apps/sprint: add taiga

This commit is contained in:
xeruf 2024-02-29 14:56:11 +01:00
parent 075840808a
commit 503c88dd9b
13 changed files with 225 additions and 0 deletions

View File

@ -8,3 +8,4 @@ resources:
- flow-kustomization.yaml
- meet-kustomization.yaml
- status-kustomization.yaml
- sprint-kustomization.yaml

View File

@ -0,0 +1,12 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: add-sprint
namespace: flux-system
spec:
interval: 10m
prune: true
path: ./apps/sprint
sourceRef:
kind: GitRepository
name: stackspout

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- taiga-kustomization.yaml
- taiga-secrets-kustomization.yaml

View File

@ -0,0 +1,35 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: taiga
namespace: flux-system
spec:
interval: 5m
retryInterval: 2m
timeout: 10m
wait: true
prune: true
path: ./apps/sprint/taiga
sourceRef:
kind: GitRepository
name: stackspout
dependsOn:
- name: flux
- name: local-path-provisioner
- name: taiga-secrets
- name: nginx
- name: single-sign-on
postBuild:
substituteFrom:
- kind: Secret
name: stackspin-cluster-variables
- kind: ConfigMap
name: stackspin-taiga-kustomization-variables
- kind: Secret
name: stackspin-taiga-variables
# OIDC
- kind: Secret
name: stackspin-taiga-oauth-variables
- kind: ConfigMap
name: stackspin-single-sign-on-kustomization-variables

View File

@ -0,0 +1,22 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: taiga-secrets
namespace: flux-system
spec:
interval: 5m
timeout: 4m
wait: true
prune: true
path: ./apps/sprint/taiga-secrets
sourceRef:
kind: GitRepository
name: stackspout
dependsOn:
- name: flux
- name: secrets-controller
postBuild:
substituteFrom:
- kind: Secret
name: stackspin-cluster-variables

View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stackspin-taiga-kustomization-variables
namespace: flux-system
data:
taiga_domain: sprint.${domain}

View File

@ -0,0 +1,12 @@
---
apiVersion: secretgenerator.mittwald.de/v1alpha1
kind: StringSecret
metadata:
name: stackspin-taiga-oauth-variables
namespace: flux-system
spec:
data:
client_id: taiga
fields:
- fieldName: client_secret
length: "32"

View File

@ -0,0 +1,9 @@
---
apiVersion: secretgenerator.mittwald.de/v1alpha1
kind: StringSecret
metadata:
name: stackspin-taiga-variables
namespace: flux-system
spec:
fields:
- fieldname: password

View File

@ -0,0 +1,21 @@
apiVersion: hydra.ory.sh/v1alpha1
kind: OAuth2Client
metadata:
name: taiga-oauth-client
# Has to live in the same namespace as the stackspin-taiga-oauth-variables secret
namespace: flux-system
spec:
# TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak
grantTypes:
- authorization_code
- refresh_token
- client_credentials
- implicit
responseTypes:
- id_token
- code
scope: "openid profile email stackspin_roles"
secretName: stackspin-taiga-oauth-variables
#redirectUris:
# - https://${taiga_domain}/oauth/openid/
#tokenEndpointAuthMethod: client_secret_post

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-postgres
namespace: stackspout
labels:
stackspin.net/backupSet: "taiga"
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 2Gi
storageClassName: local-path

View File

@ -0,0 +1,27 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: taiga
namespace: stackspout
spec:
releaseName: taiga
chart:
spec:
chart: taiga
version: 1.0 # TODO
sourceRef:
kind: HelmRepository
name: nemonik
namespace: flux-system
interval: 5m
valuesFrom:
- kind: ConfigMap
name: stackspin-taiga-values
optional: false
# Allow overriding values by ConfigMap or Secret
- kind: ConfigMap
name: stackspin-taiga-override
optional: true
- kind: Secret
name: stackspin-taiga-override
optional: true

View File

@ -0,0 +1,51 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: stackspin-taiga-values
namespace: stackspout
data:
values.yaml: |
# https://github.com/nemonik/taiga-helm/blob/master/values.yaml
# TODO verify structure matches chart
commonLabels:
stackspin.net/backupSet: "taiga"
podLabels:
stackspin.net/backupSet: "taiga"
taigaDB:
persistence:
enabled: true
existingClaim: taiga-postgres
podAnnotations:
backup.velero.io/backup-volumes: "data"
taigaGateway:
ingress:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
hosts:
- host: "${taiga_domain}"
paths:
- path: /
pathType: Prefix
tls:
- secretName: taiga-tls
hosts:
- "${taiga_domain}"
env:
mailer:
enableEmail: "${outgoing_mail_enabled}"
emailHost: "${outgoing_mail_smtp_host}"
emailPort: "${outgoing_mail_smtp_port}"
emailHostUser: "${outgoing_mail_smtp_user}"
emailHostPassword: "${outgoing_mail_smtp_password}"
defaultFromEmail: "${outgoing_mail_from_address}"
# TODO Adjust taiga OpenID Connect Single Sign-On Configuration
# - name: Stackspin
# key: "${client_id}"
# secret: "${client_secret}"
# issuer: "https://${hydra_domain}"
# autoDiscoverUrl: 'https://${hydra_domain}/.well-known/openid-configuration'

View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: nemonik
namespace: flux-system
spec:
interval: 60m
url: https://nemonik.github.io/helm-charts/