wrenix/flux-charts
1
0
Fork 0
Code Issues 14 Pull requests 1 Projects Releases Packages Wiki Activity Actions

chore(docs): improve documentation (of base, infra and mycloud)

Browse source
This commit is contained in:
WrenIX 2024-01-08 21:50:01 +01:00
parent fe60177c23
commit df4769e538
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
26 changed files with 849 additions and 75 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
base/README.adoc
View file

@ -44,7 +44,7 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| commons.namespace.labels | commons.namespace.labels
| object | object
| `{}` | `{}`
| | labels for every new created namespace (together or overwritten by components.<component-release-name.namespace.labels)
| componentCommons.helm.release.interval | componentCommons.helm.release.interval
| string | string
@ -54,12 +54,42 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| componentCommons.helm.release.valuesFrom | componentCommons.helm.release.valuesFrom
| list | list
| `[]` | `[]`
| | valuesFrom for every components (for use values from ConfigMap or Secret)
| components | components.<component-release-name>.enabled
| bool
| `false`
| enable component-release to install
| components.<component-release-name>.name
| string
| `nil`
| optional component-name (if not set component-release-name is used as component-name)
| components.<component-release-name>.namespace.labels
| object | object
| `{}` | `{}`
| | if create a new namespace use labels (and the common namespace.labels)
| components.<component-release-name>.namespace.name
| string
| `nil`
| if not set, it reuse namespace where this base-chart is deployed
| components.<component-release-name>.namespace.skip_create
| bool
| `false`
| use the named namespace but does not create it
| components.<component-release-name>.values
| object
| `{}`
| set values on component-release
| components.<component-release-name>.valuesFrom
| list
| `[]`
| valuesFrom just for this component (for use values from ConfigMap or Secret)
| global | global
| object | object

20
base/values.yaml
View file

@ -2,6 +2,7 @@ global: {}
commons: commons:
namespace: namespace:
# -- labels for every new created namespace (together or overwritten by components.<component-release-name.namespace.labels)
labels: {} labels: {}
helm: helm:
@ -15,6 +16,23 @@ componentCommons:
helm: helm:
release: release:
interval: 10m interval: 10m
# -- valuesFrom for every components (for use values from ConfigMap or Secret)
valuesFrom: [] valuesFrom: []
components: {} components:
<component-release-name>:
# -- enable component-release to install
enabled: false
# -- optional component-name (if not set component-release-name is used as component-name)
name:
namespace:
# -- if not set, it reuse namespace where this base-chart is deployed
name:
# -- if create a new namespace use labels (and the common namespace.labels)
labels: {}
# -- use the named namespace but does not create it
skip_create: false
# -- valuesFrom just for this component (for use values from ConfigMap or Secret)
valuesFrom: []
# -- set values on component-release
values: {}

4
docs/antora.yml
View file

@ -6,4 +6,8 @@ version:
nav: nav:
- modules/ROOT/nav.adoc - modules/ROOT/nav.adoc
- modules/fluxcd/nav.adoc
- modules/base/nav.adoc
- modules/infra/nav.adoc
- modules/mycloud/nav.adoc
- modules/components/nav.adoc - modules/components/nav.adoc

46
docs/generate.sh Executable file
View file

@ -0,0 +1,46 @@
#!/bin/sh
ROOT_DIR=".."
##
# components
##
echo "== components module"
echo "* components" > modules/components/nav.adoc
for c in $ROOT_DIR/* ; do
name=$(basename $c)
if \
[ $name == "docs" ] || \
[ $name == "base" ] || \
[ $name == "base-values" ] || \
[ ! -d $c ]; then
continue
fi;
echo " - ${name}"
ln -sf "../../../${c}/README.adoc" "modules/components/pages/${name}.adoc";
echo "** xref:${name}.adoc[${name}]" >> modules/components/nav.adoc
done
helm-docs --chart-search-root "${ROOT_DIR}/" -t ./docs/modules/components/README.adoc.gotmpl -o README.adoc
##
# infra
##
echo "== infra module"
echo "" > modules/infra/pages/partial-list-components.adoc
for c in $ROOT_DIR/infra-* ; do
name=$(basename $c)
echo "* xref:components:${name}.adoc[${name}]" >> modules/infra/pages/partial-list-components.adoc
done
##
# mycloud
##
echo "== mycloud module"
echo "" > modules/mycloud/pages/partial-list-components.adoc
for c in $ROOT_DIR/mycloud-* ; do
name=$(basename $c)
echo "* xref:components:${name}.adoc[${name}]" >> modules/mycloud/pages/partial-list-components.adoc
done

