mirror of
https://gitlab.fabcity.hamburg/software/fab-city-software-kit.git
synced 2024-09-19 20:08:52 +02:00
integrated core and webpresence, cleaned up dir tree and notes
This commit is contained in:
parent
66e6581f11
commit
4f5d7833fb
3
.envrc
3
.envrc
|
@ -1,7 +1,4 @@
|
|||
|
||||
use flake
|
||||
|
||||
watch_file ./nix/checks.nix
|
||||
watch_file ./nix/dev-shell.nix
|
||||
|
||||
eval "$shellHook"
|
||||
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -9,3 +9,4 @@ charts
|
|||
temp
|
||||
site
|
||||
!base/charts
|
||||
.pre-commit-config.yaml
|
||||
|
|
|
@ -1,47 +1,23 @@
|
|||
---
|
||||
variables:
|
||||
NIX_VERSION: "latest"
|
||||
NIX_CONFIG: "experimental-features = nix-command flakes recursive-nix"
|
||||
|
||||
default:
|
||||
image: nixpkgs/nix-unstable:${NIX_VERSION}
|
||||
timeout: 1 hours
|
||||
tags:
|
||||
- nix
|
||||
before_script:
|
||||
# - nix flake show
|
||||
# - nix profile install --inputs-from . 'nixpkgs#direnv'
|
||||
# - direnv hook bash >> ~/.bashrc
|
||||
# - . ~/.bashrc
|
||||
# - . /etc/profile
|
||||
# - env
|
||||
# - direnv allow
|
||||
# - direnv status
|
||||
# - direnv reload
|
||||
# - cd $(pwd)
|
||||
- nix profile install --inputs-from . 'nixpkgs#yamllint'
|
||||
- nix profile install --inputs-from . 'nixpkgs#mdl'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kubectl'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kubernetes-helm'
|
||||
- nix profile install --inputs-from . 'nixpkgs#kustomize'
|
||||
- nix develop
|
||||
|
||||
stages:
|
||||
- test
|
||||
- build
|
||||
- release
|
||||
- deploy
|
||||
|
||||
lint.yaml:
|
||||
stage: test
|
||||
script:
|
||||
- yamllint -f auto .
|
||||
|
||||
lint.markdown:
|
||||
stage: test
|
||||
script: mdl .
|
||||
|
||||
kustomize.dev:
|
||||
stage: test
|
||||
lint.kustomize.dev:
|
||||
stage: build
|
||||
script: kubectl kustomize overlays/dev --enable-helm
|
||||
|
||||
kustomize.prod:
|
||||
stage: test
|
||||
lint.kustomize.prod:
|
||||
stage: build
|
||||
script: kubectl kustomize overlays/prod --enable-helm
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.3.0
|
||||
hooks:
|
||||
- id: check-added-large-files
|
||||
- id: check-builtin-literals
|
||||
- id: check-case-conflict
|
||||
- id: check-docstring-first
|
||||
- id: check-json
|
||||
- id: check-merge-conflict
|
||||
- id: check-yaml
|
||||
- id: detect-private-key
|
||||
- id: double-quote-string-fixer
|
||||
- id: end-of-file-fixer
|
||||
- id: trailing-whitespace
|
||||
|
||||
- repo: https://github.com/adrienverge/yamllint
|
||||
rev: v1.27.1
|
||||
hooks:
|
||||
- id: yamllint
|
||||
files: '.*(?<!\.yaml)$'
|
62
Makefile
62
Makefile
|
@ -16,20 +16,11 @@ help: ## Display this help.
|
|||
|
||||
##@ Setup
|
||||
|
||||
up: k3d-create olm-install ## Create a local k3d development cluster with operator lifecycle manager.
|
||||
down: k3d-delete ## Delete the local k3d development cluster.
|
||||
up: ## Create a local K3D development cluster.
|
||||
@k3d cluster create interfacer-swkit --config k3s-dev.yaml
|
||||
|
||||
olm-install: ## Install the Operator Framework Lifecycle Manager.
|
||||
@operator-sdk olm install
|
||||
|
||||
olm-uninstall: ## Uninstall the Operator Framework Lifecycle Manager.
|
||||
@operator-sdk olm uninstall
|
||||
|
||||
k3d-create: ## Create a local K3D development cluster.
