From bbea4fcea17c489da5f771bc98f4bd6f68d36338 Mon Sep 17 00:00:00 2001
From: Varac <varac@varac.net>
Date: Wed, 23 Jun 2021 16:58:39 +0200
Subject: [PATCH] Add optional configmap and secret for customization
---
.../apps/monitoring/eventrouter-release.yaml | 9 ++++++++-
.../kube-prometheus-stack-release.yaml | 9 +++++++++
flux2/apps/monitoring/loki-release.yaml | 8 ++++++++
flux2/apps/monitoring/promtail-release.yaml | 8 ++++++++
flux2/apps/nextcloud/release.yaml | 8 ++++++++
flux2/apps/rocketchat/release.yaml | 8 ++++++++
flux2/apps/velero/release.yaml | 9 ++++++++-
flux2/apps/wordpress/release.yaml | 19 +++++++++++++------
flux2/core/base/metallb/release.yaml | 8 ++++++++
flux2/core/base/single-sign-on/release.yaml | 8 ++++++++
.../infrastructure/cert-manager/release.yaml | 8 ++++++++
.../local-path-provisioner/release.yaml | 10 +++++++++-
flux2/infrastructure/nginx/release.yaml | 8 ++++++++
flux2/infrastructure/secrets/release.yaml | 8 ++++++++
14 files changed, 119 insertions(+), 9 deletions(-)
diff --git a/flux2/apps/monitoring/eventrouter-release.yaml b/flux2/apps/monitoring/eventrouter-release.yaml
index 6ace3f9b9..1f0ac13c9 100644
--- a/flux2/apps/monitoring/eventrouter-release.yaml
+++ b/flux2/apps/monitoring/eventrouter-release.yaml
@@ -24,4 +24,11 @@ spec:
requests:
memory: 100Mi
cpu: 100m
-
\ No newline at end of file
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-eventrouter-override
+ optional: true
+ - kind: Secret
+ name: oas-eventrouter-override
+ optional: true
diff --git a/flux2/apps/monitoring/kube-prometheus-stack-release.yaml b/flux2/apps/monitoring/kube-prometheus-stack-release.yaml
index a9b592c89..6ecdbf8f6 100644
--- a/flux2/apps/monitoring/kube-prometheus-stack-release.yaml
+++ b/flux2/apps/monitoring/kube-prometheus-stack-release.yaml
@@ -31,6 +31,7 @@ spec:
kubeScheduler:
enabled: false
+ # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L115
alertmanager:
ingress:
enabled: true
@@ -276,3 +277,11 @@ spec:
cpu: 100m
memory: 64Mi
# priorityClassName: high-priority
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-kube-prometheus-stack-override
+ optional: true
+ - kind: Secret
+ name: oas-kube-prometheus-stack-override
+ optional: true
diff --git a/flux2/apps/monitoring/loki-release.yaml b/flux2/apps/monitoring/loki-release.yaml
index 07769a71e..b40528397 100644
--- a/flux2/apps/monitoring/loki-release.yaml
+++ b/flux2/apps/monitoring/loki-release.yaml
@@ -70,3 +70,11 @@ spec:
table_manager:
retention_deletes_enabled: true
retention_period: 672h # 28 days
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-loki-override
+ optional: true
+ - kind: Secret
+ name: oas-loki-override
+ optional: true
diff --git a/flux2/apps/monitoring/promtail-release.yaml b/flux2/apps/monitoring/promtail-release.yaml
index f5eacf743..2d64faf3f 100644
--- a/flux2/apps/monitoring/promtail-release.yaml
+++ b/flux2/apps/monitoring/promtail-release.yaml
@@ -53,3 +53,11 @@ spec:
event_name:
event_source_host:
event_source_component:
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-promtail-override
+ optional: true
+ - kind: Secret
+ name: oas-promtail-override
+ optional: true
diff --git a/flux2/apps/nextcloud/release.yaml b/flux2/apps/nextcloud/release.yaml
index 555d5d19b..bcef09fd6 100644
--- a/flux2/apps/nextcloud/release.yaml
+++ b/flux2/apps/nextcloud/release.yaml
@@ -196,3 +196,11 @@ spec:
- kind: ConfigMap
name: nextcloud-values-override
optional: true
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-nextcloud-override
+ optional: true
+ - kind: Secret
+ name: oas-nextcloud-override
+ optional: true
diff --git a/flux2/apps/rocketchat/release.yaml b/flux2/apps/rocketchat/release.yaml
index 881d815d5..627cf6a5e 100644
--- a/flux2/apps/rocketchat/release.yaml
+++ b/flux2/apps/rocketchat/release.yaml
@@ -139,3 +139,11 @@ spec:
image:
tag: 3.15.0
pullPolicy: IfNotPresent
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-rocketchat-override
+ optional: true
+ - kind: Secret
+ name: oas-rocketchat-override
+ optional: true
diff --git a/flux2/apps/velero/release.yaml b/flux2/apps/velero/release.yaml
index 3cbdba999..07a2fdd0f 100644
--- a/flux2/apps/velero/release.yaml
+++ b/flux2/apps/velero/release.yaml
@@ -123,5 +123,12 @@ spec:
includedNamespaces:
# We include all namespaces.
- '*'
-
configMaps: {}
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-velero-override
+ optional: true
+ - kind: Secret
+ name: oas-velero-override
+ optional: true
diff --git a/flux2/apps/wordpress/release.yaml b/flux2/apps/wordpress/release.yaml
index 61fc9aafc..39552985d 100644
--- a/flux2/apps/wordpress/release.yaml
+++ b/flux2/apps/wordpress/release.yaml
@@ -30,12 +30,12 @@ spec:
locale: en_US
url: "https://www.${domain}"
title: "OpenAppStack website"
-
+
persistence:
existingClaim: wordpress-files
podAnnotations:
backup.velero.io/backup-volumes: "wordpress-wp-uploads"
-
+
openid_connect_settings:
enabled: true
client_secret: ${wordpress_oauth_client_secret}
@@ -52,7 +52,7 @@ spec:
scope: email profile openid openappstack_roles offline_access
role_mapping_enabled: true
role_key: openappstack_roles
-
+
database:
db:
user: wordpress
@@ -76,7 +76,7 @@ spec:
memory: 256Mi
replication:
enabled: false
-
+
# It's advisable to set resource limits to prevent your K8s cluster from
# crashing
resources:
@@ -86,7 +86,7 @@ spec:
requests:
cpu: 100m
memory: 128Mi
-
+
ingress:
enabled: true
annotations:
@@ -100,4 +100,11 @@ spec:
- "www.${domain}"
- "${domain}"
secretName: oas-wordpress
-
\ No newline at end of file
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-wordpress-override
+ optional: true
+ - kind: Secret
+ name: oas-wordpress-override
+ optional: true
diff --git a/flux2/core/base/metallb/release.yaml b/flux2/core/base/metallb/release.yaml
index 8127c4873..00e84c213 100644
--- a/flux2/core/base/metallb/release.yaml
+++ b/flux2/core/base/metallb/release.yaml
@@ -25,3 +25,11 @@ spec:
protocol: layer2
addresses:
- "${ip_address}/32"
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-metallb-override
+ optional: true
+ - kind: Secret
+ name: oas-metallb-override
+ optional: true
diff --git a/flux2/core/base/single-sign-on/release.yaml b/flux2/core/base/single-sign-on/release.yaml
index 750f63c20..1fe758902 100644
--- a/flux2/core/base/single-sign-on/release.yaml
+++ b/flux2/core/base/single-sign-on/release.yaml
@@ -148,3 +148,11 @@ spec:
- "authorization_code"
- "refresh_token"
- "client_credentials"
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-single-sign-on-override
+ optional: true
+ - kind: Secret
+ name: oas-single-sign-on-override
+ optional: true
diff --git a/flux2/infrastructure/cert-manager/release.yaml b/flux2/infrastructure/cert-manager/release.yaml
index ca524e844..ef25cb2ff 100644
--- a/flux2/infrastructure/cert-manager/release.yaml
+++ b/flux2/infrastructure/cert-manager/release.yaml
@@ -45,3 +45,11 @@ spec:
cpu: 100m
memory: 80Mi
installCRDs: true
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-cert-manager-override
+ optional: true
+ - kind: Secret
+ name: oas-cert-manager-override
+ optional: true
diff --git a/flux2/infrastructure/local-path-provisioner/release.yaml b/flux2/infrastructure/local-path-provisioner/release.yaml
index bd8afc1b7..094b4a366 100644
--- a/flux2/infrastructure/local-path-provisioner/release.yaml
+++ b/flux2/infrastructure/local-path-provisioner/release.yaml
@@ -34,4 +34,12 @@ spec:
memory: 20Mi
limits:
cpu: 400m
- memory: 40Mi
\ No newline at end of file
+ memory: 40Mi
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-local-path-provisioner-override
+ optional: true
+ - kind: Secret
+ name: oas-local-path-provisioner-override
+ optional: true
diff --git a/flux2/infrastructure/nginx/release.yaml b/flux2/infrastructure/nginx/release.yaml
index 1c2514019..06d270b3c 100644
--- a/flux2/infrastructure/nginx/release.yaml
+++ b/flux2/infrastructure/nginx/release.yaml
@@ -40,3 +40,11 @@ spec:
requests:
cpu: 100m
memory: 64Mi
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-nginx-override
+ optional: true
+ - kind: Secret
+ name: oas-nginx-override
+ optional: true
diff --git a/flux2/infrastructure/secrets/release.yaml b/flux2/infrastructure/secrets/release.yaml
index a64f39be9..4073c1768 100644
--- a/flux2/infrastructure/secrets/release.yaml
+++ b/flux2/infrastructure/secrets/release.yaml
@@ -14,3 +14,11 @@ spec:
name: openappstack
namespace: flux-system
interval: 1h0m0s
+ # Allow custom values either by configMap or by secret
+ valuesFrom:
+ - kind: ConfigMap
+ name: oas-secrets-override
+ optional: true
+ - kind: Secret
+ name: oas-secrets-override
+ optional: true
--
GitLab