59
docs/modules/ROOT/pages/index.adoc
View file

@ -1,57 +1,4 @@
= WrenIX's FluxCD-Repository = WrenIXs FluxCD-Repository
This repository just contains helm-charts (and some values) which are usable with https://fluxcd.io/
== Install FluxCD into a cluster Any helm-chart here is supposed to deploy fluxcd-resource and is called in this documentation as component (exclude xref:base:index.adoc[Base] which is supposed to bundle multiple components).
Here i install it with connection to codeberg:
- the path is just for the cluster
- the url a repo where fluxcd (in given path) install itself and monitor
- i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)
[source,bash]
----
flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.git
----
=== Secure with verify
Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster.
That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.
in your repository the flux cli has created an `<path>/flux-system/kustomization.yaml`, we will edit them.
[source,patch]
----
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
+patches:
+ - target:
+ kind: GitRepository
+ name: flux-system
+ patch: |-
+ apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ metadata:
+ name: flux-system
+ spec:
+ verify: <1>
+ mode: HEAD
+ secretRef:
+ name: gpg-publickey
+
+generatorOptions:
+ disableNameSuffixHash: true <2>
+
+secretGenerator:
+ - name: gpg-publickey <3>
+ namespace: flux-system
+ files:
+ - gpg-publickey/wrenix.gpg <4>
----
<1> add verify, that only HEAD git commit with valide gpg signature is used
<2> on the next generate, do not add hash
<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
<4> Add list of valide gpg key files

3
docs/modules/base/nav.adoc Normal file
View file

@ -0,0 +1,3 @@
* Base
** xref:index.adoc[Home]
** xref:README.adoc[Readme]