|
||||
@k3d cluster create fcos-dev --config ci/k3d-fcos-dev.yaml
|
||||
|
||||
k3d-delete: ## Delete the local K3D development cluster
|
||||
@k3d cluster delete fcos-dev
|
||||
down: ## Delete the local K3D development cluster
|
||||
@k3d cluster delete interfacer-swkit
|
||||
|
||||
##@ Lint
|
||||
|
||||
|
@ -44,11 +35,6 @@ markdown-lint: ## Lint all Markdown files.
|
|||
manifest-lint: ## Lint the Kubenetes manifest.
|
||||
@kubectl kustomize overlays/dev --enable-helm | kubeconform -ignore-missing-schemas -strict
|
||||
|
||||
##@ Test
|
||||
|
||||
conftest: ## Test the Kubernetes manifest against the policies.
|
||||
@kubectl kustomize overlays/dev --enable-helm | conftest test -p test -
|
||||
|
||||
##@ Build
|
||||
|
||||
doc: ## Build the documentation using mkdocs.
|
||||
|
@ -57,9 +43,21 @@ doc: ## Build the documentation using mkdocs.
|
|||
manifest: ## Build Kubernetes manifest using Kustomize and Helm.
|
||||
@kubectl kustomize overlays/dev --enable-helm
|
||||
|
||||
deploy: ## Apply the manifest to the local Kubernetes development cluster.
|
||||
deploy: deploy-dev ## Apply the manifest to the local Kubernetes development cluster.
|
||||
|
||||
deploy-dev: ## Apply the manifest to the local Kubernetes development cluster.
|
||||
@kubectl kustomize overlays/dev/ --enable-helm | kubectl apply --server-side=true -f -
|
||||
|
||||
deploy-prod: ## Apply the manifest to the Kubernetes production cluster.
|
||||
@kubectl kustomize overlays/prod/ --enable-helm | kubectl apply --server-side=true -f -
|
||||
|
||||
remove: ## Remove the namespaces from the Kubernetes cluster.
|
||||
@kubectl delete namespaces \
|
||||
cert-manager \
|
||||
gitea \
|
||||
interfacer-core \
|
||||
interfacer-webpresence
|
||||
|
||||
clean: down up ## Clean the local Kubernetes development cluster.
|
||||
|
||||
##@ Show
|
||||
|
@ -85,36 +83,10 @@ get-node: ## Get all Kubernetes nodes.
|
|||
watch-all: ## Watch the state of all Kubernetes resources.
|
||||
@watch -n 1 kubectl get all --all-namespaces
|
||||
|
||||
get-olm-status: ## Get the state of the Operator Framework Lifecycle Manager.
|
||||
@operator-sdk olm status
|
||||
|
||||
get-olm-cat: ## Get the catalog sources of the Operator Framework Lifecycle Manager.
|
||||
@kubectl get catalogsources.operators.coreos.com --all-namespaces
|
||||
|
||||
get-olm-subs: ## Get the catalog subscriptions of the Operator Framework Lifecycle Manager.
|
||||
@kubectl get subscriptions.operators.coreos.com --all-namespaces
|
||||
|
||||
get-olm-pkgs: ## Get the package manifest of the Operator Framework Lifecycle Manager.
|
||||
@kubectl get packagemanifest --all-namespaces
|
||||
|
||||
get-olm-ip: ## Get the install plans of the Operator Framework Lifecycle Manager.
|
||||
@kubectl get installplans.operators.coreos.com --all-namespaces
|
||||
|
||||
##@ Log
|
||||
|
||||
olm: ## Show logs of the Operator Framework Lifecycle Manager.
|
||||
@kubectl logs -f deployment.apps/olm-operator --all-containers -n olm
|
||||
|
||||
events: ## Show all Kubernetes cluster events.
|
||||
@kubectl get events --watch --all-namespaces
|
||||
|
||||
##@ Tools
|
||||
|
||||
nav: ## Start K9s to view and manage your Kubernetes clusters.
|
||||
@k9s --all-namespaces --headless
|
||||
|
||||
lens: ## Start Lens to view and manage your Kubernetes clusters.
