Compare commits
55 commits
root_path_
...
developmen
| Author | SHA1 | Date | |
|---|---|---|---|
|
abeeb7ee23 | ||
|
|
4eb6fa0908 | ||
| 9bb0063f8b | |||
| 1a8c2846bc | |||
| ead21d078a | |||
| 30d1d51884 | |||
|
|
33def8aba5 | ||
| 0a307e5b35 | |||
|
|
55a1eaa6f6 | ||
|
|
2532958de8 | ||
| 7a5e29e47d | |||
| 3943b3d46e | |||
| 3263113ebe | |||
| 5d0182d6ee | |||
| c01d4952ad | |||
| 777d6afeb4 | |||
| d6fa372e5f | |||
|
|
51e765049b | ||
| 4814dff26f | |||
| b3495f610c | |||
| 9ba027f94b | |||
| dd7551a293 | |||
| 7179d2568c | |||
|
|
55435a3ad2 | ||
|
|
d0585fd2b7 | ||
| 5d2df3db8e | |||
| 65b74abeda | |||
| fc287acf58 | |||
| 94e3a759b2 | |||
| 31b768eebc | |||
| 9b5457e45f | |||
|
|
c1b68bfdb2 | ||
| beeb1f916b | |||
| b42bba4379 | |||
| 5cc22c5648 | |||
| 2f5a263511 | |||
| d8867b9e3a | |||
| 415576c2cb | |||
| 1e5fa94c47 | |||
| 8f621647f5 | |||
| 74a77bfa3b | |||
| 3293f9cf5a | |||
| 75f40e070c | |||
| b462804f29 | |||
| fbb5aeb32b | |||
| 687322525b | |||
| 1682302b69 | |||
| 8f62875529 | |||
| ddaf06b29c | |||
| 180b74697a | |||
| 3a5df11604 | |||
| 81e85ff518 | |||
| dd7cd2fa91 | |||
| 71fbdcb5e0 | |||
| 0d49c582f5 |
33 changed files with 513 additions and 245 deletions
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
/.history
|
||||
|
|
@ -1,23 +1,29 @@
|
|||
{{{ if eq .Env.CLUSTER_TYPE "kind" }}}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: crossplane-providers
|
||||
name: argocd-sso
|
||||
namespace: argocd
|
||||
labels:
|
||||
env: dev
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
destination:
|
||||
name: in-cluster
|
||||
namespace: crossplane-system
|
||||
source:
|
||||
path: stacks/core/crossplane-providers
|
||||
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
|
||||
targetRevision: HEAD
|
||||
{{{ end }}}
|
||||
path: "stacks/core/argocd-sso"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
selfHeal: true
|
||||
retry:
|
||||
limit: -1
|
||||
backoff:
|
||||
duration: 15s
|
||||
factor: 1
|
||||
maxDuration: 15s
|
||||
24
template/stacks/core/argocd-sso/argocd-secret.yaml
Normal file
24
template/stacks/core/argocd-sso/argocd-secret.yaml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: auth-generic-oauth-secret
|
||||
namespace: argocd
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: keycloak
|
||||
kind: ClusterSecretStore
|
||||
refreshInterval: "0"
|
||||
target:
|
||||
name: auth-generic-oauth-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
client_secret: "{{.ARGOCD_CLIENT_SECRET}}"
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/part-of: argocd
|
||||
data:
|
||||
- secretKey: ARGOCD_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: keycloak-clients
|
||||
property: ARGOCD_CLIENT_SECRET
|
||||
|
|
@ -16,12 +16,12 @@ spec:
|
|||
name: in-cluster
|
||||
namespace: argocd
|
||||
sources:
|
||||
- repoURL: https://github.com/argoproj/argo-helm
|
||||
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/argocd-helm.git
|
||||
path: charts/argo-cd
|
||||
# TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged
|
||||
# As logout make problems, it is suggested to switch from path based routing to an own argocd domain,
|
||||
# similar to the CNOE amazon reference implementation and in our case, Forgejo
|
||||
targetRevision: argo-cd-7.7.5
|
||||
targetRevision: argo-cd-7.8.14-depends
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/stacks/core/argocd/values.yaml
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ global:
|
|||
configs:
|
||||
params:
|
||||
server.insecure: true
|
||||
server.basehref: /argocd
|
||||
server.rootpath: /argocd
|
||||
cm:
|
||||
application.resourceTrackingMethod: annotation
