diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index de93837a61b514015851c7c0b2451f6522f95757..0e1c478ced2f5bbfa587522c2cf58eba7a74aaff 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -86,3 +86,14 @@ local_flux: false
flux_source:
repo: "https://open.greenhost.net/openappstack/openappstack"
branch: "master"
+
+# A whitelist of applications that will be enabled.
+enabled_applications:
+ - 'cert-manager'
+ - 'ingress'
+ - 'local-storage'
+ - 'monitoring'
+ - 'nextcloud'
+ - 'rocketchat'
+ - 'single-sign-on'
+ - 'wordpress'
diff --git a/ansible/roles/apps/tasks/cert-manager.yml b/ansible/roles/apps/tasks/cert-manager.yml
index 055cb85c47692ab91b4d43293d87f5fc7b68b3c4..24a0b1d2cdcff70e5b6e05fdbe1d59be68821220 100644
--- a/ansible/roles/apps/tasks/cert-manager.yml
+++ b/ansible/roles/apps/tasks/cert-manager.yml
@@ -52,7 +52,7 @@
- cert-manager
vars:
flux:
- name: "cert-manager-settings"
+ name: "cert-manager"
namespace: "oas"
include_tasks:
file: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/flux_secret.yml b/ansible/roles/apps/tasks/flux_secret.yml
index 23cac6b5b1c7b9098bf4480c4f7163f157def45a..2342d6f91dc02777283586d4288d6f8f3a950c0a 100644
--- a/ansible/roles/apps/tasks/flux_secret.yml
+++ b/ansible/roles/apps/tasks/flux_secret.yml
@@ -11,6 +11,7 @@
kind: Secret
metadata:
namespace: "{{ flux.namespace | default('oas-apps') }}"
- name: "{{ flux.name }}"
+ name: "{{ flux.name }}-settings"
data:
- values.yaml: "{{ lookup('template','{{ flux.name }}.yaml') | b64encode }}"
+ values.yaml: "{{ lookup('template','settings/{{ flux.name }}.yaml') | b64encode }}"
+ enabled: "{{ (flux.name in enabled_applications) | ternary('true', 'false') | b64encode }}"
diff --git a/ansible/roles/apps/tasks/local-storage.yml b/ansible/roles/apps/tasks/local-storage.yml
index 22e9c132505d781c73ca56e5bc273f22e111a090..be37099ca8292efb5807d6878f8913a6fe70ee12 100644
--- a/ansible/roles/apps/tasks/local-storage.yml
+++ b/ansible/roles/apps/tasks/local-storage.yml
@@ -6,7 +6,7 @@
- local-storage
vars:
flux:
- name: "local-storage-settings"
+ name: "local-storage"
namespace: "oas"
include_tasks:
file: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/nextcloud.yml b/ansible/roles/apps/tasks/nextcloud.yml
index a591e63c50319434617dc04803d15e76ee9631c2..942e2ee871ac59fb90ff94286336965f444f5dc1 100644
--- a/ansible/roles/apps/tasks/nextcloud.yml
+++ b/ansible/roles/apps/tasks/nextcloud.yml
@@ -6,7 +6,7 @@
- nextcloud
vars:
flux:
- name: "nextcloud-settings"
+ name: "nextcloud"
include_tasks:
file: flux_secret.yml
apply:
diff --git a/ansible/roles/apps/tasks/nginx.yml b/ansible/roles/apps/tasks/nginx.yml
index 99c019ba8befa6404414ecf807d7185c55b59b59..20c5e04c84c975ec887b2e7e1e608da8f0089224 100644
--- a/ansible/roles/apps/tasks/nginx.yml
+++ b/ansible/roles/apps/tasks/nginx.yml
@@ -7,7 +7,7 @@
- nginx
vars:
flux:
- name: "ingress-settings"
+ name: "ingress"
namespace: "oas"
include_tasks:
file: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/prometheus.yml b/ansible/roles/apps/tasks/prometheus.yml
index af180c9755811d24db8de79a341fc330e8174f84..574519001dd01e25e7842ae3a3d0ca5f49e087a4 100644
--- a/ansible/roles/apps/tasks/prometheus.yml
+++ b/ansible/roles/apps/tasks/prometheus.yml
@@ -38,7 +38,7 @@
- prometheus
vars:
flux:
- name: "monitoring-settings"
+ name: "monitoring"
namespace: "oas"
include_tasks:
file: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/rocketchat.yml b/ansible/roles/apps/tasks/rocketchat.yml
index 5efe0efd3a25f053acacab6337f6087994f58d72..8f9c9b40c99ec5728d369a4bde024f8f25df208b 100644
--- a/ansible/roles/apps/tasks/rocketchat.yml
+++ b/ansible/roles/apps/tasks/rocketchat.yml
@@ -7,7 +7,7 @@
- rocketchat
vars:
flux:
