vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-10-23 19:53:14 +02:00
parent bab68d5822
commit 2849b6fa1a
5 changed files with 343 additions and 360 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/dbgate/configs.tf
View File

@@ -52,6 +52,7 @@ locals {
"OAUTH_LOGOUT" = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/end-session/"
"OAUTH_LOGIN_FIELD" = "nickname"
"OAUTH_SCOPE" = "email"
"NODE_EXTRA_CA_CERTS" = "/etc/local-ca/ca.crt"
}
connections = join(",", concat(local.pg_conns, local.maria_conns, local.mongo_conns, local.redis_conns))
connection_vars = merge(local.pg_vars, local.maria_vars, local.mongo_vars, local.redis_vars)
@@ -66,7 +67,7 @@ resource "kubectl_manifest" "dbgate-config" {
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
data: ${jsonencode(var.use-oauth?merge(local.oauth_config, local.connection_vars):local.connection_vars)}
data: ${jsonencode(merge(local.oauth_config, local.connection_vars))}
EOF
}

205
apps/dbgate/index.yaml
View File

@@ -6,10 +6,10 @@ metadata:
name: dbgate
description: null
options:
domain-name:
default: your_company.com
issuer:
default: letsencrypt-prod
examples:
- your_company.com
- letsencrypt-prod
type: string
storage:
default:
@@ -38,103 +38,6 @@ options:
- Block
type: string
type: object
use-oauth:
default: false
examples:
- false
type: boolean
mongo:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: dbgate
examples:
- dbgate
type: string
pg:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
redis:
default: []
examples:
- []
items:
properties:
name:
default: ''
type: string
namespace:
default: ''
type: string
type: object
type: array
app-group:
default: dev
examples:
- dev
type: string
maria:
default: []
examples:
@@ -164,11 +67,6 @@ options:
type: string
type: object
type: array
domain:
default: your-company
examples:
- your-company
type: string
images:
default:
dbgate:
@@ -208,6 +106,103 @@ options:
type: string
type: object
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: dbgate
examples:
- dbgate
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
app-group:
default: dev
examples:
- dev
type: string
redis:
default: []
examples:
- []
items:
properties:
name:
default: ''
type: string
namespace:
default: ''
type: string
type: object
type: array
domain:
default: your-company
examples:
- your-company
type: string
mongo:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
pg:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
dependencies:
- dist: null
category: share

36
apps/dbgate/presentation.tf
View File

@@ -37,7 +37,7 @@ module "ingress" {
ingress-class = var.ingress-class
labels = local.common-labels
dns-names = local.dns-names
middlewares = var.use-oauth?[]:["forward-${local.app-name}"]
middlewares = []
service = local.service
providers = {
kubectl = kubectl
@@ -51,14 +51,13 @@ module "application" {
app-group = var.app-group
dns-name = local.dns-name
icon = local.icon
protocol_provider = var.use-oauth?module.oauth2[0].provider-id:module.forward[0].provider-id
protocol_provider = module.oauth2.provider-id
providers = {
authentik = authentik
}
}
module "oauth2" {
count = var.use-oauth?1:0
source = "/dist/modules/oauth2"
component = var.component
instance = var.instance
@@ -72,34 +71,3 @@ module "oauth2" {
authentik = authentik
}
}
provider "restapi" {
uri = "http://authentik.${var.domain}-auth.svc/api/v3/"
headers = local.request_headers
create_method = "PATCH"
update_method = "PATCH"
destroy_method = "PATCH"
write_returns_object = true
id_attribute = "name"
}
module "forward" {
count = var.use-oauth?0:1
source = "/dist/modules/forward"
component = var.component
instance = var.instance
domain = var.domain
namespace = var.namespace
ingress-class = var.ingress-class
labels = local.common-labels
dns-names = local.dns-names
service = local.service
icon = local.icon
request_headers = local.request_headers
providers = {
restapi = restapi
http = http
kubectl = kubectl
authentik = authentik
}
}