1
docs/modules/base/pages/README.adoc Symbolic link
View file

@ -0,0 +1 @@
../../../../base/README.adoc

174
docs/modules/base/pages/index.adoc Normal file
View file

@ -0,0 +1,174 @@
= Base
This Helm-Chart called base is there to bundle multiple components (helm-charts which maybe deployes another flux-repository).
== Base-Values
On this way, it is possible to use one `values.yaml` to setup multiple-components together or multiple overlapping `values.yaml` (e.g. for staging, stacks and so on).
For example, take an look in my xref:infra:index.adoc[Infra] and xref:mycloud:index.adoc[myCloud] stack.
[WARNING]
====
I will do a versioning of this Base Helmchart and every components chart (but not for my default values).
This is just for my setups.
As in Hint, it is possible to use `valuesFrom:` and deploy ConfigMap, see https://fluxcd.io/flux/components/helm/helmreleases/#values-references[fluxcd].
====
=== Shared Values
The values `global:` and `commons:` are down passed into every component values.
This values could be overwritten inside the setup of every component `components.<component-name>.global:` or `components.<component-name>.commons:`.
See also xref:#_values[Components - Values]
== Components
The components are an helmchart in the `commons.helm.chart.sourceRef` root.
Everything else is components specific and could be set under:
[source,yaml]
----
commons:
namespace:
labels:
orgs: example
helm:
release:
install:
test:
upgrade:
driftDetection:
componentCommons:
helm:
release:
interval: 10m
components:
<component-release-name>:
enabled: true <1>
name: <2>
namespace: <3>
name:
labels:
team: my
skip_create: false
valuesFrom: <4>
values: <5>
----
<1> install this components (or not)
<2> if set use component by name otherwise component is used by component-release-name
<3> setup namespace, where component is deployed (e.g. name, labels of namespace, skip-create) if not set use namespace of current Base
<4> use `valuesFrom` an `Secret` or `ConfigMap`
<5> use values direct
=== Namespace
It is possible to deploy an components into a specific namespace (and create this).
==== Use existing Namespace
[source,yaml]
----
components:
<component-release-name>:
namespace:
name: "default"
skip_create: true
----
==== Same Namespace as Base
[source,yaml]
----
components:
<component-release-name>:
namespace:
name: nil <1>
----
<1> or never set this part
==== New Namespace
[source,yaml]
----
commons:
namespace:
labels: <1>
orgs: example
components:
<component-release-name>:
namespace:
name: "my-namespace"
labels: <2>
team: my
----
<1> optional with labels on every new namespace by this component-release
<2> optional with labels on this component-release
=== Values
There are multiple options to set values of an components.
Here in short the four options and order by overwrite priority.
[source,yaml]
----
global: <3>
commons: <3>
componentCommons:
helm:
release:
valuesFrom: <1>
components:
<component-release-name>:
valuesFrom: [] <2>
values: <4>
----
<1> `valuesFrom` for every components (e.g one or multiple `ConfigMap` or `Secrets`)
<2> `valuesFrom` of a specific component
<3> `global:` or `commons` for every componets
<4> values for a specific component
==== Adjust Component setup (fluxcd values)
[source,yaml]
----
commons: <1>
helm:
release:
install:
test:
upgrade:
driftDetection:
componentCommons:
helm:
release: <2>
interval: 10m
----
<1> is part of commons, for maybe reuse inside of an component-chart.
<2> is part of componentCommons for just use of component use level.
==== init-Version
[WARNING]
====
Since FluxCD supports driftDetection (with version 2.2) we maybe drop that idea.
====
This is a small workaround to setup manifest in later step / rerun an component-chart, as e.g. CRD installation by an HelmRelease which is part of the used Component-Chart.
.Helper which should be put into the Component-Chart (with Capabilities if every is there to setup / to retries)
[source,yaml]
----
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-init
namespace: "{{ .Values.init.namespace }}"
data:
{{- if and
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule")
(.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
}}
init: "-1"
{{- else }}
init: "{{ add1 .Values.init.version }}"
{{- end }}
----

11
docs/modules/components/generate.sh
View file

@ -1,11 +0,0 @@
#!/bin/sh
ROOT_DIR="../../.."
echo "* components" > nav.adoc
for c in $ROOT_DIR/{infra,mycloud}-* ; do
name=$(basename $c)
ln -sf "../${c}/README.adoc" "pages/${name}.adoc";
echo "** xref:${name}.adoc[${name}]" >> nav.adoc
done
helm-docs --chart-search-root "${ROOT_DIR}/" -t ./docs/modules/components/README.adoc.gotmpl -o README.adoc

1
docs/modules/fluxcd/nav.adoc Normal file
View file

@ -0,0 +1 @@
* xref:index.adoc[Flux]

