diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..d0034e1 --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,2 @@ +name: memelord +version: 1.0.0 diff --git a/bucket.yaml b/templates/bucket.yaml similarity index 100% rename from bucket.yaml rename to templates/bucket.yaml diff --git a/deployment.yaml b/templates/deployment.yaml similarity index 98% rename from deployment.yaml rename to templates/deployment.yaml index 73cba40..055a0f3 100644 --- a/deployment.yaml +++ b/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: containerPort: 8000 env: - name: DOMAIN - value: memelord-laurivosandi.ee-lte-1.codemowers.io + value: {{ .Values.hostname }} - name: DB_ENGINE value: postgres - name: POSTGRES_HOST diff --git a/templates/grafana.yaml b/templates/grafana.yaml new file mode 100644 index 0000000..89e0c3b --- /dev/null +++ b/templates/grafana.yaml @@ -0,0 +1,191 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: grafana + labels: + app: grafana +spec: + serviceName: grafana + replicas: 1 + selector: + matchLabels: + app: grafana + template: + metadata: + labels: + app: grafana + spec: + containers: + - name: grafana + image: grafana/grafana:latest + imagePullPolicy: IfNotPresent + ports: + - containerPort: 3000 + name: http + env: + - name: GF_ANALYTICS_REPORTING_ENABLED + value: "false" + - name: GF_ANALYTICS_CHECK_FOR_UPDATES + value: "false" + - name: GF_SERVER_DOMAIN + value: grafana-laurivosandi.ee-lte-1.codemowers.io + - name: GF_SERVER_ROOT_URL + value: "https://%(domain)s/" + - name: GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP + value: "true" + - name: GF_AUTH_BASIC_ENABLED + value: "false" + - name: GF_AUTH_GENERIC_OAUTH_ENABLED + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_NAME + value: OAuth + - name: GF_AUTH_GENERIC_OAUTH_ICON + value: signin + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_USE_PKCE + value: "true" + - name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH + value: "contains(groups[*], 'github.com:codemowers:admins') && 'Admin' || Viewer" + - name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN + value: "true" + - name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION + value: "true" + + - name: GF_DATABASE_TYPE + value: sqlite3 + - name: GF_DATABASE_PATH + value: /var/lib/grafana/grafana.db + + - name: GF_AUTH_GENERIC_OAUTH_SIGNOUT_REDIRECT_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_IDP_URI + - name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_CLIENT_ID + - name: GF_AUTH_GENERIC_OAUTH_SECRET + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_CLIENT_SECRET + - name: GF_AUTH_GENERIC_OAUTH_SCOPES + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_AVAILABLE_SCOPES + - name: GF_AUTH_GENERIC_OAUTH_AUTH_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_IDP_AUTH_URI + - name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_IDP_TOKEN_URI + - name: GF_AUTH_GENERIC_OAUTH_API_URL + valueFrom: + secretKeyRef: + name: oidc-client-grafana-laurivosandi-owner-secrets + key: OIDC_IDP_USERINFO_URI + volumeMounts: + - name: grafana-storage + mountPath: /var/lib/grafana + readinessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 10 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /api/health + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + volumeClaimTemplates: + - metadata: + name: grafana-storage + spec: + accessModes: + - ReadWriteOnce + storageClassName: sqlite + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: grafana + labels: + app: grafana +spec: + type: ClusterIP + selector: + app: grafana + ports: + - name: http + port: 80 + targetPort: 3000 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-laurivosandi + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + rules: + - host: grafana-laurivosandi.ee-lte-1.codemowers.io + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: grafana + port: + number: 80 + tls: + - secretName: grafana-laurivosandi-tls + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: grafana-laurivosandi +spec: + secretName: grafana-laurivosandi-tls + dnsNames: + - grafana-laurivosandi.ee-lte-1.codemowers.io + issuerRef: + name: letsencrypt + kind: ClusterIssuer +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCClient +metadata: + name: grafana-laurivosandi +spec: + displayName: Granafa laurivosandi + uri: https://grafana-laurivosandi.ee-lte-1.codemowers.io/ + redirectUris: + - https://grafana-laurivosandi.ee-lte-1.codemowers.io/login/generic_oauth + allowedGroups: + - github.com:codemowers:admins + grantTypes: + - authorization_code + - refresh_token + responseTypes: + - code + availableScopes: + - openid + - profile + - groups + tokenEndpointAuthMethod: none diff --git a/ingress.yaml b/templates/ingress.yaml similarity index 81% rename from ingress.yaml rename to templates/ingress.yaml index f57bf4a..10d6e75 100644 --- a/ingress.yaml +++ b/templates/ingress.yaml @@ -19,7 +19,7 @@ metadata: spec: secretName: memelord-laurivosandi-tls dnsNames: - - memelord-laurivosandi.ee-lte-1.codemowers.io + - {{ .Values.hostname }} issuerRef: name: letsencrypt kind: ClusterIssuer @@ -32,7 +32,7 @@ metadata: traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: rules: - - host: memelord-laurivosandi.ee-lte-1.codemowers.io + - host: {{ .Values.hostname }} http: paths: - pathType: Prefix @@ -44,6 +44,7 @@ spec: number: 80 tls: - secretName: memelord-laurivosandi-tls + --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient @@ -51,9 +52,9 @@ metadata: name: memelord-laurivosandi spec: displayName: Memelord laurivosandi - uri: https://memelord-laurivosandi.ee-lte-1.codemowers.io/oidc/authenticate/ + uri: https://{{ .Values.hostname }}/oidc/authenticate/ redirectUris: - - https://memelord-laurivosandi.ee-lte-1.codemowers.io/oidc/callback/ + - https://{{ .Values.hostname }}/oidc/callback/ grantTypes: - authorization_code - refresh_token diff --git a/postgres.yaml b/templates/postgres.yaml similarity index 100% rename from postgres.yaml rename to templates/postgres.yaml diff --git a/redis.yaml b/templates/redis.yaml similarity index 100% rename from redis.yaml rename to templates/redis.yaml diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..d29e8e6 --- /dev/null +++ b/values.yaml @@ -0,0 +1 @@ +hostname: memelord-laurivosandi.ee-lte-1.codemowers.io