From 0b6c5b54acc119829a2e570f2b371310dd2660a6 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Wed, 3 Apr 2024 18:25:46 +0200
Subject: [PATCH] apps/design: add penpot preliminarily
Waiting on https://github.com/truecharts/charts/pull/17061
---
apps/design-kustomization.yaml | 13 ++++
apps/design/kustomization.yaml | 5 ++
apps/design/penpot-kustomization.yaml | 35 +++++++++
apps/design/penpot-secrets-kustomization.yaml | 22 ++++++
.../penpot-kustomization-variables.yaml | 7 ++
.../penpot-secrets/penpot-oauth-secret.yaml | 12 +++
.../penpot-secrets/penpot-variables.yaml | 9 +++
apps/design/penpot/penpot-oauth-client.yaml | 21 ++++++
apps/design/penpot/penpot-pvc.yaml | 15 ++++
apps/design/penpot/penpot-release.yaml | 27 +++++++
.../penpot/penpot-values-configmap.yaml | 73 +++++++++++++++++++
apps/kustomization.yaml | 2 +-
12 files changed, 240 insertions(+), 1 deletion(-)
create mode 100644 apps/design-kustomization.yaml
create mode 100644 apps/design/kustomization.yaml
create mode 100644 apps/design/penpot-kustomization.yaml
create mode 100644 apps/design/penpot-secrets-kustomization.yaml
create mode 100644 apps/design/penpot-secrets/penpot-kustomization-variables.yaml
create mode 100644 apps/design/penpot-secrets/penpot-oauth-secret.yaml
create mode 100644 apps/design/penpot-secrets/penpot-variables.yaml
create mode 100644 apps/design/penpot/penpot-oauth-client.yaml
create mode 100644 apps/design/penpot/penpot-pvc.yaml
create mode 100644 apps/design/penpot/penpot-release.yaml
create mode 100644 apps/design/penpot/penpot-values-configmap.yaml
diff --git a/apps/design-kustomization.yaml b/apps/design-kustomization.yaml
new file mode 100644
index 0000000..6b2ca02
--- /dev/null
+++ b/apps/design-kustomization.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: add-design
+ namespace: flux-system
+spec:
+ interval: 10m
+ prune: true
+ path: ./apps/design
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
diff --git a/apps/design/kustomization.yaml b/apps/design/kustomization.yaml
new file mode 100644
index 0000000..6056845
--- /dev/null
+++ b/apps/design/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - penpot-kustomization.yaml
+ - penpot-secrets-kustomization.yaml
diff --git a/apps/design/penpot-kustomization.yaml b/apps/design/penpot-kustomization.yaml
new file mode 100644
index 0000000..47db628
--- /dev/null
+++ b/apps/design/penpot-kustomization.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: penpot
+ namespace: flux-system
+spec:
+ interval: 5m
+ retryInterval: 2m
+ timeout: 10m
+ wait: true
+ prune: true
+ path: ./apps/design/penpot
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
+ dependsOn:
+ - name: flux
+ - name: local-path-provisioner
+ - name: penpot-secrets
+ - name: nginx
+ - name: single-sign-on
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: stackspin-cluster-variables
+ - kind: ConfigMap
+ name: stackspin-penpot-kustomization-variables
+ - kind: Secret
+ name: stackspin-penpot-variables
+ # OIDC
+ - kind: Secret
+ name: stackspin-penpot-oauth-variables
+ - kind: ConfigMap
+ name: stackspin-single-sign-on-kustomization-variables
diff --git a/apps/design/penpot-secrets-kustomization.yaml b/apps/design/penpot-secrets-kustomization.yaml
new file mode 100644
index 0000000..3e3495c
--- /dev/null
+++ b/apps/design/penpot-secrets-kustomization.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: penpot-secrets
+ namespace: flux-system
+spec:
+ interval: 5m
+ timeout: 4m
+ wait: true
+ prune: true
+ path: ./apps/design/penpot-secrets
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
+ dependsOn:
+ - name: flux
+ - name: secrets-controller
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: stackspin-cluster-variables
diff --git a/apps/design/penpot-secrets/penpot-kustomization-variables.yaml b/apps/design/penpot-secrets/penpot-kustomization-variables.yaml
new file mode 100644
index 0000000..294ee38
--- /dev/null
+++ b/apps/design/penpot-secrets/penpot-kustomization-variables.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: stackspin-penpot-kustomization-variables
+ namespace: flux-system
+data:
+ penpot_domain: design.${domain}
diff --git a/apps/design/penpot-secrets/penpot-oauth-secret.yaml b/apps/design/penpot-secrets/penpot-oauth-secret.yaml
new file mode 100644
index 0000000..4fe94bf
--- /dev/null
+++ b/apps/design/penpot-secrets/penpot-oauth-secret.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+ name: stackspin-penpot-oauth-variables
+ namespace: flux-system
+spec:
+ data:
+ client_id: penpot
+ fields:
+ - fieldName: client_secret
+ length: "32"