57
docs/modules/fluxcd/pages/index.adoc Normal file
View file

@ -0,0 +1,57 @@
= FluxCD
== Install FluxCD into a cluster
Here i install it with connection to codeberg:
* the path is just for the cluster
* the url a repo where fluxcd (in given path) install itself and monitor
* i just install my needed components (i skip notification-controller, i prefer prometheus and alerting)
[source,bash]
----
flux bootstrap git --components source-controller,kustomize-controller,helm-controller --path=<path> --url ssh://git@codeberg.org/wrenix/<repo>.git
----
=== Secure with verify
Afterwards we need to setup a verification with GPG, so that nobody else could commit any workload in your cluster.
That is because i select an public git hosting (here codeberg), i trust them but maybe it get compromised one time.
in your repository the flux cli has created an `<path>/flux-system/kustomization.yaml`, we will edit them.
[source,patch]
----
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- gotk-components.yaml
- gotk-sync.yaml
+patches:
+ - target:
+ kind: GitRepository
+ name: flux-system
+ patch: |-
+ apiVersion: source.toolkit.fluxcd.io/v1
+ kind: GitRepository
+ metadata:
+ name: flux-system
+ spec:
+ verify: <1>
+ mode: HEAD
+ secretRef:
+ name: gpg-publickey
+
+generatorOptions:
+ disableNameSuffixHash: true <2>
+
+secretGenerator:
+ - name: gpg-publickey <3>
+ namespace: flux-system
+ files:
+ - gpg-publickey/wrenix.gpg <4>
----
<1> add verify, that only HEAD git commit with valide gpg signature is used
<2> on the next generate, do not add hash
<3> generate kubernetes Secret with the name `gpg-publickey` which is used in the patched GitRepository, see <1>
<4> Add list of valide gpg key files

4
docs/modules/infra/nav.adoc Normal file
View file

@ -0,0 +1,4 @@
* Infra
** xref:index.adoc[Home]
** xref:monitoring.adoc[Monitoring]
** xref:auth.adoc[Auth / myCloud]

31
docs/modules/infra/pages/auth.adoc Normal file
View file

@ -0,0 +1,31 @@
= Authentification
It is possible to use xref:components/mycloud-authentik.adoc[mycloud-authentik] (or with ``./base-values/mycloud-core.yaml`).
[source,yaml]
----
commons:
auth:
enabled: true <1>
namespace: "mycloud" <2>
authentik:
domain: "auth.wrenix.eu" <3>
backend: "mycloud-mycloud-authentik-hr" <4>
components:
infra-monitoring:
grafana:
auth:
anonymous:
enabled: false <5>
----
<1> enable to configurate own ressurces and mycloud (blueprint for authentik)
<2> namespace where authentik of mycloud runs (where to put blueprint secrets)
<3> domain of authentik (for setup OIDCs and so on on own instances)
<4> backend of authentik for logout ingresses of infra-components
<5> configure grafana to disable anonymous auth (just use authentik SSO / OIDC)
For the following software an proxy based setup handled (current just traefik is supported):
* alertmanager
* karma
* prometheus

114
docs/modules/infra/pages/index.adoc Normal file
View file

@ -0,0 +1,114 @@
= Infrastructure
a bundle of software which should run on every kubernetes cluster.
== Components
The following components for an infrastructure setup exists:
include::partial-list-components.adoc[]
== Usage
My `base-values/infra.yaml` use for the different components extra namespaces.
.Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base])
[source,yaml]
----
---
apiVersion: v1
kind: Namespace
metadata:
name: infra <1>
---
apiVersion: v1
kind: Secret <2>
metadata:
name: infra-secret
namespace: infra <1>
data:
masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: wrenix-flux-charts <3>
namespace: flux-system
spec:
url: https://codeberg.org/wrenix/flux-charts.git
ref:
branch: main
interval: 10m
# for more info about verification take an look here:
# - https://fluxcd.io/flux/components/source/gitrepositories/#verification
# - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify
# later replaced with oci and cosign
# verify:
# mode: HEAD
# secretRef:
# name: gpg-publickey
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: infra <4>
namespace: infra <1>
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: wrenix-flux-charts <3>
namespace: flux-system
chart: "./base"
reconcileStrategy: "Revision"
valuesFiles:
- "./base/values.yaml"
- "./base-values/commons.yaml" <5>
- "./base-values/infra.yaml" <6>
interval: 10m
values:
##
# Commons
##
commons:
helm:
chart:
sourceRef: <3>
kind: GitRepository
name: wrenix-flux-charts
namespace: flux-system
ingress:
domain: "my-infra.eu" <7>
componentCommons:
helm:
release:
valuesFrom:
- kind: Secret <2>
name: infra-secret
valuesKey: masterPassword
targetPath: commons.masterPassword
##
# Compoments
##
components: <8>
infra-certificates:
values:
email: host.acme@wrenix.eu
infra-monitoring:
values:
prometheus:
exporter:
blackbox:
enabled: true
----
<1> namespace where install all the components later
<2> secret to bypass secure values into the infra-components (masterPassword)
<3> reference where base and all the components are founded by fluxcd
<4> use of base-helm chart for fluxcd to bundle the different infra-components together
<5> use my default commons values for flux-chart components
<6> use my default to setup all commons for infra and infra components
<7> setup default domain (where subdomains are generate for the different components)
<8> overwrite componets values (here setup default also certmanager email for Let's Encrypt and setup prometheus-blackbox-exporter)

