From 2e2beb286dadbc8285b5bfce1616c0de2d7feaa3 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Tue, 23 Jan 2024 22:50:41 +0100 Subject: [PATCH] Restructure Repository --- README.md | 6 +- {basic/apps => apps}/code/gitea-data-pvc.yaml | 0 .../code/gitea-oauth-client.yaml | 2 +- .../code/gitea-postgres-pvc.yaml | 0 {basic/apps => apps}/code/gitea-release.yaml | 0 .../code/gitea-values-configmap.yaml | 0 apps/code/ingress-gitea.yaml | 7 + {basic/apps => apps}/code/metallb-gitea.yaml | 0 .../apps => apps}/do-test/kustomization.yaml | 0 .../do-test/vikunja-oauth-client.yaml | 2 +- .../do-test/vikunja-postgres-pvc.yaml | 0 .../do-test/vikunja-release.yaml | 0 .../do-test/vikunja-values-configmap.yaml | 0 {basic/apps => apps}/do/kustomization.yaml | 0 .../apps => apps}/do/vikunja-files-pvc.yaml | 0 .../do/vikunja-oauth-client.yaml | 2 +- .../do/vikunja-postgres-pvc.yaml | 0 {basic/apps => apps}/do/vikunja-release.yaml | 0 .../do/vikunja-values-configmap.yaml | 0 .../apps => apps}/forge/forgejo-data-pvc.yaml | 0 .../forge/forgejo-oauth-client.yaml | 0 .../forge/forgejo-postgres-pvc.yaml | 0 .../apps => apps}/forge/forgejo-release.yaml | 0 .../forge/forgejo-values-configmap.yaml | 0 .../forgejo-kustomization.yaml | 2 +- .../apps => apps}/generate-kustomizations.sh | 0 .../gitea-kustomization.yaml | 2 +- .../invoiceninja-customization.yaml | 2 +- .../ninja/invoiceninja-mariadb-pvc.yaml | 0 .../apps => apps}/ninja/invoiceninja-pvc.yaml | 0 .../ninja/invoiceninja-release.yaml | 0 .../ninja/invoiceninja-values-configmap.yaml | 3 +- .../apps => apps}/people/kustomization.yaml | 0 .../people/suitecrm-release.yaml | 0 .../people/suitecrm-values-configmap.yaml | 0 {basic/apps => apps}/time/kimai-release.yaml | 0 .../time/kimai-values-configmap.yaml | 0 {basic/apps => apps}/time/kustomization.yaml | 0 {basic/apps => apps}/time/pvc.yaml | 0 .../vikunja-kustomization.yaml | 2 +- .../vikunja-test-kustomization.yaml | 2 +- generate_secrets.py | 246 ------------------ .../kustomizations/apps-kustomization.yaml | 14 + .../namespace-kustomization.yaml | 2 +- .../overrides-kustomization.yaml | 2 +- .../kustomizations/sources-kustomization.yaml | 2 +- .../namespaces/stackspout.yaml | 0 .../sources/8gears-n8n-helmrepository.yaml | 8 + .../sources/forgejo-helmrepository.yaml | 0 .../sources/gitea-helmrepository.yaml | 0 .../sources/invoiceninja-helmrepository.yaml | 0 .../sources/robjuz-helmrepository.yaml | 0 .../sources/truecharts-helmrepository.yaml | 0 .../sources/vikunja-helmrepository.yaml | 0 basic/install.sh => install.sh | 7 +- .../stackspin-apps-custom.yaml | 3 + .../stackspin-nextcloud-override.yaml | 0 .../stackspin-nginx-ingress-override.yaml | 0 .../stackspin-zulip-override.yaml | 0 ...tackspin-invoiceninja-variables.yaml.jinja | 10 - .../stackspin-kimai-variables.yaml.jinja | 9 - .../stackspin-oauth-variables.yaml.jinja | 8 - .../stackspin-suitecrm-variables.yaml.jinja | 8 - .../stackspin-vikunja-variables.yaml.jinja | 7 - 64 files changed, 49 insertions(+), 309 deletions(-) rename {basic/apps => apps}/code/gitea-data-pvc.yaml (100%) rename {basic/apps => apps}/code/gitea-oauth-client.yaml (86%) rename {basic/apps => apps}/code/gitea-postgres-pvc.yaml (100%) rename {basic/apps => apps}/code/gitea-release.yaml (100%) rename {basic/apps => apps}/code/gitea-values-configmap.yaml (100%) create mode 100644 apps/code/ingress-gitea.yaml rename {basic/apps => apps}/code/metallb-gitea.yaml (100%) rename {basic/apps => apps}/do-test/kustomization.yaml (100%) rename {basic/apps => apps}/do-test/vikunja-oauth-client.yaml (86%) rename {basic/apps => apps}/do-test/vikunja-postgres-pvc.yaml (100%) rename {basic/apps => apps}/do-test/vikunja-release.yaml (100%) rename {basic/apps => apps}/do-test/vikunja-values-configmap.yaml (100%) rename {basic/apps => apps}/do/kustomization.yaml (100%) rename {basic/apps => apps}/do/vikunja-files-pvc.yaml (100%) rename {basic/apps => apps}/do/vikunja-oauth-client.yaml (86%) rename {basic/apps => apps}/do/vikunja-postgres-pvc.yaml (100%) rename {basic/apps => apps}/do/vikunja-release.yaml (100%) rename {basic/apps => apps}/do/vikunja-values-configmap.yaml (100%) rename {basic/apps => apps}/forge/forgejo-data-pvc.yaml (100%) rename {basic/apps => apps}/forge/forgejo-oauth-client.yaml (100%) rename {basic/apps => apps}/forge/forgejo-postgres-pvc.yaml (100%) rename {basic/apps => apps}/forge/forgejo-release.yaml (100%) rename {basic/apps => apps}/forge/forgejo-values-configmap.yaml (100%) rename {basic/infrastructure/kustomizations => apps}/forgejo-kustomization.yaml (95%) rename {basic/apps => apps}/generate-kustomizations.sh (100%) rename {basic/infrastructure/kustomizations => apps}/gitea-kustomization.yaml (95%) rename {basic/infrastructure/kustomizations => apps}/invoiceninja-customization.yaml (96%) rename {basic/apps => apps}/ninja/invoiceninja-mariadb-pvc.yaml (100%) rename {basic/apps => apps}/ninja/invoiceninja-pvc.yaml (100%) rename {basic/apps => apps}/ninja/invoiceninja-release.yaml (100%) rename {basic/apps => apps}/ninja/invoiceninja-values-configmap.yaml (96%) rename {basic/apps => apps}/people/kustomization.yaml (100%) rename {basic/apps => apps}/people/suitecrm-release.yaml (100%) rename {basic/apps => apps}/people/suitecrm-values-configmap.yaml (100%) rename {basic/apps => apps}/time/kimai-release.yaml (100%) rename {basic/apps => apps}/time/kimai-values-configmap.yaml (100%) rename {basic/apps => apps}/time/kustomization.yaml (100%) rename {basic/apps => apps}/time/pvc.yaml (100%) rename {basic/infrastructure/kustomizations => apps}/vikunja-kustomization.yaml (95%) rename {basic/infrastructure/kustomizations => apps}/vikunja-test-kustomization.yaml (94%) delete mode 100755 generate_secrets.py create mode 100644 infrastructure/kustomizations/apps-kustomization.yaml rename {basic/infrastructure => infrastructure}/kustomizations/namespace-kustomization.yaml (86%) rename {basic/infrastructure => infrastructure}/kustomizations/overrides-kustomization.yaml (92%) rename {basic/infrastructure => infrastructure}/kustomizations/sources-kustomization.yaml (87%) rename {basic/infrastructure => infrastructure}/namespaces/stackspout.yaml (100%) create mode 100644 infrastructure/sources/8gears-n8n-helmrepository.yaml rename basic/infrastructure/sources/forgejo.yaml => infrastructure/sources/forgejo-helmrepository.yaml (100%) rename basic/infrastructure/sources/gitea.yaml => infrastructure/sources/gitea-helmrepository.yaml (100%) rename basic/infrastructure/sources/invoiceninja.yaml => infrastructure/sources/invoiceninja-helmrepository.yaml (100%) rename basic/infrastructure/sources/robjuz.yaml => infrastructure/sources/robjuz-helmrepository.yaml (100%) rename basic/infrastructure/sources/truecharts.yaml => infrastructure/sources/truecharts-helmrepository.yaml (100%) rename basic/infrastructure/sources/vikunja.yaml => infrastructure/sources/vikunja-helmrepository.yaml (100%) rename basic/install.sh => install.sh (61%) rename {basic/overrides => overrides}/stackspin-apps-custom.yaml (93%) rename {basic/overrides => overrides}/stackspin-nextcloud-override.yaml (100%) rename {basic/overrides => overrides}/stackspin-nginx-ingress-override.yaml (100%) rename {basic/overrides => overrides}/stackspin-zulip-override.yaml (100%) delete mode 100644 templates/stackspin-invoiceninja-variables.yaml.jinja delete mode 100644 templates/stackspin-kimai-variables.yaml.jinja delete mode 100644 templates/stackspin-oauth-variables.yaml.jinja delete mode 100644 templates/stackspin-suitecrm-variables.yaml.jinja delete mode 100644 templates/stackspin-vikunja-variables.yaml.jinja diff --git a/README.md b/README.md index bb563fe..3a34021 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,8 @@ Useful tools for administration: https://docs.stackspin.net/en/v2/system_administration/customizing.html ### Guide: Creating OAuth Credentials for an external service -- add a line in `basic/install.sh` and run it to generate the secret (TODO: Update to new stackspin mechanism) -- append another OAuth2Client definition to `basic/overrides/oauth-clients.yaml`, +- add a line in `install.sh` and run it to generate the secret (TODO: Update to new stackspin mechanism) +- append another OAuth2Client definition to `overrides/oauth-clients.yaml`, adjusting `metadata.name` and `spec.secretName` as well as `spec.redirectUris` - apply changes to the cluster - obtain the generated `client_secret` for your application from kubernetes: @@ -71,7 +71,7 @@ First [install Stackspin](https://docs.stackspin.net/en/latest/installation/inst Then apply the configuration to your cluster: ```sh -basic/install.sh +install.sh ``` Done! diff --git a/basic/apps/code/gitea-data-pvc.yaml b/apps/code/gitea-data-pvc.yaml similarity index 100% rename from basic/apps/code/gitea-data-pvc.yaml rename to apps/code/gitea-data-pvc.yaml diff --git a/basic/apps/code/gitea-oauth-client.yaml b/apps/code/gitea-oauth-client.yaml similarity index 86% rename from basic/apps/code/gitea-oauth-client.yaml rename to apps/code/gitea-oauth-client.yaml index 945dc52..95b6f35 100644 --- a/basic/apps/code/gitea-oauth-client.yaml +++ b/apps/code/gitea-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: gitea-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/code/gitea-postgres-pvc.yaml b/apps/code/gitea-postgres-pvc.yaml similarity index 100% rename from basic/apps/code/gitea-postgres-pvc.yaml rename to apps/code/gitea-postgres-pvc.yaml diff --git a/basic/apps/code/gitea-release.yaml b/apps/code/gitea-release.yaml similarity index 100% rename from basic/apps/code/gitea-release.yaml rename to apps/code/gitea-release.yaml diff --git a/basic/apps/code/gitea-values-configmap.yaml b/apps/code/gitea-values-configmap.yaml similarity index 100% rename from basic/apps/code/gitea-values-configmap.yaml rename to apps/code/gitea-values-configmap.yaml diff --git a/apps/code/ingress-gitea.yaml b/apps/code/ingress-gitea.yaml new file mode 100644 index 0000000..e4a33a9 --- /dev/null +++ b/apps/code/ingress-gitea.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: tcp-services + namespace: stackspout +data: + 22: "gitea:22" diff --git a/basic/apps/code/metallb-gitea.yaml b/apps/code/metallb-gitea.yaml similarity index 100% rename from basic/apps/code/metallb-gitea.yaml rename to apps/code/metallb-gitea.yaml diff --git a/basic/apps/do-test/kustomization.yaml b/apps/do-test/kustomization.yaml similarity index 100% rename from basic/apps/do-test/kustomization.yaml rename to apps/do-test/kustomization.yaml diff --git a/basic/apps/do-test/vikunja-oauth-client.yaml b/apps/do-test/vikunja-oauth-client.yaml similarity index 86% rename from basic/apps/do-test/vikunja-oauth-client.yaml rename to apps/do-test/vikunja-oauth-client.yaml index 352214c..a819967 100644 --- a/basic/apps/do-test/vikunja-oauth-client.yaml +++ b/apps/do-test/vikunja-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: vikunja-test-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/do-test/vikunja-postgres-pvc.yaml b/apps/do-test/vikunja-postgres-pvc.yaml similarity index 100% rename from basic/apps/do-test/vikunja-postgres-pvc.yaml rename to apps/do-test/vikunja-postgres-pvc.yaml diff --git a/basic/apps/do-test/vikunja-release.yaml b/apps/do-test/vikunja-release.yaml similarity index 100% rename from basic/apps/do-test/vikunja-release.yaml rename to apps/do-test/vikunja-release.yaml diff --git a/basic/apps/do-test/vikunja-values-configmap.yaml b/apps/do-test/vikunja-values-configmap.yaml similarity index 100% rename from basic/apps/do-test/vikunja-values-configmap.yaml rename to apps/do-test/vikunja-values-configmap.yaml diff --git a/basic/apps/do/kustomization.yaml b/apps/do/kustomization.yaml similarity index 100% rename from basic/apps/do/kustomization.yaml rename to apps/do/kustomization.yaml diff --git a/basic/apps/do/vikunja-files-pvc.yaml b/apps/do/vikunja-files-pvc.yaml similarity index 100% rename from basic/apps/do/vikunja-files-pvc.yaml rename to apps/do/vikunja-files-pvc.yaml diff --git a/basic/apps/do/vikunja-oauth-client.yaml b/apps/do/vikunja-oauth-client.yaml similarity index 86% rename from basic/apps/do/vikunja-oauth-client.yaml rename to apps/do/vikunja-oauth-client.yaml index f9cd7ac..6a12ffa 100644 --- a/basic/apps/do/vikunja-oauth-client.yaml +++ b/apps/do/vikunja-oauth-client.yaml @@ -2,7 +2,7 @@ apiVersion: hydra.ory.sh/v1alpha1 kind: OAuth2Client metadata: name: vikunja-oauth-client - # Has to live in the same namespace as the stackspin-wordpress-oauth-variables secret + # Has to live in the same namespace as the stackspin-*-oauth-variables secret namespace: flux-system spec: # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak diff --git a/basic/apps/do/vikunja-postgres-pvc.yaml b/apps/do/vikunja-postgres-pvc.yaml similarity index 100% rename from basic/apps/do/vikunja-postgres-pvc.yaml rename to apps/do/vikunja-postgres-pvc.yaml diff --git a/basic/apps/do/vikunja-release.yaml b/apps/do/vikunja-release.yaml similarity index 100% rename from basic/apps/do/vikunja-release.yaml rename to apps/do/vikunja-release.yaml diff --git a/basic/apps/do/vikunja-values-configmap.yaml b/apps/do/vikunja-values-configmap.yaml similarity index 100% rename from basic/apps/do/vikunja-values-configmap.yaml rename to apps/do/vikunja-values-configmap.yaml diff --git a/basic/apps/forge/forgejo-data-pvc.yaml b/apps/forge/forgejo-data-pvc.yaml similarity index 100% rename from basic/apps/forge/forgejo-data-pvc.yaml rename to apps/forge/forgejo-data-pvc.yaml diff --git a/basic/apps/forge/forgejo-oauth-client.yaml b/apps/forge/forgejo-oauth-client.yaml similarity index 100% rename from basic/apps/forge/forgejo-oauth-client.yaml rename to apps/forge/forgejo-oauth-client.yaml diff --git a/basic/apps/forge/forgejo-postgres-pvc.yaml