|
||||
|
|
@ -20,6 +21,7 @@ configs:
|
|||
clusters:
|
||||
- "*"
|
||||
accounts.provider-argocd: apiKey
|
||||
url: https://{{{ .Env.DOMAIN }}}/argocd
|
||||
rbac:
|
||||
policy.csv: 'g, provider-argocd, role:admin'
|
||||
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
apiVersion: apiextensions.crossplane.io/v1
|
||||
kind: CompositeResourceDefinition
|
||||
metadata:
|
||||
name: edfbuilders.edfbuilder.crossplane.io
|
||||
spec:
|
||||
connectionSecretKeys:
|
||||
- kubeconfig
|
||||
group: edfbuilder.crossplane.io
|
||||
names:
|
||||
kind: EDFBuilder
|
||||
listKind: EDFBuilderList
|
||||
plural: edfbuilders
|
||||
singular: edfbuilders
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
referenceable: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: A EDFBuilder is a composite resource that represents a K8S Cluster with edfbuilder Installed
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
repoURL:
|
||||
type: string
|
||||
description: URL to ArgoCD stack of stacks repo
|
||||
required:
|
||||
- repoURL
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: pkg.crossplane.io/v1
|
||||
kind: Function
|
||||
metadata:
|
||||
name: crossplane-contrib-function-patch-and-transform
|
||||
spec:
|
||||
package: xpkg.upbound.io/crossplane-contrib/function-patch-and-transform:v0.7.0
|
||||
packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
|
||||
revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
|
||||
revisionHistoryLimit: 1
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: argocd.crossplane.io/v1alpha1
|
||||
kind: ProviderConfig
|
||||
metadata:
|
||||
name: argocd-provider
|
||||
spec:
|
||||
serverAddr: argocd-server.argocd.svc.cluster.local:80
|
||||
insecure: true
|
||||
plainText: true
|
||||
credentials:
|
||||
source: Secret
|
||||
secretRef:
|
||||
namespace: crossplane-system
|
||||
name: argocd-credentials
|
||||
key: authToken
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: pkg.crossplane.io/v1
|
||||
kind: Provider
|
||||
metadata:
|
||||
name: provider-argocd
|
||||
spec:
|
||||
package: xpkg.upbound.io/crossplane-contrib/provider-argocd:v0.9.1
|
||||
packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
|
||||
revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
|
||||
revisionHistoryLimit: 1
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
apiVersion: kind.crossplane.io/v1alpha1
|
||||
kind: ProviderConfig
|
||||
metadata:
|
||||
name: kind-provider
|
||||
spec:
|
||||
credentials:
|
||||
source: Secret
|
||||
secretRef:
|
||||
namespace: crossplane-system
|
||||
name: kind-credentials
|
||||
key: credentials
|
||||
endpoint:
|
||||
# the url is managed by crossplane-edfbuilder
|
||||
url: https://DOCKER_HOST:SERVER_PORT/api/v1/kindserver
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: pkg.crossplane.io/v1
|
||||
kind: Provider
|
||||
metadata:
|
||||
name: provider-kind
|
||||
spec:
|
||||
package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-kind:v0.1.0
|
||||
packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
|
||||
revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
|
||||
revisionHistoryLimit: 1
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
apiVersion: pkg.crossplane.io/v1
|
||||
kind: Provider
|
||||
metadata:
|
||||
name: provider-shell
|
||||
spec:
|
||||
package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-shell:v0.1.1
|
||||
packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
|
||||
revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
|
||||
revisionHistoryLimit: 1
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: crossplane
|
||||
namespace: argocd
