diff --git a/README.md b/README.md index bb563fe..3a34021 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,8 @@ Useful tools for administration: https://docs.stackspin.net/en/v2/system_administration/customizing.html ### Guide: Creating OAuth Credentials for an external service -- add a line in `basic/install.sh` and run it to generate the secret (TODO: Update to new stackspin mechanism) -- append another OAuth2Client definition to `basic/overrides/oauth-clients.yaml`, +- add a line in `install.sh` and run it to generate the secret (TODO: Update to new stackspin mechanism) +- append another OAuth2Client definition to `overrides/oauth-clients.yaml`, adjusting `metadata.name` and `spec.secretName` as well as `spec.redirectUris` - apply changes to the cluster - obtain the generated `client_secret` for your application from kubernetes: @@ -71,7 +71,7 @@ First [install Stackspin](https://docs.stackspin.net/en/latest/installation/inst Then apply the configuration to your cluster: ```sh -basic/install.sh +install.sh ``` Done! diff --git a/basic/apps/code/gitea-data-pvc.yaml b/apps/code/gitea-data-pvc.yaml similarity index 100% rename from basic/apps/code/gitea-data-pvc.yaml rename to apps/code/gitea-data-pvc.yaml diff --git a/basic/apps/code/gitea-oauth-client.yaml b/apps/code/gitea-oauth-client.yaml similarity index 86% rename from basic/apps/code/gitea-oauth-client.yaml rename to apps/code/gitea-oauth-client.yaml index 945dc52..95b6f35 100644 --- a/basic/apps/code/gitea-oauth-client.yaml +++ b/apps/code/gitea-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: gitea-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/code/gitea-postgres-pvc.yaml b/apps/code/gitea-postgres-pvc.yaml similarity index 100% rename from basic/apps/code/gitea-postgres-pvc.yaml rename to apps/code/gitea-postgres-pvc.yaml diff --git a/basic/apps/code/gitea-release.yaml b/apps/code/gitea-release.yaml similarity index 100% rename from basic/apps/code/gitea-release.yaml rename to apps/code/gitea-release.yaml diff --git a/basic/apps/code/gitea-values-configmap.yaml b/apps/code/gitea-values-configmap.yaml similarity index 100% rename from basic/apps/code/gitea-values-configmap.yaml rename to apps/code/gitea-values-configmap.yaml diff --git a/apps/code/ingress-gitea.yaml b/apps/code/ingress-gitea.yaml new file mode 100644 index 0000000..e4a33a9 --- /dev/null +++ b/apps/code/ingress-gitea.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: stackspout +data: + 22: "gitea:22" diff --git a/basic/apps/code/metallb-gitea.yaml b/apps/code/metallb-gitea.yaml similarity index 100% rename from basic/apps/code/metallb-gitea.yaml rename to apps/code/metallb-gitea.yaml diff --git a/basic/apps/do-test/kustomization.yaml b/apps/do-test/kustomization.yaml similarity index 100% rename from basic/apps/do-test/kustomization.yaml rename to apps/do-test/kustomization.yaml diff --git a/basic/apps/do-test/vikunja-oauth-client.yaml b/apps/do-test/vikunja-oauth-client.yaml similarity index 86% rename from basic/apps/do-test/vikunja-oauth-client.yaml rename to apps/do-test/vikunja-oauth-client.yaml index 352214c..a819967 100644 --- a/basic/apps/do-test/vikunja-oauth-client.yaml +++ b/apps/do-test/vikunja-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: vikunja-test-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/do-test/vikunja-postgres-pvc.yaml b/apps/do-test/vikunja-postgres-pvc.yaml similarity index 100% rename from basic/apps/do-test/vikunja-postgres-pvc.yaml rename to apps/do-test/vikunja-postgres-pvc.yaml diff --git a/basic/apps/do-test/vikunja-release.yaml b/apps/do-test/vikunja-release.yaml similarity index 100% rename from basic/apps/do-test/vikunja-release.yaml rename to apps/do-test/vikunja-release.yaml diff --git a/basic/apps/do-test/vikunja-values-configmap.yaml b/apps/do-test/vikunja-values-configmap.yaml similarity index 100% rename from basic/apps/do-test/vikunja-values-configmap.yaml rename to apps/do-test/vikunja-values-configmap.yaml diff --git a/basic/apps/do/kustomization.yaml b/apps/do/kustomization.yaml similarity