apps/forge: adjust to new structure

2024-02-09 09:41:29 +01:00 · 2024-02-09 09:41:29 +01:00 · b401f606a7
parent 5e7c6e8194
commit b401f606a7
7 changed files with 104 additions and 16 deletions
--- a/apps/forge-kustomization.yaml
+++ b/apps/forge-kustomization.yaml
@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: add-forge
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  path: ./apps/forge
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
--- a/apps/forge/forgejo-kustomization.yaml
+++ b/apps/forge/forgejo-kustomization.yaml
@ -4,22 +4,33 @@ metadata:
  name: forgejo
  namespace: flux-system
 spec:
-  interval: 10m
+  interval: 5m
  retryInterval: 2m
+  timeout: 10m
  wait: true
-  timeout: 3m
-  dependsOn:
-    - name: single-sign-on
+  prune: true
+  path: ./apps/forge/forgejo
  sourceRef:
    kind: GitRepository
    name: stackspout
-  path: ./apps/forge
-  prune: true
+  dependsOn:
+    - name: flux
+    - name: local-path-provisioner
+    - name: forgejo-secrets
+    - name: nginx
+    - name: single-sign-on
  postBuild:
    substituteFrom:
-      #- kind: Secret
-      #  name: stackspin-forgejo-variables
-      - kind: Secret
-        name: stackspin-forgejo-oauth-variables
      - kind: Secret
        name: stackspin-cluster-variables
+      - kind: ConfigMap
+        name: stackspin-forgejo-kustomization-variables
+      - kind: Secret
+        name: stackspin-forgejo-variables
+      # OIDC
+      - kind: Secret
+        name: stackspin-forgejo-oauth-variables
+      - kind: ConfigMap
+        name: stackspin-single-sign-on-kustomization-variables
+      - kind: ConfigMap
+        name: stackspin-dashboard-kustomization-variables
--- a/apps/forge/forgejo-secrets-kustomization.yaml
+++ b/apps/forge/forgejo-secrets-kustomization.yaml
@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: forgejo-secrets
+  namespace: flux-system
+spec:
+  interval: 5m
+  timeout: 4m
+  wait: true
+  prune: true
+  path: ./apps/forge/forgejo-secrets
+  sourceRef:
+    kind: GitRepository
+    name: stackspout
+  dependsOn:
+    - name: flux
+    - name: secrets-controller
--- a/apps/forge/forgejo-secrets/forgejo-kustomization-variables.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-kustomization-variables.yaml
@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: stackspin-forgejo-kustomization-variables
+  namespace: flux-system
+data:
+  forgejo_domain: forge.${domain}
--- a/apps/forge/forgejo-secrets/forgejo-oauth-secret.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-oauth-secret.yaml
@ -0,0 +1,12 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-forgejo-oauth-variables
+  namespace: flux-system
+spec:
+  data:
+    client_id: forgejo
+  fields:
+  - fieldName: client_secret
+    length: "32"
--- a/apps/forge/forgejo-secrets/forgejo-variables.yaml
+++ b/apps/forge/forgejo-secrets/forgejo-variables.yaml
@ -0,0 +1,9 @@
+---
+apiVersion: secretgenerator.mittwald.de/v1alpha1
+kind: StringSecret
+metadata:
+  name: stackspin-forgejo-variables
+  namespace: flux-system
+spec:
+  fields:
+  - fieldName: postgresql_password
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
@ -30,8 +30,8 @@ data:
          provider: "openidConnect"
          key: "${client_id}"
          secret: "${client_secret}"
-          autoDiscoverUrl: "https://sso.${domain}/.well-known/openid-configuration"
-          iconUrl: "https://dashboard.${domain}/favicon-32x32.png"
+          autoDiscoverUrl: "https://${hydra_domain}/.well-known/openid-configuration"
+          iconUrl: "https://${dashboard_domain}/favicon-32x32.png"
      # https://forgejo.org/docs/latest/admin/config-cheat-sheet/
      config:
        APP_NAME: "Forge for ${company_name}"
@ -51,13 +51,31 @@ data:
          ALLOW_ONLY_EXTERNAL_REGISTRATION: true
        log:
          LEVEL: "Debug"
+      podAnnotations:
+        backup.velero.io/backup-volumes: "data"
    persistence:
-      enabled: true
      existingClaim: forgejo-data
+      labels:
+        stackspin.net/backupSet: "forgejo"
+    deployment:
+      labels:
+        stackspin.net/backupSet: "forgejo"
+    podLabels:
+      stackspin.net/backupSet: "forgejo"
    postgresql:
-      persistence:
-        enabled: true
-        existingClaim: forgejo-postgres
+      enabled: true
+      global:
+        commonLabels:
+          stackspin.net/backupSet: "forgejo"
+        postgresql:
+          database: gitea
+          username: gitea
+          password: gitea # "${postgresql_password}"
+        persistence:
+          existingClaim: forgejo-postgres
+      primary:
+        podAnnotations:
+          backup.velero.io/backup-volumes: "data"
    service:
      ssh:
        type: LoadBalancer