From 0b6c5b54acc119829a2e570f2b371310dd2660a6 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Wed, 3 Apr 2024 18:25:46 +0200 Subject: [PATCH] apps/design: add penpot preliminarily Waiting on https://github.com/truecharts/charts/pull/17061 --- apps/design-kustomization.yaml | 13 ++++ apps/design/kustomization.yaml | 5 ++ apps/design/penpot-kustomization.yaml | 35 +++++++++ apps/design/penpot-secrets-kustomization.yaml | 22 ++++++ .../penpot-kustomization-variables.yaml | 7 ++ .../penpot-secrets/penpot-oauth-secret.yaml | 12 +++ .../penpot-secrets/penpot-variables.yaml | 9 +++ apps/design/penpot/penpot-oauth-client.yaml | 21 ++++++ apps/design/penpot/penpot-pvc.yaml | 15 ++++ apps/design/penpot/penpot-release.yaml | 27 +++++++ .../penpot/penpot-values-configmap.yaml | 73 +++++++++++++++++++ apps/kustomization.yaml | 2 +- 12 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 apps/design-kustomization.yaml create mode 100644 apps/design/kustomization.yaml create mode 100644 apps/design/penpot-kustomization.yaml create mode 100644 apps/design/penpot-secrets-kustomization.yaml create mode 100644 apps/design/penpot-secrets/penpot-kustomization-variables.yaml create mode 100644 apps/design/penpot-secrets/penpot-oauth-secret.yaml create mode 100644 apps/design/penpot-secrets/penpot-variables.yaml create mode 100644 apps/design/penpot/penpot-oauth-client.yaml create mode 100644 apps/design/penpot/penpot-pvc.yaml create mode 100644 apps/design/penpot/penpot-release.yaml create mode 100644 apps/design/penpot/penpot-values-configmap.yaml diff --git a/apps/design-kustomization.yaml b/apps/design-kustomization.yaml new file mode 100644 index 0000000..6b2ca02 --- /dev/null +++ b/apps/design-kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: add-design + namespace: flux-system +spec: + interval: 10m + prune: true + path: ./apps/design + sourceRef: + kind: GitRepository + name: stackspout diff --git a/apps/design/kustomization.yaml b/apps/design/kustomization.yaml new file mode 100644 index 0000000..6056845 --- /dev/null +++ b/apps/design/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - penpot-kustomization.yaml + - penpot-secrets-kustomization.yaml diff --git a/apps/design/penpot-kustomization.yaml b/apps/design/penpot-kustomization.yaml new file mode 100644 index 0000000..47db628 --- /dev/null +++ b/apps/design/penpot-kustomization.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: penpot + namespace: flux-system +spec: + interval: 5m + retryInterval: 2m + timeout: 10m + wait: true + prune: true + path: ./apps/design/penpot + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: local-path-provisioner + - name: penpot-secrets + - name: nginx + - name: single-sign-on + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-penpot-kustomization-variables + - kind: Secret + name: stackspin-penpot-variables + # OIDC + - kind: Secret + name: stackspin-penpot-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/design/penpot-secrets-kustomization.yaml b/apps/design/penpot-secrets-kustomization.yaml new file mode 100644 index 0000000..3e3495c --- /dev/null +++ b/apps/design/penpot-secrets-kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: penpot-secrets + namespace: flux-system +spec: + interval: 5m + timeout: 4m + wait: true + prune: true + path: ./apps/design/penpot-secrets + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: secrets-controller + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables diff --git a/apps/design/penpot-secrets/penpot-kustomization-variables.yaml b/apps/design/penpot-secrets/penpot-kustomization-variables.yaml new file mode 100644 index 0000000..294ee38 --- /dev/null +++ b/apps/design/penpot-secrets/penpot-kustomization-variables.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-penpot-kustomization-variables + namespace: flux-system +data: + penpot_domain: design.${domain} diff --git a/apps/design/penpot-secrets/penpot-oauth-secret.yaml b/apps/design/penpot-secrets/penpot-oauth-secret.yaml new file mode 100644 index 0000000..4fe94bf --- /dev/null +++ b/apps/design/penpot-secrets/penpot-oauth-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-penpot-oauth-variables + namespace: flux-system +spec: + data: + client_id: penpot + fields: + - fieldName: client_secret + length: "32" diff --git a/apps/design/penpot-secrets/penpot-variables.yaml b/apps/design/penpot-secrets/penpot-variables.yaml new file mode 100644 index 0000000..b89df98 --- /dev/null +++ b/apps/design/penpot-secrets/penpot-variables.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-penpot-variables + namespace: flux-system +spec: + fields: + - fieldName: password diff --git a/apps/design/penpot/penpot-oauth-client.yaml b/apps/design/penpot/penpot-oauth-client.yaml new file mode 100644 index 0000000..d3312a7 --- /dev/null +++ b/apps/design/penpot/penpot-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: penpot-oauth-client + # Has to live in the same namespace as the stackspin-penpot-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-penpot-oauth-variables + #redirectUris: + # - https://${penpot_domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post diff --git a/apps/design/penpot/penpot-pvc.yaml b/apps/design/penpot/penpot-pvc.yaml new file mode 100644 index 0000000..24c63e2 --- /dev/null +++ b/apps/design/penpot/penpot-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: penpot-data + namespace: stackspout + labels: + stackspin.net/backupSet: "penpot" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/design/penpot/penpot-release.yaml b/apps/design/penpot/penpot-release.yaml new file mode 100644 index 0000000..d5a81cd --- /dev/null +++ b/apps/design/penpot/penpot-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: penpot + namespace: stackspout +spec: + releaseName: penpot + chart: + spec: + chart: penpot + version: 4.0.12 + sourceRef: + kind: HelmRepository + name: truecharts + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-penpot-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-penpot-override + optional: true + - kind: Secret + name: stackspin-penpot-override + optional: true diff --git a/apps/design/penpot/penpot-values-configmap.yaml b/apps/design/penpot/penpot-values-configmap.yaml new file mode 100644 index 0000000..a6eb361 --- /dev/null +++ b/apps/design/penpot/penpot-values-configmap.yaml @@ -0,0 +1,73 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-penpot-values + namespace: stackspout +data: + values.yaml: | + # TODO verify structure matches chart + commonLabels: + stackspin.net/backupSet: "penpot" + podLabels: + stackspin.net/backupSet: "penpot" + # TODO Configure PVC for data & database including backup labels + podAnnotations: + backup.velero.io/backup-volumes: "data" + persistence: + enabled: true + existingClaim: "penpot-data" + + ingress: + main: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "${penpot_domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: penpot-tls + hosts: + - "${penpot_domain}" + integrations: + certManager: + enabled: true + penpot: + public_uri: "https://${penpot_domain}" + #registration_domain_whitelist: [] + #flags: + # backend_api_doc: false + # cors: false + # demo_users: false + # demo_warning: false + # insecure_register: false + # log_emails: false + # log_invitation_token: false + # login: true + # mail_verification: true + # registration: true + # secure_session_cookies: true + # user_feedback: false + identity_providers: + oidc: + enabled: true + client_id: "${client_id}" + client_secret: "${client_secret}" + base_uri: "https://${hydra_domain}" + #autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration' + smtp: + enabled: "${outgoing_mail_enabled}" + host: "${outgoing_mail_smtp_host}" + port: "${outgoing_mail_smtp_port}" + username: "${outgoing_mail_smtp_user}" + pass: "${outgoing_mail_smtp_password}" + default_from: "${outgoing_mail_from_address}" + default_reply_to: "${outgoing_mail_from_address}" + + persistence: + assets: + enabled: true + mountPath: /opt/data/assets + targetSelectAll: true diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index 6f591fe..9d4d9f7 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -8,6 +8,6 @@ resources: - flow-kustomization.yaml - meet-kustomization.yaml - status-kustomization.yaml - #- design-kustomization.yaml #to be configured + - design-kustomization.yaml #- sprint-kustomization.yaml #charts outdated #- video-kustomization.yaml #missing storage