Compare revisions

045bd893 · 045bd893 · 045bd893 · 045bd893 · 045bd893 · 045bd893
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-invoiceninja-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # https://github.com/invoiceninja/dockerfiles/blob/master/charts/invoiceninja/values.yaml
+    image:
+      # https://hub.docker.com/r/invoiceninja/invoiceninja/tags
+      tag: 5.6
+      pullPolicy: Always
+    ingress:
+      enabled: true
+      hostname: "${invoiceninja_domain}"
+      tls: true
+      certManager: true
+      annotations:
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}";
+    commonLabels:
+      stackspin.net/backupSet: "invoiceninja"
+    podLabels:
+      stackspin.net/backupSet: "invoiceninja"
+    podAnnotations:
+      backup.velero.io/backup-volumes: "public"
+    persistence:
+      public:
+        existingClaim: "invoiceninja-data"
+    mariadb:
+      # https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml
+      auth:
+        password: "${mariadb_password}"
+        rootPassword: "${mariadb_root_password}"
+      primary:
+        persistence:
+          existingClaim: "invoiceninja-mariadb"
+        podAnnotations:
+          backup.velero.io/backup-volumes: "data"
+      commonLabels:
+        stackspin.net/backupSet: "invoiceninja"
+    redis:
+      commonLabels:
+        stackspin.net/backupSet: "invoiceninja"
+      # Redis is only cache, so no pvc needed: https://invoiceninja.github.io/docs/env-variables/
+      auth:
+        password: "${redis_password}"
+
+    appKey: "${app_key}"
+    appURL: "https://${invoiceninja_domain}"
+    userEmail: "${admin_email}"
+    userPassword: "${password}"
+    mailer: "smtp" # FIXME use "${outgoing_mail_enabled}"
+    # https://github.com/invoiceninja/invoiceninja/blob/v5-stable/config/mail.php#L36
+    extraEnvVars:
+      - name: APP_CIPHER
+        value: AES-256-CBC
+      - name: MAIL_MAILER
+        value: smtp
+      - name: MAIL_HOST
+        value: "${outgoing_mail_smtp_host}"
+      - name: MAIL_PORT
+        value: "${outgoing_mail_smtp_port}"
+      - name: MAIL_USERNAME
+        value: "${outgoing_mail_smtp_user}"
+      - name: MAIL_PASSWORD
+        value: "${outgoing_mail_smtp_password}"
+      - name: MAIL_EHLO_DOMAIN
+        value: "${outgoing_mail_domain}"
+      - name: MAIL_FROM_ADDRESS
+        value: "${outgoing_mail_from_address}"
+      - name: MAIL_FROM_NAME
+        value: "${org_name}"
+
+    # Missing: invoiceninja OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
--- a/apps/ninja/kustomization.yaml
+++ b/apps/ninja/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - invoiceninja-kustomization.yaml
+  - invoiceninja-secrets-kustomization.yaml
--- a/apps/people-kustomization.yaml
+++ b/apps/people-kustomization.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-people
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/people
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/people/kustomization.yaml
+++ b/apps/people/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - suitecrm-kustomization.yaml
+  - suitecrm-secrets-kustomization.yaml
--- a/apps/people/suitecrm-kustomization.yaml
+++ b/apps/people/suitecrm-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: suitecrm-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-suitecrm-kustomization-variables
+      - kind: Secret
+        name: stackspin-suitecrm-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-suitecrm-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: suitecrm-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      #- kind: ConfigMap
+      #  name: stackspin-suitecrm-kustomization-variables
+      - kind: Secret
+        name: stackspin-suitecrm-variables
+      # OIDC
+      #- kind: Secret
+      #  name: stackspin-suitecrm-oauth-variables
+      #- kind: ConfigMap
+      #  name: stackspin-single-sign-on-kustomization-variables
--- a/apps/people/suitecrm-secrets-kustomization.yaml
+++ b/apps/people/suitecrm-secrets-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: suitecrm-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/people/suitecrm-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/people/suitecrm-secrets/suitecrm-variables.yaml
+++ b/apps/people/suitecrm-secrets/suitecrm-variables.yaml
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-suitecrm-variables
+  namespace: flux-system
+data:
+  fields:
+  - fieldName: password
+  - fieldName: mariadb_password
+  - fieldName: mariadb_root_password
--- a/apps/people/suitecrm/suitecrm-release.yaml
+++ b/apps/people/suitecrm/suitecrm-release.yaml
+# https://artifacthub.io/packages/helm/bitnami/suitecrm
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: suitecrm
+  namespace: stackspout
+spec:
+  releaseName: suitecrm
+  chart:
+    spec:
+      chart: suitecrm
+      version: 14.1.1
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-suitecrm-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-suitecrm-override
+      optional: true
+    - kind: Secret
+      name: stackspin-suitecrm-override
+      optional: true
--- a/apps/people/suitecrm/suitecrm-values-configmap.yaml
+++ b/apps/people/suitecrm/suitecrm-values-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-suitecrm-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    ingress:
+      enabled: true
+      primary: false
+      hostname: "people.${domain}"
+      tls: true
+      certManager: true
+    suitecrmUsername: "admin"
+    suitecrmEmail: "${admin_email}"
+    suitecrmPassword: "${password}"
+    mariadb:
+      auth:
+        password: "${mariadb_password}"
