diff --git a/tks-admin-tools/base/kustomization.yaml b/tks-admin-tools/base/kustomization.yaml new file mode 100644 index 0000000..fdb088d --- /dev/null +++ b/tks-admin-tools/base/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - resources.yaml + +transformers: + - site-values.yaml diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml new file mode 100644 index 0000000..8127f37 --- /dev/null +++ b/tks-admin-tools/base/resources.yaml @@ -0,0 +1,184 @@ +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: keycloak + name: keycloak +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: keycloak + version: 15.1.6 + origin: https://github.com/bitnami/charts/tree/main/bitnami/keycloak + releaseName: keycloak + targetNamespace: keycloak + values: + global: + storageClass: "taco-storage" + auth: + adminUser: "admin" + adminPassword: "xkzhvotmdnjem" + proxy: edge + httpRelativePath: "/auth/" + production: true + replicaCount: 1 # tunable + ingress: + enabled: true + ingressClassName: nginx # tunable + hostname: TO_BE_FIXED + annotations: + nginx.ingress.kubernetes.io/proxy-buffer-size: 20k + acme.cert-manager.io/http01-edit-in-place: "true" + cert-manager.io/cluster-issuer: http0issuer + tls: true + selfSigned: false + cache: + enabled: true + stackName: kubernetes + postgresql: + enabled: false + externalDatabase: + host: "postgresql.tks-db.svc" # tunable + port: 5432 + password: "xkzhvotmdnjem" + readinessProbe: + failureThreshold: 10 + extraEnvVars: + - name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY + value: "true" + +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: tks-api + name: tks-api +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: tks-api + version: 0.1.2 + origin: https://openinfradev.github.io/helm-repo + releaseName: tks-api + targetNamespace: tks + values: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: postgresql.tks-db.svc + adminUser: postgres + adminPassword: tacopassword + dbUser: tksuser + dbPassword: tacopassword + tksapi: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-api + tag: v3.0.1 + tksAccount: + password: admin + args: + imageRegistryUrl: "harbor.taco-cat.xyz/appserving" + harborPwSecret: "harbor-core" + gitRepositoryUrl: "github.com/openinfradev" + keycloakAddress: http://keycloak.keycloak.svc:80/auth + tksbatch: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-batch + tag: v3.0.0 + tksconsole: + replicaCount: 1 + image: + repository: harbor.taco-cat.xyz/tks/tks-console + tag: v3.0.1 + +--- +apiVersion: helm.fluxcd.io/v1 +kind: HelmRelease +metadata: + labels: + name: harbor + name: harbor +spec: + chart: + type: helmrepo + repository: https://harbor.taco-cat.xyz/chartrepo/tks + name: harbor + version: 1.11.0 + origin: https://github.com/goharbor/harbor-helm + releaseName: harbor + targetNamespace: harbor + values: + expose: + tls: + certSource: secret + secret: + secretName: "harbor.taco-cat-tls" # tunable + ingress: + hosts: + core: TO_BE_FIXED + className: "nginx" # tunable + annotations: + cert-manager.io/cluster-issuer: http0issuer + acme.cert-manager.io/http01-edit-in-place: "true" + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + size: 200Gi + chartmuseum: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + size: 20Gi + jobservice: + jobLog: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + scanDataExports: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + redis: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + trivy: + storageClass: TO_BE_FIXED + database: + type: external + external: + host: "postgresql.tks-db.svc" # tunable + port: "5432" + username: "harbor" + password: "tksharborpassword" + existingSecret: "" + # "disable" - No SSL + # "require" - Always SSL (skip verification) + # "verify-ca" - Always SSL (verify that the certificate presented by the + # server was signed by a trusted CA) + # "verify-full" - Always SSL (verify that the certification presented by the + # server was signed by a trusted CA and the server host name matches the one + # in the certificate) + sslmode: "require" + notary: + enabled: false + cache: + enabled: true + core: + replicas: 2 # tunable + jobservice: + replicas: 2 # tunable + registry: + replicas: 2 # tunable + chartmuseum: + replicas: 2 # tunable + trivy: + replicas: 2 # tunable + portal: + replicas: 2 # tunable + harborAdminPassword: "Xkzhvotmdnjem1" diff --git a/tks-admin-tools/base/site-values.yaml b/tks-admin-tools/base/site-values.yaml new file mode 100644 index 0000000..257081e --- /dev/null +++ b/tks-admin-tools/base/site-values.yaml @@ -0,0 +1,87 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: site + +global: + db_host: "postgresql.tks-db.svc" + +charts: +- name: keycloak + override: + global.storageClass: "taco-storage" + auth.adminPassword: "xkzhvotmdnjem" + ingress.enabled: true + ingress.hostname: TO_BE_FIXED + externalDatabase.host: $(db_host) + externalDatabase.password: "xkzhvotmdnjem" + +- name: tks-api + override: + gitBaseUrl: https://github.com + gitAccount: decapod10 + db: + dbHost: $(db_host) + adminPassword: tacopassword + dbUser: tksuser + dbPassword: tacopassword + tksapi: + replicaCount: 1 + tksAccount: + password: admin + args: + imageRegistryUrl: "harbor.taco-cat.xyz/appserving" + gitRepositoryUrl: "github.com/openinfradev" + keycloakAddress: http://keycloak.keycloak.svc:80/auth + tksbatch: + replicaCount: 1 + tksconsole: + replicaCount: 1 + +- name: harbor + override: + expose: + ingress: + hosts: + core: TO_BE_FIXED + className: "nginx" # tunable + externalURL: TO_BE_FIXED + persistence: + persistentVolumeClaim: + registry: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + size: 200Gi + chartmuseum: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + size: 20Gi + jobservice: + jobLog: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + scanDataExports: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + redis: + storageClass: TO_BE_FIXED + accessMode: TO_BE_FIXED + trivy: + storageClass: TO_BE_FIXED + database: + type: external + external: + host: $(db_host) # tunable + core: + replicas: 2 # tunable + jobservice: + replicas: 2 # tunable + registry: + replicas: 2 # tunable + chartmuseum: + replicas: 2 # tunable + trivy: + replicas: 2 # tunable + portal: + replicas: 2 # tunable + harborAdminPassword: "Xkzhvotmdnjem1" diff --git a/tks-admin-tools/image/image-values.yaml b/tks-admin-tools/image/image-values.yaml new file mode 100755 index 0000000..cd95f60 --- /dev/null +++ b/tks-admin-tools/image/image-values.yaml @@ -0,0 +1,78 @@ +apiVersion: openinfradev.github.com/v1 +kind: HelmValuesTransformer +metadata: + name: image + +global: + registry: harbor.taco-cat.xyz + +charts: +- name: keycloak + override: + image: + registry: $(registry) + repository: bitnami/keycloak + tag: 21.1.2-debian-11-r0 +- name: tks-api + override: + tks-api: + image: + repository: $(registry)/tks/tks-api + tag: v3.0.1 + tksbatch: + image: + repository: $(registry)/tks/tks-batch + tag: v3.0.0 + tksconsole: + image: + repository: $(registry)/tks/tks-console + tag: v3.0.1 +- name: harbor + override: + portal: + image: + repository: $(registry)/goharbor/harbor-portal + tag: v2.7.0 + core: + image: + repository: $(registry)/goharbor/harbor-core + tag: v2.7.0 + jobservice: + image: + repository: $(registry)/goharbor/harbor-jobservice + tag: v2.7.0 + registry: + registry: + image: + repository: $(registry)/goharbor/registry-photon + tag: v2.7.0 + controller: + image: + repository: $(registry)/goharbor/harbor-registryctl + tag: v2.7.0 + chartmuseum: + image: + repository: $(registry)/goharbor/chartmuseum-photon + tag: v2.7.0 + trivy: + image: + repository: $(registry)/goharbor/trivy-adapter-photon + tag: v2.7.0 + notary: + server: + image: + repository: $(registry)/goharbor/notary-server-photon + tag: v2.7.0 + signer: + image: + repository: $(registry)/goharbor/notary-signer-photon + tag: v2.7.0 + redis: + internal: + image: + repository: $(registry)/goharbor/redis-photon + tag: v2.7.0 + exporter: + image: + repository: $(registry)/goharbor/harbor-exporter + tag: v2.7.0