index 100% rename from basic/apps/do/kustomization.yaml rename to apps/do/kustomization.yaml diff --git a/basic/apps/do/vikunja-files-pvc.yaml b/apps/do/vikunja-files-pvc.yaml similarity index 100% rename from basic/apps/do/vikunja-files-pvc.yaml rename to apps/do/vikunja-files-pvc.yaml diff --git a/basic/apps/do/vikunja-oauth-client.yaml b/apps/do/vikunja-oauth-client.yaml similarity index 86% rename from basic/apps/do/vikunja-oauth-client.yaml rename to apps/do/vikunja-oauth-client.yaml index f9cd7ac..6a12ffa 100644 --- a/basic/apps/do/vikunja-oauth-client.yaml +++ b/apps/do/vikunja-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: vikunja-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/do/vikunja-postgres-pvc.yaml b/apps/do/vikunja-postgres-pvc.yaml similarity index 100% rename from basic/apps/do/vikunja-postgres-pvc.yaml rename to apps/do/vikunja-postgres-pvc.yaml diff --git a/basic/apps/do/vikunja-release.yaml b/apps/do/vikunja-release.yaml similarity index 100% rename from basic/apps/do/vikunja-release.yaml rename to apps/do/vikunja-release.yaml diff --git a/basic/apps/do/vikunja-values-configmap.yaml b/apps/do/vikunja-values-configmap.yaml similarity index 100% rename from basic/apps/do/vikunja-values-configmap.yaml rename to apps/do/vikunja-values-configmap.yaml diff --git a/basic/apps/forge/forgejo-data-pvc.yaml b/apps/forge/forgejo-data-pvc.yaml similarity index 100% rename from basic/apps/forge/forgejo-data-pvc.yaml rename to apps/forge/forgejo-data-pvc.yaml diff --git a/basic/apps/forge/forgejo-oauth-client.yaml b/apps/forge/forgejo-oauth-client.yaml similarity index 100% rename from basic/apps/forge/forgejo-oauth-client.yaml rename to apps/forge/forgejo-oauth-client.yaml diff --git a/basic/apps/forge/forgejo-postgres-pvc.yaml b/apps/forge/forgejo-postgres-pvc.yaml similarity index 100% rename from basic/apps/forge/forgejo-postgres-pvc.yaml rename to apps/forge/forgejo-postgres-pvc.yaml diff --git a/basic/apps/forge/forgejo-release.yaml b/apps/forge/forgejo-release.yaml similarity index 100% rename from basic/apps/forge/forgejo-release.yaml rename to apps/forge/forgejo-release.yaml diff --git a/basic/apps/forge/forgejo-values-configmap.yaml b/apps/forge/forgejo-values-configmap.yaml similarity index 100% rename from basic/apps/forge/forgejo-values-configmap.yaml rename to apps/forge/forgejo-values-configmap.yaml diff --git a/basic/infrastructure/kustomizations/forgejo-kustomization.yaml b/apps/forgejo-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/forgejo-kustomization.yaml rename to apps/forgejo-kustomization.yaml index 85224c5..54f863a 100644 --- a/basic/infrastructure/kustomizations/forgejo-kustomization.yaml +++ b/apps/forgejo-kustomization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/forge + path: ./apps/forge prune: true postBuild: substituteFrom: diff --git a/basic/apps/generate-kustomizations.sh b/apps/generate-kustomizations.sh similarity index 100% rename from basic/apps/generate-kustomizations.sh rename to apps/generate-kustomizations.sh diff --git a/basic/infrastructure/kustomizations/gitea-kustomization.yaml b/apps/gitea-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/gitea-kustomization.yaml rename to apps/gitea-kustomization.yaml index 5d0d018..3e1bed5 100644 --- a/basic/infrastructure/kustomizations/gitea-kustomization.yaml +++ b/apps/gitea-kustomization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/code + path: ./apps/code prune: true postBuild: substituteFrom: diff --git a/basic/infrastructure/kustomizations/invoiceninja-customization.yaml b/apps/invoiceninja-customization.yaml similarity index 96% rename from basic/infrastructure/kustomizations/invoiceninja-customization.yaml rename to apps/invoiceninja-customization.yaml index 61b5aa1..9688422 100644 --- a/basic/infrastructure/kustomizations/invoiceninja-customization.yaml +++ b/apps/invoiceninja-customization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/ninja + path: ./apps/ninja prune: true postBuild: substituteFrom: diff --git a/basic/apps/ninja/invoiceninja-mariadb-pvc.yaml b/apps/ninja/invoiceninja-mariadb-pvc.