From f5a26b3652a09a1705c53151183a87c3c365ea54 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Fri, 8 Mar 2024 14:39:56 +0100 Subject: [PATCH] feat(mycloud-coder): add coder --- mycloud-coder/.helmignore | 23 ++ mycloud-coder/Chart.yaml | 9 + mycloud-coder/README.adoc | 215 ++++++++++++++++++ .../templates/authentik-application.yaml | 56 +++++ .../templates/configmap_init_crd.yaml | 14 ++ mycloud-coder/templates/release.yaml | 70 ++++++ mycloud-coder/templates/repo.yaml | 6 + mycloud-coder/values.yaml | 59 +++++ 8 files changed, 452 insertions(+) create mode 100644 mycloud-coder/.helmignore create mode 100644 mycloud-coder/Chart.yaml create mode 100644 mycloud-coder/README.adoc create mode 100644 mycloud-coder/templates/authentik-application.yaml create mode 100644 mycloud-coder/templates/configmap_init_crd.yaml create mode 100644 mycloud-coder/templates/release.yaml create mode 100644 mycloud-coder/templates/repo.yaml create mode 100644 mycloud-coder/values.yaml diff --git a/mycloud-coder/.helmignore b/mycloud-coder/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/mycloud-coder/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/mycloud-coder/Chart.yaml b/mycloud-coder/Chart.yaml new file mode 100644 index 0000000..2a125b8 --- /dev/null +++ b/mycloud-coder/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: mycloud-coder +description: myCloud component to setup coder +type: application +maintainers: + - name: WrenIX + url: https://wrenix.eu + +version: 0.1.0 diff --git a/mycloud-coder/README.adoc b/mycloud-coder/README.adoc new file mode 100644 index 0000000..4f529e1 --- /dev/null +++ b/mycloud-coder/README.adoc @@ -0,0 +1,215 @@ + + += mycloud-gotosocial + +image::https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square[Version: 0.1.0] +image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] +== Maintainers + +.Maintainers +|=== +| Name | Email | Url + +| WrenIX +| +| +|=== + +== Values + +.Values +|=== +| Key | Type | Default | Description + +| auth.clientID +| string +| `nil` +| generated by .Values.commons.masterPassword + +| auth.clientSecret +| string +| `nil` +| generated by .Values.commons.masterPassword + +| commons.auth.host +| string +| `nil` +| default auth.(.Values.commons.ingress.domain) + +| commons.helm.release.driftDetection +| object +| `{}` +| + +| commons.helm.release.install +| object +| `{}` +| + +| commons.helm.release.test +| object +| `{}` +| + +| commons.helm.release.upgrade +| object +| `{}` +| + +| commons.ingress.annotations."cert-manager.io/cluster-issuer" +| string +| `"letsencrypt-prod"` +| + +| commons.ingress.domain +| string +| `"wrenix.eu"` +| + +| commons.ingress.tls.enabled +| bool +| `true` +| tls on every ingress + +| commons.ingress.tls.override +| string +| `nil` +| use own definition of tls (e.g. for own or wildcard certificate) + +| commons.mail.from +| string +| `nil` +| + +| commons.mail.host +| string +| `nil` +| + +| commons.mail.password +| string +| `nil` +| + +| commons.mail.use_ssl +| bool +| `false` +| + +| commons.mail.use_tls +| bool +| `false` +| + +| commons.mail.username +| string +| `nil` +| + +| commons.masterPassword +| string +| `"CHANGEME"` +| + +| commons.persistence.hostPath.enabled +| bool +| `false` +| + +| commons.persistence.hostPath.prefix +| string +| `"/var/lib/mycloud"` +| + +| commons.persistence.storageClass +| string +| `nil` +| + +| commons.prometheus.monitor.labels +| object +| `{}` +| + +| commons.prometheus.rules.labels +| object +| `{}` +| + +| commons.theme.favicon +| string +| `"/static/dist/assets/icons/icon.png"` +| + +| commons.theme.logo +| string +| `"/static/dist/assets/icons/icon_left_brand.svg"` +| + +| commons.theme.title +| string +| `"myCloud"` +| + +| database.host +| string +| `"mycloud-services-postgresql"` +| default is from mysql-services + +| database.name +| string +| `"gotosocial"` +| + +| database.password +| string +| `nil` +| generated by .Values.commons.masterPassword (equal to mycloud-services) + +| database.username +| string +| `"gotosocial"` +| + +| ingress.annotations +| string +| `nil` +| + +| ingress.host +| string +| `nil` +| default: social.(Values.commons.ingress.domain) + +| init.namespace +| string +| `"bases"` +| + +| init.version +| int +| `0` +| + +| mail.from +| string +| `nil` +| generade by Values.commons.mail.from + +| mail.host +| string +| `nil` +| default Values.commons.mail.host + +| persistence.size +| string +| `"16Gi"` +| + +| persistence.storageClass +| string +| `nil` +| +|=== + +Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/mycloud-coder/templates/authentik-application.yaml b/mycloud-coder/templates/authentik-application.yaml new file mode 100644 index 0000000..e98bcf2 --- /dev/null +++ b/mycloud-coder/templates/authentik-application.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: {{ .Release.Name }}-auth +spec: + chart: + spec: + sourceRef: + kind: GitRepository + name: "wrenix-helm-charts" + namespace: "flux-system" + chart: "./authentik-application" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + {{- $host := .Values.ingress.host | default (printf "coder.