|
||||
@nohup lens > /dev/null 2>&1&
|
||||
|
||||
%:
|
||||
@true
|
||||
|
|
74
README.md
74
README.md
|
@ -1,47 +1,36 @@
|
|||
<p align="center">
|
||||
<img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
|
||||
<img src="https://raw.githubusercontent.com/dyne/interfacer-docs/main/docs/_media/general/interfacer-logo.png" alt="Interfacer" />
|
||||
</p>
|
||||
|
||||
<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
|
||||
<h1 align="center">Interfacer SWKit for Kubernetes ⚓️</h1>
|
||||
|
||||
<h4 align="center">
|
||||
<a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
|
||||
<a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
|
||||
<a href="https://www.interfacerproject.eu/">Website</a> |
|
||||
<a href="https://www.interfacerproject.eu/#news">Blog</a> |
|
||||
<a href="https://www.interfacerproject.eu/#news">Blog</a>
|
||||
</h4>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/interfacer-swkit/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/interfacer-swkit/badges/main/pipeline.svg" alt="Pipeline"></a>
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Matrix"></a>
|
||||
</p>
|
||||
|
||||
<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
|
||||
|
||||
This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
|
||||
|
||||
**FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
|
||||
This Repo is designed to be a lightweight way to configure the Interfacer SWKit applications. Interfacer SWKit is a bundle of Applications to enabling a data-based circular economy via global collaboration and local production.
|
||||
|
||||
## Table of Contents <!-- omit in toc -->
|
||||
|
||||
- [📖 Documentation](#-documentation)
|
||||
- [🚀 Getting Started](#-getting-started)
|
||||
- [Repository structure](#repository-structure)
|
||||
- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
|
||||
- [Install kubectl](#install-kubectl)
|
||||
- [Install helm](#install-helm)
|
||||
- [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
|
||||
|
||||
## 📖 Documentation
|
||||
|
||||
- [k3d](https://k3d.io/)
|
||||
- [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
|
||||
- [kustomize](https://kubectl.docs.kubernetes.io/guides/)
|
||||
- [helm](https://helm.sh/docs/)
|
||||
- [kubectx](https://kubectx.dev/)
|
||||
- [kube-linter](https://github.com/stackrox/kube-linter)
|
||||
- [k9s](https://k9scli.io/)
|
||||
- [sops](https://github.com/mozilla/sops)
|
||||
- [cert-manager](https://cert-manager.io/docs/)y
|
||||
|
||||
## 🚀 Getting Started
|
||||
|
@ -53,59 +42,42 @@ First of all, you will need a Kubernetes cluster up and running. If you are not
|
|||
### Repository structure
|
||||
|
||||
```yaml
|
||||
├── base # kustomize global objects folder
|
||||
│ ├── kustomization.yaml # kustomize global application config
|
||||
│ └── ... # kustomize global cluster objects
|
||||
├── apps # kustomize global applications folder
|
||||
│ ├── wordpress # kustomize global application folder
|
||||
│ ├── gitea # kustomize global application folder
|
||||
│ │ ├── kustomization.yaml # kustomize global application definition
|
||||
│ │ ├── charts # helm global chart config folder
|
||||
│ │ └── ... # kustomize global application objects
|
||||
│ └── ... # kustomize global applications objects
|
||||
├── base # kustomize global objects folder
|
||||
│ ├── kustomization.yaml # kustomize global application config
|
||||
│ └── ... # kustomize global cluster objects
|
||||
├── overlays # kustomize environment overrides
|
||||
│ ├── dev # kustomize environment folder
|
||||
│ ├── dev # kustomize environment specific
|
||||
│ │ ├── kustomization.yaml # kustomize environment definition
|
||||
│ │ └── apps # kustomize applications folder
|
||||
│ │ └── cert-manager # kustomize application folder
|
||||
│ │ └── cert-manager # kustomize applications folder
|
||||
│ │ ├── kustomization.yaml # kustomize application config
|
||||
│ │ └── ... # kustomize application objects
|
||||
│ └── ... # kustomize environment folder
|
||||
├── .envrc # direnv support file
|
||||
├── default.nix # nixos flake legacy support file
|
||||
├── flake.lock # nixos flake versions lock file
|
||||
├── flake.nix # nixos local runtime dependency
|
||||
├── shell.nix # nixos local development shell
|
||||
└── flake.nix # nix flake for local runtime dependency
|
||||
```
|
||||
|
||||
### Install kubectl <!-- omit in toc -->
|
||||
### Install kubectl
|
||||
|
||||
`kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
|
||||
|
||||
### Deploy FabCityOS <!-- omit in toc -->
|
||||
### Install helm
|
||||
|
||||
#### Install Kustomize <!-- omit in toc -->
|
||||
`helm` is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
|
||||
|
||||
Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
|
||||
|
||||
#### Install helm <!-- omit in toc -->
|
||||
|
||||
Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
|
||||
|
||||
#### Deploy FabCityOS <!-- omit in toc -->
|
||||
#### Deploy the SWKit <!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
|
||||
git clone https://gitlab.fabcity.hamburg/software/interfacer-swkit.git
|
||||
cd interfacer-swkit
|
||||
kubectl kustomize --enable-helm | kubectl apply -f -
|
||||
```
|
||||
|
||||
## 🤖 Compatibility with FabCityOS
|
||||
|
||||
We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
|
||||
This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
|
||||
|
||||
For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
|
||||
|
||||
The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
|
||||
|
||||
## ⚙️ Development Workflow and Contributing
|
||||
|
||||
Any new contribution is more than welcome in this project!
|
||||
|
|
|
@ -4,8 +4,7 @@ resources:
|
|||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: gitea
|
||||
version: v5.0.9
|
||||
releaseName: fcos-gitea
|
||||
version: 6.0.3
|
||||
releaseName: interfacer-gitea
|
||||
namespace: gitea
|
||||
repo: https://dl.gitea.io/charts/
|
||||
valuesFile: values.yaml
|
|
@ -4,11 +4,11 @@ service:
|
|||
http:
|
||||
type: ClusterIP
|
||||
port: 3000
|
||||
clusterIP:
|
||||
clusterIP: ""
|
||||
ssh:
|
||||
type: ClusterIP
|
||||
port: 22
|
||||
clusterIP:
|
||||
clusterIP: ""
|
||||
ingress:
|
||||
enabled: true
|
||||
apiVersion: networking.k8s.io/v1
|
||||
|
@ -16,20 +16,20 @@ ingress:
|
|||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- host: code.dev.fabcity-hamburg.de
|
||||
- host: code.k8s.dev.fabcity-hamburg.de
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 250m
|
||||
memory: 256Mi
|
||||
gitea:
|
||||
config:
|
||||
APP_NAME: "Fab City Codebase"
|
||||
APP_NAME: "Interfacer Codebase"
|
||||
log:
|
||||
ENABLE_ACCESS_LOG: true
|
||||
metrics:
|
10
apps/interfacer-core/kustomization.yaml
Normal file
10
apps/interfacer-core/kustomization.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
namespace: interfacer-core
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: fcoscore
|
||||
version: 0.1.0
|
||||
releaseName: interfacer-core
|
||||
namespace: interfacer-core
|
||||
repo: https://gitlab.fabcity.hamburg/api/v4/projects/248/packages/helm/alpha
|
|
@ -2,4 +2,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: postgresql
|
||||
name: interfacer-core
|
27
apps/interfacer-webpresence/deployment.yaml
Normal file
27
apps/interfacer-webpresence/deployment.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: interfacer-webpresence-deployment
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: interfacer-webpresence
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: interfacer-webpresence
|
||||
spec:
|
||||
containers:
|
||||
- name: webpresence
|
||||
image: fabcityhamburg/interfacer-webpresence:latest
|
||||
ports:
|
||||
- containerPort: 80
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
6
apps/interfacer-webpresence/kustomization.yaml
Normal file
6
apps/interfacer-webpresence/kustomization.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
namespace: interfacer-webpresence
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
|
@ -2,4 +2,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: keycloak
|
||||
name: interfacer-webpresence
|
12
apps/interfacer-webpresence/service.yaml
Normal file
12
apps/interfacer-webpresence/service.yaml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: interfacer-webpresence
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 4141
|
||||
targetPort: http
|
||||
protocol: TCP
|
5
apps/kustomization.yaml
Normal file
5
apps/kustomization.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
resources:
|
||||
- gitea
|
||||
- interfacer-webpresence
|
||||
- interfacer-core
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-acme-staging
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-acme-key-staging
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-acme
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-acme-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
|
@ -1,36 +0,0 @@
|
|||
---
|
||||
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
||||
kind: PostgresCluster
|
||||
metadata:
|
||||
name: fcos-keycloak-postgresql-cluster
|
||||
spec:
|
||||
postgresVersion: 14
|
||||
instances:
|
||||
- replicas: 1
|
||||
dataVolumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
podAffinityTerm:
|
||||
topologyKey: kubernetes.io/hostname
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
postgres-operator.crunchydata.com/cluster: keycloak-db
|
||||
postgres-operator.crunchydata.com/instance-set: "00"
|
||||
backups:
|
||||
pgbackrest:
|
||||
repos:
|
||||
- name: repo1
|
||||
volume:
|
||||
volumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
apiVersion: k8s.keycloak.org/v2alpha1
