coreos.com_v1_PrometheusRule_node-exporter-kube-prometh-node.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-cluster-rsrc-use.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-node-rsrc-use.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes-darwin.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/node-exporter/v1_ConfigMap_node-exporter-kube-prometh-nodes.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: node-exporter app.kubernetes.io/instance: node-exporter
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "node-exporter" release: "node-exporter"
heritage: "Helm" heritage: "Helm"
data: data:

2
monitor/prometheus/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

76
monitor/prometheus/index.yaml
View File

@@ -6,51 +6,26 @@ metadata:
name: prometheus name: prometheus
description: null description: null
options: options:
alertmanager: listenLocal:
default: alertmanager-alertmanager default: false
examples: examples:
- alertmanager-alertmanager - false
type: boolean
retention:
default: 10d
examples:
- 10d
type: string type: string
sub-domain: sub-domain:
default: prometheus default: prometheus
examples: examples:
- prometheus - prometheus
type: string type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain:
default: your-company
examples:
- your-company
type: string
shards:
default: 1
examples:
- 1
type: integer
ingress-class: ingress-class:
default: traefik default: traefik
examples: examples:
- traefik - traefik
type: string type: string
enableAdminAPI:
default: false
examples:
- false
type: boolean
app-group:
default: monitor
examples:
- monitor
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
images: images:
default: default:
prometheus: prometheus:
@@ -90,12 +65,37 @@ options:
type: string type: string
type: object type: object
type: object type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain:
default: your-company
examples:
- your-company
type: string
replicas: replicas:
default: 1 default: 1
examples: examples:
- 1 - 1
type: integer type: integer
listenLocal: domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: monitor
examples:
- monitor
type: string
alertmanager:
default: alertmanager-alertmanager
examples:
- alertmanager-alertmanager
type: string
enableAdminAPI:
default: false default: false
examples: examples:
- false - false
@@ -105,11 +105,11 @@ options:
examples: examples:
- info - info
type: string type: string
retention: shards:
default: 10d default: 1
examples: examples:
- 10d - 1
type: string type: integer
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

4
monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubelet.rules.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-kubernetes-system-kube-proxy.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_PrometheusRule_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-coredns.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kube-proxy.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-kubelet.yaml
View File

@@ -8,9 +8,9 @@ metadata:
app: kube-prometheus-stack-kubelet app: kube-prometheus-stack-kubelet
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/monitoring.coreos.com_v1_ServiceMonitor_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
spec: spec:

4
monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRoleBinding_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -8,9 +8,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
roleRef: roleRef:

4
monitor/prometheus/rbac.authorization.k8s.io_v1_ClusterRole_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -8,9 +8,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
rules: rules:

4
monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-grafana-datasource.yaml
View File

@@ -10,9 +10,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-k8s-coredns.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-kubelet.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_ConfigMap_prometheus-kube-prometheus-proxy.yaml
View File

@@ -12,9 +12,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_Secret_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -10,9 +10,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
data: data:

4
monitor/prometheus/v1_ServiceAccount_prometheus-kube-prometheus-prometheus.yaml
View File

@@ -12,8 +12,8 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"

4
monitor/prometheus/v1_Service_prometheus-kube-prometheus-coredns.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
namespace: kube-system namespace: kube-system

4
monitor/prometheus/v1_Service_prometheus-kube-prometheus-kube-proxy.yaml
View File

@@ -9,9 +9,9 @@ metadata:
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: prometheus app.kubernetes.io/instance: prometheus
app.kubernetes.io/version: "56.0.3" app.kubernetes.io/version: "56.0.4"
app.kubernetes.io/part-of: kube-prometheus-stack app.kubernetes.io/part-of: kube-prometheus-stack
chart: kube-prometheus-stack-56.0.3 chart: kube-prometheus-stack-56.0.4
release: "prometheus" release: "prometheus"
heritage: "Helm" heritage: "Helm"
namespace: kube-system namespace: kube-system

2
share/accounts-management/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

24
share/accounts-management/index.yaml
View File

@@ -6,18 +6,6 @@ metadata:
name: accounts-management name: accounts-management
description: null description: null
options: options:
employes:
default:
apps: []
examples:
- apps: []
properties:
apps:
default: []
items:
type: string
type: array
type: object
domain: domain:
default: your-company default: your-company
examples: examples:
@@ -57,6 +45,18 @@ options:
default: false default: false
type: boolean type: boolean
type: object type: object
employes:
default:
apps: []
examples:
- apps: []
properties:
apps:
default: []
items:
type: string
type: array
type: object
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

