From 07e02dcc49a6e62b61ef23aba71f638353280d63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Thu, 15 Feb 2024 14:39:05 +0100 Subject: [PATCH] fix --- apps/dolibarr/index.yaml | 649 +++++++++--------- apps/dolibarr/ingress.tf | 2 +- apps/k8s-api/index.yaml | 21 +- apps/k8s-api/ingress.tf | 2 +- .../apps_v1_Deployment_nextcloud-metrics.yaml | 58 +- .../apps_v1_Deployment_nextcloud.yaml | 13 +- ..._v1_HorizontalPodAutoscaler_nextcloud.yaml | 2 +- apps/nextcloud/index.yaml | 426 ++++++------ apps/nextcloud/middlewares.tf | 6 +- ...oreos.com_v1_ServiceMonitor_nextcloud.yaml | 4 +- apps/nextcloud/presentation.tf | 18 +- ...o_v1_RoleBinding_nextcloud-privileged.yaml | 6 +- ...n.k8s.io_v1_Role_nextcloud-privileged.yaml | 16 +- .../v1_ConfigMap_nextcloud-config.yaml | 2 +- .../v1_ConfigMap_nextcloud-nginxconfig.yaml | 11 +- ...istentVolumeClaim_nextcloud-nextcloud.yaml | 2 +- .../v1_Service_nextcloud-metrics.yaml | 12 +- apps/nextcloud/v1_Service_nextcloud.yaml | 10 +- modules/forward/forward.tf | 2 +- modules/ingress/ingress.tf | 2 +- share/authentik/index.yaml | 156 ++--- share/authentik/presentation.tf | 6 +- share/wildduck/index.yaml | 91 +-- share/wildduck/ingress.tf | 2 +- 24 files changed, 759 insertions(+), 760 deletions(-) diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index 1e6fcd9..0f07e3f 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -6,6 +6,330 @@ metadata: name: dolibarr description: null options: + domain_name: + default: your_company.com + examples: + - your_company.com + type: string + domain: + default: your-company + examples: + - your-company + type: string + sub_domain: + default: erp + examples: + - erp + type: string + log-level: + default: 5 + examples: + - 5 + type: integer + storage: + default: + postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + description: Configure this app storage + examples: + - postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + properties: + postgres: + default: + size: 5Gi + properties: + size: + default: 5Gi + type: string + type: object + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + class: + default: '' + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + type: object + parameters: + default: + MAIN_LANG_DEFAULT: auto + examples: + - MAIN_LANG_DEFAULT: auto + properties: + MAIN_LANG_DEFAULT: + default: auto + type: string + type: object + app_group: + default: '' + examples: + - '' + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + redis: + default: + exporter: + enabled: true + examples: + - exporter: + enabled: true + properties: + exporter: + default: + enabled: true + properties: + enabled: + default: true + type: boolean + type: object + type: object + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + examples: + - enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + restic_key: + default: bck-password + type: string + retention: + default: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + properties: + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + properties: + backup: + default: 20 3 * * * + type: string + check: + default: 20 5 * * 1 + type: string + db: + default: 0 3 * * * + type: string + prune: + default: 20 1 * * 0 + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + use_barman: + default: false + type: boolean + type: object + modules: + default: + - societe + examples: + - - societe + items: + type: string + type: array + resources: + default: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + examples: + - limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + properties: + limits: + default: + cpu: 200m + memory: 256Mi + properties: + cpu: + default: 200m + type: string + memory: + default: 256Mi + type: string + type: object + requests: + default: + cpu: 50m + memory: 100Mi + properties: + cpu: + default: 50m + type: string + memory: + default: 100Mi + type: string + type: object + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string + user-groups: + default: + - admin: true + name: dolibarr-admin + examples: + - - admin: true + name: dolibarr-admin + items: + properties: + admin: + type: boolean + name: + type: string + type: object + type: array images: default: dolibarr: @@ -155,335 +479,11 @@ options: type: string type: object type: object - modules: - default: - - societe - examples: - - - societe - items: - type: string - type: array - domain: - default: your-company - examples: - - your-company - type: string - log-level: - default: 5 - examples: - - 5 - type: integer - ingress_class: - default: traefik - examples: - - traefik - type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - parameters: - default: - MAIN_LANG_DEFAULT: auto - examples: - - MAIN_LANG_DEFAULT: auto - properties: - MAIN_LANG_DEFAULT: - default: auto - type: string - type: object - backups: - default: - enable: false - endpoint: '' - key_id_key: s3-id - restic_key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - secret_key: s3-secret - secret_name: backup-settings - use_barman: false - examples: - - enable: false - endpoint: '' - key_id_key: s3-id - restic_key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - secret_key: s3-secret - secret_name: backup-settings - use_barman: false - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key_id_key: - default: s3-id - type: string - restic_key: - default: bck-password - type: string - retention: - default: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - properties: - db: - default: 30d - type: string - keepDaily: - default: 14 - type: integer - keepMonthly: - default: 12 - type: integer - keepWeekly: - default: 6 - type: integer - keepYearly: - default: 12 - type: integer - type: object - schedule: - default: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - properties: - backup: - default: 20 3 * * * - type: string - check: - default: 20 5 * * 1 - type: string - db: - default: 0 3 * * * - type: string - prune: - default: 20 1 * * 0 - type: string - type: object - secret_key: - default: s3-secret - type: string - secret_name: - default: backup-settings - type: string - use_barman: - default: false - type: boolean - type: object - redis: - default: - exporter: - enabled: true - examples: - - exporter: - enabled: true - properties: - exporter: - default: - enabled: true - properties: - enabled: - default: true - type: boolean - type: object - type: object - user-groups: - default: - - admin: true - name: dolibarr-admin - examples: - - - admin: true - name: dolibarr-admin - items: - properties: - admin: - type: boolean - name: - type: string - type: object - type: array - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - app_group: - default: '' - examples: - - '' - type: string - sub_domain: - default: erp - examples: - - erp - type: string - storage: - default: - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - description: Configure this app storage - examples: - - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - properties: - postgres: - default: - size: 5Gi - properties: - size: - default: 5Gi - type: string - type: object - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - volume: - default: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - class: - default: '' - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object - type: object - resources: - default: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - examples: - - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - properties: - limits: - default: - cpu: 200m - memory: 256Mi - properties: - cpu: - default: 200m - type: string - memory: - default: 256Mi - type: string - type: object - requests: - default: - cpu: 50m - memory: 100Mi - properties: - cpu: - default: 50m - type: string - memory: - default: 100Mi - type: string - type: object - type: object dependencies: - dist: null category: share @@ -505,6 +505,7 @@ providers: authentik: true kubectl: true postgresql: null + mysql: null restapi: true http: true gitea: null diff --git a/apps/dolibarr/ingress.tf b/apps/dolibarr/ingress.tf index 8dc29b4..7e64cba 100644 --- a/apps/dolibarr/ingress.tf +++ b/apps/dolibarr/ingress.tf @@ -41,7 +41,7 @@ resource "kubectl_manifest" "prj_certificate" { resource "kubectl_manifest" "prj_https_redirect" { yaml_body = <<-EOF - apiVersion: "traefik.containo.us/v1alpha1" + apiVersion: "traefik.io/v1alpha1" kind: "Middleware" metadata: name: "${var.instance}-https" diff --git a/apps/k8s-api/index.yaml b/apps/k8s-api/index.yaml index 2610e94..96d6c17 100644 --- a/apps/k8s-api/index.yaml +++ b/apps/k8s-api/index.yaml @@ -6,6 +6,16 @@ metadata: name: k8s-api description: Access to the kubernetes api options: + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + ingress_class: + default: traefik + examples: + - traefik + type: string domain: default: your-company examples: @@ -21,16 +31,6 @@ options: examples: - api type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ingress_class: - default: traefik - examples: - - traefik - type: string dependencies: - dist: null category: share @@ -40,6 +40,7 @@ providers: authentik: true kubectl: true postgresql: null + mysql: null restapi: true http: true gitea: null diff --git a/apps/k8s-api/ingress.tf b/apps/k8s-api/ingress.tf index 1dc44e5..54304bf 100644 --- a/apps/k8s-api/ingress.tf +++ b/apps/k8s-api/ingress.tf @@ -36,7 +36,7 @@ resource "kubectl_manifest" "prj_certificate" { resource "kubectl_manifest" "prj_ingress" { force_conflicts = true yaml_body = <<-EOF - apiVersion: "traefik.containo.us/v1alpha1" + apiVersion: "traefik.io/v1alpha1" kind: "IngressRoute" metadata: name: "${var.instance}" diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml index 21d66e0..ad4e3c4 100644 --- a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml +++ b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml @@ -1,11 +1,11 @@ -# Source: nextcloud/templates/metrics-deployment.yaml +# Source: nextcloud/templates/metrics/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud-metrics labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics @@ -26,30 +26,30 @@ spec: app.kubernetes.io/component: metrics spec: containers: - - name: metrics-exporter - image: "xperimental/nextcloud-exporter:0.6.2" - imagePullPolicy: IfNotPresent - env: - - name: NEXTCLOUD_USERNAME - valueFrom: - secretKeyRef: - name: nextcloud - key: nextcloud-username - - name: NEXTCLOUD_PASSWORD - valueFrom: - secretKeyRef: - name: nextcloud - key: nextcloud-password - # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint - - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local - value: "http://nextcloud.vynil-cloud.svc.cluster.local:80" - - name: NEXTCLOUD_TIMEOUT - value: 5s - - name: NEXTCLOUD_TLS_SKIP_VERIFY - value: "false" - ports: - - name: metrics - containerPort: 9205 - securityContext: - runAsUser: 1000 - runAsNonRoot: true \ No newline at end of file + - name: metrics-exporter + image: "xperimental/nextcloud-exporter:0.6.2" + imagePullPolicy: IfNotPresent + env: + - name: NEXTCLOUD_USERNAME + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-username + - name: NEXTCLOUD_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-password + # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint + - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local + value: "http://nextcloud.vynil-cloud.svc.cluster.local:80" + - name: NEXTCLOUD_TIMEOUT + value: 5s + - name: NEXTCLOUD_TLS_SKIP_VERIFY + value: "false" + ports: + - name: metrics + containerPort: 9205 + securityContext: + runAsUser: 1000 + runAsNonRoot: true \ No newline at end of file diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml index 7ed08a8..053f9bb 100644 --- a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml +++ b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app @@ -28,10 +28,11 @@ spec: nextcloud-config-hash: 389c7a366de1675e1455b824e52d593448eb9f3d376f49a478d2135e037b30a0 php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b + hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204 spec: containers: - name: nextcloud - image: nextcloud:28.0.1-apache + image: nextcloud:28.0.2-apache imagePullPolicy: IfNotPresent env: @@ -122,8 +123,8 @@ spec: path: /status.php port: 80 httpHeaders: - - name: Host - value: "nextcloud.kube.home" + - name: Host + value: "nextcloud.kube.home" initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 @@ -134,8 +135,8 @@ spec: path: /status.php port: 80 httpHeaders: - - name: Host - value: "nextcloud.kube.home" + - name: Host + value: "nextcloud.kube.home" initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 diff --git a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml index fec7691..bd270e6 100644 --- a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml +++ b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index b15c37b..ae12ecb 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -11,170 +11,6 @@ options: examples: - letsencrypt-prod type: string - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object - apps: - default: - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true - examples: - - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true - properties: - audioplayer: - default: false - type: boolean - bookmarks: - default: false - type: boolean - bpm: - default: false - type: boolean - calendar: - default: false - type: boolean - collabora: - default: false - type: boolean - contacts: - default: false - type: boolean - deck: - default: false - type: boolean - groupfolders: - default: true - type: boolean - mindmap: - default: false - type: boolean - music: - default: false - type: boolean - notes: - default: false - type: boolean - onlyoffice: - default: false - type: boolean - passman: - default: false - type: boolean - spreed: - default: false - type: boolean - tables: - default: false - type: boolean - tasks: - default: false - type: boolean - texteditor: - default: true - type: boolean - type: object - storage: - default: - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - description: Configure this app storage - examples: - - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - properties: - postgres: - default: - size: 5Gi - properties: - size: - default: 5Gi - type: string - type: object - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - volume: - default: - accessMode: ReadWriteOnce - class: '' - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - class: - default: '' - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - type: string - type: object - type: object backups: default: enable: false @@ -281,6 +117,56 @@ options: default: false type: boolean type: object + sub_domain: + default: files + examples: + - files + type: string + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + domain_name: + default: your_company.com + examples: + - your_company.com + type: string + admin: + default: + name: nextcloud_admin + examples: + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin + type: string + type: object + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object images: default: collabora: @@ -536,6 +422,101 @@ options: type: string type: object type: object + apps: + default: + audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true + examples: + - audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true + properties: + audioplayer: + default: false + type: boolean + bookmarks: + default: false + type: boolean + bpm: + default: false + type: boolean + calendar: + default: false + type: boolean + collabora: + default: false + type: boolean + contacts: + default: false + type: boolean + deck: + default: false + type: boolean + groupfolders: + default: true + type: boolean + mindmap: + default: false + type: boolean + music: + default: false + type: boolean + notes: + default: false + type: boolean + onlyoffice: + default: false + type: boolean + passman: + default: false + type: boolean + spreed: + default: false + type: boolean + tables: + default: false + type: boolean + tasks: + default: false + type: boolean + texteditor: + default: true + type: boolean + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string redis: default: exporter: @@ -553,66 +534,85 @@ options: type: boolean type: object type: object - admin: - default: - name: nextcloud_admin - examples: - - name: nextcloud_admin - properties: - name: - default: nextcloud_admin - type: string - type: object - app_group: - default: '' - examples: - - '' - type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - ingress_class: - default: traefik - examples: - - traefik - type: string domain: default: your-company examples: - your-company type: string + app_group: + default: '' + examples: + - '' + type: string openid-name: default: vynil examples: - vynil type: string - sub_domain: - default: files + storage: + default: + postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + description: Configure this app storage examples: - - files - type: string + - postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + properties: + postgres: + default: + size: 5Gi + properties: + size: + default: 5Gi + type: string + type: object + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + class: '' + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + class: + default: '' + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + type: string + type: object + type: object dependencies: - dist: null category: share diff --git a/apps/nextcloud/middlewares.tf b/apps/nextcloud/middlewares.tf index 73081df..8e7b8f7 100644 --- a/apps/nextcloud/middlewares.tf +++ b/apps/nextcloud/middlewares.tf @@ -1,6 +1,6 @@ resource "kubectl_manifest" "redirectdav" { yaml_body = <<-EOF -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-redirectdav" @@ -16,7 +16,7 @@ spec: resource "kubectl_manifest" "redirectindex" { yaml_body = <<-EOF -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-redirectindex" @@ -32,7 +32,7 @@ spec: resource "kubectl_manifest" "sslenforce" { yaml_body = <<-EOF -apiVersion: traefik.containo.us/v1alpha1 +apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-sslenforce" diff --git a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml index 0b2809f..bf3da2e 100644 --- a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml +++ b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml @@ -1,4 +1,4 @@ -# Source: nextcloud/templates/metrics-servicemonitor.yaml +# Source: nextcloud/templates/metrics/servicemonitor.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -6,7 +6,7 @@ metadata: namespace: "vynil-cloud" labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics diff --git a/apps/nextcloud/presentation.tf b/apps/nextcloud/presentation.tf index d3cd980..25e587b 100644 --- a/apps/nextcloud/presentation.tf +++ b/apps/nextcloud/presentation.tf @@ -11,18 +11,6 @@ locals { "number" = 80 } } - collabora-service = { - "name" = "collabora-${var.instance}" - "port" = { - "number" = 80 - } - } - onlyoffice-service = { - "name" = "onlyoffice-${var.instance}" - "port" = { - "number" = 80 - } - } } module "ingress" { @@ -78,7 +66,6 @@ module "collabora-service" { namespace = var.namespace labels = local.collabora-labels targets = ["http"] - ports = [local.collabora-service.port.number] providers = { kubectl = kubectl } @@ -95,7 +82,7 @@ module "collabora-ingress" { labels = local.collabora-labels dns_names = [local.dns-collabora] middlewares = [] - services = [local.collabora-service] + services = [module.collabora-service.default_definition] providers = { kubectl = kubectl } @@ -109,7 +96,6 @@ module "onlyoffice-service" { namespace = var.namespace labels = local.onlyoffice-labels targets = ["http"] - ports = [local.onlyoffice-service.port.number] providers = { kubectl = kubectl } @@ -126,7 +112,7 @@ module "onlyoffice-ingress" { labels = local.onlyoffice-labels dns_names = [local.dns-onlyoffice] middlewares = [] - services = [local.onlyoffice-service] + services = [module.onlyoffice-service.default_definition] providers = { kubectl = kubectl } diff --git a/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml b/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml index 9f8caf7..d3b610b 100644 --- a/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml +++ b/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml @@ -9,6 +9,6 @@ roleRef: kind: Role name: nextcloud-privileged subjects: -- kind: ServiceAccount - name: nextcloud-serviceaccount - namespace: vynil-cloud \ No newline at end of file + - kind: ServiceAccount + name: nextcloud-serviceaccount + namespace: vynil-cloud \ No newline at end of file diff --git a/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml b/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml index 8f21b70..8b755a7 100644 --- a/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml +++ b/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml @@ -5,11 +5,11 @@ metadata: name: nextcloud-privileged namespace: vynil-cloud rules: -- apiGroups: - - extensions - resourceNames: - - privileged - resources: - - podsecuritypolicies - verbs: - - use \ No newline at end of file + - apiGroups: + - extensions + resourceNames: + - privileged + resources: + - podsecuritypolicies + verbs: + - use \ No newline at end of file diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml index e404a96..7bdb70b 100644 --- a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml +++ b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-config labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm data: diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml index c0eff26..823cf5a 100644 --- a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml +++ b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-nginxconfig labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm data: @@ -53,6 +53,15 @@ data: # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; + # Add .mjs as a file extension for javascript + # Either include it in the default mime.types list + # or include you can include that list explicitly and add the file extension + # only for Nextcloud like below: + include mime.types; + types { + text/javascript js mjs; + } + # Path to the root of your installation root /var/www/html; diff --git a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml index fc94d3a..51969a0 100644 --- a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml +++ b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml @@ -5,7 +5,7 @@ metadata: name: nextcloud-nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app diff --git a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml index a680176..91ea059 100644 --- a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml +++ b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml @@ -1,23 +1,23 @@ -# Source: nextcloud/templates/metrics-service.yaml +# Source: nextcloud/templates/metrics/service.yaml apiVersion: v1 kind: Service metadata: name: nextcloud-metrics labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: metrics - annotations: + annotations: prometheus.io/port: "9205" prometheus.io/scrape: "true" spec: type: ClusterIP ports: - - name: metrics - port: 9205 - targetPort: metrics + - name: metrics + port: 9205 + targetPort: metrics selector: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud diff --git a/apps/nextcloud/v1_Service_nextcloud.yaml b/apps/nextcloud/v1_Service_nextcloud.yaml index 50d029b..ceea651 100644 --- a/apps/nextcloud/v1_Service_nextcloud.yaml +++ b/apps/nextcloud/v1_Service_nextcloud.yaml @@ -5,17 +5,17 @@ metadata: name: nextcloud labels: app.kubernetes.io/name: nextcloud - helm.sh/chart: nextcloud-4.5.12 + helm.sh/chart: nextcloud-4.6.2 app.kubernetes.io/instance: nextcloud app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: app spec: type: ClusterIP ports: - - port: 80 - targetPort: 80 - protocol: TCP - name: http + - port: 80 + targetPort: 80 + protocol: TCP + name: http selector: app.kubernetes.io/name: nextcloud app.kubernetes.io/instance: nextcloud diff --git a/modules/forward/forward.tf b/modules/forward/forward.tf index c854473..50e3ba9 100644 --- a/modules/forward/forward.tf +++ b/modules/forward/forward.tf @@ -71,7 +71,7 @@ resource "restapi_object" "forward_outpost_binding" { resource "kubectl_manifest" "prj_middleware" { yaml_body = <<-EOF - apiVersion: traefik.containo.us/v1alpha1 + apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "forward-${local.app_name}" diff --git a/modules/ingress/ingress.tf b/modules/ingress/ingress.tf index 95c7766..c70e3e7 100644 --- a/modules/ingress/ingress.tf +++ b/modules/ingress/ingress.tf @@ -36,7 +36,7 @@ resource "kubectl_manifest" "prj_certificate" { resource "kubectl_manifest" "prj_https_redirect" { count = var.create_redirect||var.component==""?1:0 yaml_body = <<-EOF - apiVersion: "traefik.containo.us/v1alpha1" + apiVersion: "traefik.io/v1alpha1" kind: "Middleware" metadata: name: "${var.instance}-https" diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 9fb7195..b2efd0e 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,15 +6,15 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - sub_domain: - default: auth + domain: + default: your-company examples: - - auth + - your-company type: string - domain_name: - default: your_company.com + geoip: + default: /geoip/GeoLite2-City.mmdb examples: - - your_company.com + - /geoip/GeoLite2-City.mmdb type: string postgres: default: @@ -26,21 +26,61 @@ options: default: 1 type: integer type: object - ingress_class: - default: traefik + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false examples: - - traefik - type: string - loglevel: - default: info + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false + properties: + port: + default: 587 + type: integer + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean + type: object + domain_name: + default: your_company.com examples: - - info + - your_company.com type: string - geoip: - default: /geoip/GeoLite2-City.mmdb + sub_domain: + default: auth examples: - - /geoip/GeoLite2-City.mmdb + - auth type: string + error_reporting: + default: + enabled: false + environment: k8s + send_pii: false + examples: + - enabled: false + environment: k8s + send_pii: false + properties: + enabled: + default: false + type: boolean + environment: + default: k8s + type: string + send_pii: + default: false + type: boolean + type: object images: default: app: @@ -178,6 +218,21 @@ options: type: string type: object type: object + admin: + default: + email: auth-admin + examples: + - email: auth-admin + properties: + email: + default: auth-admin + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string redis: default: exporter: @@ -195,11 +250,6 @@ options: type: boolean type: object type: object - domain: - default: your-company - examples: - - your-company - type: string storage: default: postgres: @@ -229,16 +279,11 @@ options: type: string type: object type: object - admin: - default: - email: auth-admin + loglevel: + default: info examples: - - email: auth-admin - properties: - email: - default: auth-admin - type: string - type: object + - info + type: string backups: default: enable: false @@ -298,56 +343,11 @@ options: default: false type: boolean type: object - issuer: - default: letsencrypt-prod + ingress_class: + default: traefik examples: - - letsencrypt-prod + - traefik type: string - error_reporting: - default: - enabled: false - environment: k8s - send_pii: false - examples: - - enabled: false - environment: k8s - send_pii: false - properties: - enabled: - default: false - type: boolean - environment: - default: k8s - type: string - send_pii: - default: false - type: boolean - type: object - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object dependencies: - dist: null category: core diff --git a/share/authentik/presentation.tf b/share/authentik/presentation.tf index 2862ba5..00ce13c 100644 --- a/share/authentik/presentation.tf +++ b/share/authentik/presentation.tf @@ -9,7 +9,7 @@ locals { } resource "kubectl_manifest" "gitlab_userinfo" { yaml_body = <<-EOF - apiVersion: traefik.containo.us/v1alpha1 + apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-gitlab-userinfo" @@ -23,7 +23,7 @@ resource "kubectl_manifest" "gitlab_userinfo" { } resource "kubectl_manifest" "gitlab_authorize" { yaml_body = <<-EOF - apiVersion: traefik.containo.us/v1alpha1 + apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-gitlab-authorize" @@ -37,7 +37,7 @@ resource "kubectl_manifest" "gitlab_authorize" { } resource "kubectl_manifest" "gitlab_token" { yaml_body = <<-EOF - apiVersion: traefik.containo.us/v1alpha1 + apiVersion: traefik.io/v1alpha1 kind: Middleware metadata: name: "${var.instance}-gitlab-token" diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 9e29046..fc9d1a9 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,11 +6,48 @@ metadata: name: wildduck description: null options: + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string domain: default: your-company examples: - your-company type: string + app_group: + default: '' + examples: + - '' + type: string + storage: + default: + redis: + size: 2Gi + examples: + - redis: + size: 2Gi + properties: + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + type: object + additional-domains: + default: [] + items: + type: string + type: array + sub_domain: + default: mail + examples: + - mail + type: string redis: default: exporter: @@ -28,25 +65,10 @@ options: type: boolean type: object type: object - domain_name: - default: your_company.com + ingress_class: + default: traefik examples: - - your_company.com - type: string - app_group: - default: '' - examples: - - '' - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - sub_domain: - default: mail - examples: - - mail + - traefik type: string backups: default: @@ -78,11 +100,11 @@ options: default: backup-settings type: string type: object - additional-domains: - default: [] - items: - type: string - type: array + domain_name: + default: your_company.com + examples: + - your_company.com + type: string images: default: haraka: @@ -360,28 +382,6 @@ options: type: string type: object type: object - ingress_class: - default: traefik - examples: - - traefik - type: string - storage: - default: - redis: - size: 2Gi - examples: - - redis: - size: 2Gi - properties: - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - type: object dependencies: - dist: null category: dbo @@ -397,6 +397,7 @@ providers: authentik: true kubectl: true postgresql: null + mysql: null restapi: true http: null gitea: null diff --git a/share/wildduck/ingress.tf b/share/wildduck/ingress.tf index 16cc818..5c870a4 100644 --- a/share/wildduck/ingress.tf +++ b/share/wildduck/ingress.tf @@ -42,7 +42,7 @@ resource "kubectl_manifest" "prj_certificate" { resource "kubectl_manifest" "prj_https_redirect" { yaml_body = <<-EOF - apiVersion: "traefik.containo.us/v1alpha1" + apiVersion: "traefik.io/v1alpha1" kind: "Middleware" metadata: name: "${var.instance}-https"