Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add tks-admin-tools group #264

Merged
merged 1 commit into from
Sep 26, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions tks-admin-tools/base/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- resources.yaml

transformers:
- site-values.yaml
188 changes: 188 additions & 0 deletions tks-admin-tools/base/resources.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: keycloak
name: keycloak
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: keycloak
version: 15.1.6
origin: https://github.com/bitnami/charts/tree/main/bitnami/keycloak
releaseName: keycloak
targetNamespace: keycloak
values:
global:
storageClass: "taco-storage"
auth:
adminUser: "admin"
adminPassword: password
proxy: edge
httpRelativePath: "/auth/"
production: true
replicaCount: 1 # tunable
ingress:
enabled: true
ingressClassName: nginx # tunable
hostname: TO_BE_FIXED
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: 20k
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/cluster-issuer: http0issuer
tls: true
selfSigned: false
cache:
enabled: true
stackName: kubernetes
postgresql:
enabled: false
externalDatabase:
host: "postgresql.tks-db.svc" # tunable
port: 5432
password: password
readinessProbe:
failureThreshold: 10
extraEnvVars:
- name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
value: "true"

---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: tks-api
name: tks-api
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: tks-api
version: 0.1.2
origin: https://openinfradev.github.io/helm-repo
releaseName: tks-api
targetNamespace: tks
values:
gitBaseUrl: https://github.com
gitAccount: decapod10
db:
dbHost: postgresql.tks-db.svc
adminUser: postgres
adminPassword: password # tunable
dbUser: tksuser
dbPassword: password # tunable
tksapi:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-api
tag: v3.0.1
# Master org's admin password
tksAccount:
password: admin # tunable
args:
imageRegistryUrl: "harbor.taco-cat.xyz/appserving" # tunable
harborPwSecret: "harbor-core"
gitRepositoryUrl: "github.com/openinfradev" # tunable
keycloakAddress: http://keycloak.keycloak.svc:80/auth
tksbatch:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-batch
tag: v3.0.0
tksconsole:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-console
tag: v3.0.1

---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: harbor
name: harbor
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: harbor
version: 1.11.0
origin: https://github.com/goharbor/harbor-helm
releaseName: harbor
targetNamespace: harbor
values:
expose:
tls:
certSource: secret
secret:
secretName: "harbor.taco-cat-tls" # tunable
ingress:
hosts:
core: TO_BE_FIXED
className: "nginx" # tunable
annotations:
cert-manager.io/cluster-issuer: http0issuer
acme.cert-manager.io/http01-edit-in-place: "true"
externalURL: TO_BE_FIXED
#######################################################
## all values under persistence are tunable (for HA) ##
#######################################################
persistence:
persistentVolumeClaim:
registry:
storageClass: taco-storage
accessMode: ReadWriteOnce
size: 200Gi
chartmuseum:
storageClass: taco-storage
accessMode: ReadWriteOnce
size: 20Gi
jobservice:
jobLog:
storageClass: taco-storage
accessMode: ReadWriteOnce
scanDataExports:
storageClass: taco-storage
accessMode: ReadWriteOnce
redis:
storageClass: taco-storage
accessMode: ReadWriteOnce
trivy:
storageClass: taco-storage
database:
type: external
external:
host: "postgresql.tks-db.svc" # tunable
port: "5432"
username: "harbor"
password: password # tunable
existingSecret: ""
# "disable" - No SSL
# "require" - Always SSL (skip verification)
# "verify-ca" - Always SSL (verify that the certificate presented by the
# server was signed by a trusted CA)
# "verify-full" - Always SSL (verify that the certification presented by the
# server was signed by a trusted CA and the server host name matches the one
# in the certificate)
sslmode: "require"
notary:
enabled: false
cache:
enabled: true
core:
replicas: 1 # tunable
jobservice:
replicas: 1 # tunable
registry:
replicas: 1 # tunable
chartmuseum:
replicas: 1 # tunable
trivy:
replicas: 1 # tunable
portal:
replicas: 1 # tunable
harborAdminPassword: password # tunable
91 changes: 91 additions & 0 deletions tks-admin-tools/base/site-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
apiVersion: openinfradev.github.com/v1
kind: HelmValuesTransformer
metadata:
name: site

global:
dbHost: ${DATABASE_HOST}
commonPassword: ${COMMON_PASSWORD}
storageClass: ${STORAGE_CLASS}
storageClassHa: ${STORAGE_CLASS_HA}

charts:
- name: keycloak
override:
global.storageClass: $(storageClass)
auth.adminPassword: $(commonPassword)
ingress.enabled: true
ingress.hostname: TO_BE_FIXED
externalDatabase.host: $(dbHost)
externalDatabase.password: $(commonPassword)

