From 503c88dd9b3b3633959f07673d683968da7736ba Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Thu, 29 Feb 2024 14:56:11 +0100
Subject: [PATCH] apps/sprint: add taiga
---
apps/kustomization.yaml | 1 +
apps/sprint-kustomization.yaml | 12 +++++
apps/sprint/kustomization.yaml | 5 ++
apps/sprint/taiga-kustomization.yaml | 35 +++++++++++++
apps/sprint/taiga-secrets-kustomization.yaml | 22 ++++++++
.../taiga-kustomization-variables.yaml | 7 +++
.../taiga-secrets/taiga-oauth-secret.yaml | 12 +++++
.../sprint/taiga-secrets/taiga-variables.yaml | 9 ++++
apps/sprint/taiga/taiga-oauth-client.yaml | 21 ++++++++
apps/sprint/taiga/taiga-postgres-pvc.yaml | 15 ++++++
apps/sprint/taiga/taiga-release.yaml | 27 ++++++++++
apps/sprint/taiga/taiga-values-configmap.yaml | 51 +++++++++++++++++++
infrastructure/sources/nemonik.yaml | 8 +++
13 files changed, 225 insertions(+)
create mode 100644 apps/sprint-kustomization.yaml
create mode 100644 apps/sprint/kustomization.yaml
create mode 100644 apps/sprint/taiga-kustomization.yaml
create mode 100644 apps/sprint/taiga-secrets-kustomization.yaml
create mode 100644 apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
create mode 100644 apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
create mode 100644 apps/sprint/taiga-secrets/taiga-variables.yaml
create mode 100644 apps/sprint/taiga/taiga-oauth-client.yaml
create mode 100644 apps/sprint/taiga/taiga-postgres-pvc.yaml
create mode 100644 apps/sprint/taiga/taiga-release.yaml
create mode 100644 apps/sprint/taiga/taiga-values-configmap.yaml
create mode 100644 infrastructure/sources/nemonik.yaml
diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
index fa01a36..336ef78 100644
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -8,3 +8,4 @@ resources:
- flow-kustomization.yaml
- meet-kustomization.yaml
- status-kustomization.yaml
+ - sprint-kustomization.yaml
diff --git a/apps/sprint-kustomization.yaml b/apps/sprint-kustomization.yaml
new file mode 100644
index 0000000..c5cb0e1
--- /dev/null
+++ b/apps/sprint-kustomization.yaml
@@ -0,0 +1,12 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: add-sprint
+ namespace: flux-system
+spec:
+ interval: 10m
+ prune: true
+ path: ./apps/sprint
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
diff --git a/apps/sprint/kustomization.yaml b/apps/sprint/kustomization.yaml
new file mode 100644
index 0000000..9a78b1d
--- /dev/null
+++ b/apps/sprint/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - taiga-kustomization.yaml
+ - taiga-secrets-kustomization.yaml
diff --git a/apps/sprint/taiga-kustomization.yaml b/apps/sprint/taiga-kustomization.yaml
new file mode 100644
index 0000000..c341d8d
--- /dev/null
+++ b/apps/sprint/taiga-kustomization.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: taiga
+ namespace: flux-system
+spec:
+ interval: 5m
+ retryInterval: 2m
+ timeout: 10m
+ wait: true
+ prune: true
+ path: ./apps/sprint/taiga
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
+ dependsOn:
+ - name: flux
+ - name: local-path-provisioner
+ - name: taiga-secrets
+ - name: nginx
+ - name: single-sign-on
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: stackspin-cluster-variables
+ - kind: ConfigMap
+ name: stackspin-taiga-kustomization-variables
+ - kind: Secret
+ name: stackspin-taiga-variables
+ # OIDC
+ - kind: Secret
+ name: stackspin-taiga-oauth-variables
+ - kind: ConfigMap
+ name: stackspin-single-sign-on-kustomization-variables
diff --git a/apps/sprint/taiga-secrets-kustomization.yaml b/apps/sprint/taiga-secrets-kustomization.yaml
new file mode 100644
index 0000000..49dcf46
--- /dev/null
+++ b/apps/sprint/taiga-secrets-kustomization.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+ name: taiga-secrets
+ namespace: flux-system
+spec:
+ interval: 5m
+ timeout: 4m
+ wait: true
+ prune: true
+ path: ./apps/sprint/taiga-secrets
+ sourceRef:
+ kind: GitRepository
+ name: stackspout
+ dependsOn:
+ - name: flux
+ - name: secrets-controller
+ postBuild:
+ substituteFrom:
+ - kind: Secret
+ name: stackspin-cluster-variables
diff --git a/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
new file mode 100644
index 0000000..3131eff
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: stackspin-taiga-kustomization-variables
+ namespace: flux-system
+data:
+ taiga_domain: sprint.${domain}
diff --git a/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