|
||||
labels:
|
||||
env: dev
|
||||
spec:
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
destination:
|
||||
name: in-cluster
|
||||
namespace: crossplane-system
|
||||
source:
|
||||
chart: crossplane
|
||||
repoURL: https://charts.crossplane.io/stable
|
||||
targetRevision: 1.18.0
|
||||
helm:
|
||||
releaseName: crossplane
|
||||
|
|
@ -28,19 +28,18 @@ spec:
|
|||
# https://forgejo.org/docs/v1.21/admin/actions/#offline-registration
|
||||
initContainers:
|
||||
- name: runner-register
|
||||
image: code.forgejo.org/forgejo/runner:6.0.1
|
||||
command:
|
||||
- "forgejo-runner"
|
||||
- "register"
|
||||
- "--no-interactive"
|
||||
- "--token"
|
||||
- $(RUNNER_SECRET)
|
||||
- "--name"
|
||||
- $(RUNNER_NAME)
|
||||
- "--instance"
|
||||
- $(FORGEJO_INSTANCE_URL)
|
||||
- "--labels"
|
||||
- "docker:docker://node:20-bookworm,ubuntu-22.04:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04,ubuntu-latest:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04"
|
||||
image: code.forgejo.org/forgejo/runner:6.3.1
|
||||
command:
|
||||
- "sh"
|
||||
- "-c"
|
||||
- |
|
||||
forgejo-runner \
|
||||
register \
|
||||
--no-interactive \
|
||||
--token ${RUNNER_SECRET} \
|
||||
--name ${RUNNER_NAME} \
|
||||
--instance ${FORGEJO_INSTANCE_URL} \
|
||||
--labels docker:docker://node:20-bookworm,ubuntu-22.04:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04,ubuntu-latest:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04
|
||||
env:
|
||||
- name: RUNNER_NAME
|
||||
valueFrom:
|
||||
|
|
@ -58,7 +57,7 @@ spec:
|
|||
mountPath: /data
|
||||
containers:
|
||||
- name: runner
|
||||
image: code.forgejo.org/forgejo/runner:6.0.1
|
||||
image: code.forgejo.org/forgejo/runner:6.3.1
|
||||
command:
|
||||
- "sh"
|
||||
- "-c"
|
||||
|
|
@ -94,7 +93,7 @@ spec:
|
|||
- name: runner-data
|
||||
mountPath: /data
|
||||
- name: daemon
|
||||
image: docker:27.4.1-dind
|
||||
image: docker:28.0.4-dind
|
||||
env:
|
||||
- name: DOCKER_TLS_CERTDIR
|
||||
value: /certs
|
||||
|
|
|
|||
29
template/stacks/core/forgejo-sso.yaml
Normal file
29
template/stacks/core/forgejo-sso.yaml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: forgejo-sso
|
||||
namespace: argocd
|
||||
labels:
|
||||
env: dev
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
|
||||
targetRevision: HEAD
|
||||
path: "stacks/core/forgejo-sso"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: gitea
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
selfHeal: true
|
||||
retry:
|
||||
limit: -1
|
||||
backoff:
|
||||
duration: 15s
|
||||
factor: 1
|
||||
maxDuration: 15s
|
||||
26
template/stacks/core/forgejo-sso/secret-forgejo.yaml
Normal file
26
template/stacks/core/forgejo-sso/secret-forgejo.yaml
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: auth-generic-oauth-secret
|
||||
namespace: gitea
|
||||
spec:
|
||||
secretStoreRef:
|
||||
name: keycloak
|
||||
kind: ClusterSecretStore
|
||||
refreshInterval: "0"
|
||||
target:
|
||||
name: auth-generic-oauth-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
key: "{{.FORGEJO_CLIENT_ID}}"
|
||||
secret: "{{.FORGEJO_CLIENT_SECRET}}"
|
||||
data:
|
||||
- secretKey: FORGEJO_CLIENT_ID
|
||||
remoteRef:
|
||||
key: keycloak-clients
|
||||
property: FORGEJO_CLIENT_ID
|
||||
- secretKey: FORGEJO_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: keycloak-clients
|
||||
property: FORGEJO_CLIENT_SECRET
|
||||
|
|
@ -16,9 +16,9 @@ spec:
|
|||
name: in-cluster
|
||||
namespace: gitea
|
||||
sources:
|
||||
- repoURL: https://code.forgejo.org/forgejo-helm/forgejo-helm.git
|
||||
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-helm.git
|
||||
path: .
