diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml index fa01a36..336ef78 100644 --- a/apps/kustomization.yaml +++ b/apps/kustomization.yaml @@ -8,3 +8,4 @@ resources: - flow-kustomization.yaml - meet-kustomization.yaml - status-kustomization.yaml + - sprint-kustomization.yaml diff --git a/apps/sprint-kustomization.yaml b/apps/sprint-kustomization.yaml new file mode 100644 index 0000000..c5cb0e1 --- /dev/null +++ b/apps/sprint-kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: add-sprint + namespace: flux-system +spec: + interval: 10m + prune: true + path: ./apps/sprint + sourceRef: + kind: GitRepository + name: stackspout diff --git a/apps/sprint/kustomization.yaml b/apps/sprint/kustomization.yaml new file mode 100644 index 0000000..9a78b1d --- /dev/null +++ b/apps/sprint/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - taiga-kustomization.yaml + - taiga-secrets-kustomization.yaml diff --git a/apps/sprint/taiga-kustomization.yaml b/apps/sprint/taiga-kustomization.yaml new file mode 100644 index 0000000..c341d8d --- /dev/null +++ b/apps/sprint/taiga-kustomization.yaml @@ -0,0 +1,35 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: taiga + namespace: flux-system +spec: + interval: 5m + retryInterval: 2m + timeout: 10m + wait: true + prune: true + path: ./apps/sprint/taiga + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: local-path-provisioner + - name: taiga-secrets + - name: nginx + - name: single-sign-on + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-taiga-kustomization-variables + - kind: Secret + name: stackspin-taiga-variables + # OIDC + - kind: Secret + name: stackspin-taiga-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/sprint/taiga-secrets-kustomization.yaml b/apps/sprint/taiga-secrets-kustomization.yaml new file mode 100644 index 0000000..49dcf46 --- /dev/null +++ b/apps/sprint/taiga-secrets-kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +kind: Kustomization +metadata: + name: taiga-secrets + namespace: flux-system +spec: + interval: 5m + timeout: 4m + wait: true + prune: true + path: ./apps/sprint/taiga-secrets + sourceRef: + kind: GitRepository + name: stackspout + dependsOn: + - name: flux + - name: secrets-controller + postBuild: + substituteFrom: + - kind: Secret + name: stackspin-cluster-variables diff --git a/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml new file mode 100644 index 0000000..3131eff --- /dev/null +++ b/apps/sprint/taiga-secrets/taiga-kustomization-variables.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-taiga-kustomization-variables + namespace: flux-system +data: + taiga_domain: sprint.${domain} diff --git a/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml new file mode 100644 index 0000000..b42b230 --- /dev/null +++ b/apps/sprint/taiga-secrets/taiga-oauth-secret.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-taiga-oauth-variables + namespace: flux-system +spec: + data: + client_id: taiga + fields: + - fieldName: client_secret + length: "32" diff --git a/apps/sprint/taiga-secrets/taiga-variables.yaml b/apps/sprint/taiga-secrets/taiga-variables.yaml new file mode 100644 index 0000000..3aa650a --- /dev/null +++ b/apps/sprint/taiga-secrets/taiga-variables.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: secretgenerator.mittwald.de/v1alpha1 +kind: StringSecret +metadata: + name: stackspin-taiga-variables + namespace: flux-system +spec: + fields: + - fieldname: password diff --git a/apps/sprint/taiga/taiga-oauth-client.yaml b/apps/sprint/taiga/taiga-oauth-client.yaml new file mode 100644 index 0000000..0bc12cc --- /dev/null +++ b/apps/sprint/taiga/taiga-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: taiga-oauth-client + # Has to live in the same namespace as the stackspin-taiga-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-taiga-oauth-variables + #redirectUris: + # - https://${taiga_domain}/oauth/openid/ + #tokenEndpointAuthMethod: client_secret_post diff --git a/apps/sprint/taiga/taiga-postgres-pvc.yaml b/apps/sprint/taiga/taiga-postgres-pvc.yaml new file mode 100644 index 0000000..31144aa --- /dev/null +++ b/apps/sprint/taiga/taiga-postgres-pvc.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: taiga-postgres + namespace: stackspout + labels: + stackspin.net/backupSet: "taiga" +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/sprint/taiga/taiga-release.yaml b/apps/sprint/taiga/taiga-release.yaml new file mode 100644 index 0000000..b9ff3e6 --- /dev/null +++ b/apps/sprint/taiga/taiga-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: taiga + namespace: stackspout +spec: + releaseName: taiga + chart: + spec: + chart: taiga + version: 1.0 # TODO + sourceRef: + kind: HelmRepository + name: nemonik + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-taiga-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-taiga-override + optional: true + - kind: Secret + name: stackspin-taiga-override + optional: true diff --git a/apps/sprint/taiga/taiga-values-configmap.yaml b/apps/sprint/taiga/taiga-values-configmap.yaml new file mode 100644 index 0000000..19e9d01 --- /dev/null +++ b/apps/sprint/taiga/taiga-values-configmap.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-taiga-values + namespace: stackspout +data: + values.yaml: | + # https://github.com/nemonik/taiga-helm/blob/master/values.yaml + # TODO verify structure matches chart + commonLabels: + stackspin.net/backupSet: "taiga" + podLabels: + stackspin.net/backupSet: "taiga" + + taigaDB: + persistence: + enabled: true + existingClaim: taiga-postgres + podAnnotations: + backup.velero.io/backup-volumes: "data" + + taigaGateway: + ingress: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "${taiga_domain}" + paths: + - path: / + pathType: Prefix + tls: + - secretName: taiga-tls + hosts: + - "${taiga_domain}" + + env: + mailer: + enableEmail: "${outgoing_mail_enabled}" + emailHost: "${outgoing_mail_smtp_host}" + emailPort: "${outgoing_mail_smtp_port}" + emailHostUser: "${outgoing_mail_smtp_user}" + emailHostPassword: "${outgoing_mail_smtp_password}" + defaultFromEmail: "${outgoing_mail_from_address}" + + # TODO Adjust taiga OpenID Connect Single Sign-On Configuration + # - name: Stackspin + # key: "${client_id}" + # secret: "${client_secret}" + # issuer: "https://${hydra_domain}" + # autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration' diff --git a/infrastructure/sources/nemonik.yaml b/infrastructure/sources/nemonik.yaml new file mode 100644 index 0000000..958b131 --- /dev/null +++ b/infrastructure/sources/nemonik.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: nemonik + namespace: flux-system +spec: + interval: 60m + url: https://nemonik.github.io/helm-charts/