35
docs/modules/infra/pages/monitoring.adoc Normal file
View file

@ -0,0 +1,35 @@
= Monitoring
We deploy by default all resources to monitor every deployment.
For adjusting of the labels, there are following values in `commons` of the xref::base:index.adoc[Base].
[source,yaml]
----
commons:
grafana:
datasource:
labels: <1>
grafana_datasource: "1"
dashboards:
labels: <2>
grafana_dashboard: "1"
annotations: <3>
prometheus:
alertmanager:
labels: <4>
alertmanager: default
monitor:
labels: <5>
prometheus: default
rules:
labels: <6>
prometheus: default
----
<1> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Datasource of Grafana-Sidecar
<2> used labels on `Secrets` and `ConfigMap` metadata for usage for filter for Dashboards of Grafana-Sidecar
<3> used annotations on `Secrets` and `ConfigMap` metadata of Dashboards for usage configuration of Grafana-Sidecar (useful for but Dashboards into Folders on Grafana)
<4> used labels on `AlertmanagerConfig` metadata for usage for filter on `Alertmanager` instance of https://prometheus-operator.dev/[promethues-operator]
<5> used labels on `ServiceMonitor` and `PodMonitor` metadata for usage for filter on `Prometheus` instance of https://prometheus-operator.dev/[promethues-operator]
<6> used labels on `PrometheusRules` metadata for usage for filter on `Prometheus` instance of https://prometheus-operator.dev/[prometheus-operator]

7
docs/modules/infra/pages/partial-list-components.adoc Normal file
View file

@ -0,0 +1,7 @@
* xref:components:infra-certificates.adoc[infra-certificates]
* xref:components:infra-fluxcd.adoc[infra-fluxcd]
* xref:components:infra-ingress.adoc[infra-ingress]
* xref:components:infra-logging.adoc[infra-logging]
* xref:components:infra-monitoring.adoc[infra-monitoring]
* xref:components:infra-trivy.adoc[infra-trivy]

7
docs/modules/mycloud/nav.adoc Normal file
View file

@ -0,0 +1,7 @@
* myCloud
** xref:index.adoc[Home]
** xref:persistence.adoc[Persistence]
** xref:mail.adoc[Mail]
** xref:ingress.adoc[Ingress]
** xref:theme.adoc[Theme]
** xref:monitoring.adoc[Monitoring]

