From 1f944617e5afc378018d6ffc2e3c22b68de1918b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sat, 12 Aug 2023 12:10:15 +0200 Subject: [PATCH] fix --- apps/dolibarr/index.yaml | 422 +++++++++++++++++----------------- apps/dolibarr/postgresql.tf | 38 ++- apps/gitea/index.yaml | 232 +++++++++---------- apps/gitea/postgresql.tf | 34 ++- apps/nextcloud/index.yaml | 380 +++++++++++++++--------------- apps/nextcloud/postgresql.tf | 33 ++- share/authentik/index.yaml | 198 ++++++++-------- share/authentik/postgresql.tf | 60 ++--- 8 files changed, 674 insertions(+), 723 deletions(-) diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index 5aa6407..91a4441 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -6,108 +6,34 @@ metadata: name: dolibarr description: null options: - storage: + modules: default: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem + - societe examples: - - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - block - type: string - type: object - images: - default: - dolibarr: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/dolibarr - tag: 17.0.1 - nginx: - pullPolicy: IfNotPresent - registry: docker.io - repository: nginx - tag: alpine - examples: - - dolibarr: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/dolibarr - tag: 17.0.1 - nginx: - pullPolicy: IfNotPresent - registry: docker.io - repository: nginx - tag: alpine - properties: - dolibarr: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: sebt3/dolibarr - tag: 17.0.1 - properties: - pullPolicy: - default: IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: sebt3/dolibarr - type: string - tag: - default: 17.0.1 - type: string - type: object - nginx: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: nginx - tag: alpine - properties: - pullPolicy: - default: IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: nginx - type: string - tag: - default: alpine - type: string - type: object - type: object + - - societe + items: + type: string + type: array domain-name: default: your_company.com examples: - your_company.com type: string - sub-domain: - default: erp + user-groups: + default: + - admin: true + name: dolibarr-admin examples: - - erp - type: string + - - admin: true + name: dolibarr-admin + items: + properties: + admin: + type: boolean + name: + type: string + type: object + type: array redis: default: exporter: @@ -141,6 +67,16 @@ options: default: 2Gi type: string type: object + sub-domain: + default: erp + examples: + - erp + type: string + domain: + default: your-company + examples: + - your-company + type: string parameters: default: MAIN_LANG_DEFAULT: auto @@ -151,6 +87,124 @@ options: default: auto type: string type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + resources: + default: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + examples: + - limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + properties: + limits: + default: + cpu: 200m + memory: 256Mi + properties: + cpu: + default: 200m + type: string + memory: + default: 256Mi + type: string + type: object + requests: + default: + cpu: 50m + memory: 100Mi + properties: + cpu: + default: 50m + type: string + memory: + default: 100Mi + type: string + type: object + type: object + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - block + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object backups: default: enable: false @@ -252,130 +306,76 @@ options: default: backup-settings type: string type: object - user-groups: + images: default: - - admin: true - name: dolibarr-admin + dolibarr: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/dolibarr + tag: 17.0.1 + nginx: + pullPolicy: IfNotPresent + registry: docker.io + repository: nginx + tag: alpine examples: - - - admin: true - name: dolibarr-admin - items: - properties: - admin: - type: boolean - name: - type: string - type: object - type: array + - dolibarr: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/dolibarr + tag: 17.0.1 + nginx: + pullPolicy: IfNotPresent + registry: docker.io + repository: nginx + tag: alpine + properties: + dolibarr: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: sebt3/dolibarr + tag: 17.0.1 + properties: + pullPolicy: + default: IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: sebt3/dolibarr + type: string + tag: + default: 17.0.1 + type: string + type: object + nginx: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: nginx + tag: alpine + properties: + pullPolicy: + default: IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: nginx + type: string + tag: + default: alpine + type: string + type: object + type: object log-level: default: 5 examples: - 5 type: integer - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain: - default: your-company - examples: - - your-company - type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - resources: - default: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - examples: - - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - properties: - limits: - default: - cpu: 200m - memory: 256Mi - properties: - cpu: - default: 200m - type: string - memory: - default: 256Mi - type: string - type: object - requests: - default: - cpu: 50m - memory: 100Mi - properties: - cpu: - default: 50m - type: string - memory: - default: 100Mi - type: string - type: object - type: object - modules: - default: - - societe - examples: - - - societe - items: - type: string - type: array - ingress-class: - default: traefik - examples: - - traefik - type: string - postgres: - default: - replicas: 1 - storage: 5Gi - version: '14' - examples: - - replicas: 1 - storage: 5Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string - type: object dependencies: - dist: null category: share diff --git a/apps/dolibarr/postgresql.tf b/apps/dolibarr/postgresql.tf index 7c0c762..24b6374 100644 --- a/apps/dolibarr/postgresql.tf +++ b/apps/dolibarr/postgresql.tf @@ -2,23 +2,6 @@ locals { pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "pg" }) - backup-def = { - retentionPolicy = var.backups.retention.db - barmanObjectStore = { - destinationPath = "s3://${var.instance}-${var.namespace}/" - endpointURL = "${var.backups.endpoint}/barman" - s3Credentials = { - accessKeyId = { - name = var.backups.secret-name - key = var.backups.key-id-key - } - secretAccessKey = { - name = var.backups.secret-name - key = var.backups.secret-key - } - } - } - } } resource "kubectl_manifest" "prj_pg" { @@ -31,19 +14,30 @@ resource "kubectl_manifest" "prj_pg" { labels: ${jsonencode(local.pg-labels)} spec: instances: ${var.postgres.replicas} - monitoring: - enablePodMonitor: true + storage: + size: "${var.postgres.storage}" bootstrap: initdb: database: "${var.component}" owner: "${var.component}" - storage: - size: "${var.postgres.storage}" - backup: ${jsonencode(var.backups.enable?local.backup-def:{})} + monitoring: + enablePodMonitor: true + backup: + barmanObjectStore: + destinationPath: "s3://${var.instance}-${var.namespace}/" + endpointURL: "${var.backups.endpoint}/barman" + s3Credentials: + accessKeyId: + name: "${var.backups.secret-name}" + key: "${var.backups.key-id-key}" + secretAccessKey: + name: "${var.backups.secret-name}" + key: "${var.backups.secret-key}" EOF } resource "kubectl_manifest" "prj_pg_backup" { + count = var.backup.enable ? 1:0 yaml_body = <<-EOF apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 28b731f..eae692f 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,85 +9,30 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - volume: + admin: default: - size: 10Gi + email: git-admin@git.your_company.com + name: gitea_admin examples: - - size: 10Gi + - email: git-admin@git.your_company.com + name: gitea_admin properties: - size: - default: 10Gi + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin type: string type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - load-balancer: - default: - ip: '' - examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string - disable-registration: - default: true - examples: - - true - type: boolean - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - ssh-port: - default: 2222 - examples: - - 2222 - type: integer - default-branch: - default: main - examples: - - main - type: string - webhook: - default: - allowed-hosts: private - skip-tls-verify: false - examples: - - allowed-hosts: private - skip-tls-verify: false - properties: - allowed-hosts: - default: private - type: string - skip-tls-verify: - default: false - type: boolean - type: object - theme: - default: gitea-modern - examples: - - gitea-modern - type: string release: default: 8.3.0 examples: - 8.3.0 type: string - sub-domain: - default: git + ingress-class: + default: traefik examples: - - git + - traefik type: string backups: default: @@ -190,51 +135,6 @@ options: default: backup-settings type: string type: object - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object - postgres: - default: - replicas: 1 - storage: 10Gi - version: '14' - examples: - - replicas: 1 - storage: 10Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 10Gi - type: string - version: - default: '14' - type: string - type: object - timezone: - default: Europe/Paris - examples: - - Europe/Paris - type: string - replicas: - default: 1 - examples: - - 1 - type: integer push-create: default: org: 'true' @@ -255,10 +155,65 @@ options: default: 