- name: "rocketchat-settings"
+ name: "rocketchat"
include_tasks:
file: flux_secret.yml
apply:
diff --git a/ansible/roles/apps/tasks/single-sign-on.yml b/ansible/roles/apps/tasks/single-sign-on.yml
index 69a5c96988011ca16fb9c56a35f885d75577db57..0b7f0760fe218a5855360178fcc18569e2a9daa7 100644
--- a/ansible/roles/apps/tasks/single-sign-on.yml
+++ b/ansible/roles/apps/tasks/single-sign-on.yml
@@ -7,7 +7,7 @@
- single-sign-on
vars:
flux:
- name: "single-sign-on-settings"
+ name: "single-sign-on"
namespace: "oas"
include_tasks:
file: flux_secret.yml
diff --git a/ansible/roles/apps/tasks/wordpress.yml b/ansible/roles/apps/tasks/wordpress.yml
index 65f54fc0fa2209c7ba1c9e1f0cf848916470c961..f641ffd85917a41eb81a534e7f7a5bda6542217d 100644
--- a/ansible/roles/apps/tasks/wordpress.yml
+++ b/ansible/roles/apps/tasks/wordpress.yml
@@ -6,7 +6,7 @@
- wordpress
vars:
flux:
- name: "wordpress-settings"
+ name: "wordpress"
include_tasks:
file: flux_secret.yml
apply:
diff --git a/ansible/roles/apps/templates/cert-manager-settings.yaml b/ansible/roles/apps/templates/settings/cert-manager.yaml
similarity index 100%
rename from ansible/roles/apps/templates/cert-manager-settings.yaml
rename to ansible/roles/apps/templates/settings/cert-manager.yaml
diff --git a/ansible/roles/apps/templates/ingress-settings.yaml b/ansible/roles/apps/templates/settings/ingress.yaml
similarity index 100%
rename from ansible/roles/apps/templates/ingress-settings.yaml
rename to ansible/roles/apps/templates/settings/ingress.yaml
diff --git a/ansible/roles/apps/templates/local-storage-settings.yaml b/ansible/roles/apps/templates/settings/local-storage.yaml
similarity index 100%
rename from ansible/roles/apps/templates/local-storage-settings.yaml
rename to ansible/roles/apps/templates/settings/local-storage.yaml
diff --git a/ansible/roles/apps/templates/monitoring-settings.yaml b/ansible/roles/apps/templates/settings/monitoring.yaml
similarity index 100%
rename from ansible/roles/apps/templates/monitoring-settings.yaml
rename to ansible/roles/apps/templates/settings/monitoring.yaml
diff --git a/ansible/roles/apps/templates/nextcloud-settings.yaml b/ansible/roles/apps/templates/settings/nextcloud.yaml
similarity index 100%
rename from ansible/roles/apps/templates/nextcloud-settings.yaml
rename to ansible/roles/apps/templates/settings/nextcloud.yaml
diff --git a/ansible/roles/apps/templates/rocketchat-settings.yaml b/ansible/roles/apps/templates/settings/rocketchat.yaml
similarity index 100%
rename from ansible/roles/apps/templates/rocketchat-settings.yaml
rename to ansible/roles/apps/templates/settings/rocketchat.yaml
diff --git a/ansible/roles/apps/templates/single-sign-on-settings.yaml b/ansible/roles/apps/templates/settings/single-sign-on.yaml
similarity index 100%
rename from ansible/roles/apps/templates/single-sign-on-settings.yaml
rename to ansible/roles/apps/templates/settings/single-sign-on.yaml
diff --git a/ansible/roles/apps/templates/wordpress-settings.yaml b/ansible/roles/apps/templates/settings/wordpress.yaml
similarity index 100%
rename from ansible/roles/apps/templates/wordpress-settings.yaml
rename to ansible/roles/apps/templates/settings/wordpress.yaml
diff --git a/flux/.flux.yaml b/flux/.flux.yaml
index 49ce67f962e9c20f84a8b897394a9de3d4239927..348946f271485f7ce3c9e427e377b582a70e7c1c 100644
--- a/flux/.flux.yaml
+++ b/flux/.flux.yaml
@@ -1,17 +1,19 @@
version: 1
commandUpdated:
generators:
- # Find all yaml files in this directory (recursively). Ignore ones with
- # filename starting with a dot. For each of them, check if the
- # `application-list` configmap has blacklisted the app in the form of an
- # entry with key the app name and value "false", and skip it if so.