142
docs/modules/mycloud/pages/index.adoc Normal file
View file

@ -0,0 +1,142 @@
= myCloud
a bundle of OpenSource Software with one user management.
Current based only on: https://goauthentik.io[authentik]
== First Login
Your main Account must be initalized:
`https://auth.<commons.ingress.domain>/if/flow/initial-setup/`
== Components
The following components for an myCloud setup exists:
include::partial-list-components.adoc[]
== Usage
My `base-values/mycloud-*.yaml` does not set any namespace, so the same the the Base-Helmchart is used (maybe you like to use multiple myClouds in different namespaces).
.Example usage (warning, the `base-values` are not versioned, see xref:base:index.adoc[Base]):
[source,yaml]
----
---
apiVersion: v1
kind: Namespace
metadata:
name: mycloud <1>
---
apiVersion: v1
kind: Secret <2>
metadata:
name: mycloud-mail
namespace: mycloud <1>
data:
password: MAIL_ACCOUNT_PASSWORD
---
apiVersion: v1
kind: Secret <3>
metadata:
name: mycloud-master-password
namespace: mycloud <1>
data:
masterPassword: MASTER_PASSWORD_FOR_GENERATE_EVERY_A_NEW_ONE
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: wrenix-flux-charts <4>
namespace: flux-system
spec:
url: https://codeberg.org/wrenix/flux-charts.git
ref:
branch: main
interval: 10m
# for more info about verification take an look here:
# - https://fluxcd.io/flux/components/source/gitrepositories/#verification
# - https://wrenix.codeberg.page/docs/wrenix-flux/latest/#_secure_with_verify
# later replaced with oci and cosign
# verify:
# mode: HEAD
# secretRef:
# name: gpg-publickey
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: mycloud <5>
namespace: mycloud <1>
spec:
chart:
spec:
sourceRef:
kind: GitRepository
name: wrenix-flux-charts <4>
namespace: flux-system
chart: "./base"
reconcileStrategy: "Revision"
valuesFiles:
- "./base/values.yaml"
- "./base-values/commons.yaml" <6>
- "./base-values/mycloud-core.yaml" <7>
- "./base-values/mycloud-nextcloud.yaml" <8>
- "./base-values/mycloud-collabora.yaml" <9>
interval: 10m
values:
##
# Commons
##
commons:
mail: <10>
host: "posteo.de"
username: "mycloud@posteo.net"
use_tls: true
from: "mycloud@posteo.net"
helm:
chart:
sourceRef: <4>
kind: GitRepository
name: wrenix-flux-charts
namespace: flux-system
ingress:
domain: "mycloud.eu" <11>
componentCommons:
helm:
release:
valuesFrom:
- kind: Secret <3>
name: mycloud-master-password
valuesKey: masterPassword
targetPath: commons.masterPassword
- kind: Secret <2>
name: mycloud-mail
valuesKey: password
targetPath: commons.mail.password
##
# Compoments
##
components:
mycloud-nextcloud:
values: <12>
quota: "100 MB"
----
<1> namespace where install all the components later
<2> secret to bypass secure values into the mycloud-components (mail)
<3> secret to bypass secure values into the mycloud-components (masterPassword)
<4> reference where base and all the components are founded by fluxcd
<5> use of base-helm chart for fluxcd to bundle the different mycloud-components together
<6> use my default commons values for flux-chart components
<7> use my default to setup all commons for mycloud-components and the mycloud-core components (e.g. xref:components:mycloud-services.adoc[mycloud-services] and xref:components:mycloud-authentik.adoc[mycloud-authentik])
<8> use my default values for usage of xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] (it also configure xref:components:mycloud-services.adoc[mycloud-services] for another database and xref:components:mycloud-authentik.adoc[mycloud-authentik] for user management)
<9> use my default values for usage of xref:components:mycloud-collabora.adoc[mycloud-collabora] (it also configure xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud] if it is also used)
<10> setup default mail configuration (for all components) for more commons values take an look into the used components (or `base-values`)
<11> setup default domain (where subdomains are generate for the different components)
<12> overwrite componets values (here setup default quota for an use in xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud])

85
docs/modules/mycloud/pages/ingress.adoc Normal file
View file

@ -0,0 +1,85 @@
= Ingress
Per default, the ingress domain and tls could be set,
The domain is used, to set for every components per default an subdomain by this domain.
(This could be overwritten by see xref:#_change_host__domain_per_components[Change Host / Domain per Components].)
If you do not like to setup for every ingress-tls an new cert secrets (e.g. you do not use an cert-manager), the you could override it global with your on entry.
[source,yaml]
----
commons:
ingress:
domain:
tls:
enabled: true
override:
----
== Annotations
It is possible to set annotations global or per components:
[source,yaml]
----
commons:
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
components:
mycloud-authentik:
values:
ingress:
annotations:
traefik.ingress.kubernetes.io/router.middlewares: ingress-redirect-https@kubernetescrd
----
== Change Host / Domain per Components
=== Authentik
[source,yaml]
----
commons:
auth:
host: "login.wrenix.eu"
components:
mycloud-authentik:
values:
ingress:
host: "login.wrenix.eu"
----
=== Nextcloud
[source,yaml]
----
components:
mycloud-nextcloud:
values:
ingress:
host: "files.wrenix.eu:"
mycloud-collabora:
values:
allowedHosts:
files.wrenix.eu: []
----
=== Collabora
[source,yaml]
----
components:
mycloud-nextcloud:
values:
apps:
richdocuments:
enabled: true
config:
wopi_url: "https://office.wrenix.eu"
mycloud-collabora:
values:
ingress:
host: "office.wrenix.eu"
----