|
||||
targetRevision: v10.1.1
|
||||
targetRevision: v11.0.5-depends
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/stacks/core/forgejo/values.yaml
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
redis-cluster:
|
||||
enabled: false
|
||||
enabled: true
|
||||
postgresql:
|
||||
enabled: false
|
||||
postgresql-ha:
|
||||
|
|
@ -16,6 +16,11 @@ gitea:
|
|||
admin:
|
||||
existingSecret: gitea-credential
|
||||
config:
|
||||
service:
|
||||
DISABLE_REGISTRATION: true
|
||||
other:
|
||||
SHOW_FOOTER_VERSION: false
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
|
||||
database:
|
||||
DB_TYPE: sqlite3
|
||||
session:
|
||||
|
|
@ -27,6 +32,12 @@ gitea:
|
|||
server:
|
||||
DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}'
|
||||
ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443'
|
||||
mailer:
|
||||
ENABLED: true
|
||||
FROM: forgejo@{{{ .Env.DOMAIN_GITEA }}}
|
||||
PROTOCOL: smtp
|
||||
SMTP_ADDR: mailhog.mailhog.svc.cluster.local
|
||||
SMTP_PORT: 1025
|
||||
|
||||
service:
|
||||
ssh:
|
||||
|
|
|
|||
18
template/stacks/core/ingress-apps/alloy.yaml
Normal file
18
template/stacks/core/ingress-apps/alloy.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: alloy
|
||||
namespace: monitoring
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: {{{ .Env.DOMAIN }}}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: alloy
|
||||
port:
|
||||
number: 12345
|
||||
path: /alloy
|
||||
pathType: Prefix
|
||||
|
|
@ -4,8 +4,6 @@ metadata:
|
|||
annotations:
|
||||
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /$2
|
||||
nginx.ingress.kubernetes.io/use-regex: "true"
|
||||
{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
|
||||
dns.gardener.cloud/class: garden
|
||||
dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN }}}
|
||||
|
|
@ -24,8 +22,8 @@ spec:
|
|||
name: argocd-server
|
||||
port:
|
||||
number: 80
|
||||
path: /argocd(/|$)(.*)
|
||||
pathType: ImplementationSpecific
|
||||
path: /argocd
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- {{{ .Env.DOMAIN }}}
|
||||
|
|
|
|||
18
template/stacks/core/ingress-apps/mailhog.yaml
Normal file
18
template/stacks/core/ingress-apps/mailhog.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: mailhog
|
||||
namespace: mailhog
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: {{{ .Env.DOMAIN }}}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: mailhog
|
||||
port:
|
||||
number: 8025
|
||||
path: /mailhog
|
||||
pathType: Prefix
|
||||
|
|
@ -16,9 +16,9 @@ spec:
|
|||
name: in-cluster
|
||||
namespace: ingress-nginx
|
||||
sources:
|
||||
- repoURL: https://github.com/kubernetes/ingress-nginx
|
||||
- repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/ingress-nginx-helm.git
|
||||
path: charts/ingress-nginx
|
||||
targetRevision: helm-chart-4.11.3
|
||||
targetRevision: helm-chart-4.12.1-depends
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/stacks/core/ingress-nginx/values.yaml
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: promtail
|
||||
name: alloy
|
||||
namespace: argocd
|
||||
labels:
|
||||
env: dev
|
||||
|
|
@ -18,12 +18,12 @@ spec:
|
|||
name: in-cluster
|
||||
namespace: monitoring
|
||||
sources:
|
||||
- repoURL: https://github.com/grafana/helm-charts
|
||||
path: charts/promtail
|
||||
- repoURL: https://github.com/grafana/alloy.git
|
||||
path: operations/helm/charts/alloy
|
||||
targetRevision: HEAD
|
||||
helm:
|
||||
valueFiles:
|
||||
- $values/stacks/monitoring/promtail/values.yaml
|
||||
- $values/stacks/monitoring/alloy/values.yaml
|
||||
- repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
|
||||
targetRevision: HEAD
|
||||
ref: values
|
||||
78
template/stacks/monitoring/alloy/values.yaml
Normal file
78
template/stacks/monitoring/alloy/values.yaml
Normal file
|
|
@ -0,0 +1,78 @@
|
|||
alloy:
|
||||
create: false
|
||||
name: alloy-config
|
||||
key: config.alloy
|
||||
|
||||
uiPathPrefix: "/alloy"
|
||||