2
share/authentik-forward/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

14
share/authentik-forward/index.yaml
View File

@@ -11,23 +11,23 @@ options:
examples: examples:
- letsencrypt-prod - letsencrypt-prod
type: string type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class: ingress-class:
default: traefik default: traefik
examples: examples:
- traefik - traefik
type: string type: string
sub-domain:
default: null
domain: domain:
default: your-company default: your-company
examples: examples:
- your-company - your-company
type: string type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
sub-domain:
default: null
dependencies: dependencies:
- dist: null - dist: null
category: share category: share

3
share/authentik-forward/outpost-forward.tf
View File

@@ -1,9 +1,8 @@
locals { locals {
request_headers = { request_headers = {
"Content-Type" = "application/json" "Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}" Authorization = "Bearer ${local.authentik_token}"
} }
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
forward-outpost-json = jsondecode(data.http.get_forward_outpost.response_body).results forward-outpost-json = jsondecode(data.http.get_forward_outpost.response_body).results
forward-outpost-providers = length(local.forward-outpost-json)>0?(contains(local.forward-outpost-json[0].providers, authentik_provider_proxy.provider_forward.id)?local.forward-outpost-json[0].providers:concat(local.forward-outpost-json[0].providers, [authentik_provider_proxy.provider_forward.id])):[authentik_provider_proxy.provider_forward.id] forward-outpost-providers = length(local.forward-outpost-json)>0?(contains(local.forward-outpost-json[0].providers, authentik_provider_proxy.provider_forward.id)?local.forward-outpost-json[0].providers:concat(local.forward-outpost-json[0].providers, [authentik_provider_proxy.provider_forward.id])):[authentik_provider_proxy.provider_forward.id]
} }

2
share/authentik-ldap/datas.tf
View File

@@ -1,4 +1,6 @@
locals { locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common-labels = { common-labels = {
"vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-namespace" = var.namespace

3
share/authentik-ldap/outpost-ldap.tf
View File

@@ -1,9 +1,8 @@
locals { locals {
request_headers = { request_headers = {
"Content-Type" = "application/json" "Content-Type" = "application/json"
Authorization = "Bearer ${local.authentik-token}" Authorization = "Bearer ${local.authentik_token}"
} }
authentik-token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
ldap-outpost-json = jsondecode(data.http.get_ldap_outpost.response_body).results ldap-outpost-json = jsondecode(data.http.get_ldap_outpost.response_body).results
ldap-outpost-prividers = length(local.ldap-outpost-json)>0?(contains(local.ldap-outpost-json[0].providers, authentik_provider_ldap.provider_ldap.id)?local.ldap-outpost-json[0].providers:concat(local.ldap-outpost-json[0].providers, [authentik_provider_ldap.provider_ldap.id])):[authentik_provider_ldap.provider_ldap.id] ldap-outpost-prividers = length(local.ldap-outpost-json)>0?(contains(local.ldap-outpost-json[0].providers, authentik_provider_ldap.provider_ldap.id)?local.ldap-outpost-json[0].providers:concat(local.ldap-outpost-json[0].providers, [authentik_provider_ldap.provider_ldap.id])):[authentik_provider_ldap.provider_ldap.id]
} }

12
share/authentik/apps_v1_Deployment_authentik-server.yaml
View File

@@ -4,13 +4,15 @@ kind: Deployment
metadata: metadata:
name: authentik-server name: authentik-server
labels: labels:
helm.sh/chart: authentik-2023.8.3 helm.sh/chart: authentik-2023.10.6
app.kubernetes.io/name: authentik app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik app.kubernetes.io/instance: authentik
app.kubernetes.io/version: "2023.8.3" app.kubernetes.io/version: "2023.10.6"
app.kubernetes.io/managed-by: Helm app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: "server" app.kubernetes.io/component: "server"
spec: spec:
strategy:
{}
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/name: authentik app.kubernetes.io/name: authentik
@@ -22,16 +24,16 @@ spec:
app.kubernetes.io/name: authentik app.kubernetes.io/name: authentik
app.kubernetes.io/instance: authentik app.kubernetes.io/instance: authentik
app.kubernetes.io/component: "server" app.kubernetes.io/component: "server"
app.kubernetes.io/version: "2023.8.3" app.kubernetes.io/version: "2023.10.6"
annotations: annotations:
goauthentik.io/config-checksum: 08cc036af634e14e21493747fd10c37a9e31a9ed71f8e668884f7dfc86a936bd goauthentik.io/config-checksum: 1beef732e07ae88db4d75233936272af195329398ffec096097feae528030fb0
spec: spec:
enableServiceLinks: true enableServiceLinks: true
securityContext: securityContext:
{} {}
containers: containers:
- name: authentik - name: authentik
image: "ghcr.io/goauthentik/server:2023.8.3" image: "ghcr.io/goauthentik/server:2023.10.6"
imagePullPolicy: "IfNotPresent" imagePullPolicy: "IfNotPresent"
args: ["server"] args: ["server"]
env: env:

Some files were not shown because too many files have changed in this diff Show More