- name: tks-api
override:
gitBaseUrl: https://github.com
gitAccount: decapod10
db:
dbHost: $(dbHost)
adminPassword: $(commonPassword)
dbUser: tksuser
dbPassword: $(commonPassword)
tksapi:
replicaCount: 1
tksAccount:
password: $(commonPassword)
args:
imageRegistryUrl: "harbor.taco-cat.xyz/appserving"
gitRepositoryUrl: "github.com/openinfradev"
keycloakAddress: http://keycloak.keycloak.svc:80/auth
tksbatch:
replicaCount: 1
tksconsole:
replicaCount: 1

- name: harbor
override:
expose:
ingress:
hosts:
core: TO_BE_FIXED
className: "nginx"
externalURL: TO_BE_FIXED
persistence:
persistentVolumeClaim:
registry:
storageClass: $(storageClassHa)
accessMode: ReadWriteMany
size: 200Gi
chartmuseum:
storageClass: $(storageClassHa)
accessMode: ReadWriteMany
size: 20Gi
jobservice:
jobLog:
storageClass: $(storageClassHa)
accessMode: ReadWriteMany
scanDataExports:
storageClass: $(storageClassHa)
accessMode: ReadWriteMany
redis:
storageClass: $(storageClass)
accessMode: ReadWriteOnce
trivy:
storageClass: $(storageClass)
database:
type: external
external:
host: $(dbHost)
password: $(commonPassword)
core:
replicas: 2
jobservice:
replicas: 2
registry:
replicas: 2
chartmuseum:
replicas: 2
trivy:
replicas: 2
portal:
replicas: 2
harborAdminPassword: $(commonPassword)
78 changes: 78 additions & 0 deletions tks-admin-tools/image/image-values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
apiVersion: openinfradev.github.com/v1
kind: HelmValuesTransformer
metadata:
name: image

global:
registry: harbor.taco-cat.xyz

charts:
- name: keycloak
override:
image:
registry: $(registry)
repository: bitnami/keycloak
tag: 21.1.2-debian-11-r0
- name: tks-api
override:
tks-api:
image:
repository: $(registry)/tks/tks-api
tag: v3.0.1
tksbatch:
image:
repository: $(registry)/tks/tks-batch
tag: v3.0.0
tksconsole:
image:
repository: $(registry)/tks/tks-console
tag: v3.0.1
- name: harbor
override:
portal:
image:
repository: $(registry)/goharbor/harbor-portal
tag: v2.7.0
core:
image:
repository: $(registry)/goharbor/harbor-core
tag: v2.7.0
jobservice:
image:
repository: $(registry)/goharbor/harbor-jobservice
tag: v2.7.0
registry:
registry:
image:
repository: $(registry)/goharbor/registry-photon
tag: v2.7.0
controller:
image:
repository: $(registry)/goharbor/harbor-registryctl
tag: v2.7.0
chartmuseum:
image:
repository: $(registry)/goharbor/chartmuseum-photon
tag: v2.7.0
trivy:
image:
repository: $(registry)/goharbor/trivy-adapter-photon
tag: v2.7.0
notary:
server:
image:
repository: $(registry)/goharbor/notary-server-photon
tag: v2.7.0
signer:
image:
repository: $(registry)/goharbor/notary-signer-photon
tag: v2.7.0
redis:
internal:
image:
repository: $(registry)/goharbor/redis-photon
tag: v2.7.0
exporter:
image:
repository: $(registry)/goharbor/harbor-exporter
tag: v2.7.0