diff --git a/apps/do/vikunja-test-kustomization.yaml b/apps/do/vikunja-test-kustomization.yaml index aafb037..1035594 100644 --- a/apps/do/vikunja-test-kustomization.yaml +++ b/apps/do/vikunja-test-kustomization.yaml @@ -1,26 +1,34 @@ - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 kind: Kustomization metadata: name: vikunja-test namespace: flux-system spec: - interval: 10m + interval: 5m retryInterval: 2m + timeout: 10m wait: true - timeout: 3m - dependsOn: - - name: single-sign-on + prune: true + path: ./apps/do/vikunja-test sourceRef: kind: GitRepository name: stackspout - path: ./apps/do-test - prune: true + dependsOn: + - name: flux + - name: local-path-provisioner + - name: vikunja-secrets + - name: nginx + - name: single-sign-on postBuild: substituteFrom: - - kind: Secret - name: stackspin-vikunja-variables - - kind: Secret - name: stackspin-vikunja-test-oauth-variables - kind: Secret name: stackspin-cluster-variables + - kind: ConfigMap + name: stackspin-vikunja-kustomization-variables + - kind: Secret + name: stackspin-vikunja-test-variables + # OIDC + - kind: Secret + name: stackspin-vikunja-oauth-variables + - kind: ConfigMap + name: stackspin-single-sign-on-kustomization-variables diff --git a/apps/do/vikunja-test/vikunja-files-pvc.yaml b/apps/do/vikunja-test/vikunja-files-pvc.yaml new file mode 100644 index 0000000..69dae48 --- /dev/null +++ b/apps/do/vikunja-test/vikunja-files-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-test-files + namespace: stackspout +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/do/vikunja-test/vikunja-oauth-client.yaml b/apps/do/vikunja-test/vikunja-oauth-client.yaml new file mode 100644 index 0000000..ff87152 --- /dev/null +++ b/apps/do/vikunja-test/vikunja-oauth-client.yaml @@ -0,0 +1,21 @@ +apiVersion: hydra.ory.sh/v1alpha1 +kind: OAuth2Client +metadata: + name: vikunja-test-oauth-client + # Has to live in the same namespace as the stackspin-*-oauth-variables secret + namespace: flux-system +spec: + # TODO copied from wekan: https://github.com/wekan/wekan/wiki/Keycloak + grantTypes: + - authorization_code + - refresh_token + - client_credentials + - implicit + responseTypes: + - id_token + - code + scope: "openid profile email stackspin_roles" + secretName: stackspin-vikunja-oauth-variables + redirectUris: + - https://test.${vikunja_domain}/auth/openid/stackspin + tokenEndpointAuthMethod: client_secret_post diff --git a/apps/do/vikunja-test/vikunja-postgres-pvc.yaml b/apps/do/vikunja-test/vikunja-postgres-pvc.yaml new file mode 100644 index 0000000..bb3d3ef --- /dev/null +++ b/apps/do/vikunja-test/vikunja-postgres-pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vikunja-test-postgres + namespace: stackspout +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 2Gi + storageClassName: local-path diff --git a/apps/do/vikunja-test/vikunja-release.yaml b/apps/do/vikunja-test/vikunja-release.yaml new file mode 100644 index 0000000..5691891 --- /dev/null +++ b/apps/do/vikunja-test/vikunja-release.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: vikunja-test + namespace: stackspout +spec: + releaseName: vikunja + chart: + spec: + chart: vikunja + version: 0.4.1 + sourceRef: + kind: HelmRepository + name: vikunja + namespace: flux-system + interval: 5m + valuesFrom: + - kind: ConfigMap + name: stackspin-vikunja-test-values + optional: false + # Allow overriding values by ConfigMap or Secret + - kind: ConfigMap + name: stackspin-vikunja-test-override + optional: true + - kind: Secret + name: stackspin-vikunja-test-override + optional: true diff --git a/apps/do/vikunja-test/vikunja-values-configmap.yaml b/apps/do/vikunja-test/vikunja-values-configmap.yaml new file mode 100644 index 0000000..4d3a81d --- /dev/null +++ b/apps/do/vikunja-test/vikunja-values-configmap.yaml @@ -0,0 +1,101 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: stackspin-vikunja-test-values + namespace: stackspout +data: + # https://kolaente.dev/vikunja/helm-chart/src/branch/main/values.yaml + values.yaml: | + frontend: + image: + tag: 0.21 + ingress: + main: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "test.${vikunja_domain}" + paths: + - path: / + tls: + - secretName: vikunja-tls + hosts: + - "test.${vikunja_domain}" + api: + image: + tag: 0.21 + persistence: + data: + existingClaim: vikunja-test-files + ingress: + main: + enabled: true + annotations: + kubernetes.io/tls-acme: "true" + hosts: + - host: "test.${vikunja_domain}" + paths: + - path: /api + tls: + - secretName: vikunja-test-tls + hosts: + - "test.${vikunja_domain}" + configMaps: + config: + data: + config.yml: |- + auth: + openid: + # https://vikunja.io/docs/config-options/#openid + # Example: https://github.com/go-vikunja/api/blob/main/config.yml.sample#L289-L312 + enabled: true + redirecturl: "https://test.${vikunja_domain}/auth/openid/" + providers: + - name: Stackspin + authurl: "https://${hydra_domain}/" + clientid: "${client_id}" + clientsecret: "${client_secret}" + local: + enabled: false + mailer: + enabled: "${outgoing_mail_enabled}" + host: "${outgoing_mail_smtp_host}" + port: "${outgoing_mail_smtp_port}" + username: "${outgoing_mail_smtp_user}" + password: "${outgoing_mail_smtp_password}" + fromemail: "${outgoing_mail_from_address}" + forcessl: true + service: + frontendurl: "https://test.${vikunja_domain}" + timezone: "CET" + JWTSecret: "${jwt}" + database: + type: postgres + host: vikunja-test-postgresql + password: "${postgresql_password}" + log: + path: "/app/vikunja" + http: file + database: stderr + databaselevel: debug + defaultsettings: + avatar_provider: gravatar + discoverable_by_name: true + discoverable_by_email: true + week_start: 1 + timezone: CET + postgresql: + enabled: true + global: + postgresql: + auth: + database: vikunja + username: vikunja + password: "${postgresql_password}" + postgresPassword: "${postgresql_admin_password}" + primary: + persistence: + existingClaim: vikunja-test-postgres + typesense: + enabled: false diff --git a/apps/do/vikunja/vikunja-values-configmap.yaml b/apps/do/vikunja/vikunja-values-configmap.yaml index d0abb7c..140e21e 100644 --- a/apps/do/vikunja/vikunja-values-configmap.yaml +++ b/apps/do/vikunja/vikunja-values-configmap.yaml @@ -66,7 +66,6 @@ data: password: "${outgoing_mail_smtp_password}" fromemail: "${outgoing_mail_from_address}" forcessl: true - # TODO Configure PVC for file uploads service: frontendurl: "https://${vikunja_domain}" timezone: "CET"