new file mode 100644
index 0000000..b42b230
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+ name: stackspin-taiga-oauth-variables
+ namespace: flux-system
+spec:
+ data:
+ client_id: taiga
+ fields:
+ - fieldName: client_secret
+ length: "32"
diff --git a/apps/sprint/taiga-secrets/taiga-variables.yaml b/apps/sprint/taiga-secrets/taiga-variables.yaml
new file mode 100644
index 0000000..3aa650a
--- /dev/null
+++ b/apps/sprint/taiga-secrets/taiga-variables.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+ name: stackspin-taiga-variables
+ namespace: flux-system
+spec:
+ fields:
+ - fieldname: password
diff --git a/apps/sprint/taiga/taiga-oauth-client.yaml b/apps/sprint/taiga/taiga-oauth-client.yaml
new file mode 100644
index 0000000..0bc12cc
--- /dev/null
+++ b/apps/sprint/taiga/taiga-oauth-client.yaml
@@ -0,0 +1,21 @@
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+ name: taiga-oauth-client
+ # Has to live in the same namespace as the stackspin-taiga-oauth-variables secret
+ namespace: flux-system
+spec:
+ # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+ grantTypes:
+ - authorization_code
+ - refresh_token
+ - client_credentials
+ - implicit
+ responseTypes:
+ - id_token
+ - code
+ scope: "openid profile email stackspin_roles"
+ secretName: stackspin-taiga-oauth-variables
+ #redirectUris:
+ # - https://${taiga_domain}/oauth/openid/
+ #tokenEndpointAuthMethod: client_secret_post
diff --git a/apps/sprint/taiga/taiga-postgres-pvc.yaml b/apps/sprint/taiga/taiga-postgres-pvc.yaml
new file mode 100644
index 0000000..31144aa
--- /dev/null
+++ b/apps/sprint/taiga/taiga-postgres-pvc.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: taiga-postgres
+ namespace: stackspout
+ labels:
+ stackspin.net/backupSet: "taiga"
+spec:
+ accessModes:
+ - ReadWriteOnce
+ volumeMode: Filesystem
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: local-path
diff --git a/apps/sprint/taiga/taiga-release.yaml b/apps/sprint/taiga/taiga-release.yaml
new file mode 100644
index 0000000..b9ff3e6
--- /dev/null
+++ b/apps/sprint/taiga/taiga-release.yaml
@@ -0,0 +1,27 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: taiga
+ namespace: stackspout
+spec:
+ releaseName: taiga
+ chart:
+ spec:
+ chart: taiga
+ version: 1.0 # TODO
+ sourceRef:
+ kind: HelmRepository
+ name: nemonik
+ namespace: flux-system
+ interval: 5m
+ valuesFrom:
+ - kind: ConfigMap
+ name: stackspin-taiga-values
+ optional: false
+ # Allow overriding values by ConfigMap or Secret
+ - kind: ConfigMap
+ name: stackspin-taiga-override
+ optional: true
+ - kind: Secret
+ name: stackspin-taiga-override
+ optional: true
diff --git a/apps/sprint/taiga/taiga-values-configmap.yaml b/apps/sprint/taiga/taiga-values-configmap.yaml
new file mode 100644
index 0000000..19e9d01
--- /dev/null
+++ b/apps/sprint/taiga/taiga-values-configmap.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: stackspin-taiga-values
+ namespace: stackspout
+data:
+ values.yaml: |
+ # https://github.com/nemonik/taiga-helm/blob/master/values.yaml
+ # TODO verify structure matches chart
+ commonLabels:
+ stackspin.net/backupSet: "taiga"
+ podLabels:
+ stackspin.net/backupSet: "taiga"
+
+ taigaDB:
+ persistence:
+ enabled: true
+ existingClaim: taiga-postgres
+ podAnnotations:
+ backup.velero.io/backup-volumes: "data"
+
+ taigaGateway:
+ ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: "${taiga_domain}"
+ paths:
+ - path: /
+ pathType: Prefix
+ tls:
+ - secretName: taiga-tls
+ hosts:
+ - "${taiga_domain}"
+
+ env:
+ mailer:
+ enableEmail: "${outgoing_mail_enabled}"
+ emailHost: "${outgoing_mail_smtp_host}"
+ emailPort: "${outgoing_mail_smtp_port}"
+ emailHostUser: "${outgoing_mail_smtp_user}"
+ emailHostPassword: "${outgoing_mail_smtp_password}"
+ defaultFromEmail: "${outgoing_mail_from_address}"
+
+ # TODO Adjust taiga OpenID Connect Single Sign-On Configuration
+ # - name: Stackspin
+ # key: "${client_id}"
+ # secret: "${client_secret}"
+ # issuer: "https://${hydra_domain}"
+ # autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
diff --git a/infrastructure/sources/nemonik.yaml b/infrastructure/sources/nemonik.yaml
new file mode 100644
index 0000000..958b131
--- /dev/null
+++ b/infrastructure/sources/nemonik.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: nemonik
+ namespace: flux-system
+spec:
+ interval: 60m
+ url: https://nemonik.github.io/helm-charts/
--
GitLab