studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧(helm) offer a standalone dev environment

Browse Source 
Offer a standalone dev environment or a dinum specific dev
environment with ProConnect authentication.

Needed to refactor the way secrets are managed in the project,
and also re-organize the Helm chart to make it totally standalone.

Particulary useful for external wanting to run the project.
Work done by @rouja.
This commit is contained in:
Jacques ROUSSEL
2024-12-20 14:07:01 +01:00
committed by rouja
parent 4c0230d537
commit b51f127872
24 changed files with 208 additions and 849 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/helm/extra/templates/clustersecretstore.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: external-secrets.io/v1beta1
kind: ClusterSecretStore
metadata:
name: bitwarden-login-visio
namespace: {{ $.Release.Namespace | quote }}
spec:
provider:
webhook:
url: "http://bitwarden-cli-visio.meet.svc.cluster.local:8087/object/item/{{`{{ .remoteRef.key }}`}}"
headers:
Content-Type: application/json
result:
jsonPath: "$.data.login.{{`{{ .remoteRef.property }}`}}"

28
src/helm/extra/templates/external_secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: backend
namespace: {{ .Release.Namespace | quote }}
spec:
refreshInterval: "1m"
target:
name: backend
deletionPolicy: Delete
template:
type: Opaque
data:
{{- range .Values.secrets }}
{{ .podVariable }}: |-
{{`{{`}} {{ print "." .name }} {{`}}`}}
{{- end }}
data:
{{- range .Values.secrets }}
- secretKey: {{ .name }}
sourceRef:
storeRef:
name: {{ .clusterSecretStore }}
kind: ClusterSecretStore
remoteRef:
key: {{ .itemId }}
property: {{ .field }}
{{- end }}

92
src/helm/extra/templates/external_secret_deployment.yaml Normal file
View File

@@ -0,0 +1,92 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: bitwarden-cli-visio
namespace: {{ $.Release.Namespace | quote }}
labels:
app.kubernetes.io/instance: bitwarden-cli
app.kubernetes.io/name: bitwarden-cli
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: bitwarden-cli
app.kubernetes.io/instance: bitwarden-cli
template:
metadata:
labels:
app.kubernetes.io/name: bitwarden-cli
app.kubernetes.io/instance: bitwarden-cli
spec:
containers:
- name: bitwarden-cli
image: lasuite/vaultwarden-api:0.1
imagePullPolicy: Always
env:
- name: BW_HOST
valueFrom:
secretKeyRef:
name: bitwarden-cli-visio
key: BW_HOST
- name: BW_USER
valueFrom:
secretKeyRef:
name: bitwarden-cli-visio
key: BW_USERNAME
- name: BW_PASSWORD
valueFrom:
secretKeyRef:
name: bitwarden-cli-visio
key: BW_PASSWORD
ports:
- name: http
containerPort: 8087
protocol: TCP
livenessProbe:
exec:
command:
- wget
- -q
- http://127.0.0.1:8087/sync?force=true
- --post-data=''
initialDelaySeconds: 20
failureThreshold: 3
timeoutSeconds: 10
periodSeconds: 120
readinessProbe:
tcpSocket:
port: 8087
initialDelaySeconds: 20
failureThreshold: 3
timeoutSeconds: 1
periodSeconds: 10
startupProbe:
tcpSocket:
port: 8087
initialDelaySeconds: 10
failureThreshold: 30
timeoutSeconds: 1
periodSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: bitwarden-cli-visio
namespace: {{ $.Release.Namespace | quote }}
labels:
app.kubernetes.io/instance: bitwarden-cli
app.kubernetes.io/name: bitwarden-cli
annotations:
spec:
type: ClusterIP
ports:
- port: 8087
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: bitwarden-cli
app.kubernetes.io/instance: bitwarden-cli

7
src/helm/extra/templates/keydb.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: core.libre.sh/v1alpha1
kind: Redis
metadata:
name: redis
namespace: {{ .Release.Namespace | quote }}
spec:
disableAuth: false

7
src/helm/extra/templates/postgresql.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: core.libre.sh/v1alpha1
kind: Postgres
metadata:
name: postgresql
namespace: {{ .Release.Namespace | quote }}
spec:
database: meet

55
src/helm/extra/templates/redirect.yaml
View File

@@ -1,55 +0,0 @@
{{ if .Values.addRedirect }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
{{ if .Values.enablePermanentRedirect }}
nginx.ingress.kubernetes.io/permanent-redirect: "https://{{ .Values.newDomain }}$request_uri"
nginx.ingress.kubernetes.io/permanent-redirect-code: "308"
{{ end }}
name: temporary-redirect
namespace: {{ .Release.Namespace | quote }}
spec:
ingressClassName: nginx
rules:
- host: {{ .Values.oldDomain }}
http:
paths:
- backend:
service:
name: meet-frontend
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: meet-backend
port:
number: 80
path: /api
pathType: Prefix
tls:
- hosts:
- {{ .Values.oldDomain }}
secretName: transitional-tls
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: transitional-tls
namespace: {{ .Release.Namespace | quote }}
spec:
dnsNames:
- {{ .Values.newDomain }}
- {{ .Values.oldDomain }}
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: {{ index .Values.ingress.annotations "cert-manager.io/cluster-issuer" }}
secretName: transitional-tls
usages:
- digital signature
- key encipherment
{{ end }}

8
src/helm/extra/templates/s3.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: core.libre.sh/v1alpha1
kind: Bucket
metadata:
name: meet-media-storage
namespace: {{ .Release.Namespace | quote }}
spec:
provider: data
versioned: true

7
src/helm/extra/templates/summary_keydb.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: core.libre.sh/v1alpha1
kind: Redis
metadata:
name: redis-summary
namespace: {{ .Release.Namespace | quote }}
spec:
disableAuth: false