21
meta/domain-devspaces/apps.tf
View File

@@ -29,7 +29,6 @@ locals {
)
}, { for k, v in var.apps.okd : k => v if k!="enable" })
dbgate = merge({
"use-oauth" = var.issuer == "letsencrypt-prod"
"pg" = concat(
flatten([for ds in local.sorted-datasets: [for db in lookup(ds, "databases", []): {
"name" = "${ds.name}-dataset-pg"
@@ -41,6 +40,16 @@ locals {
"key" = "POSGRESQL_PASSWORD"
}
}] if ds.engine=="pg"]),
flatten([for ds in local.sorted-datasets: {
"name" = "${ds.name}-dataset-pg"
"namespace" = ds.namespace
"dbname" = ds.name
"username" = ds.name
"secret" = {
"name" = "${ds.name}-dataset-pg-app"
"key" = "password"
}
} if ds.engine=="pg"]),
flatten([for org in local.sorted-organisations: flatten([for stage in lookup(org, "stages", []): flatten([for ds in org.datasets: [for db in lookup(ds, "databases", []):{
"name" = "${ds.name}-dataset-pg"
"namespace" = "${var.domain}-${org.name}-${stage.name}"
@@ -51,6 +60,16 @@ locals {
"key" = "POSGRESQL_PASSWORD"
}
}] if ds.engine=="pg"])])]),
flatten([for org in local.sorted-organisations: flatten([for stage in lookup(org, "stages", []): flatten([for ds in org.datasets: {
"name" = "${ds.name}-dataset-pg"
"namespace" = "${var.domain}-${org.name}-${stage.name}"
"dbname" = ds.name
"username" = ds.name
"secret" = {
"name" = "${ds.name}-dataset-pg-app"
"key" = "password"
}
} if ds.engine=="pg"])])]),
var.external-pgs
)
"maria" = concat(

438
meta/domain-devspaces/index.yaml
View File

@@ -6,201 +6,6 @@ metadata:
name: domain-devspaces
description: null
options:
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
app-group:
default: dev
examples:
- dev
type: string
organisations:
default: []
examples:
- []
items:
properties:
datasets:
default: []
items:
properties:
databases:
default: []
items:
properties:
name:
default: db
type: string
type: object
type: array
engine:
default: pg
type: string
name:
default: ''
type: string
type: object
type: array
name:
default: ''
type: string
stages:
default: []
items:
properties:
name:
default: prod
type: string
type: object
type: array
type: object
type: array
domain:
default: your-company
examples:
- your-company
type: string
external-mongos:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
stations:
default: []
examples:
- []
items:
properties:
name:
default: ''
type: string
organisations:
default: []
items:
type: string
type: array
type: object
type: array
images:
default:
codeserver:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
examples:
- codeserver:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
properties:
codeserver:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: sebt3/code-server
type: string
tag:
default: 4.15
type: number
type: object
type: object
stations-sub-domain:
default: code
examples:
- code
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
external-redis:
default: []
examples:
@@ -220,31 +25,11 @@ options:
examples:
- your_company.com
type: string
storage-classes:
default:
BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
stations-sub-domain:
default: code
examples:
- BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
properties:
BlockReadWriteMany:
default: ''
type: string
BlockReadWriteOnce:
default: ''
type: string
FilesystemReadWriteMany:
default: ''
type: string
FilesystemReadWriteOnce:
default: ''
type: string
type: object
- code
type: string
apps:
default:
dbgate:
@@ -298,6 +83,66 @@ options:
type: boolean
type: object
type: object
images:
default:
codeserver:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
examples:
- codeserver:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
properties:
codeserver:
default:
pullPolicy: IfNotPresent
registry: docker.io
repository: sebt3/code-server
tag: 4.15
properties:
pullPolicy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: sebt3/code-server
type: string
tag:
default: 4.15
type: number
type: object
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
stations:
default: []
examples:
- []
items:
properties:
name:
default: ''
type: string
organisations:
default: []
items:
type: string
type: array
type: object
type: array
external-marias:
default: []
examples:
@@ -353,6 +198,161 @@ options:
type: string
type: object
type: array
ingress-class:
default: traefik
examples:
- traefik
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
organisations:
default: []
examples:
- []
items:
properties:
datasets:
default: []
items:
properties:
databases:
default: []
items:
properties:
name:
default: db
type: string
type: object
type: array
engine:
default: pg
type: string
name:
default: ''
type: string
type: object
type: array
name:
default: ''
type: string
stages:
default: []
items:
properties:
name:
default: prod
type: string
type: object
type: array
type: object
type: array
external-mongos:
default: []
examples:
- []
items:
properties:
dbname:
default: ''
type: string
name:
default: ''
type: string
namespace:
default: ''
type: string
secret:
properties:
key:
default: ''
type: string
name:
default: ''
type: string
type: object
username:
default: ''
type: string
type: object
type: array
storage-classes:
default:
BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
examples:
- BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
properties:
BlockReadWriteMany:
default: ''
type: string
BlockReadWriteOnce:
default: ''
type: string
FilesystemReadWriteMany:
default: ''
type: string
FilesystemReadWriteOnce:
default: ''
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
app-group:
default: dev
examples:
- dev
type: string
dependencies: []
providers:
kubernetes: true