+        rootPassword: "${mariadb_root_password}"
+    # TODO Adjust OIDC SSO to service
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      customAuthUrl: "https://people.${domain}/login/login"
--- a/apps/sprint-kustomization.yaml
+++ b/apps/sprint-kustomization.yaml
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-sprint
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/sprint
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/sprint/kustomization.yaml
+++ b/apps/sprint/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - taiga-kustomization.yaml
+  - taiga-secrets-kustomization.yaml
--- a/apps/sprint/taiga-kustomization.yaml
+++ b/apps/sprint/taiga-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: taiga
+  namespace: flux-system
+spec:
+  interval: 5m
+  retryInterval: 2m
+  timeout: 10m
+  wait: true
+  prune: true
+  path: ./apps/sprint/taiga
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: taiga-secrets
+    - name: nginx
+    - name: single-sign-on
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-taiga-kustomization-variables
+      - kind: Secret
+        name: stackspin-taiga-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-taiga-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
--- a/apps/sprint/taiga-secrets-kustomization.yaml
+++ b/apps/sprint/taiga-secrets-kustomization.yaml
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: taiga-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/sprint/taiga-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: stackspin-cluster-variables
--- a/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
+++ b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-taiga-kustomization-variables
+  namespace: flux-system
+data:
+  taiga_domain: sprint.${domain}
--- a/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
+++ b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-taiga-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: taiga
+  fields:
+  - fieldName: client_secret
+    length: "32"
--- a/apps/sprint/taiga-secrets/taiga-variables.yaml
+++ b/apps/sprint/taiga-secrets/taiga-variables.yaml
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-taiga-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldName: password
--- a/apps/sprint/taiga/taiga-oauth-client.yaml
+++ b/apps/sprint/taiga/taiga-oauth-client.yaml
+apiVersion: hydra.ory.sh/v1alpha1
+kind: OAuth2Client
+metadata:
+  name: taiga-oauth-client
+  # Has to live in the same namespace as the stackspin-taiga-oauth-variables secret
+  namespace: flux-system
+spec:
+  # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
+  grantTypes:
+    - authorization_code
+    - refresh_token
+    - client_credentials
+    - implicit
+  responseTypes:
+    - id_token
+    - code
+  scope: "openid profile email stackspin_roles"
+  secretName: stackspin-taiga-oauth-variables
+  #redirectUris:
+  #  - https://${taiga_domain}/oauth/openid/
+  #tokenEndpointAuthMethod: client_secret_post
--- a/apps/sprint/taiga/taiga-postgres-pvc.yaml
+++ b/apps/sprint/taiga/taiga-postgres-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: taiga-postgres
+  namespace: stackspout
+  labels:
+    stackspin.net/backupSet: "taiga"
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: local-path
--- a/apps/sprint/taiga/taiga-release.yaml
+++ b/apps/sprint/taiga/taiga-release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: taiga
+  namespace: stackspout
+spec:
+  releaseName: taiga
+  chart:
+    spec:
+      chart: taiga
+      version: 6.4.3
+      sourceRef:
+        kind: HelmRepository
+        name: nemonik
+        namespace: flux-system
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: stackspin-taiga-values
+      optional: false
+    # Allow overriding values by ConfigMap or Secret
+    - kind: ConfigMap
+      name: stackspin-taiga-override
+      optional: true
+    - kind: Secret
+      name: stackspin-taiga-override
+      optional: true
--- a/apps/sprint/taiga/taiga-values-configmap.yaml
+++ b/apps/sprint/taiga/taiga-values-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-taiga-values
+  namespace: stackspout
+data:
+  values.yaml: |
+    # https://github.com/nemonik/taiga-helm/blob/master/values.yaml
+    commonLabels:
+      stackspin.net/backupSet: "taiga"
+    podLabels:
+      stackspin.net/backupSet: "taiga"
+
+    taigaDB:
+      persistence:
+        enabled: true
+        existingClaim: taiga-postgres
+      podAnnotations:
+        backup.velero.io/backup-volumes: "data"
+
+    taigaGateway:
+      ingress:
+        enabled: true
+        annotations:
+          kubernetes.io/tls-acme: "true"
+        hosts:
+          - host: "${taiga_domain}"
+            paths:
+               - path: /
+                 pathType: Prefix
+        tls:
+          - secretName: taiga-tls
+            hosts:
+              - "${taiga_domain}"
+
+    env:
+      #taigaURL: "https://${taiga_domain}"
+      #taigaWebsocketsURL: "ws://${taiga_domain}"
+
+      enableEmail: "${outgoing_mail_enabled}"
+      emailHost: "${outgoing_mail_smtp_host}"
+      emailPort: "${outgoing_mail_smtp_port}"
+      emailHostUser: "${outgoing_mail_smtp_user}"
+      emailHostPassword: "${outgoing_mail_smtp_password}"
+      defaultFromEmail: "${outgoing_mail_from_address}"
+
+    # taiga OpenID Connect Single Sign-On Configuration
+    #    - name: Stackspin
+    #      key: "${client_id}"
+    #      secret: "${client_secret}"
+    #      issuer: "https://${hydra_domain}"
+    #      autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'
No results found