26
docs/modules/mycloud/pages/mail.adoc Normal file
View file

@ -0,0 +1,26 @@
= Mail
[source,yaml]
----
commons:
mail:
host:
username:
password:
from: "no-reply@example.org"
use_tls: false
use_ssl: false
components:
mycloud-authentik:
values:
mail:
from:
mycloud-nextcloud:
values:
mail:
from:
host:
authtype: PLAIN
----

1
docs/modules/mycloud/pages/monitoring.adoc Symbolic link
View file

@ -0,0 +1 @@
../../infra/pages/monitoring.adoc

5
docs/modules/mycloud/pages/partial-list-components.adoc Normal file
View file

@ -0,0 +1,5 @@
* xref:components:mycloud-authentik.adoc[mycloud-authentik]
* xref:components:mycloud-collabora.adoc[mycloud-collabora]
* xref:components:mycloud-nextcloud.adoc[mycloud-nextcloud]
* xref:components:mycloud-services.adoc[mycloud-services]

29
docs/modules/mycloud/pages/persistence.adoc Normal file
View file

@ -0,0 +1,29 @@
= Persistence
[source,yaml]
----
commons:
persistence:
storageClass:
hostPath:
enabled: false
prefix: "/var/lib/mycloud"
components:
mycloud-services:
values:
postgresql:
persistence:
storageClass:
size: "10G"
mycloud-nextcloud:
values:
persistence:
main:
pvc: "nextcloud"
size: 8Gi
data:
pvc: "nextcloud-data"
size: 16Gi
----

17
docs/modules/mycloud/pages/theme.adoc Normal file
View file

@ -0,0 +1,17 @@
= Theme
[source,yaml]
----
commons:
theme:
title:
logo:
favicon:
components:
mycloud-authentik:
values:
theme:
background: >
----

6
mycloud-collabora/README.adoc
View file

@ -97,9 +97,9 @@ image::https://img.shields.io/badge/Version-application-informational?style=flat
| |
| ingress.annotations | ingress.annotations
| string | object
| `nil` | `{"haproxy-ingress.github.io/assign-backend-server-id":"true","haproxy-ingress.github.io/balance-algorithm":"url_param WOPISrc","haproxy-ingress.github.io/config-backend":"hash-type consistent acl admin_url path_beg /cool/getMetrics acl admin_url path_beg /cool/adminws/ acl admin_url path_beg /browser/dist/admin/admin.html http-request deny if admin_url","haproxy-ingress.github.io/timeout-tunnel":"3600s","nginx.ingress.kubernetes.io/server-snippet":"location /cool/getMetrics { deny all; return 403; }\nlocation /cool/adminws/ { deny all; return 403; }\nlocation /browser/dist/admin/admin.html { deny all; return 403; }\n","nginx.ingress.kubernetes.io/upstream-hash-by":"$arg_WOPISrc"}`
| | ingress annotatations - default are all the best practise of collabora
| ingress.host | ingress.host
| string | string

1
mycloud-collabora/values.yaml
View file

@ -36,6 +36,7 @@ commons:
ingress: ingress:
# -- default: fs.(Values.commons.ingress.domain) # -- default: fs.(Values.commons.ingress.domain)
host: host:
# -- ingress annotatations - default are all the best practise of collabora
annotations: annotations:
# nginx controller # nginx controller
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc" nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"