%s" .Values.commons.ingress.domain) }} + blueprint: + authentik: + domain: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}" + provider: + type: "oidc" + name: "GoToSocial" + oidc: + clientType: "confidential" + redirectURL: "https://{{ $host }}/external-auth/primary/callback" + clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "coder" "auth.clientID") | quote }} + clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "coder" "auth.clientSecret") | quote }} + signingKey: "authentik Self-signed Certificate" + scopes: + - name: "authentik default OAuth Mapping: OpenID 'openid'" + - name: "authentik default OAuth Mapping: OpenID 'email'" + - name: "authentik default OAuth Mapping: OpenID 'profile'" + + groups: + - slug: "mycloud - users" + bindID: "cefc0c13-49fa-4374-a909-e201a88a473b" + + application: + policyEngineMode: "any" + openInNewTab: true + publisher: "WrenIX's myCloud" + slug: "mycloud-coder" + group: "Developing" + name: "Coder" + launchURL: "https://{{ $host }}/settings" + icon: "https://{{ $host }}/assets/logo.png" + description: "Deliver Real Developer Productivity - Code More. Build Fast. Spend Less." diff --git a/mycloud-coder/templates/configmap_init_crd.yaml b/mycloud-coder/templates/configmap_init_crd.yaml new file mode 100644 index 0000000..f82bbe4 --- /dev/null +++ b/mycloud-coder/templates/configmap_init_crd.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-init + namespace: "{{ .Values.init.namespace }}" +data: + {{- if and + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/PrometheusRule") + (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") + }} + init: "-1" + {{- else }} + init: "{{ add1 .Values.init.version }}" + {{- end }} diff --git a/mycloud-coder/templates/release.yaml b/mycloud-coder/templates/release.yaml new file mode 100644 index 0000000..857d427 --- /dev/null +++ b/mycloud-coder/templates/release.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: "{{ .Release.Name }}-hr" +spec: + chart: + spec: + sourceRef: + kind: HelmRepository + name: "{{ .Release.Name }}" + chart: "coder" + reconcileStrategy: "Revision" + install: + {{- toYaml .Values.commons.helm.release.install | nindent 4 }} + test: + {{- toYaml .Values.commons.helm.release.test | nindent 4 }} + upgrade: + {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }} + driftDetection: + {{- toYaml .Values.commons.helm.release.driftDetection | nindent 4 }} + interval: 10m + values: + {{- $host := .Values.ingress.host | default (printf "coder.%s" .Values.commons.ingress.domain) }} + {{- $wildcardHost := .Values.ingress.wildcardhost | default (printf "*-ide.%s" .Values.commons.ingress.domain) }} + coder: + env: + - name: CODER_ACCESS_URL + value: "https://{{ $host }}" + - name: CODER_WILDCARDACCESS_URL + value: "{{ $wildcardHost }}" + envFrom: + - secretRef: + name: + applicationName: {{ .Values.commons.theme.title | quote }} + database: + type: postgres + address: {{ .Values.database.host | quote }} + username: {{ .Values.database.username | quote }} + password: {{ .Values.database.password | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "database_password" | b64enc) | quote }} + database: {{ .Values.database.name | quote }} + oidc: + enabled: true + idpName: {{ .Values.commons.theme.title | quote }} + issuer: "https://{{ .Values.commons.auth.host | default (printf "auth.%s" .Values.commons.ingress.domain) }}/application/o/mycloud-gotosocial/" + clientID: {{ .Values.auth.clientID | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientID") | quote }} + clientSecret: {{ .Values.auth.clientSecret | default (derivePassword 1 "long" .Values.commons.masterPassword "gotosocial" "auth.clientSecret") | quote }} + adminGroups: + - "authentik Admins" + + service: + type: ClusterIP + + ingress: + enabled: true + annotations: + {{- with .Values.commons.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + host: {{ $host | quote }} + wildcardHost: {{ $wildcardHost | quote }} + {{- if .Values.commons.ingress.tls.enabled }} + tls: + enabled: true + secretName: "mycloud-coder-cert" + wildcardSecretName: "mycloud-coder-cert" + {{- end }} diff --git a/mycloud-coder/templates/repo.yaml b/mycloud-coder/templates/repo.yaml new file mode 100644 index 0000000..58f3a4e --- /dev/null +++ b/mycloud-coder/templates/repo.yaml @@ -0,0 +1,6 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: "{{ .Release.Name }}" +spec: + url: https://helm.coder.com/v2 diff --git a/mycloud-coder/values.yaml b/mycloud-coder/values.yaml new file mode 100644 index 0000000..56a49dd --- /dev/null +++ b/mycloud-coder/values.yaml @@ -0,0 +1,59 @@ +init: + version: 0 + namespace: "bases" + +commons: + masterPassword: "CHANGEME" + + auth: + # -- default auth.(.Values.commons.ingress.domain) + host: + + theme: + title: myCloud + logo: /static/dist/assets/icons/icon_left_brand.svg + favicon: /static/dist/assets/icons/icon.png + + helm: + release: + install: {} + test: {} + upgrade: {} + driftDetection: {} + + ingress: + domain: "wrenix.eu" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + # -- tls on every ingress + enabled: true + # -- use own definition of tls (e.g. for own or wildcard certificate) + override: + + prometheus: + monitor: + labels: {} + rules: + labels: {} + +auth: + # -- generated by .Values.commons.masterPassword + clientID: + # -- generated by .Values.commons.masterPassword + clientSecret: + +ingress: + # -- default: coder.(Values.commons.ingress.domain) + host: + # -- default: *-ide.(Values.commons.ingress.domain) + wildcardHost: + annotations: + +database: + # -- default is from mysql-services + host: mycloud-services-postgresql + name: coder + username: coder + # -- generated by .Values.commons.masterPassword (equal to mycloud-services) + password: