diff --git a/base/README.adoc b/base/README.adoc index e669b91..13e88e6 100644 --- a/base/README.adoc +++ b/base/README.adoc @@ -44,7 +44,7 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | commons.namespace.labels | object | `{}` -| +| labels for every new created namespace (together or overwritten by components..enabled +| bool +| `false` +| enable component-release to install + +| components..name +| string +| `nil` +| optional component-name (if not set component-release-name is used as component-name) + +| components..namespace.labels | object | `{}` -| +| if create a new namespace use labels (and the common namespace.labels) + +| components..namespace.name +| string +| `nil` +| if not set, it reuse namespace where this base-chart is deployed + +| components..namespace.skip_create +| bool +| `false` +| use the named namespace but does not create it + +| components..values +| object +| `{}` +| set values on component-release + +| components..valuesFrom +| list +| `[]` +| valuesFrom just for this component (for use values from ConfigMap or Secret) | global | object diff --git a/base/values.yaml b/base/values.yaml index c977dae..ee05b7c 100644 --- a/base/values.yaml +++ b/base/values.yaml @@ -2,6 +2,7 @@ global: {} commons: namespace: + # -- labels for every new created namespace (together or overwritten by components.: + # -- enable component-release to install + enabled: false + # -- optional component-name (if not set component-release-name is used as component-name) + name: + namespace: + # -- if not set, it reuse namespace where this base-chart is deployed + name: + # -- if create a new namespace use labels (and the common namespace.labels) + labels: {} + # -- use the named namespace but does not create it + skip_create: false + # -- valuesFrom just for this component (for use values from ConfigMap or Secret) + valuesFrom: [] + # -- set values on component-release + values: {} diff --git a/docs/antora.yml b/docs/antora.yml index 0814d8e..fc535f3 100644 --- a/docs/antora.yml +++ b/docs/antora.yml @@ -6,4 +6,8 @@ version: nav: - modules/ROOT/nav.adoc + - modules/fluxcd/nav.adoc + - modules/base/nav.adoc + - modules/infra/nav.adoc + - modules/mycloud/nav.adoc - modules/components/nav.adoc diff --git a/docs/generate.sh b/docs/generate.sh new file mode 100755 index 0000000..494b03d --- /dev/null +++ b/docs/generate.sh @@ -0,0 +1,46 @@ +#!/bin/sh +ROOT_DIR=".." + +## +# components +## +echo "== components module" + +echo "* components" > modules/components/nav.adoc +for c in $ROOT_DIR/* ; do + name=$(basename $c) + if \ + [ $name == "docs" ] || \ + [ $name == "base" ] || \ + [ $name == "base-values" ] || \ + [ ! -d $c ]; then + continue + fi; + echo " - ${name}" + ln -sf "../../../${c}/README.adoc" "modules/components/pages/${name}.adoc"; + echo "** xref:${name}.adoc[${name}]" >> modules/components/nav.adoc +done + +helm-docs --chart-search-root "${ROOT_DIR}/" -t ./docs/modules/components/README.adoc.gotmpl -o README.adoc + +## +# infra +## +echo "== infra module" + +echo "" > modules/infra/pages/partial-list-components.adoc +for c in $ROOT_DIR/infra-* ; do + name=$(basename $c) + echo "* xref:components:${name}.adoc[${name}]" >> modules/infra/pages/partial-list-components.adoc +done + +## +# mycloud +## +echo "== mycloud module" + +echo "" > modules/mycloud/pages/partial-list-components.adoc +for c in $ROOT_DIR/mycloud-* ; do + name=$(basename $c) + echo "* xref:components:${name}.adoc[${name}]" >> modules/mycloud/pages/partial-list-components.adoc +done diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index bbfb2ef..b763aff 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -1,57 +1,4 @@ -= WrenIX's FluxCD-Repository += WrenIX’s FluxCD-Repository +This repository just contains helm-charts (and some values) which are usable with https://fluxcd.io/ -== Install FluxCD into a cluster - -Here i install it with connection to codeberg: - - the path is just for the cluster - - the url a repo where fluxcd (in given path) install itself and monitor - - i just install my needed components (i skip notification-controller, i prefer prometheus and alerting) - -[source,bash] ----- -flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path= --url ssh://git@codeberg.org/wrenix/.git ----- - -=== Secure with verify - -Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster. -That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time. - -in your repository the flux cli has created an `/flux-system/kustomization.yaml`, we will edit them. - -[source,patch] ----- - apiVersion: kustomize.config.k8s.io/v1beta1 - kind: Kustomization - resources: - - gotk-components.yaml - - gotk-sync.yaml - -+patches: -+ - target: -+ kind: GitRepository -+ name: flux-system -+ patch: |- -+ apiVersion: source.toolkit.fluxcd.io/v1 -+ kind: GitRepository -+ metadata: -+ name: flux-system -+ spec: -+ verify: <1> -+ mode: HEAD -+ secretRef: -+ name: gpg-publickey -+ -+generatorOptions: -+ disableNameSuffixHash: true <2> -+ -+secretGenerator: -+ - name: gpg-publickey <3> -+ namespace: flux-system -+ files: -+ - gpg-publickey/wrenix.gpg <4> ----- -<1> add verify, that only HEAD git commit with valide gpg signature is used -<2> on the next generate, do not add hash -<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1> -<4> Add list of valide gpg key files +Any helm-chart here is supposed to deploy fluxcd-resource and is called in this documentation as component (exclude xref:base:index.adoc[Base] which is supposed to bundle multiple components). diff --git a/docs/modules/base/nav.adoc b/docs/modules/base/nav.adoc new file mode 100644 index 0000000..99c9338 --- /dev/null +++ b/docs/modules/base/nav.adoc @@ -0,0 +1,3 @@ +* Base +** xref:index.adoc[Home] +** xref:README.adoc[Readme] diff --git a/docs/modules/base/pages/README.adoc b/docs/modules/base/pages/README.adoc new file mode 120000 index 0000000..438e090 --- /dev/null +++ b/docs/modules/base/pages/README.adoc @@ -0,0 +1 @@ +../../../../base/README.adoc \ No newline at end of file diff --git a/docs/modules/base/pages/index.adoc b/docs/modules/base/pages/index.adoc new file mode 100644 index 0000000..5512063 --- /dev/null +++ b/docs/modules/base/pages/index.adoc @@ -0,0 +1,174 @@ += Base +This Helm-Chart called base is there to bundle multiple components (helm-charts which maybe deployes another flux-repository). + +== Base-Values +On this way, it is possible to use one `values.yaml` to setup multiple-components together or multiple overlapping `values.yaml` (e.g. for staging, stacks and so on). +For example, take an look in my xref:infra:index.adoc[Infra] and xref:mycloud:index.adoc[myCloud] stack. + +[WARNING] +==== +I will do a versioning of this Base Helmchart and every components chart (but not for my default values). +This is just for my setups. + +As in Hint, it is possible to use `valuesFrom:` and deploy ConfigMap, see https://fluxcd.io/flux/components/helm/helmreleases/#values-references[fluxcd]. +==== + +=== Shared Values + +The values `global:` and `commons:` are down passed into every component values. +This values could be overwritten inside the setup of every component `components..global:` or `components..commons:`. + +See also xref:#_values[Components - Values] + +== Components + +The components are an helmchart in the `commons.helm.chart.sourceRef` root. + +Everything else is components specific and could be set under: +[source,yaml] +---- +commons: + namespace: + labels: + orgs: example + + helm: + release: + install: + test: + upgrade: + driftDetection: + +componentCommons: + helm: + release: + interval: 10m + +components: + : + enabled: true <1> + name: <2> + namespace: <3> + name: + labels: + team: my + skip_create: false + valuesFrom: <4> + values: <5> +---- +<1> install this components (or not) +<2> if set use component by name otherwise component is used by component-release-name +<3> setup namespace, where component is deployed (e.g. name, labels of namespace, skip-create) if not set use namespace of current Base +<4> use `valuesFrom` an `Secret` or `ConfigMap` +<5> use values direct + +=== Namespace +It is possible to deploy an components into a specific namespace (and create this). + +==== Use existing Namespace +[source,yaml] +---- +components: + : + namespace: + name: "default" + skip_create: true +---- + +==== Same Namespace as Base +[source,yaml] +---- +components: + : + namespace: + name: nil <1> +---- +<1> or never set this part + +==== New Namespace +[source,yaml] +---- +commons: + namespace: + labels: <1> + orgs: example + +components: + : + namespace: + name: "my-namespace" + labels: <2> + team: my +---- +<1> optional with labels on every new namespace by this component-release +<2> optional with labels on this component-release + +=== Values +There are multiple options to set values of an components. +Here in short the four options and order by overwrite priority. +[source,yaml] +---- +global: <3> +commons: <3> +componentCommons: + helm: + release: + valuesFrom: <1> + +components: + : + valuesFrom: [] <2> + values: <4> +---- +<1> `valuesFrom` for every components (e.g one or multiple `ConfigMap` or `Secrets`) +<2> `valuesFrom` of a specific component +<3> `global:` or `commons` for every componets +<4> values for a specific component + +==== Adjust Component setup (fluxcd values) + +[source,yaml] +---- +commons: <1> + helm: + release: + install: + test: + upgrade: + driftDetection: + +componentCommons: + helm: + release: <2> + interval: 10m +---- +<1> is part of commons, for maybe reuse inside of an component-chart. +<2> is part of componentCommons for just use of component use level. + +==== init-Version + +[WARNING] +==== +Since FluxCD supports driftDetection (with version 2.2) we maybe drop that idea. +==== + +This is a small workaround to setup manifest in later step / rerun an component-chart, as e.g. CRD installation by an HelmRelease which is part of the used Component-Chart. + +.Helper which should be put into the Component-Chart (with Capabilities if every is there to setup / to retries) +[source,yaml] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} +---- diff --git a/docs/modules/components/generate.sh b/docs/modules/components/generate.sh deleted file mode 100755 index fdc29d2..0000000 --- a/docs/modules/components/generate.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -ROOT_DIR="../../.." - -echo "* components" > nav.adoc -for c in $ROOT_DIR/{infra,mycloud}-* ; do - name=$(basename $c) - ln -sf "../${c}/README.adoc" "pages/${name}.adoc"; - echo "** xref:${name}.adoc[${name}]" >> nav.adoc -done - -helm-docs --chart-search-root "${ROOT_DIR}/" -t ./docs/modules/components/README.adoc.gotmpl -o README.adoc diff --git a/docs/modules/fluxcd/nav.adoc b/docs/modules/fluxcd/nav.adoc new file mode 100644 index 0000000..b846acd --- /dev/null +++ b/docs/modules/fluxcd/nav.adoc @@ -0,0 +1 @@ +* xref:index.adoc[Flux] diff --git a/docs/modules/fluxcd/pages/index.adoc b/docs/modules/fluxcd/pages/index.adoc new file mode 100644 index 0000000..8104c3a --- /dev/null +++ b/docs/modules/fluxcd/pages/index.adoc @@ -0,0 +1,57 @@ += FluxCD +== Install FluxCD into a cluster + +Here i install it with connection to codeberg: + +* the path is just for the cluster +* the url a repo where fluxcd (in given path) install itself and monitor +* i just install my needed components (i skip notification-controller, i prefer prometheus and alerting) + +[source,bash] +---- +flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path= --url ssh://git@codeberg.org/wrenix/.git +---- + +=== Secure with verify + +Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster. +That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time. + +in your repository the flux cli has created an `/flux-system/kustomization.yaml`, we will edit them. + +[source,patch] +---- + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + resources: + - gotk-components.yaml + - gotk-sync.yaml + ++patches: ++ - target: ++ kind: GitRepository ++ name: flux-system ++ patch: |- ++ apiVersion: source.toolkit.fluxcd.io/v1 ++ kind: GitRepository ++ metadata: ++ name: flux-system ++ spec: ++ verify: <1> ++ mode: HEAD ++ secretRef: ++ name: gpg-publickey ++ ++generatorOptions: ++ disableNameSuffixHash: true <2> ++ ++secretGenerator: ++ - name: gpg-publickey <3> ++ namespace: flux-system ++ files: ++ - gpg-publickey/wrenix.gpg <4> +---- +<1> add verify, that only HEAD git commit with valide gpg signature is used +<2> on the next generate, do not add hash +<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1> +<4> Add list of valide gpg key files diff --git a/docs/modules/infra/nav.adoc b/docs/modules/infra/nav.adoc new file mode 100644 index 0000000..2213c16 --- /dev/null +++ b/docs/modules/infra/nav.adoc @@ -0,0 +1,4 @@ +* Infra +** xref:index.adoc[Home] +** xref:monitoring.adoc[Monitoring] +** xref:auth.adoc[Auth / myCloud] diff --git a/docs/modules/infra/pages/auth.adoc b/docs/modules/infra/pages/auth.adoc new file mode 100644 index 0000000..8a229ba --- /dev/null +++ b/docs/modules/infra/pages/auth.adoc @@ -0,0 +1,31 @@ += Authentification +It is possible to use xref:components/mycloud-authentik.adoc[mycloud-authentik] (or with ``./base-values/mycloud-core.yaml`). + +[source,yaml] +---- +commons: + auth: + enabled: true <1> + namespace: "mycloud" <2> + authentik: + domain: "auth.wrenix.eu" <3> + backend: "mycloud-mycloud-authentik-hr" <4> + +components: + infra-monitoring: + grafana: + auth: + anonymous: + enabled: false <5> +---- +<1> enable to configurate own ressurces and mycloud (blueprint for authentik) +<2> namespace where authentik of mycloud runs (where to put blueprint secrets) +<3> domain of authentik (for setup OIDCs and so on on own instances) +<4> backend of authentik for logout ingresses of infra-components +<5> configure grafana to disable anonymous auth (just use authentik SSO / OIDC) + +For the following software an proxy based setup handled (current just traefik is supported): + +* alertmanager +* karma +* prometheus diff --git a/docs/modules/infra/pages/index.adoc b/docs/modules/infra/pages/index.adoc new file mode 100644 index 0000000..a1eebb7 --- /dev/null +++ b/docs/modules/infra/pages/index.adoc @@ -0,0 +1,114 @@ += Infrastructure + +a bundle of software which should run on every kubernetes cluster. + +== Components + +The following components for an infrastructure setup exists: +include::partial-list-components.adoc[] + +== Usage + +My `base-values/infra.yaml` use for the different components extra namespaces. + +.Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base]) +[source,yaml] +---- +--- +apiVersion: v1 +kind: Namespace +metadata: + name: infra <1> +--- +apiVersion: v1 +kind: Secret <2> +metadata: + name: infra-secret + namespace: infra <1> +data: + masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: wrenix-flux-charts <3> + namespace: flux-system +spec: + url: https://codeberg.org/wrenix/flux-charts.git + ref: + branch: main + interval: 10m + # for more info about verification take an look here: + # - https://fluxcd.io/flux/components/source/gitrepositories/#verification + # - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify + # later replaced with oci and cosign + # verify: + # mode: HEAD + # secretRef: + # name: gpg-publickey +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: infra <4> + namespace: infra <1> +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: wrenix-flux-charts <3> + namespace: flux-system + chart: "./base" + reconcileStrategy: "Revision" + valuesFiles: + - "./base/values.yaml" + - "./base-values/commons.yaml" <5> + - "./base-values/infra.yaml" <6> + interval: 10m + values: + ## + # Commons + ## + commons: + + helm: + chart: + sourceRef: <3> + kind: GitRepository + name: wrenix-flux-charts + namespace: flux-system + + ingress: + domain: "my-infra.eu" <7> + + componentCommons: + helm: + release: + valuesFrom: + - kind: Secret <2> + name: infra-secret + valuesKey: masterPassword + targetPath: commons.masterPassword + ## + # Compoments + ## + components: <8> + infra-certificates: + values: + email: host.acme@wrenix.eu + infra-monitoring: + values: + prometheus: + exporter: + blackbox: + enabled: true +---- +<1> namespace where install all the components later +<2> secret to bypass secure values into the infra-components (masterPassword) +<3> reference where base and all the components are founded by fluxcd +<4> use of base-helm chart for fluxcd to bundle the different infra-components together +<5> use my default commons values for flux-chart components +<6> use my default to setup all commons for infra and infra components +<7> setup default domain (where subdomains are generate for the different components) +<8> overwrite componets values (here setup default also certmanager email for Let's Encrypt and setup prometheus-blackbox-exporter) diff --git a/docs/modules/infra/pages/monitoring.adoc b/docs/modules/infra/pages/monitoring.adoc new file mode 100644 index 0000000..ceeaa05 --- /dev/null +++ b/docs/modules/infra/pages/monitoring.adoc @@ -0,0 +1,35 @@ += Monitoring + +We deploy by default all resources to monitor every deployment. + +For adjusting of the labels, there are following values in `commons` of the xref::base:index.adoc[Base]. + +[source,yaml] +---- +commons: + grafana: + datasource: + labels: <1> + grafana_datasource: "1" + dashboards: + labels: <2> + grafana_dashboard: "1" + annotations: <3> + + prometheus: + alertmanager: + labels: <4> + alertmanager: default + monitor: + labels: <5> + prometheus: default + rules: + labels: <6> + prometheus: default +---- +<1> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Datasource of Grafana-Sidecar +<2> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Dashboards of Grafana-Sidecar +<3> used annotations on `Secrets` and `ConfigMap` metadata of Dashboards for usage configuration of Grafana-Sidecar (useful for but Dashboards into Folders on Grafana) +<4> used labels on `AlertmanagerConfig` metadata for usage for filter on `Alertmanager` instance of https://prometheus-operator.dev/[promethues-operator] +<5> used labels on `ServiceMonitor` and `PodMonitor` metadata for usage for filter on `Prometheus` instance of https://prometheus-operator.dev/[promethues-operator] +<6> used labels on `PrometheusRules` metadata for usage for filter on `Prometheus` instance of https://prometheus-operator.dev/[prometheus-operator] diff --git a/docs/modules/infra/pages/partial-list-components.adoc b/docs/modules/infra/pages/partial-list-components.adoc new file mode 100644 index 0000000..59a96ee --- /dev/null +++ b/docs/modules/infra/pages/partial-list-components.adoc @@ -0,0 +1,7 @@ + +* xref:components:infra-certificates.adoc[infra-certificates] +* xref:components:infra-fluxcd.adoc[infra-fluxcd] +* xref:components:infra-ingress.adoc[infra-ingress] +* xref:components:infra-logging.adoc[infra-logging] +* xref:components:infra-monitoring.adoc[infra-monitoring] +* xref:components:infra-trivy.adoc[infra-trivy] diff --git a/docs/modules/mycloud/nav.adoc b/docs/modules/mycloud/nav.adoc new file mode 100644 index 0000000..91d2526 --- /dev/null +++ b/docs/modules/mycloud/nav.adoc @@ -0,0 +1,7 @@ +* myCloud +** xref:index.adoc[Home] +** xref:persistence.adoc[Persistence] +** xref:mail.adoc[Mail] +** xref:ingress.adoc[Ingress] +** xref:theme.adoc[Theme] +** xref:monitoring.adoc[Monitoring] diff --git a/docs/modules/mycloud/pages/index.adoc b/docs/modules/mycloud/pages/index.adoc new file mode 100644 index 0000000..fe55f31 --- /dev/null +++ b/docs/modules/mycloud/pages/index.adoc @@ -0,0 +1,142 @@ += myCloud + +a bundle of OpenSource Software with one user management. + +Current based only on: https://goauthentik.io[authentik] + +== First Login +Your main Account must be initalized: +`https://auth./if/flow/initial-setup/` + +== Components + +The following components for an myCloud setup exists: +include::partial-list-components.adoc[] + +== Usage + +My `base-values/mycloud-*.yaml` does not set any namespace, so the same the the Base-Helmchart is used (maybe you like to use multiple myClouds in different namespaces). + +.Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base]): +[source,yaml] +---- +--- +apiVersion: v1 +kind: Namespace +metadata: + name: mycloud <1> + +--- +apiVersion: v1 +kind: Secret <2> +metadata: + name: mycloud-mail + namespace: mycloud <1> +data: + password: MAIL_ACCOUNT_PASSWORD + +--- +apiVersion: v1 +kind: Secret <3> +metadata: + name: mycloud-master-password + namespace: mycloud <1> +data: + masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE + +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: wrenix-flux-charts <4> + namespace: flux-system +spec: + url: https://codeberg.org/wrenix/flux-charts.git + ref: + branch: main + interval: 10m + # for more info about verification take an look here: + # - https://fluxcd.io/flux/components/source/gitrepositories/#verification + # - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify + # later replaced with oci and cosign + # verify: + # mode: HEAD + # secretRef: + # name: gpg-publickey + +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: mycloud <5> + namespace: mycloud <1> +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: wrenix-flux-charts <4> + namespace: flux-system + chart: "./base" + reconcileStrategy: "Revision" + valuesFiles: + - "./base/values.yaml" + - "./base-values/commons.yaml" <6> + - "./base-values/mycloud-core.yaml" <7> + - "./base-values/mycloud-nextcloud.yaml" <8> + - "./base-values/mycloud-collabora.yaml" <9> + interval: 10m + values: + ## + # Commons + ## + commons: + mail: <10> + host: "posteo.de" + username: "mycloud@posteo.net" + use_tls: true + from: "mycloud@posteo.net" + + helm: + chart: + sourceRef: <4> + kind: GitRepository + name: wrenix-flux-charts + namespace: flux-system + + ingress: + domain: "mycloud.eu" <11> + + componentCommons: + helm: + release: + valuesFrom: + - kind: Secret <3> + name: mycloud-master-password + valuesKey: masterPassword + targetPath: commons.masterPassword + - kind: Secret <2> + name: mycloud-mail + valuesKey: password + targetPath: commons.mail.password + + ## + # Compoments + ## + components: + mycloud-nextcloud: + values: <12> + quota: "100 MB" +---- +<1> namespace where install all the components later +<2> secret to bypass secure values into the mycloud-components (mail) +<3> secret to bypass secure values into the mycloud-components (masterPassword) +<4> reference where base and all the components are founded by fluxcd +<5> use of base-helm chart for fluxcd to bundle the different mycloud-components together +<6> use my default commons values for flux-chart components +<7> use my default to setup all commons for mycloud-components and the mycloud-core components (e.g. xref:components:mycloud-services.adoc[mycloud-services] and xref:components:mycloud-authentik.adoc[mycloud-authentik]) +<8> use my default values for usage of xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] (it also configure xref:components:mycloud-services.adoc[mycloud-services] for another database and xref:components:mycloud-authentik.adoc[mycloud-authentik] for user management) +<9> use my default values for usage of xref:components:mycloud-collabora.adoc[mycloud-collabora] (it also configure xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] if it is also used) +<10> setup default mail configuration (for all components) for more commons values take an look into the used components (or `base-values`) +<11> setup default domain (where subdomains are generate for the different components) +<12> overwrite componets values (here setup default quota for an use in xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud]) diff --git a/docs/modules/mycloud/pages/ingress.adoc b/docs/modules/mycloud/pages/ingress.adoc new file mode 100644 index 0000000..726f045 --- /dev/null +++ b/docs/modules/mycloud/pages/ingress.adoc @@ -0,0 +1,85 @@ += Ingress + +Per default, the ingress domain and tls could be set, + +The domain is used, to set for every components per default an subdomain by this domain. +(This could be overwritten by see xref:#_change_host__domain_per_components[Change Host / Domain per Components].) + +If you do not like to setup for every ingress-tls an new cert secrets (e.g. you do not use an cert-manager), the you could override it global with your on entry. + +[source,yaml] +---- +commons: + ingress: + domain: + tls: + enabled: true + override: +---- + +== Annotations + +It is possible to set annotations global or per components: +[source,yaml] +---- +commons: + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + +components: + mycloud-authentik: + values: + ingress: + annotations: + traefik.ingress.kubernetes.io/router.middlewares: ingress-redirect-https@kubernetescrd +---- + +== Change Host / Domain per Components + +=== Authentik +[source,yaml] +---- +commons: + auth: + host: "login.wrenix.eu" + +components: + mycloud-authentik: + values: + ingress: + host: "login.wrenix.eu" +---- + +=== Nextcloud +[source,yaml] +---- +components: + mycloud-nextcloud: + values: + ingress: + host: "files.wrenix.eu:" + + mycloud-collabora: + values: + allowedHosts: + files.wrenix.eu: [] +---- + +=== Collabora +[source,yaml] +---- +components: + mycloud-nextcloud: + values: + apps: + richdocuments: + enabled: true + config: + wopi_url: "https://office.wrenix.eu" + + mycloud-collabora: + values: + ingress: + host: "office.wrenix.eu" +---- diff --git a/docs/modules/mycloud/pages/mail.adoc b/docs/modules/mycloud/pages/mail.adoc new file mode 100644 index 0000000..450797c --- /dev/null +++ b/docs/modules/mycloud/pages/mail.adoc @@ -0,0 +1,26 @@ += Mail + +[source,yaml] +---- +commons: + mail: + host: + username: + password: + from: "no-reply@example.org" + use_tls: false + use_ssl: false + +components: + mycloud-authentik: + values: + mail: + from: + + mycloud-nextcloud: + values: + mail: + from: + host: + authtype: PLAIN +---- diff --git a/docs/modules/mycloud/pages/monitoring.adoc b/docs/modules/mycloud/pages/monitoring.adoc new file mode 120000 index 0000000..1ab92d5 --- /dev/null +++ b/docs/modules/mycloud/pages/monitoring.adoc @@ -0,0 +1 @@ +../../infra/pages/monitoring.adoc \ No newline at end of file diff --git a/docs/modules/mycloud/pages/partial-list-components.adoc b/docs/modules/mycloud/pages/partial-list-components.adoc new file mode 100644 index 0000000..ece861b --- /dev/null +++ b/docs/modules/mycloud/pages/partial-list-components.adoc @@ -0,0 +1,5 @@ + +* xref:components:mycloud-authentik.adoc[mycloud-authentik] +* xref:components:mycloud-collabora.adoc[mycloud-collabora] +* xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] +* xref:components:mycloud-services.adoc[mycloud-services] diff --git a/docs/modules/mycloud/pages/persistence.adoc b/docs/modules/mycloud/pages/persistence.adoc new file mode 100644 index 0000000..ba0fa0b --- /dev/null +++ b/docs/modules/mycloud/pages/persistence.adoc @@ -0,0 +1,29 @@ += Persistence + +[source,yaml] +---- +commons: + persistence: + storageClass: + hostPath: + enabled: false + prefix: "/var/lib/mycloud" + +components: + mycloud-services: + values: + postgresql: + persistence: + storageClass: + size: "10G" + + mycloud-nextcloud: + values: + persistence: + main: + pvc: "nextcloud" + size: 8Gi + data: + pvc: "nextcloud-data" + size: 16Gi +---- diff --git a/docs/modules/mycloud/pages/theme.adoc b/docs/modules/mycloud/pages/theme.adoc new file mode 100644 index 0000000..2555f27 --- /dev/null +++ b/docs/modules/mycloud/pages/theme.adoc @@ -0,0 +1,17 @@ += Theme + +[source,yaml] +---- +commons: + theme: + title: + logo: + favicon: + +components: + mycloud-authentik: + values: + theme: + background: > +---- + diff --git a/mycloud-collabora/README.adoc b/mycloud-collabora/README.adoc index 2ffa28b..940309e 100644 --- a/mycloud-collabora/README.adoc +++ b/mycloud-collabora/README.adoc @@ -97,9 +97,9 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat | | ingress.annotations -| string -| `nil` -| +| object +| `{"haproxy-ingress.github.io/assign-backend-server-id":"true","haproxy-ingress.github.io/balance-algorithm":"url_param WOPISrc","haproxy-ingress.github.io/config-backend":"hash-type consistent acl admin_url path_beg /cool/getMetrics acl admin_url path_beg /cool/adminws/ acl admin_url path_beg /browser/dist/admin/admin.html http-request deny if admin_url","haproxy-ingress.github.io/timeout-tunnel":"3600s","nginx.ingress.kubernetes.io/server-snippet":"location /cool/getMetrics { deny all; return 403; }\nlocation /cool/adminws/ { deny all; return 403; }\nlocation /browser/dist/admin/admin.html { deny all; return 403; }\n","nginx.ingress.kubernetes.io/upstream-hash-by":"$arg_WOPISrc"}` +| ingress annotatations - default are all the best practise of collabora | ingress.host | string diff --git a/mycloud-collabora/values.yaml b/mycloud-collabora/values.yaml index 7f920cc..e38de87 100644 --- a/mycloud-collabora/values.yaml +++ b/mycloud-collabora/values.yaml @@ -36,6 +36,7 @@ commons: ingress: # -- default: fs.(Values.commons.ingress.domain) host: + # -- ingress annotatations - default are all the best practise of collabora annotations: # nginx controller nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"