|
||||
configMap:
|
||||
content: |-
|
||||
|
||||
logging {
|
||||
level = "info"
|
||||
format = "logfmt"
|
||||
}
|
||||
|
||||
loki.write "local_loki" {
|
||||
endpoint {
|
||||
url = "http://loki-loki-distributed-gateway/loki/api/v1/push"
|
||||
}
|
||||
}
|
||||
|
||||
discovery.kubernetes "pod" {
|
||||
role = "pod"
|
||||
}
|
||||
|
||||
discovery.kubernetes "nodes" {
|
||||
role = "node"
|
||||
}
|
||||
|
||||
discovery.kubernetes "services" {
|
||||
role = "service"
|
||||
}
|
||||
|
||||
discovery.kubernetes "endpoints" {
|
||||
role = "endpoints"
|
||||
}
|
||||
|
||||
discovery.kubernetes "endpointslices" {
|
||||
role = "endpointslice"
|
||||
}
|
||||
|
||||
discovery.kubernetes "ingresses" {
|
||||
role = "ingress"
|
||||
}
|
||||
|
||||
discovery.relabel "pod_logs" {
|
||||
targets = discovery.kubernetes.pod.targets
|
||||
|
||||
rule {
|
||||
source_labels = ["__meta_kubernetes_namespace"]
|
||||
action = "replace"
|
||||
target_label = "namespace"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__meta_kubernetes_pod_name"]
|
||||
action = "replace"
|
||||
target_label = "pod"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__meta_kubernetes_pod_node_name"]
|
||||
action = "replace"
|
||||
target_label = "node"
|
||||
}
|
||||
|
||||
rule {
|
||||
source_labels = ["__meta_kubernetes_pod_container_name"]
|
||||
action = "replace"
|
||||
target_label = "container"
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
loki.source.kubernetes "all_pod_logs" {
|
||||
targets = discovery.relabel.pod_logs.output
|
||||
forward_to = [loki.write.local_loki.receiver]
|
||||
}
|
||||
|
|
@ -110,12 +110,12 @@ data:
|
|||
"uid": "P8E80F9AEF21F6940"
|
||||
},
|
||||
"editorMode": "builder",
|
||||
"expr": "{container=\"promtail\"} |= ``",
|
||||
"expr": "{container=\"alloy\"} |= ``",
|
||||
"queryType": "range",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Logs: Container promtail",
|
||||
"title": "Logs: Container alloy",
|
||||
"type": "logs"
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,45 +0,0 @@
|
|||
# -- Overrides the chart's name
|
||||
nameOverride: null
|
||||
|
||||
# -- Overrides the chart's computed fullname
|
||||
fullnameOverride: null
|
||||
|
||||
global:
|
||||
# -- Allow parent charts to override registry hostname
|
||||
imageRegistry: ""
|
||||
# -- Allow parent charts to override registry credentials
|
||||
imagePullSecrets: []
|
||||
|
||||
daemonset:
|
||||
# -- Deploys Promtail as a DaemonSet
|
||||
enabled: true
|
||||
autoscaling:
|
||||
# -- Creates a VerticalPodAutoscaler for the daemonset
|
||||
enabled: false
|
||||
|
||||
deployment:
|
||||
# -- Deploys Promtail as a Deployment
|
||||
enabled: false
|
||||
|
||||
config:
|
||||
enabled: true
|
||||
logLevel: info
|
||||
logFormat: logfmt
|
||||
serverPort: 3101
|
||||
clients:
|
||||
- url: http://loki-loki-distributed-gateway/loki/api/v1/push
|
||||
scrape_configs:
|
||||
- job_name: authlog
|
||||
static_configs:
|
||||
- targets:
|
||||
- authlog
|
||||
labels:
|
||||
job: authlog
|
||||
__path__: /logs/auth.log
|
||||
- job_name: syslog
|
||||
static_configs:
|
||||
- targets:
|
||||
- syslog
|
||||
labels:
|
||||
job: syslog
|
||||
__path__: /logs/syslog
|
||||
|
|
@ -33,7 +33,7 @@ jobs:
|
|||
#run: ./mvnw spring-boot:build-image # the original image build
|
||||
run: |
|
||||
export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]')
|
||||
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage={{{ .Env.DOMAIN_GITEA }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64
|
||||
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage={{{ .Env.DOMAIN_GITEA }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ secrets.PACKAGES_USER }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64
|
||||
- name: Build image as tar
|
||||
run: |
|
||||
./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true
|
||||
|
|
|
|||
|
|
@ -255,6 +255,8 @@ spec:
|
|||
value: debug
|
||||
- name: NODE_TLS_REJECT_UNAUTHORIZED
|
||||
value: "0"
|
||||
- name: NODE_OPTIONS
|
||||
value: "--no-node-snapshot"
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: backstage-env-vars
|
||||
|
|
@ -262,7 +264,8 @@ spec:
|
|||
name: gitea-credentials
|
||||
- secretRef:
|
||||
name: argocd-credentials
|
||||
image: ghcr.io/cnoe-io/backstage-app:9232d633b2698fffa6d0a73b715e06640d170162
|
||||
image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/backstage-edp:1.1.0
|
||||
imagePullPolicy: Always
|
||||
name: backstage
|
||||
ports:
|
||||
- containerPort: 7007
|
||||
|
|
@ -386,7 +389,7 @@ spec:
|
|||
KEYCLOAK_NAME_METADATA: https://{{{ .Env.DOMAIN }}}:443/keycloak/realms/cnoe/.well-known/openid-configuration
|
||||
KEYCLOAK_CLIENT_SECRET: "{{.BACKSTAGE_CLIENT_SECRET}}"
|
||||
ARGOCD_AUTH_TOKEN: "argocd.token={{.ARGOCD_SESSION_TOKEN}}"
|
||||
ARGO_CD_URL: 'https://argocd-server.argocd.svc.cluster.local/api/v1/'
|
||||
ARGO_CD_URL: 'https://{{{ .Env.DOMAIN }}}/argocd/api/v1/'
|
||||
data:
|
||||
- secretKey: ARGOCD_SESSION_TOKEN
|
||||
remoteRef:
|
||||
|
|
|
|||
|
|
@ -71,11 +71,11 @@ data:
|
|||
},
|
||||
"type": "default",
|
||||
"protocol": "openid-connect"
|
||||
}
|
||||
}
|
||||
group-admin-payload.json: |
|
||||
{"name":"admin"}
|
||||
{"name":"admin"}
|
||||
group-base-user-payload.json: |
|
||||
{"name":"base-user"}
|
||||
{"name":"base-user"}
|
||||
group-mapper-payload.json: |
|
||||
{
|
||||
"protocol": "openid-connect",
|
||||
|
|
@ -88,15 +88,15 @@ data:
|
|||
"access.token.claim": "true",
|
||||
"userinfo.token.claim": "true"
|
||||
}
|
||||
}
|
||||
}
|
||||
realm-payload.json: |
|
||||
{"realm":"cnoe","enabled":true}
|
||||
{"realm":"cnoe","enabled":true}
|
||||
user-password.json: |
|
||||
{
|
||||
"temporary": false,
|
||||
"type": "password",
|
||||
"value": "${USER1_PASSWORD}"
|
||||
}
|
||||
}
|
||||
user-user1.json: |
|
||||
{
|
||||
"username": "user1",
|
||||
|
|
@ -109,7 +109,7 @@ data:
|
|||
"/admin"
|
||||
],
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
user-user2.json: |
|
||||
{
|
||||
"username": "user2",
|
||||
|
|
@ -122,7 +122,7 @@ data:
|
|||
"/base-user"
|
||||
],
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
argo-client-payload.json: |
|
||||
{
|
||||
"protocol": "openid-connect",
|
||||
|
|
@ -150,7 +150,7 @@ data:
|
|||
"webOrigins": [
|
||||
"/*"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
backstage-client-payload.json: |
|
||||
{
|
||||
|
|
@ -179,7 +179,7 @@ data:
|
|||
"webOrigins": [
|
||||
"/*"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
grafana-client-payload.json: |
|
||||
{
|
||||
|
|
@ -219,6 +219,64 @@ data:
|
|||
]
|
||||
}
|
||||
|
||||
argocd-client-payload.json: |
|
||||
{
|
||||
"protocol": "openid-connect",
|
||||
"clientId": "argocd",
|
||||
"name": "ArgoCD Client",
|
||||
"description": "Used for ArgoCD SSO",
|
||||
"publicClient": false,
|
||||
"authorizationServicesEnabled": false,
|
||||
"serviceAccountsEnabled": false,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"standardFlowEnabled": true,
|
||||
"frontchannelLogout": true,
|
||||
"attributes": {
|
||||
"saml_idp_initiated_sso_url_name": "",
|
||||
"oauth2.device.authorization.grant.enabled": false,
|
||||
"oidc.ciba.grant.enabled": false
|
||||
},
|
||||
"alwaysDisplayInConsole": false,
|
||||
"rootUrl": "",
|
||||
"baseUrl": "",
|
||||
"redirectUris": [
|
||||
"https://{{{ .Env.DOMAIN }}}/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"/*"
|
||||
]
|
||||
}
|
||||
|
||||
forgejo-client-payload.json: |
|
||||
{
|
||||
"protocol": "openid-connect",
|
||||
"clientId": "forgejo",
|
||||
"name": "Forgejo Client",
|
||||
"description": "Used for Forgejo SSO",
|
||||
"publicClient": false,
|
||||
"authorizationServicesEnabled": false,
|
||||
"serviceAccountsEnabled": false,
|
||||
"implicitFlowEnabled": false,
|
||||
"directAccessGrantsEnabled": true,
|
||||
"standardFlowEnabled": true,
