chore(template): start writing a template

2024-07-23 15:41:10 +02:00 · 2024-07-23 15:41:10 +02:00 · 23e1eaf6da
commit 23e1eaf6da
parent 96bf5f468f
6 changed files with 243 additions and 0 deletions
--- a/template/.helmignore
+++ b/template/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/template/Chart.yaml
+++ b/template/Chart.yaml
@ -0,0 +1,9 @@
+apiVersion: v2
+name: <template>
+description: A Helm chart for Kubernetes
+type: application
+maintainers:
+  - name: WrenIX
+    url: https://wrenix.eu
+
+version: 0.1.0
--- a/template/create.sh
+++ b/template/create.sh
@ -0,0 +1,13 @@
+#!/bin/sh
+chartName=$1
+if [ -z ${chartName} ]; then
+  echo "chart-name required"
+  echo "create.sh <chart-name>"
+  exit 1;
+fi
+templatePath="$(dirname "$0")"
+chartPath="${templatePath}/../${chartName}"
+chartPath="$(realpath "${chartPath}")"
+echo "${chartName} under ${chartPath} (based on ${templatePath})"
+cp -r "${templatePath}" "${chartPath}"
+find "$chartPath" \( -type d -name .git -prune \) -o -type f -print0 | xargs -0 sed -i "s/<template>/${chartName}/g"
--- a/template/templates/authentik-application.yaml
+++ b/template/templates/authentik-application.yaml
@ -0,0 +1,56 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: {{ .Release.Name }}-auth
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: GitRepository
+        name: "wrenix-helm-charts"
+        namespace: "flux-system"
+      chart: "./authentik-application"
+      reconcileStrategy: "Revision"
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  driftDetection:
+    {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }}
+  interval: 10m
+  values:
+    {{- $host := .Values.ingress.host | default (printf "social.%s" .Values.commons.ingress.domain) }}
+    blueprint:
+      authentik:
+        domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}"
+      provider:
+        type: "oidc"
+        name: "GoToSocial"
+        oidc:
+          clientType: "confidential"
+          redirectURL: "https://{{ $host }}/auth/callback"
+          clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }}
+          clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }}
+          signingKey: "authentik Self-signed Certificate"
+          scopes:
+            - name: "authentik default OAuth Mapping: OpenID 'openid'"
+            - name: "authentik default OAuth Mapping: OpenID 'email'"
+            - name: "authentik default OAuth Mapping: OpenID 'profile'"
+
+      groups:
+        - slug: "mycloud - users"
+          bindID: "cefc0c13-49fa-4374-a909-e201a88a473b"
+
+      application:
+        policyEngineMode: "any"
+        openInNewTab: true
+        publisher: "WrenIX's myCloud"
+        slug: "mycloud-gotosocial"
+        group: "Social"
+        name: "GoToSocial"
+        launchURL: "https://{{ $host }}/settings"
+        icon: "https://{{ $host }}/assets/logo.png"
+        description: "With GoToSocial, you can keep in touch with your friends, post, read, and share images and articles. All without being tracked or advertised to!"
--- a/template/templates/configmap_init_crd.yaml
+++ b/template/templates/configmap_init_crd.yaml
@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-init
+  namespace: "{{ .Values.init.namespace }}"
+data:
+  {{- if and
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+  }}
+  init: "-1"
+  {{- else }}
+  init: "{{ add1 .Values.init.version }}"
+  {{- end }}
--- a/template/values.yaml
+++ b/template/values.yaml
@ -0,0 +1,128 @@
+init:
+  version: 0
+  namespace: "bases"
+
+commons:
+  # -- masterPassword to generate secrets
+  # @section -- Commons
+  masterPassword: "CHANGEME"
+
+  # template for infra-
+  auth:
+    enabled: false
+    type: "authentik"
+    namespace: ""
+    authentik:
+      domain: ""
+      backend: "authentik-server"
+
+  # template for mycloud-
+  auth:
+    # -- default auth.(.Values.commons.ingress.domain)
+    # @section -- Commons
+    host:
+
+  # template for mycloud-
+  theme:
+    # -- title everywhere
+    # @section -- Commons theme
+    title: myCloud
+    # -- logo everywhere
+    # @section -- Commons theme
+    logo: /static/dist/assets/icons/icon_left_brand.svg
+    # -- favicon everywhere
+    # @section -- Commons theme
+    favicon: /static/dist/assets/icons/icon.png
+
+  # template for mycloud-
+  mail:
+    # -- smtp server
+    # @section -- Commons mail
+    host:
+    # -- smtp username
+    # @section -- Commons mail
+    username:
+    # -- smtp password
+    # @section -- Commons mail
+    password:
+    # -- send from address
+    # @section -- Commons mail
+    from:
+    # -- smtp server use start tls
+    # @section -- Commons mail
+    use_tls: false
+    # -- smtp server use ssl
+    # @section -- Commons mail
+    use_ssl: false
+
+  # template for mycloud-
+  persistence:
+    # -- storageClass of PVC
+    # @section -- Commons Persistence
+    storageClass:
+    hostPath:
+      # -- use hostPath instatt of PVC
+      # @section -- Commons Persistence
+      enabled: false
+      # -- use hostPath under the following path
+      # @section -- Commons Persistence
+      prefix: "/var/lib/mycloud"
+
+  helm:
+    release:
+      # -- install of FluxCD HelmRelease
+      # @section -- Commons helm release
+      install: {}
+      # -- test of FluxCD HelmRelease
+      # @section -- Commons helm release
+      test: {}
+      # -- upgrade of FluxCD HelmRelease
+      # @section -- Commons helm release
+      upgrade: {}
+      # -- driftDetection of FluxCD HelmRelease
+      # @section -- Commons helm release
+      driftDetection: {}
+
+  ingress:
+    # -- top domain for all services
+    # @section -- Commons Ingress
+    domain: "wrenix.eu"
+    # -- annotations for all ingress objects
+    # @section -- Commons Ingress
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+    tls:
+      # -- tls on every ingress
+      # @section -- Commons Ingress
+      enabled: true
+      # -- use own definition of tls (e.g. for own or wildcard certificate)
+      # @section -- Commons Ingress
+      override: []
+
+  prometheus:
+    monitor:
+      # -- labels on Pod- and Service-Monitor
+      # @section -- Commons Monitoring
+      labels: {}
+    rules:
+      # -- labels on PrometheusRules
+      # @section -- Commons Monitoring
+      labels: {}
+  tracing:
+    # -- enable tracing on all components
+    # @section -- Commons Tracing
+    enabled: false
+    http:
+      # -- http endpoint
+      # @section -- Commons Tracing
+      endpoint: "http://tempo.monitoring.svc:4318/v1/traces"
+    grpc:
+      # -- prefer grpc over http
+      # @section -- Commons Tracing
+      enabled: true
+      # -- allow insecure connection per grpc
+      # @section -- Commons Tracing
+      insecure: true
+      # -- grpc endpoint
+      # @section -- Commons Tracing
+      endpoint: "tempo.monitoring.svc:4317"