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-mariadb-pvc.yaml rename to apps/ninja/invoiceninja-mariadb-pvc.yaml diff --git a/basic/apps/ninja/invoiceninja-pvc.yaml b/apps/ninja/invoiceninja-pvc.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-pvc.yaml rename to apps/ninja/invoiceninja-pvc.yaml diff --git a/basic/apps/ninja/invoiceninja-release.yaml b/apps/ninja/invoiceninja-release.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-release.yaml rename to apps/ninja/invoiceninja-release.yaml diff --git a/basic/apps/ninja/invoiceninja-values-configmap.yaml b/apps/ninja/invoiceninja-values-configmap.yaml similarity index 96% rename from basic/apps/ninja/invoiceninja-values-configmap.yaml rename to apps/ninja/invoiceninja-values-configmap.yaml index 5251d4b..263fdf3 100644 --- a/basic/apps/ninja/invoiceninja-values-configmap.yaml +++ b/apps/ninja/invoiceninja-values-configmap.yaml @@ -22,9 +22,10 @@ data: stackspin.net/backupSet: "invoiceninja" podLabels: stackspin.net/backupSet: "invoiceninja" + backup.velero.io/backup-volumes: "invoiceninja-data" persistence: public: - existingClaim: invoiceninja-data + existingClaim: "invoiceninja-data" mariadb: # https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml commonLabels: diff --git a/basic/apps/people/kustomization.yaml b/apps/people/kustomization.yaml similarity index 100% rename from basic/apps/people/kustomization.yaml rename to apps/people/kustomization.yaml diff --git a/basic/apps/people/suitecrm-release.yaml b/apps/people/suitecrm-release.yaml similarity index 100% rename from basic/apps/people/suitecrm-release.yaml rename to apps/people/suitecrm-release.yaml diff --git a/basic/apps/people/suitecrm-values-configmap.yaml b/apps/people/suitecrm-values-configmap.yaml similarity index 100% rename from basic/apps/people/suitecrm-values-configmap.yaml rename to apps/people/suitecrm-values-configmap.yaml diff --git a/basic/apps/time/kimai-release.yaml b/apps/time/kimai-release.yaml similarity index 100% rename from basic/apps/time/kimai-release.yaml rename to apps/time/kimai-release.yaml diff --git a/basic/apps/time/kimai-values-configmap.yaml b/apps/time/kimai-values-configmap.yaml similarity index 100% rename from basic/apps/time/kimai-values-configmap.yaml rename to apps/time/kimai-values-configmap.yaml diff --git a/basic/apps/time/kustomization.yaml b/apps/time/kustomization.yaml similarity index 100% rename from basic/apps/time/kustomization.yaml rename to apps/time/kustomization.yaml diff --git a/basic/apps/time/pvc.yaml b/apps/time/pvc.yaml similarity index 100% rename from basic/apps/time/pvc.yaml rename to apps/time/pvc.yaml diff --git a/basic/infrastructure/kustomizations/vikunja-kustomization.yaml b/apps/vikunja-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/vikunja-kustomization.yaml rename to apps/vikunja-kustomization.yaml index 5302f13..fea8112 100644 --- a/basic/infrastructure/kustomizations/vikunja-kustomization.yaml +++ b/apps/vikunja-kustomization.yaml @@ -14,7 +14,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/do + path: ./apps/do prune: true postBuild: substituteFrom: diff --git a/basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml b/apps/vikunja-test-kustomization.yaml similarity index 94% rename from basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml rename to apps/vikunja-test-kustomization.yaml index 6e9dc6a..f060498 100644 --- a/basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml +++ b/apps/vikunja-test-kustomization.yaml @@ -14,7 +14,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/do-test + path: ./apps/do-test prune: true postBuild: substituteFrom: diff --git a/generate_secrets.py b/generate_secrets.py deleted file mode 100755 index 17744a4..0000000 --- a/generate_secrets.py +++ /dev/null @@ -1,246 +0,0 @@ -#!/usr/bin/env python3 -"""Generates Kubernetes secrets based on a provided app name. - -If the `templates` directory contains a secret called `stackspin-{app}-variables`, it -will check if that secret already exists in the cluster, and if not: generate -it. It does the same for an `stackspin-{app}-basic-auth` secret that will contain a -password as well as a htpasswd encoded version of it. - -See https://open.greenhost.net/stackspin/stackspin/-/issues/891 for the -context why we use this script and not a helm chart to generate secrets. - -usage: `python generate_secrets.py $appName` - -As a special case, `python generate_secrets.py stackspin` will check that the -`stackspin-cluster-variables` secret exists and that its values do not contain -problematic characters. -""" - -import base64 -import crypt -import os -import secrets -import string -import sys - -import jinja2 -import yaml -from kubernetes import client, config -from kubernetes.client import api_client -from kubernetes.client.exceptions import ApiException -from kubernetes.utils import create_from_yaml -from kubernetes.utils.create_from_yaml import FailToCreateError - -# This script gets called with an app name as argument. Most of them need an -# oauth client in Hydra, but some don't. This list contains the ones that -# don't. -APPS_WITHOUT_OAUTH = [ - "single-sign-on", - "prometheus", - "alertmanager", - "suitecrm", -] - - -def main(): - """Run everything.""" - # Add jinja filters we want to use - env = jinja2.Environment( - extensions=["jinja2_base64_filters.Base64Filters"]) - env.filters["generate_password"] = generate_password - - if len(sys.argv) < 2: - print("Please provide an app name as an argument") - sys.exit(1) - app_name = sys.argv[1] - - if app_name == "stackspin": - # This is a special case: we don't generate new secrets, but verify the - # validity of the cluster variables (populated from .flux.env). - verify_cluster_variables() - else: - # Create app variables secret - create_variables_secret( - app_name, f"stackspin-{app_name}-variables.yaml.jinja", env) - # Create a secret that contains the oauth variables for Hydra Maester - if app_name not in APPS_WITHOUT_OAUTH: - create_variables_secret( - app_name, "stackspin-oauth-variables.yaml.jinja", env) - create_basic_auth_secret(app_name, env) - - -def verify_cluster_variables(): - data = get_kubernetes_secret_data("stackspin-cluster-variables", "flux-system") - if data is None: - raise Exception("Secret stackspin-cluster-variables was not found.") - message = "In secret stackspin-cluster-variables, key {}, the character {}" \ - " was used which will probably lead to problems, so aborting." \ - " You can update the value by using `kubectl edit secret -n" \ - " flux-system stackspin-cluster-variables`." - for key, value in data.items(): - decoded_value = base64.b64decode(value).decode("ascii") - for character in ["\"", "$"]: - if character in decoded_value: - raise Exception(message.format(key, character)) - - -def get_templates_dir(): - """Returns directory that contains the Jinja templates used to create app secrets.""" - return os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates") - - -def create_variables_secret(app_name, variables_filename, env): - """Checks if a variables secret for app_name already exists, generates it if necessary.""" - variables_filepath = os.path.join(get_templates_dir(), variables_filename) - if os.path.exists(variables_filepath): - # Check if k8s secret already exists, if not, generate it - with open(variables_filepath, encoding="UTF-8") as template_file: - lines = template_file.read() - secret_name, secret_namespace = get_secret_metadata(lines) - new_secret_dict = yaml.safe_load( - env.from_string(lines, globals={"app": app_name}).render() - ) - current_secret_data = get_kubernetes_secret_data( - secret_name, secret_namespace - ) - if current_secret_data is None: - # Create new secret - update_secret = False - elif current_secret_data.keys() != new_secret_dict["data"].keys(): - # Update current secret with new keys - update_secret = True - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " already exists. Merging..." - ) - # Merge dicts. Values from current_secret_data take precedence - new_secret_dict["data"] |= current_secret_data - else: - # Do Nothing - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " is already in a good state, doing nothing." - ) - return - print( - f"Storing secret {secret_name} in namespace" - f" {secret_namespace} in cluster." - ) - store_kubernetes_secret( - new_secret_dict, secret_namespace, update=update_secret - ) - else: - print( - f"Template {variables_filename} does not exist, no action needed") - - -def create_basic_auth_secret(app_name, env): - """Checks if a basic auth secret for app_name already exists, generates it if necessary.""" - basic_auth_filename = os.path.join( - get_templates_dir(), f"stackspin-{app_name}-basic-auth.yaml.jinja" - ) - if os.path.exists(basic_auth_filename): - with open(basic_auth_filename, encoding="UTF-8") as template_file: - lines = template_file.read() - secret_name, secret_namespace = get_secret_metadata(lines) - - if get_kubernetes_secret_data(secret_name, secret_namespace) is None: - basic_auth_username = "admin" - basic_auth_password = generate_password(32) - basic_auth_htpasswd = gen_htpasswd( - basic_auth_username, basic_auth_password - ) - print( - f"Adding secret {secret_name} in namespace" - f" {secret_namespace} to cluster." - ) - template = env.from_string( - lines, - globals={ - "pass": basic_auth_password, - "htpasswd": basic_auth_htpasswd, - }, - ) - secret_dict = yaml.safe_load(template.render()) - store_kubernetes_secret(secret_dict, secret_namespace) - else: - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " already exists. Not generating new secrets." - ) - else: - print(f"File {basic_auth_filename} does not exist, no action needed") - - -def get_secret_metadata(yaml_string): - """Returns secret name and namespace from metadata field in a yaml string.""" - secret_dict = yaml.safe_load(yaml_string) - secret_name = secret_dict["metadata"]["name"] - # default namespace is flux-system, but other namespace can be - # provided in secret metadata - if "namespace" in secret_dict["metadata"]: - secret_namespace = secret_dict["metadata"]["namespace"] - else: - secret_namespace = "flux-system" - return secret_name, secret_namespace - - -def get_kubernetes_secret_data(secret_name, namespace): - """Returns the contents of a kubernetes secret or None if the secret does not exist.""" - try: - secret = API.read_namespaced_secret(secret_name, namespace).data - except ApiException as ex: - # 404 is expected when the optional secret does not exist. - if ex.status != 404: - raise ex - return None - return secret - - -def store_kubernetes_secret(secret_dict, namespace, update=False): - """Stores either a new secret in the cluster, or updates an existing one.""" - api_client_instance = api_client.ApiClient() - if update: - verb = "updated" - api_response = patch_kubernetes_secret(secret_dict, namespace) - else: - verb = "created" - try: - api_response = create_from_yaml( - api_client_instance, - yaml_objects=[secret_dict], - namespace=namespace - ) - except FailToCreateError as ex: - print(f"Secret not {verb} because of exception {ex}") - return - print(f"Secret {verb} with api response: {api_response}") - - -def patch_kubernetes_secret(secret_dict, namespace): - """Patches secret in the cluster with new data.""" - api_client_instance = api_client.ApiClient() - api_instance = client.CoreV1Api(api_client_instance) - name = secret_dict["metadata"]["name"] - body = {} - body["data"] = secret_dict["data"] - return api_instance.patch_namespaced_secret(name, namespace, body) - - -def generate_password(length): - """Generates a password of "length" characters.""" - length = int(length) - password = "".join((secrets.choice(string.ascii_letters) - for i in range(length))) - return password - - -def gen_htpasswd(user, password): - """Generate htpasswd entry for user with password.""" - return f"{user}:{crypt.crypt(password, crypt.mksalt(crypt.METHOD_SHA512))}" - - -if __name__ == "__main__": - config.load_kube_config() - API = client.CoreV1Api() - main() diff --git a/infrastructure/kustomizations/apps-kustomization.yaml b/infrastructure/kustomizations/apps-kustomization.yaml new file mode 100644 index 0000000..76496cd --- /dev/null +++ b/infrastructure/kustomizations/apps-kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: stackspout-apps + namespace: flux-system +spec: + interval: 10m + retryInterval: 1m + sourceRef: + kind: GitRepository + name: stackspout + path: ./apps + prune: true + validation: client diff --git a/basic/infrastructure/kustomizations/namespace-kustomization.yaml b/infrastructure/kustomizations/namespace-kustomization.yaml similarity index 86% rename from basic/infrastructure/kustomizations/namespace-kustomization.yaml rename to infrastructure/kustomizations/namespace-kustomization.yaml index 5f8b5bf..2e98f1f 100644 --- a/basic/infrastructure/kustomizations/namespace-kustomization.yaml +++ b/infrastructure/kustomizations/namespace-kustomization.yaml @@ -9,6 +9,6 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/infrastructure/namespaces + path: ./infrastructure/namespaces prune: true validation: client diff --git a/basic/infrastructure/kustomizations/overrides-kustomization.yaml b/infrastructure/kustomizations/overrides-kustomization.yaml similarity index 92% rename from basic/infrastructure/kustomizations/overrides-kustomization.yaml rename to infrastructure/kustomizations/overrides-kustomization.yaml index 0e2a15d..9f5833c 100644 --- a/basic/infrastructure/kustomizations/overrides-kustomization.yaml +++ b/infrastructure/kustomizations/overrides-kustomization.yaml @@ -8,7 +8,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/overrides + path: ./overrides prune: true validation: client postBuild: diff --git a/basic/infrastructure/kustomizations/sources-kustomization.yaml b/infrastructure/kustomizations/sources-kustomization.yaml similarity index 87% rename from basic/infrastructure/kustomizations/sources-kustomization.yaml rename to infrastructure/kustomizations/sources-kustomization.yaml index 7b87e7f..eb9b1f8 100644 --- a/basic/infrastructure/kustomizations/sources-kustomization.yaml +++ b/infrastructure/kustomizations/sources-kustomization.yaml @@ -9,6 +9,6 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/infrastructure/sources + path: ./infrastructure/sources prune: true validation: client diff --git a/basic/infrastructure/namespaces/stackspout.yaml b/infrastructure/namespaces/stackspout.yaml similarity index 100% rename from basic/infrastructure/namespaces/stackspout.yaml rename to infrastructure/namespaces/stackspout.yaml diff --git a/infrastructure/sources/8gears-n8n-helmrepository.yaml b/infrastructure/sources/8gears-n8n-helmrepository.yaml new file mode 100644 index 0000000..5d228f3 --- /dev/null +++ b/infrastructure/sources/8gears-n8n-helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: 8gears-n8n + namespace: flux-system +spec: + interval: 60m + url: oci://8gears.container-registry.com/library/n8n diff --git a/basic/infrastructure/sources/forgejo.yaml b/infrastructure/sources/forgejo-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/forgejo.yaml rename to infrastructure/sources/forgejo-helmrepository.yaml diff --git a/basic/infrastructure/sources/gitea.yaml b/infrastructure/sources/gitea-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/gitea.yaml rename to infrastructure/sources/gitea-helmrepository.yaml diff --git a/basic/infrastructure/sources/invoiceninja.yaml b/infrastructure/sources/invoiceninja-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/invoiceninja.yaml rename to infrastructure/sources/invoiceninja-helmrepository.yaml diff --git a/basic/infrastructure/sources/robjuz.yaml b/infrastructure/sources/robjuz-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/robjuz.yaml rename to infrastructure/sources/robjuz-helmrepository.yaml diff --git a/basic/infrastructure/sources/truecharts.yaml b/infrastructure/sources/truecharts-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/truecharts.yaml rename to infrastructure/sources/truecharts-helmrepository.yaml diff --git a/basic/infrastructure/sources/vikunja.yaml b/infrastructure/sources/vikunja-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/vikunja.yaml rename to infrastructure/sources/vikunja-helmrepository.yaml diff --git a/basic/install.sh b/install.sh similarity index 61% rename from basic/install.sh rename to install.sh index 047afdc..1e3e943 100755 --- a/basic/install.sh +++ b/install.sh @@ -11,11 +11,6 @@ flux create source git stackspout \ echo "Creating / Updating kustomization stackspout" flux create kustomization stackspout \ --source=GitRepository/stackspout \ - --path="./basic/infrastructure/kustomizations/" \ + --path="./infrastructure/kustomizations/" \ --prune=true \ --interval=5m - -python $(dirname "$0")/../generate_secrets.py vikunja -python $(dirname "$0")/../generate_secrets.py vikunja-test -python $(dirname "$0")/../generate_secrets.py gitea -python $(dirname "$0")/../generate_secrets.py invoiceninja diff --git a/basic/overrides/stackspin-apps-custom.yaml b/overrides/stackspin-apps-custom.yaml similarity index 93% rename from basic/overrides/stackspin-apps-custom.yaml rename to overrides/stackspin-apps-custom.yaml index 7bab943..62a042d 100644 --- a/basic/overrides/stackspin-apps-custom.yaml +++ b/overrides/stackspin-apps-custom.yaml @@ -10,6 +10,8 @@ data: name: "Vikunja Tasks" gitea: | name: "Gitea Code" + forgejo: | + name: "Forgejo" invoiceninja: | name: "Invoiceninja Billing" --- @@ -24,3 +26,4 @@ metadata: data: vikunja: vikunja gitea: gitea + forgejo: forgejo diff --git a/basic/overrides/stackspin-nextcloud-override.yaml b/overrides/stackspin-nextcloud-override.yaml similarity index 100% rename from basic/overrides/stackspin-nextcloud-override.yaml rename to overrides/stackspin-nextcloud-override.yaml diff --git a/basic/overrides/stackspin-nginx-ingress-override.yaml b/overrides/stackspin-nginx-ingress-override.yaml similarity index 100% rename from basic/overrides/stackspin-nginx-ingress-override.yaml rename to overrides/stackspin-nginx-ingress-override.yaml diff --git a/basic/overrides/stackspin-zulip-override.yaml b/overrides/stackspin-zulip-override.yaml similarity index 100% rename from basic/overrides/stackspin-zulip-override.yaml rename to overrides/stackspin-zulip-override.yaml diff --git a/templates/stackspin-invoiceninja-variables.yaml.jinja b/templates/stackspin-invoiceninja-variables.yaml.jinja deleted file mode 100644 index 9f0defa..0000000 --- a/templates/stackspin-invoiceninja-variables.yaml.jinja +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-invoiceninja-variables -data: - app_key: "{{ 32 | generate_password | b64encode }}" - password: "{{ 32 | generate_password | b64encode }}" - redis_password: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-kimai-variables.yaml.jinja b/templates/stackspin-kimai-variables.yaml.jinja deleted file mode 100644 index 7558a55..0000000 --- a/templates/stackspin-kimai-variables.yaml.jinja +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-kimai-variables -data: - password: "{{ 32 | generate_password | b64encode }}" - secret: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-oauth-variables.yaml.jinja b/templates/stackspin-oauth-variables.yaml.jinja deleted file mode 100644 index 32a0ab0..0000000 --- a/templates/stackspin-oauth-variables.yaml.jinja +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-{{ app }}-oauth-variables -data: - client_id: "{{ app | b64encode }}" - client_secret: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-suitecrm-variables.yaml.jinja b/templates/stackspin-suitecrm-variables.yaml.jinja deleted file mode 100644 index 06651dd..0000000 --- a/templates/stackspin-suitecrm-variables.yaml.jinja +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-suitecrm-variables -data: - password: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-vikunja-variables.yaml.jinja b/templates/stackspin-vikunja-variables.yaml.jinja deleted file mode 100644 index cb1fa4f..0000000 --- a/templates/stackspin-vikunja-variables.yaml.jinja +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-vikunja-variables -data: - jwt: "{{ 32 | generate_password | b64encode }}" - postgresql_password: "{{ 32 | generate_password | b64encode }}"