diff --git a/apps/design/penpot-secrets/penpot-variables.yaml b/apps/design/penpot-secrets/penpot-variables.yaml
new file mode 100644
index 0000000..b89df98
--- /dev/null
+++ b/apps/design/penpot-secrets/penpot-variables.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+ name: stackspin-penpot-variables
+ namespace: flux-system
+spec:
+ fields:
+ - fieldName: password
diff --git a/apps/design/penpot/penpot-oauth-client.yaml b/apps/design/penpot/penpot-oauth-client.yaml
new file mode 100644
index 0000000..d3312a7
--- /dev/null
+++ b/apps/design/penpot/penpot-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+ name: penpot-oauth-client
+ # Has to live in the same namespace as the stackspin-penpot-oauth-variables secret
+ namespace: flux-system
+spec:
+ # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+ grantTypes:
+ - authorization_code
+ - refresh_token
+ - client_credentials
+ - implicit
+ responseTypes:
+ - id_token
+ - code
+ scope: "openid profile email stackspin_roles"
+ secretName: stackspin-penpot-oauth-variables
+ #redirectUris:
+ # - https://${penpot_domain}/oauth/openid/
+ #tokenEndpointAuthMethod: client_secret_post
diff --git a/apps/design/penpot/penpot-pvc.yaml b/apps/design/penpot/penpot-pvc.yaml
new file mode 100644
index 0000000..24c63e2
--- /dev/null
+++ b/apps/design/penpot/penpot-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: penpot-data
+ namespace: stackspout
+ labels:
+ stackspin.net/backupSet: "penpot"
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: local-path
diff --git a/apps/design/penpot/penpot-release.yaml b/apps/design/penpot/penpot-release.yaml
new file mode 100644
index 0000000..d5a81cd
--- /dev/null
+++ b/apps/design/penpot/penpot-release.yaml
@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: penpot
+ namespace: stackspout
+spec:
+ releaseName: penpot
+ chart:
+ spec:
+ chart: penpot
+ version: 4.0.12
+ sourceRef:
+ kind: HelmRepository
+ name: truecharts
+ namespace: flux-system
+ interval: 5m
+ valuesFrom:
+ - kind: ConfigMap
+ name: stackspin-penpot-values
+ optional: false
+ # Allow overriding values by ConfigMap or Secret
+ - kind: ConfigMap
+ name: stackspin-penpot-override
+ optional: true
+ - kind: Secret
+ name: stackspin-penpot-override
+ optional: true
diff --git a/apps/design/penpot/penpot-values-configmap.yaml b/apps/design/penpot/penpot-values-configmap.yaml
new file mode 100644
index 0000000..a6eb361
--- /dev/null
+++ b/apps/design/penpot/penpot-values-configmap.yaml
@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: stackspin-penpot-values
+ namespace: stackspout
+data:
+ values.yaml: |
+ # TODO verify structure matches chart
+ commonLabels:
+ stackspin.net/backupSet: "penpot"
+ podLabels:
+ stackspin.net/backupSet: "penpot"
+ # TODO Configure PVC for data & database including backup labels
+ podAnnotations:
+ backup.velero.io/backup-volumes: "data"
+ persistence:
+ enabled: true
+ existingClaim: "penpot-data"
+
+ ingress:
+ main:
+ enabled: true
+ annotations:
+ kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: "${penpot_domain}"
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - secretName: penpot-tls
+ hosts:
+ - "${penpot_domain}"
+ integrations:
+ certManager:
+ enabled: true
+ penpot:
+ public_uri: "https://${penpot_domain}"
+ #registration_domain_whitelist: []
+ #flags:
+ # backend_api_doc: false
+ # cors: false
+ # demo_users: false
+ # demo_warning: false
+ # insecure_register: false
+ # log_emails: false
+ # log_invitation_token: false
+ # login: true
+ # mail_verification: true
+ # registration: true
+ # secure_session_cookies: true
+ # user_feedback: false
+ identity_providers:
+ oidc:
+ enabled: true
+ client_id: "${client_id}"
+ client_secret: "${client_secret}"
+ base_uri: "https://${hydra_domain}"
+ #autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
+ smtp:
+ enabled: "${outgoing_mail_enabled}"
+ host: "${outgoing_mail_smtp_host}"
+ port: "${outgoing_mail_smtp_port}"
+ username: "${outgoing_mail_smtp_user}"
+ pass: "${outgoing_mail_smtp_password}"
+ default_from: "${outgoing_mail_from_address}"
+ default_reply_to: "${outgoing_mail_from_address}"
+
+ persistence:
+ assets:
+ enabled: true
+ mountPath: /opt/data/assets
+ targetSelectAll: true
diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
index 6f591fe..9d4d9f7 100644
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -8,6 +8,6 @@ resources:
- flow-kustomization.yaml
- meet-kustomization.yaml
- status-kustomization.yaml
- #- design-kustomization.yaml #to be configured
+ - design-kustomization.yaml
#- sprint-kustomization.yaml #charts outdated
#- video-kustomization.yaml #missing storage
--
GitLab