'true' type: string type: object - ingress-class: - default: traefik + webhook: + default: + allowed-hosts: private + skip-tls-verify: false examples: - - traefik + - allowed-hosts: private + skip-tls-verify: false + properties: + allowed-hosts: + default: private + type: string + skip-tls-verify: + default: false + type: boolean + type: object + ssh-port: + default: 2222 + examples: + - 2222 + type: integer + timezone: + default: Europe/Paris + examples: + - Europe/Paris + type: string + volume: + default: + size: 10Gi + examples: + - size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + load-balancer: + default: + ip: '' + examples: + - ip: '' + properties: + ip: + default: '' + type: string + type: object + sub-domain: + default: git + examples: + - git + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + theme: + default: gitea-modern + examples: + - gitea-modern type: string images: default: @@ -323,6 +278,51 @@ options: type: string type: object type: object + replicas: + default: 1 + examples: + - 1 + type: integer + domain: + default: your-company + examples: + - your-company + type: string + default-branch: + default: main + examples: + - main + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + disable-registration: + default: true + examples: + - true + type: boolean + postgres: + default: + replicas: 1 + storage: 10Gi + version: '14' + examples: + - replicas: 1 + storage: 10Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 10Gi + type: string + version: + default: '14' + type: string + type: object dependencies: - dist: null category: share diff --git a/apps/gitea/postgresql.tf b/apps/gitea/postgresql.tf index d21aef4..24b6374 100644 --- a/apps/gitea/postgresql.tf +++ b/apps/gitea/postgresql.tf @@ -2,23 +2,6 @@ locals { pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "pg" }) - backup-def = { - retentionPolicy = var.backups.retention.db - barmanObjectStore = { - destinationPath = "s3://${var.instance}-${var.namespace}/" - endpointURL = "${var.backups.endpoint}/barman" - s3Credentials = { - accessKeyId = { - name = var.backups.secret-name - key = var.backups.key-id-key - } - secretAccessKey = { - name = var.backups.secret-name - key = var.backups.secret-key - } - } - } - } } resource "kubectl_manifest" "prj_pg" { @@ -33,17 +16,28 @@ resource "kubectl_manifest" "prj_pg" { instances: ${var.postgres.replicas} storage: size: "${var.postgres.storage}" - monitoring: - enablePodMonitor: true bootstrap: initdb: database: "${var.component}" owner: "${var.component}" - backup: ${jsonencode(var.backups.enable?local.backup-def:{})} + monitoring: + enablePodMonitor: true + backup: + barmanObjectStore: + destinationPath: "s3://${var.instance}-${var.namespace}/" + endpointURL: "${var.backups.endpoint}/barman" + s3Credentials: + accessKeyId: + name: "${var.backups.secret-name}" + key: "${var.backups.key-id-key}" + secretAccessKey: + name: "${var.backups.secret-name}" + key: "${var.backups.secret-key}" EOF } resource "kubectl_manifest" "prj_pg_backup" { + count = var.backup.enable ? 1:0 yaml_body = <<-EOF apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 74042be..aeda6f6 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,144 +6,6 @@ metadata: name: nextcloud description: null options: - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 2Gi - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain: - default: your-company - examples: - - your-company - type: string - apps: - default: - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true - examples: - - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true - properties: - audioplayer: - default: false - type: boolean - bookmarks: - default: false - type: boolean - bpm: - default: false - type: boolean - calendar: - default: false - type: boolean - collabora: - default: false - type: boolean - contacts: - default: false - type: boolean - deck: - default: false - type: boolean - groupfolders: - default: true - type: boolean - mindmap: - default: false - type: boolean - music: - default: false - type: boolean - notes: - default: false - type: boolean - onlyoffice: - default: false - type: boolean - passman: - default: false - type: boolean - spreed: - default: false - type: boolean - tables: - default: false - type: boolean - tasks: - default: false - type: boolean - texteditor: - default: true - type: boolean - type: object storage: default: accessMode: ReadWriteOnce @@ -163,36 +25,11 @@ options: default: 10Gi type: string type: object - admin: - default: - name: nextcloud_admin + domain: + default: your-company examples: - - name: nextcloud_admin - properties: - name: - default: nextcloud_admin - type: string - type: object - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object + - your-company + type: string images: default: collabora: @@ -356,24 +193,34 @@ options: type: string type: object type: object - postgres: + hpa: default: - replicas: 1 - storage: 5Gi - version: '14' + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 examples: - - replicas: 1 - storage: 5Gi - version: '14' + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 properties: - replicas: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: default: 1 type: integer - storage: - default: 5Gi - type: string - version: - default: '14' + type: object + admin: + default: + name: nextcloud_admin + examples: + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin type: string type: object ingress-class: @@ -381,16 +228,6 @@ options: examples: - traefik type: string - openid-name: - default: vynil - examples: - - vynil - type: string - sub-domain: - default: files - examples: - - files - type: string backups: default: enable: false @@ -492,6 +329,169 @@ options: default: backup-settings type: string type: object + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + apps: + default: + audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true + examples: + - audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true + properties: + audioplayer: + default: false + type: boolean + bookmarks: + default: false + type: boolean + bpm: + default: false + type: boolean + calendar: + default: false + type: boolean + collabora: + default: false + type: boolean + contacts: + default: false + type: boolean + deck: + default: false + type: boolean + groupfolders: + default: true + type: boolean + mindmap: + default: false + type: boolean + music: + default: false + type: boolean + notes: + default: false + type: boolean + onlyoffice: + default: false + type: boolean + passman: + default: false + type: boolean + spreed: + default: false + type: boolean + tables: + default: false + type: boolean + tasks: + default: false + type: boolean + texteditor: + default: true + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + sub-domain: + default: files + examples: + - files + type: string + openid-name: + default: vynil + examples: + - vynil + type: string + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 2Gi + type: string + type: object dependencies: - dist: null category: share diff --git a/apps/nextcloud/postgresql.tf b/apps/nextcloud/postgresql.tf index e883b2d..24b6374 100644 --- a/apps/nextcloud/postgresql.tf +++ b/apps/nextcloud/postgresql.tf @@ -2,22 +2,6 @@ locals { pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "pg" }) - backup-def = { - barmanObjectStore = { - destinationPath = "s3://${var.instance}-${var.namespace}/" - endpointURL = "${var.backups.endpoint}/barman" - s3Credentials = { - accessKeyId = { - name = var.backups.secret-name - key = var.backups.key-id-key - } - secretAccessKey = { - name = var.backups.secret-name - key = var.backups.secret-key - } - } - } - } } resource "kubectl_manifest" "prj_pg" { @@ -32,17 +16,28 @@ resource "kubectl_manifest" "prj_pg" { instances: ${var.postgres.replicas} storage: size: "${var.postgres.storage}" - monitoring: - enablePodMonitor: true bootstrap: initdb: database: "${var.component}" owner: "${var.component}" - backup: ${jsonencode(var.backups.enable?local.backup-def:{})} + monitoring: + enablePodMonitor: true + backup: + barmanObjectStore: + destinationPath: "s3://${var.instance}-${var.namespace}/" + endpointURL: "${var.backups.endpoint}/barman" + s3Credentials: + accessKeyId: + name: "${var.backups.secret-name}" + key: "${var.backups.key-id-key}" + secretAccessKey: + name: "${var.backups.secret-name}" + key: "${var.backups.secret-key}" EOF } resource "kubectl_manifest" "prj_pg_backup" { + count = var.backup.enable ? 1:0 yaml_body = <<-EOF apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 8456c6b..faa05ec 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -6,21 +6,16 @@ metadata: name: authentik description: authentik is an open-source Identity Provider focused on flexibility and versatility options: - loglevel: - default: info + sub-domain: + default: auth examples: - - info + - auth type: string - admin: - default: - email: auth-admin + issuer: + default: letsencrypt-prod examples: - - email: auth-admin - properties: - email: - default: auth-admin - type: string - type: object + - letsencrypt-prod + type: string email: default: port: 587 @@ -46,79 +41,6 @@ options: default: false type: boolean type: object - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 8Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 8Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 8Gi - type: string - type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - image: - default: - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.5.4 - examples: - - project: goauthentik - pullPolicy: IfNotPresent - registry: ghcr.io - repository: goauthentik/server - tag: 2023.5.4 - properties: - project: - default: goauthentik - type: string - pullPolicy: - default: IfNotPresent - type: string - registry: - default: ghcr.io - type: string - repository: - default: goauthentik/server - type: string - tag: - default: 2023.5.4 - type: string - type: object postgres: default: replicas: 1 @@ -139,15 +61,10 @@ options: default: '14' type: string type: object - sub-domain: - default: auth + domain: + default: your-company examples: - - auth - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod + - your-company type: string error_reporting: default: @@ -169,6 +86,16 @@ options: default: false type: boolean type: object + loglevel: + default: info + examples: + - info + type: string + geoip: + default: /geoip/GeoLite2-City.mmdb + examples: + - /geoip/GeoLite2-City.mmdb + type: string backups: default: enable: false @@ -223,16 +150,89 @@ options: default: backup-settings type: string type: object - domain: - default: your-company + ingress-class: + default: traefik examples: - - your-company + - traefik type: string - geoip: - default: /geoip/GeoLite2-City.mmdb + image: + default: + project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.5.4 examples: - - /geoip/GeoLite2-City.mmdb + - project: goauthentik + pullPolicy: IfNotPresent + registry: ghcr.io + repository: goauthentik/server + tag: 2023.5.4 + properties: + project: + default: goauthentik + type: string + pullPolicy: + default: IfNotPresent + type: string + registry: + default: ghcr.io + type: string + repository: + default: goauthentik/server + type: string + tag: + default: 2023.5.4 + type: string + type: object + domain-name: + default: your_company.com + examples: + - your_company.com type: string + admin: + default: + email: auth-admin + examples: + - email: auth-admin + properties: + email: + default: auth-admin + type: string + type: object + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 8Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 8Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 8Gi + type: string + type: object dependencies: - dist: null category: core diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf index a0c5d81..24b6374 100644 --- a/share/authentik/postgresql.tf +++ b/share/authentik/postgresql.tf @@ -2,26 +2,6 @@ locals { pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "pg" }) - pool-labels = merge(local.common-labels, { - "app.kubernetes.io/component" = "pg-pool" - }) - backup-def = { - retentionPolicy = var.backups.retention.db - barmanObjectStore = { - destinationPath = "s3://${var.instance}-${var.namespace}/" - endpointURL = "${var.backups.endpoint}/barman" - s3Credentials = { - accessKeyId = { - name = var.backups.secret-name - key = var.backups.key-id-key - } - secretAccessKey = { - name = var.backups.secret-name - key = var.backups.secret-key - } - } - } - } } resource "kubectl_manifest" "prj_pg" { @@ -36,17 +16,28 @@ resource "kubectl_manifest" "prj_pg" { instances: ${var.postgres.replicas} storage: size: "${var.postgres.storage}" - monitoring: - enablePodMonitor: true bootstrap: initdb: database: "${var.component}" owner: "${var.component}" - backup: ${jsonencode(var.backups.enable?local.backup-def:{})} + monitoring: + enablePodMonitor: true + backup: + barmanObjectStore: + destinationPath: "s3://${var.instance}-${var.namespace}/" + endpointURL: "${var.backups.endpoint}/barman" + s3Credentials: + accessKeyId: + name: "${var.backups.secret-name}" + key: "${var.backups.key-id-key}" + secretAccessKey: + name: "${var.backups.secret-name}" + key: "${var.backups.secret-key}" EOF } resource "kubectl_manifest" "prj_pg_backup" { + count = var.backup.enable ? 1:0 yaml_body = <<-EOF apiVersion: postgresql.cnpg.io/v1 kind: ScheduledBackup @@ -61,26 +52,3 @@ resource "kubectl_manifest" "prj_pg_backup" { name: "${var.instance}-${var.component}-pg" EOF } - - -resource "kubectl_manifest" "prj_pg_pool" { - depends_on = [kubectl_manifest.prj_pg] - yaml_body = <<-EOF - apiVersion: postgresql.cnpg.io/v1 - kind: Pooler - metadata: - name: "${var.instance}-${var.component}-pool" - namespace: "${var.namespace}" - labels: ${jsonencode(local.pool-labels)} - spec: - cluster: - name: "${var.instance}-${var.component}-pg" - instances: 1 - type: rw - pgbouncer: - poolMode: session - parameters: - max_client_conn: "1000" - default_pool_size: "10" - EOF -}