openproject initial commit

2024-11-04 22:12:44 +01:00 · 2024-11-04 22:12:44 +01:00 · 5c4e71e9c6
commit 5c4e71e9c6
parent becd916820
5 changed files with 180 additions and 0 deletions
--- a/app-files/apps.yaml
+++ b/app-files/apps.yaml
@ -164,3 +164,73 @@ spec:
    - CreateNamespace=true
    automated:
      prune: false
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: openproject
+  namespace: argocd
+spec:
+  project: default
+  sources:
+    - repoURL: https://charts.openproject.org
+      chart: openproject
+      targetRevision: 8.3.2
+      helm:
+        releaseName: openproject
+        values: |
+          clusterDomain: "project.aaronriedel.de"
+          ingress:
+            annotations:
+              kubernetes.io/tls-acme: "true"
+            host: "project.aaronriedel.de"
+          workers:
+            default:
+              replicas: 2
+          openproject:
+            oidc:
+              enabled: true
+              provider: "Keycloak"
+              displayName: "aaronID"
+              host: "auth.ar21.de"
+              existingSecret: openproject-secret
+              userinfoEndpoint: "https://auth.ar21.de/application/o/userinfo/"
+              tokenEndpoint: "https://auth.ar21.de/application/o/token/"
+              authorizationEndpoint: "https://auth.ar21.de/application/o/authorize/"
+              endSessionEndpoint: "https://auth.ar21.de/application/o/openproject/end-session/"
+          persistence:
+            enabled: false
+          s3:
+            enabled: true
+            auth:
+              existingSecret: openproject-s3
+            region: fsn1
+            bucketName: openproject
+            endpoint: https://fsn1.your-objectstorage.com
+            pathStyle: true
+            enableSignatureV4Streaming: false
+            directUploads: false
+          postgresql:
+            bundled: false
+            connection:
+              host: openproject-rw.openproject.svc.cluster.local
+              port: 5432
+            auth:
+              existingSecret: openproject-app
+              secretKeys:
+                adminPasswordKey: "password"
+                userPasswordKey: "password"
+              username: "app"
+              database: "app"
+    - repoURL: https://git.ar21.de/aaron/k8s-deployments.git
+      targetRevision: HEAD
+      path: openproject
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: openproject
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+      prune: false
--- a/openproject/db.yaml
+++ b/openproject/db.yaml
@ -0,0 +1,9 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: openproject
+  namespace: openproject
+spec:
+  instances: 3
+  storage:
+    size: 1Gi
--- a/openproject/kustomization.yaml
+++ b/openproject/kustomization.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+generators:
+  - ./secret-generator.yaml
+resources:
+  - ./db.yaml
--- a/openproject/secret-generator.yaml
+++ b/openproject/secret-generator.yaml
@ -0,0 +1,11 @@
+---
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+  annotations:
+    config.kubernetes.io/function: |
+      exec:
+        path: ksops
+files:
+  - ./secret.yaml
--- a/openproject/secret.yaml
+++ b/openproject/secret.yaml
@ -0,0 +1,83 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: openproject-secret
+    namespace: openproject
+    labels:
+        app.kubernetes.io/name: openproject-secret
+        app.kubernetes.io/part-of: openproject
+stringData:
+    clientId: ENC[AES256_GCM,data:pNsfXlI13/jOdNXbtzTrk0oYB2viicauXdzVtjljC8pd9qFXCQrnrA==,iv:x6HGIX29SedgGJiRCHwIFAXbA9ucnpO+QS1Xlgsbdks=,tag:3A53qjsmJJin2+9AA/MAuQ==,type:str]
+    clientSecret: ENC[AES256_GCM,data:dlBFp8ImgzMIpymOesrCgNBnSHkVHH/PZwMTJ2tXVjpHXnif7AAx5VMbsvk6dpDxRQPX8RTBzTVqhJbHv87Bqso3vwu7K/tjstf+iBIpTHfz6O0u5Qc6f1/ZJorb1mMk0nB3+MOZuOnVv/LkkDv7LCa6R2HSkzALZMvmLIhMuiI=,iv:NpkQxa0DhvJOCF831KeEq35wxqQ6v6/TJpM87Gnpzbc=,tag:2JcM1oAmY3HqWNVl2AAnyA==,type:str]
+type: Opaque
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByT0xDY1ZMNUtydlZqNyt4
+            RGZhYTJCaTdoaUNDcUU3c2djUFFrb1NPWmdBClM4ZXZ6aUU0WU1NdmFLYWlHUVBy
+            VlU0VlZnRnQwenJPdGRSTFBac1ZlSTgKLS0tIGowNGZBZjgyMGxJbTZvOWRLS2Jr
+            ZTczeDVvYytjK0dzUDY0QXdaUlVyN3cKM+tC9agxFrnjpfPXoNXxCinTNXJ2gHyO
+            xmkLs958EAJZ8LuFfne01Sak/7ojRny+PzKb9TudIggCUoxAW8S0+w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU2dyTnc3eCtSNFVBeFQ3
+            bTFndGdUYXVTdnpnRTJVQjI3Z0RRZ0FkQzJ3CjZ6ZHBpU2w1MDRFUzJQL1FKS1Ex
+            N011MUcyY0hlV0lYREo3Tmhhc1NXZG8KLS0tIGZpa3IyU244OXRGZ1hQdVlJbzZr
+            cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
+            d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-04T21:12:27Z"
+    mac: ENC[AES256_GCM,data:wI/Z9/ilDAoIeYmRDwqa6cm7vnOyCKLPV3rxinVO8hhP3aVQisIJlKZH5iSZTAqE+bF0451Sqj8Ei00CiH/OXl8z7s92HeE2z2paHO51SutcLUM1RttKBcWsmdGnSvpqatlED9gziAeT487V3yECts+BS2zHppTtf+DRhjYVrd0=,iv:Pt4Jq1LFAJZo9oQmcv3PTDHmRb2HWI+gGUH/gzIuQ5s=,tag:PIcgRGoIm1tmaR6kRRIb0A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: openproject-s3
+    namespace: openproject
+    labels:
+        app.kubernetes.io/name: openproject-s3
+        app.kubernetes.io/part-of: openproject
+stringData:
+    accessKeyId: ENC[AES256_GCM,data:vp+0gIUcQ1zFZZ+FzMsjrIEnLJQ=,iv:1vO4ZESGnGHpf/Jy3mQdrRwv7DgRv2bJNppKQ+Qpi6A=,tag:1DHkZJ9bpc9P4nd2O/3nkg==,type:str]
+    secretAccessKey: ENC[AES256_GCM,data:ppZZ3LRQKOKeBzj4OUuiQLFDxKA1MQm8HhhdoLdpOaTDHVmxlCgRDw==,iv:oZPdTGkNPdjU4rqO6IjZcrI9t0yhlkIqHFKUTBOBr0M=,tag:M5LK3hdw8hCJ7i/tQsmj4A==,type:str]
+type: Opaque
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age14uxgmvw26e7f82gkvxl0zwnfc5l75rdn5sms4zj0xrtrnlgn4qlsqh3kkt
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByT0xDY1ZMNUtydlZqNyt4
+            RGZhYTJCaTdoaUNDcUU3c2djUFFrb1NPWmdBClM4ZXZ6aUU0WU1NdmFLYWlHUVBy
+            VlU0VlZnRnQwenJPdGRSTFBac1ZlSTgKLS0tIGowNGZBZjgyMGxJbTZvOWRLS2Jr
+            ZTczeDVvYytjK0dzUDY0QXdaUlVyN3cKM+tC9agxFrnjpfPXoNXxCinTNXJ2gHyO
+            xmkLs958EAJZ8LuFfne01Sak/7ojRny+PzKb9TudIggCUoxAW8S0+w==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1z5wtjmk0jw0j9qz9k5rrnp30nzqxrl3v6wgl7eryvqus28zekp4qpx9jc2
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxU2dyTnc3eCtSNFVBeFQ3
+            bTFndGdUYXVTdnpnRTJVQjI3Z0RRZ0FkQzJ3CjZ6ZHBpU2w1MDRFUzJQL1FKS1Ex
+            N011MUcyY0hlV0lYREo3Tmhhc1NXZG8KLS0tIGZpa3IyU244OXRGZ1hQdVlJbzZr
+            cEk2ZEp3UzArK1NEL0E2Zkwzd1dnMW8KWWQ861ukoDUh7l1iFBnnrsInQWfeYgD9
+            d1y8yHr1kLZX66xg9erbaQbA+xtRRD+5sctypxJWPNkDO+rW+pfrAQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-04T21:12:27Z"
+    mac: ENC[AES256_GCM,data:wI/Z9/ilDAoIeYmRDwqa6cm7vnOyCKLPV3rxinVO8hhP3aVQisIJlKZH5iSZTAqE+bF0451Sqj8Ei00CiH/OXl8z7s92HeE2z2paHO51SutcLUM1RttKBcWsmdGnSvpqatlED9gziAeT487V3yECts+BS2zHppTtf+DRhjYVrd0=,iv:Pt4Jq1LFAJZo9oQmcv3PTDHmRb2HWI+gGUH/gzIuQ5s=,tag:PIcgRGoIm1tmaR6kRRIb0A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.0