b/apps/forge/forgejo-postgres-pvc.yaml similarity index 100% rename from basic/apps/forge/forgejo-postgres-pvc.yaml rename to apps/forge/forgejo-postgres-pvc.yaml diff --git a/basic/apps/forge/forgejo-release.yaml b/apps/forge/forgejo-release.yaml similarity index 100% rename from basic/apps/forge/forgejo-release.yaml rename to apps/forge/forgejo-release.yaml diff --git a/basic/apps/forge/forgejo-values-configmap.yaml b/apps/forge/forgejo-values-configmap.yaml similarity index 100% rename from basic/apps/forge/forgejo-values-configmap.yaml rename to apps/forge/forgejo-values-configmap.yaml diff --git a/basic/infrastructure/kustomizations/forgejo-kustomization.yaml b/apps/forgejo-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/forgejo-kustomization.yaml rename to apps/forgejo-kustomization.yaml index 85224c5..54f863a 100644 --- a/basic/infrastructure/kustomizations/forgejo-kustomization.yaml +++ b/apps/forgejo-kustomization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/forge + path: ./apps/forge prune: true postBuild: substituteFrom: diff --git a/basic/apps/generate-kustomizations.sh b/apps/generate-kustomizations.sh similarity index 100% rename from basic/apps/generate-kustomizations.sh rename to apps/generate-kustomizations.sh diff --git a/basic/infrastructure/kustomizations/gitea-kustomization.yaml b/apps/gitea-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/gitea-kustomization.yaml rename to apps/gitea-kustomization.yaml index 5d0d018..3e1bed5 100644 --- a/basic/infrastructure/kustomizations/gitea-kustomization.yaml +++ b/apps/gitea-kustomization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/code + path: ./apps/code prune: true postBuild: substituteFrom: diff --git a/basic/infrastructure/kustomizations/invoiceninja-customization.yaml b/apps/invoiceninja-customization.yaml similarity index 96% rename from basic/infrastructure/kustomizations/invoiceninja-customization.yaml rename to apps/invoiceninja-customization.yaml index 61b5aa1..9688422 100644 --- a/basic/infrastructure/kustomizations/invoiceninja-customization.yaml +++ b/apps/invoiceninja-customization.yaml @@ -13,7 +13,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/ninja + path: ./apps/ninja prune: true postBuild: substituteFrom: diff --git a/basic/apps/ninja/invoiceninja-mariadb-pvc.yaml b/apps/ninja/invoiceninja-mariadb-pvc.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-mariadb-pvc.yaml rename to apps/ninja/invoiceninja-mariadb-pvc.yaml diff --git a/basic/apps/ninja/invoiceninja-pvc.yaml b/apps/ninja/invoiceninja-pvc.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-pvc.yaml rename to apps/ninja/invoiceninja-pvc.yaml diff --git a/basic/apps/ninja/invoiceninja-release.yaml b/apps/ninja/invoiceninja-release.yaml similarity index 100% rename from basic/apps/ninja/invoiceninja-release.yaml rename to apps/ninja/invoiceninja-release.yaml diff --git a/basic/apps/ninja/invoiceninja-values-configmap.yaml b/apps/ninja/invoiceninja-values-configmap.yaml similarity index 96% rename from basic/apps/ninja/invoiceninja-values-configmap.yaml rename to apps/ninja/invoiceninja-values-configmap.yaml index 5251d4b..263fdf3 100644 --- a/basic/apps/ninja/invoiceninja-values-configmap.yaml +++ b/apps/ninja/invoiceninja-values-configmap.yaml @@ -22,9 +22,10 @@ data: stackspin.net/backupSet: "invoiceninja" podLabels: stackspin.net/backupSet: "invoiceninja" + backup.velero.io/backup-volumes: "invoiceninja-data" persistence: public: - existingClaim: invoiceninja-data + existingClaim: "invoiceninja-data" mariadb: # https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml commonLabels: diff --git a/basic/apps/people/kustomization.yaml b/apps/people/kustomization.yaml similarity index 100% rename from basic/apps/people/kustomization.yaml rename to apps/people/kustomization.yaml diff --git a/basic/apps/people/suitecrm-release.yaml b/apps/people/suitecrm-release.yaml similarity index 100% rename from basic/apps/people/suitecrm-release.yaml rename to apps/people/suitecrm-release.yaml diff --git a/basic/apps/people/suitecrm-values-configmap.yaml b/apps/people/suitecrm-values-configmap.yaml similarity index 100% rename from basic/apps/people/suitecrm-values-configmap.yaml rename to apps/people/suitecrm-values-configmap.yaml diff --git a/basic/apps/time/kimai-release.yaml b/apps/time/kimai-release.yaml similarity index 100% rename from basic/apps/time/kimai-release.yaml rename to apps/time/kimai-release.yaml diff --git a/basic/apps/time/kimai-values-configmap.yaml b/apps/time/kimai-values-configmap.yaml similarity index 100% rename from basic/apps/time/kimai-values-configmap.yaml rename to apps/time/kimai-values-configmap.yaml diff --git a/basic/apps/time/kustomization.yaml b/apps/time/kustomization.yaml similarity index 100% rename from basic/apps/time/kustomization.yaml rename to apps/time/kustomization.yaml diff --git a/basic/apps/time/pvc.yaml b/apps/time/pvc.yaml similarity index 100% rename from basic/apps/time/pvc.yaml rename to apps/time/pvc.yaml diff --git a/basic/infrastructure/kustomizations/vikunja-kustomization.yaml b/apps/vikunja-kustomization.yaml similarity index 95% rename from basic/infrastructure/kustomizations/vikunja-kustomization.yaml rename to apps/vikunja-kustomization.yaml index 5302f13..fea8112 100644 --- a/basic/infrastructure/kustomizations/vikunja-kustomization.yaml +++ b/apps/vikunja-kustomization.yaml @@ -14,7 +14,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/do + path: ./apps/do prune: true postBuild: substituteFrom: diff --git a/basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml b/apps/vikunja-test-kustomization.yaml similarity index 94% rename from basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml rename to apps/vikunja-test-kustomization.yaml index 6e9dc6a..f060498 100644 --- a/basic/infrastructure/kustomizations/vikunja-test-kustomization.yaml +++ b/apps/vikunja-test-kustomization.yaml @@ -14,7 +14,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/apps/do-test + path: ./apps/do-test prune: true postBuild: substituteFrom: diff --git a/generate_secrets.py b/generate_secrets.py deleted file mode 100755 index 17744a4..0000000 --- a/generate_secrets.py +++ /dev/null @@ -1,246 +0,0 @@ -#!/usr/bin/env python3 -"""Generates Kubernetes secrets based on a provided app name. - -If the `templates` directory contains a secret called `stackspin-{app}-variables`, it -will check if that secret already exists in the cluster, and if not: generate -it. It does the same for an `stackspin-{app}-basic-auth` secret that will contain a -password as well as a htpasswd encoded version of it. - -See https://open.greenhost.net/stackspin/stackspin/-/issues/891 for the -context why we use this script and not a helm chart to generate secrets. - -usage: `python generate_secrets.py $appName` - -As a special case, `python generate_secrets.py stackspin` will check that the -`stackspin-cluster-variables` secret exists and that its values do not contain -problematic characters. -""" - -import base64 -import crypt -import os -import secrets -import string -import sys - -import jinja2 -import yaml -from kubernetes import client, config -from kubernetes.client import api_client -from kubernetes.client.exceptions import ApiException -from kubernetes.utils import create_from_yaml -from kubernetes.utils.create_from_yaml import FailToCreateError - -# This script gets called with an app name as argument. Most of them need an -# oauth client in Hydra, but some don't. This list contains the ones that -# don't. -APPS_WITHOUT_OAUTH = [ - "single-sign-on", - "prometheus", - "alertmanager", - "suitecrm", -] - - -def main(): - """Run everything.""" - # Add jinja filters we want to use - env = jinja2.Environment( - extensions=["jinja2_base64_filters.Base64Filters"]) - env.filters["generate_password"] = generate_password - - if len(sys.argv) < 2: - print("Please provide an app name as an argument") - sys.exit(1) - app_name = sys.argv[1] - - if app_name == "stackspin": - # This is a special case: we don't generate new secrets, but verify the - # validity of the cluster variables (populated from .flux.env). - verify_cluster_variables() - else: - # Create app variables secret - create_variables_secret( - app_name, f"stackspin-{app_name}-variables.yaml.jinja", env) - # Create a secret that contains the oauth variables for Hydra Maester - if app_name not in APPS_WITHOUT_OAUTH: - create_variables_secret( - app_name, "stackspin-oauth-variables.yaml.jinja", env) - create_basic_auth_secret(app_name, env) - - -def verify_cluster_variables(): - data = get_kubernetes_secret_data("stackspin-cluster-variables", "flux-system") - if data is None: - raise Exception("Secret stackspin-cluster-variables was not found.") - message = "In secret stackspin-cluster-variables, key {}, the character {}" \ - " was used which will probably lead to problems, so aborting." \ - " You can update the value by using `kubectl edit secret -n" \ - " flux-system stackspin-cluster-variables`." - for key, value in data.items(): - decoded_value = base64.b64decode(value).decode("ascii") - for character in ["\"", "$"]: - if character in decoded_value: - raise Exception(message.format(key, character)) - - -def get_templates_dir(): - """Returns directory that contains the Jinja templates used to create app secrets.""" - return os.path.join(os.path.dirname(os.path.realpath(__file__)), "templates") - - -def create_variables_secret(app_name, variables_filename, env): - """Checks if a variables secret for app_name already exists, generates it if necessary.""" - variables_filepath = os.path.join(get_templates_dir(), variables_filename) - if os.path.exists(variables_filepath): - # Check if k8s secret already exists, if not, generate it - with open(variables_filepath, encoding="UTF-8") as template_file: - lines = template_file.read() - secret_name, secret_namespace = get_secret_metadata(lines) - new_secret_dict = yaml.safe_load( - env.from_string(lines, globals={"app": app_name}).render() - ) - current_secret_data = get_kubernetes_secret_data( - secret_name, secret_namespace - ) - if current_secret_data is None: - # Create new secret - update_secret = False - elif current_secret_data.keys() != new_secret_dict["data"].keys(): - # Update current secret with new keys - update_secret = True - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " already exists. Merging..." - ) - # Merge dicts. Values from current_secret_data take precedence - new_secret_dict["data"] |= current_secret_data - else: - # Do Nothing - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " is already in a good state, doing nothing." - ) - return - print( - f"Storing secret {secret_name} in namespace" - f" {secret_namespace} in cluster." - ) - store_kubernetes_secret( - new_secret_dict, secret_namespace, update=update_secret - ) - else: - print( - f"Template {variables_filename} does not exist, no action needed") - - -def create_basic_auth_secret(app_name, env): - """Checks if a basic auth secret for app_name already exists, generates it if necessary.""" - basic_auth_filename = os.path.join( - get_templates_dir(), f"stackspin-{app_name}-basic-auth.yaml.jinja" - ) - if os.path.exists(basic_auth_filename): - with open(basic_auth_filename, encoding="UTF-8") as template_file: - lines = template_file.read() - secret_name, secret_namespace = get_secret_metadata(lines) - - if get_kubernetes_secret_data(secret_name, secret_namespace) is None: - basic_auth_username = "admin" - basic_auth_password = generate_password(32) - basic_auth_htpasswd = gen_htpasswd( - basic_auth_username, basic_auth_password - ) - print( - f"Adding secret {secret_name} in namespace" - f" {secret_namespace} to cluster." - ) - template = env.from_string( - lines, - globals={ - "pass": basic_auth_password, - "htpasswd": basic_auth_htpasswd, - }, - ) - secret_dict = yaml.safe_load(template.render()) - store_kubernetes_secret(secret_dict, secret_namespace) - else: - print( - f"Secret {secret_name} in namespace {secret_namespace}" - " already exists. Not generating new secrets." - ) - else: - print(f"File {basic_auth_filename} does not exist, no action needed") - - -def get_secret_metadata(yaml_string): - """Returns secret name and namespace from metadata field in a yaml string.""" - secret_dict = yaml.safe_load(yaml_string) - secret_name = secret_dict["metadata"]["name"] - # default namespace is flux-system, but other namespace can be - # provided in secret metadata - if "namespace" in secret_dict["metadata"]: - secret_namespace = secret_dict["metadata"]["namespace"] - else: - secret_namespace = "flux-system" - return secret_name, secret_namespace - - -def get_kubernetes_secret_data(secret_name, namespace): - """Returns the contents of a kubernetes secret or None if the secret does not exist.""" - try: - secret = API.read_namespaced_secret(secret_name, namespace).data - except ApiException as ex: - # 404 is expected when the optional secret does not exist. - if ex.status != 404: - raise ex - return None - return secret - - -def store_kubernetes_secret(secret_dict, namespace, update=False): - """Stores either a new secret in the cluster, or updates an existing one.""" - api_client_instance = api_client.ApiClient() - if update: - verb = "updated" - api_response = patch_kubernetes_secret(secret_dict, namespace) - else: - verb = "created" - try: - api_response = create_from_yaml( - api_client_instance, - yaml_objects=[secret_dict], - namespace=namespace - ) - except FailToCreateError as ex: - print(f"Secret not {verb} because of exception {ex}") - return - print(f"Secret {verb} with api response: {api_response}") - - -def patch_kubernetes_secret(secret_dict, namespace): - """Patches secret in the cluster with new data.""" - api_client_instance = api_client.ApiClient() - api_instance = client.CoreV1Api(api_client_instance) - name = secret_dict["metadata"]["name"] - body = {} - body["data"] = secret_dict["data"] - return api_instance.patch_namespaced_secret(name, namespace, body) - - -def generate_password(length): - """Generates a password of "length" characters.""" - length = int(length) - password = "".join((secrets.choice(string.ascii_letters) - for i in range(length))) - return password - - -def gen_htpasswd(user, password): - """Generate htpasswd entry for user with password.""" - return f"{user}:{crypt.crypt(password, crypt.mksalt(crypt.METHOD_SHA512))}" - - -if __name__ == "__main__": - config.load_kube_config() - API = client.CoreV1Api() - main() diff --git a/infrastructure/kustomizations/apps-kustomization.yaml b/infrastructure/kustomizations/apps-kustomization.yaml new file mode 100644 index 0000000..76496cd --- /dev/null +++ b/infrastructure/kustomizations/apps-kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: stackspout-apps + namespace: flux-system +spec: + interval: 10m + retryInterval: 1m + sourceRef: + kind: GitRepository + name: stackspout + path: ./apps + prune: true + validation: client diff --git a/basic/infrastructure/kustomizations/namespace-kustomization.yaml b/infrastructure/kustomizations/namespace-kustomization.yaml similarity index 86% rename from basic/infrastructure/kustomizations/namespace-kustomization.yaml rename to infrastructure/kustomizations/namespace-kustomization.yaml index 5f8b5bf..2e98f1f 100644 --- a/basic/infrastructure/kustomizations/namespace-kustomization.yaml +++ b/infrastructure/kustomizations/namespace-kustomization.yaml @@ -9,6 +9,6 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/infrastructure/namespaces + path: ./infrastructure/namespaces prune: true validation: client diff --git a/basic/infrastructure/kustomizations/overrides-kustomization.yaml b/infrastructure/kustomizations/overrides-kustomization.yaml similarity index 92% rename from basic/infrastructure/kustomizations/overrides-kustomization.yaml rename to infrastructure/kustomizations/overrides-kustomization.yaml index 0e2a15d..9f5833c 100644 --- a/basic/infrastructure/kustomizations/overrides-kustomization.yaml +++ b/infrastructure/kustomizations/overrides-kustomization.yaml @@ -8,7 +8,7 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/overrides + path: ./overrides prune: true validation: client postBuild: diff --git a/basic/infrastructure/kustomizations/sources-kustomization.yaml b/infrastructure/kustomizations/sources-kustomization.yaml similarity index 87% rename from basic/infrastructure/kustomizations/sources-kustomization.yaml rename to infrastructure/kustomizations/sources-kustomization.yaml index 7b87e7f..eb9b1f8 100644 --- a/basic/infrastructure/kustomizations/sources-kustomization.yaml +++ b/infrastructure/kustomizations/sources-kustomization.yaml @@ -9,6 +9,6 @@ spec: sourceRef: kind: GitRepository name: stackspout - path: ./basic/infrastructure/sources + path: ./infrastructure/sources prune: true validation: client diff --git a/basic/infrastructure/namespaces/stackspout.yaml b/infrastructure/namespaces/stackspout.yaml similarity index 100% rename from basic/infrastructure/namespaces/stackspout.yaml rename to infrastructure/namespaces/stackspout.yaml diff --git a/infrastructure/sources/8gears-n8n-helmrepository.yaml b/infrastructure/sources/8gears-n8n-helmrepository.yaml new file mode 100644 index 0000000..5d228f3 --- /dev/null +++ b/infrastructure/sources/8gears-n8n-helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: 8gears-n8n + namespace: flux-system +spec: + interval: 60m + url: oci://8gears.container-registry.com/library/n8n diff --git a/basic/infrastructure/sources/forgejo.yaml b/infrastructure/sources/forgejo-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/forgejo.yaml rename to infrastructure/sources/forgejo-helmrepository.yaml diff --git a/basic/infrastructure/sources/gitea.yaml b/infrastructure/sources/gitea-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/gitea.yaml rename to infrastructure/sources/gitea-helmrepository.yaml diff --git a/basic/infrastructure/sources/invoiceninja.yaml b/infrastructure/sources/invoiceninja-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/invoiceninja.yaml rename to infrastructure/sources/invoiceninja-helmrepository.yaml diff --git a/basic/infrastructure/sources/robjuz.yaml b/infrastructure/sources/robjuz-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/robjuz.yaml rename to infrastructure/sources/robjuz-helmrepository.yaml diff --git a/basic/infrastructure/sources/truecharts.yaml b/infrastructure/sources/truecharts-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/truecharts.yaml rename to infrastructure/sources/truecharts-helmrepository.yaml diff --git a/basic/infrastructure/sources/vikunja.yaml b/infrastructure/sources/vikunja-helmrepository.yaml similarity index 100% rename from basic/infrastructure/sources/vikunja.yaml rename to infrastructure/sources/vikunja-helmrepository.yaml diff --git a/basic/install.sh b/install.sh similarity index 61% rename from basic/install.sh rename to install.sh index 047afdc..1e3e943 100755 --- a/basic/install.sh +++ b/install.sh @@ -11,11 +11,6 @@ flux create source git stackspout \ echo "Creating / Updating kustomization stackspout" flux create kustomization stackspout \ --source=GitRepository/stackspout \ - --path="./basic/infrastructure/kustomizations/" \ + --path="./infrastructure/kustomizations/" \ --prune=true \ --interval=5m - -python $(dirname "$0")/../generate_secrets.py vikunja -python $(dirname "$0")/../generate_secrets.py vikunja-test -python $(dirname "$0")/../generate_secrets.py gitea -python $(dirname "$0")/../generate_secrets.py invoiceninja diff --git a/basic/overrides/stackspin-apps-custom.yaml b/overrides/stackspin-apps-custom.yaml similarity index 93% rename from basic/overrides/stackspin-apps-custom.yaml rename to overrides/stackspin-apps-custom.yaml index 7bab943..62a042d 100644 --- a/basic/overrides/stackspin-apps-custom.yaml +++ b/overrides/stackspin-apps-custom.yaml @@ -10,6 +10,8 @@ data: name: "Vikunja Tasks" gitea: | name: "Gitea Code" + forgejo: | + name: "Forgejo" invoiceninja: | name: "Invoiceninja Billing" --- @@ -24,3 +26,4 @@ metadata: data: vikunja: vikunja gitea: gitea + forgejo: forgejo diff --git a/basic/overrides/stackspin-nextcloud-override.yaml b/overrides/stackspin-nextcloud-override.yaml similarity index 100% rename from basic/overrides/stackspin-nextcloud-override.yaml rename to overrides/stackspin-nextcloud-override.yaml diff --git a/basic/overrides/stackspin-nginx-ingress-override.yaml b/overrides/stackspin-nginx-ingress-override.yaml similarity index 100% rename from basic/overrides/stackspin-nginx-ingress-override.yaml rename to overrides/stackspin-nginx-ingress-override.yaml diff --git a/basic/overrides/stackspin-zulip-override.yaml b/overrides/stackspin-zulip-override.yaml similarity index 100% rename from basic/overrides/stackspin-zulip-override.yaml rename to overrides/stackspin-zulip-override.yaml diff --git a/templates/stackspin-invoiceninja-variables.yaml.jinja b/templates/stackspin-invoiceninja-variables.yaml.jinja deleted file mode 100644 index 9f0defa..0000000 --- a/templates/stackspin-invoiceninja-variables.yaml.jinja +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-invoiceninja-variables -data: - app_key: "{{ 32 | generate_password | b64encode }}" - password: "{{ 32 | generate_password | b64encode }}" - redis_password: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-kimai-variables.yaml.jinja b/templates/stackspin-kimai-variables.yaml.jinja deleted file mode 100644 index 7558a55..0000000 --- a/templates/stackspin-kimai-variables.yaml.jinja +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-kimai-variables -data: - password: "{{ 32 | generate_password | b64encode }}" - secret: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-oauth-variables.yaml.jinja b/templates/stackspin-oauth-variables.yaml.jinja deleted file mode 100644 index 32a0ab0..0000000 --- a/templates/stackspin-oauth-variables.yaml.jinja +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-{{ app }}-oauth-variables -data: - client_id: "{{ app | b64encode }}" - client_secret: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-suitecrm-variables.yaml.jinja b/templates/stackspin-suitecrm-variables.yaml.jinja deleted file mode 100644 index 06651dd..0000000 --- a/templates/stackspin-suitecrm-variables.yaml.jinja +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-suitecrm-variables -data: - password: "{{ 32 | generate_password | b64encode }}" - mariadb_password: "{{ 32 | generate_password | b64encode }}" - mariadb_root_password: "{{ 32 | generate_password | b64encode }}" diff --git a/templates/stackspin-vikunja-variables.yaml.jinja b/templates/stackspin-vikunja-variables.yaml.jinja deleted file mode 100644 index cb1fa4f..0000000 --- a/templates/stackspin-vikunja-variables.yaml.jinja +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: stackspin-vikunja-variables -data: - jwt: "{{ 32 | generate_password | b64encode }}" - postgresql_password: "{{ 32 | generate_password | b64encode }}"