|
||||
"frontchannelLogout": true,
|
||||
"attributes": {
|
||||
"saml_idp_initiated_sso_url_name": "",
|
||||
"oauth2.device.authorization.grant.enabled": false,
|
||||
"oidc.ciba.grant.enabled": false
|
||||
},
|
||||
"alwaysDisplayInConsole": false,
|
||||
"rootUrl": "",
|
||||
"baseUrl": "",
|
||||
"redirectUris": [
|
||||
"https://{{{ .Env.DOMAIN_GITEA }}}/*"
|
||||
],
|
||||
"webOrigins": [
|
||||
"/*"
|
||||
]
|
||||
}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
|
|
@ -254,7 +312,7 @@ spec:
|
|||
command: ["/bin/bash", "-c"]
|
||||
args:
|
||||
- |
|
||||
#! /bin/bash
|
||||
#! /bin/bash
|
||||
|
||||
set -ex -o pipefail
|
||||
|
||||
|
|
@ -315,7 +373,7 @@ spec:
|
|||
${KEYCLOAK_URL}/admin/realms/cnoe/groups
|
||||
|
||||
# Create scope mapper
|
||||
echo 'adding group claim to tokens'
|
||||
echo 'adding group claim to tokens'
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
|
|
@ -355,8 +413,8 @@ spec:
|
|||
echo "creating Argo Workflows client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X POST --data @/var/config/argo-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
-X POST --data @/var/config/argo-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
|
||||
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
|
|
@ -370,21 +428,26 @@ spec:
|
|||
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
|
||||
ARGO_WORKFLOWS_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
echo "creating Grafana client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X POST --data @/var/config/grafana-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
|
||||
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "grafana") | .id')
|
||||
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
|
||||
GRAFANA_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
|
|
@ -394,22 +457,71 @@ spec:
|
|||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X POST --data @/var/config/backstage-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
|
||||
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "backstage") | .id')
|
||||
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
|
||||
BACKSTAGE_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
echo "creating ArgoCD client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X POST --data @/var/config/argocd-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
|
||||
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "argocd") | .id')
|
||||
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
|
||||
ARGOCD_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
echo "creating Forgejo client"
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X POST --data @/var/config/forgejo-client-payload.json \
|
||||
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||
|
||||
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "forgejo") | .id')
|
||||
|
||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||
|
||||
curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||
|
||||
FORGEJO_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||
|
||||
ARGOCD_PASSWORD=$(./kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password | base64decode }}')
|
||||
|
||||
ARGOCD_SESSION_TOKEN=$(curl -k -sS http://argocd-server.argocd.svc.cluster.local:443/api/v1/session -H 'Content-Type: application/json' -d "{\"username\":\"admin\",\"password\":\"${ARGOCD_PASSWORD}\"}" | jq -r .token)
|
||||
ARGOCD_SESSION_TOKEN=$(curl -sS https://{{{ .Env.DOMAIN }}}/argocd/api/v1/session -H 'Content-Type: application/json' -d "{\"username\":\"admin\",\"password\":\"${ARGOCD_PASSWORD}\"}" | jq -r .token)
|
||||
|
||||
echo \
|
||||
"apiVersion: v1
|
||||
|
|
@ -426,7 +538,10 @@ spec:
|
|||
BACKSTAGE_CLIENT_ID: backstage
|
||||
GRAFANA_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET}
|
||||
GRAFANA_CLIENT_ID: grafana
|
||||
ARGOCD_CLIENT_SECRET: ${ARGOCD_CLIENT_SECRET}
|
||||
ARGOCD_CLIENT_ID: argocd
|
||||
FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET}
|
||||
FORGEJO_CLIENT_ID: forgejo
|
||||
" > /tmp/secret.yaml
|
||||
|
||||
./kubectl apply -f /tmp/secret.yaml
|
||||
|
||||
|
|
|
|||
|
|
@ -1,23 +1,25 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: crossplane-compositions
|
||||
name: mailhog
|
||||
namespace: argocd
|
||||
labels:
|
||||
env: dev
|
||||
finalizers:
|
||||
- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
project: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
destination:
|
||||
name: in-cluster
|
||||
namespace: crossplane-system
|
||||
source:
|
||||
path: stacks/core/crossplane-compositions
|
||||
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
|
||||
targetRevision: HEAD
|
||||
directory:
|
||||
recurse: true
|
||||
path: "stacks/ref-implementation/mailhog"
|
||||
destination:
|
||||
server: "https://kubernetes.default.svc"
|
||||
namespace: mailhog
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
automated:
|
||||
selfHeal: true
|
||||
retry:
|
||||
limit: -1
|
||||
54
template/stacks/ref-implementation/mailhog/README.md
Normal file
54
template/stacks/ref-implementation/mailhog/README.md
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
# Mailhog
|
||||
|
||||
[MailHog is an email testing tool for developers](https://github.com/mailhog/MailHog).
|
||||
|
||||
## In cluster SMTP service
|
||||
|
||||
Ypu can send ESMTP emails in the cluster to `mailhog.mailhog.svc.cluster.local`, standard port `1025`, as defined in the service manifest:
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mailhog
|
||||
spec:
|
||||
ports:
|
||||
- name: smtp
|
||||
port: 1025
|
||||
```
|
||||
|
||||
## Ingress
|
||||
|
||||
Mailhog offers both WebUi and API at `https://{{{ .Env.DOMAIN }}}/mailhog`.
|
||||
|
||||
The ingress definition is in `stacks/core/ingress-apps/mailhog.yaml` (BTW, why isn't this ingress file here in this folder ??) routing to the mailhog' service
|
||||
|
||||
```yaml
|
||||
spec:
|
||||
rules:
|
||||
- host: {{{ .Env.DOMAIN }}}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
...
|
||||
path: /mailhog
|
||||
```
|
||||
|
||||
## API
|
||||
|
||||
For usage of the API see https://github.com/mailhog/MailHog/blob/master/docs/APIv2.md
|
||||
|
||||
## Tests
|
||||
|
||||
```bash
|
||||
kubectl run busybox --rm -it --image=busybox -- /bin/sh
|
||||
|
||||
# inside bsybox
|
||||
wget -O- http://mailhog.mailhog.svc.cluster.local:8025/mailhog
|
||||
|
||||
# check smtp port
|
||||
nc -zv mailhog.mailhog.svc.cluster.local 1025
|
||||
|
||||
# send esmtp, first install swaks
|
||||
swaks --to test@example.com --from test@example.com --server mailhog:1025 --data "Subject: Test-Mail\n\nDies ist eine Test-Mail."
|
||||
```
|
||||
33
template/stacks/ref-implementation/mailhog/deployment.yaml
Normal file
33
template/stacks/ref-implementation/mailhog/deployment.yaml
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: mailhog-deployment
|
||||
namespace: mailhog
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: mailhog
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: mailhog
|
||||
spec:
|
||||
containers:
|
||||
- name: mailhog
|
||||
image: mailhog/mailhog
|
||||
env:
|
||||
- name: MH_UI_WEB_PATH # set this to same value as in ingress stacks/core/ingress-apps/mailhog.yaml
|
||||
value: mailhog
|
||||
ports:
|
||||
- containerPort: 1025
|
||||
name: smtp
|
||||
- containerPort: 8025
|
||||
name: http
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "50m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
13
template/stacks/ref-implementation/mailhog/service.yaml
Normal file
13
template/stacks/ref-implementation/mailhog/service.yaml
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mailhog
|
||||
spec:
|
||||
selector:
|
||||
app: mailhog
|
||||
ports:
|
||||
- name: smtp
|
||||
port: 1025
|
||||
- name: http
|
||||
port: 8025
|
||||
type: ClusterIP
|
||||
Loading…
Reference in a new issue