+ # Find all yaml files (recursively) in the directories oas and oas-apps.
+ # Ignore ones with filename starting with a dot. For each of them, check if
+ # the corresponding settings configmap has disabled the app by having a key
+ # "enabled" with value "false", and skip it in that case.
- command: >
- for path in $(find . -type f \( -name '*.yaml' -o -name '*.yml' \) -a ! -name '.*'); do
- filename=$(basename $path);
- name="${filename%.*}";
- userOverride=$(kubectl get cm -n oas application-list -o jsonpath="{.data.$name}");
- if [ "$userOverride" == "false" ]; then continue; fi;
- echo '---';
- cat $path;
+ for namespace in "oas" "oas-apps"; do
+ for path in $(find "$namespace" -type f \( -name '*.yaml' -o -name '*.yml' \) -a ! -name '.*'); do
+ filename=$(basename $path);
+ name="${filename%.*}";
+ enabled=$(kubectl get secret -n "$namespace" "${name}-settings" -o jsonpath="{.data.enabled}");
+ if [ "$enabled" == "false" ]; then continue; fi;
+ echo '---';
+ cat $path;
+ done;
done
updaters:
diff --git a/flux/apps/nextcloud.yaml b/flux/oas-apps/nextcloud.yaml
similarity index 100%
rename from flux/apps/nextcloud.yaml
rename to flux/oas-apps/nextcloud.yaml
diff --git a/flux/apps/rocketchat.yaml b/flux/oas-apps/rocketchat.yaml
similarity index 100%
rename from flux/apps/rocketchat.yaml
rename to flux/oas-apps/rocketchat.yaml
diff --git a/flux/apps/wordpress.yaml b/flux/oas-apps/wordpress.yaml
similarity index 100%
rename from flux/apps/wordpress.yaml
rename to flux/oas-apps/wordpress.yaml
diff --git a/flux/system/cert-manager.yaml b/flux/oas/cert-manager.yaml
similarity index 100%
rename from flux/system/cert-manager.yaml
rename to flux/oas/cert-manager.yaml
diff --git a/flux/system/local-storage.yaml b/flux/oas/local-storage.yaml
similarity index 100%
rename from flux/system/local-storage.yaml
rename to flux/oas/local-storage.yaml
diff --git a/flux/system/loki-stack.yaml b/flux/oas/loki-stack.yaml
similarity index 100%
rename from flux/system/loki-stack.yaml
rename to flux/oas/loki-stack.yaml
diff --git a/flux/system/monitoring.yaml b/flux/oas/monitoring.yaml
similarity index 100%
rename from flux/system/monitoring.yaml
rename to flux/oas/monitoring.yaml
diff --git a/flux/system/nginx.yaml b/flux/oas/nginx.yaml
similarity index 100%
rename from flux/system/nginx.yaml
rename to flux/oas/nginx.yaml
diff --git a/flux/system/single-sign-on.yaml b/flux/oas/single-sign-on.yaml
similarity index 100%
rename from flux/system/single-sign-on.yaml
rename to flux/oas/single-sign-on.yaml