|
||||
kind: Keycloak
|
||||
metadata:
|
||||
name: fcos-keycloak
|
||||
spec:
|
||||
instances: 1
|
||||
hostname: id.dev.fabcity-hamburg.de
|
||||
serverConfiguration:
|
||||
- name: db
|
||||
value: postgres
|
||||
- name: db-url
|
||||
secret:
|
||||
name: fcos-keycloak-postgresql-cluster-pguser-fcos-keycloak-postgresql-cluster
|
||||
key: jdbc-uri
|
||||
tlsSecret: tls-keycloak
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
namespace: keycloak
|
||||
resources:
|
||||
- database.yaml
|
||||
- instance.yaml
|
||||
- realm.yaml
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
resources:
|
||||
- cert-manager
|
||||
# - keycloak
|
11
base/cert-manager/kustomization.yaml
Normal file
11
base/cert-manager/kustomization.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# namespace: cert-manager
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: cert-manager
|
||||
version: v1.10.1
|
||||
releaseName: interfacer-cert-manager
|
||||
repo: https://charts.jetstack.io
|
||||
namespace: cert-manager
|
||||
valuesFile: values.yaml
|
2
base/cert-manager/values.yaml
Normal file
2
base/cert-manager/values.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
installCRDs: true
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
namespace: external-dns
|
||||
resources:
|
||||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: external-dns
|
||||
version: 1.11.0
|
||||
releaseName: fcos-external-dns
|
||||
namespace: external-dns
|
||||
repo: https://kubernetes-sigs.github.io/external-dns/
|
||||
valuesFile: values.yaml
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: external-dns
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
provider: rfc2136
|
||||
extraArgs:
|
||||
- --rfc2136-host=dns.svc.mesh.sourceindex.de
|
||||
- --rfc2136-port=53
|
||||
- --rfc2136-zone=dev.fabcity-hamburg.de
|
||||
- --rfc2136-tsig-keyname=k8s
|
||||
- --rfc2136-tsig-secret=vIGI59apswrajcLTuw3j9xX9/Y/LewNtxJwqXxI3sUEQYvxRjQH7PuVtcEEXu4vr
|
||||
- --rfc2136-tsig-secret-alg=hmac-sha384
|
||||
- --rfc2136-tsig-axfr
|
||||
- --domain-filter=dev.fabcity-hamburg.de
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
resources:
|
||||
- ingress-nginx
|
||||
- external-dns
|
||||
- gitea
|
|
@ -4,8 +4,8 @@ resources:
|
|||
- namespace.yaml
|
||||
helmCharts:
|
||||
- name: ingress-nginx
|
||||
version: 4.2.0
|
||||
releaseName: fcos-ingress-nginx
|
||||
version: 4.4.0
|
||||
releaseName: interfacer-ingress-nginx
|
||||
repo: https://kubernetes.github.io/ingress-nginx
|
||||
namespace: ingress-nginx
|
||||
valuesFile: values.yaml
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
resources:
|
||||
- operators
|
||||
- charts
|
||||
- apps
|
||||
- cert-manager
|
||||
# - ingress-nginx
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
namespace: cert-manager
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- subscription.yaml
|
||||
- operatorgroup.yaml
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1
|
||||
kind: OperatorGroup
|
||||
metadata:
|
||||
name: cert-manager
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1alpha1
|
||||
kind: Subscription
|
||||
metadata:
|
||||
name: cert-manager
|
||||
spec:
|
||||
name: cert-manager
|
||||
channel: stable
|
||||
source: operatorhubio-catalog
|
||||
sourceNamespace: olm
|
||||
installPlanApproval: Automatic
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
namespace: keycloak
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- subscription.yaml
|
||||
- operatorgroup.yaml
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: keycloak
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1
|
||||
kind: OperatorGroup
|
||||
metadata:
|
||||
name: keycloak
|
||||
spec:
|
||||
targetNamespaces:
|
||||
- keycloak
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1alpha1
|
||||
kind: Subscription
|
||||
metadata:
|
||||
name: keycloak
|
||||
spec:
|
||||
name: keycloak-operator
|
||||
channel: candidate
|
||||
source: operatorhubio-catalog
|
||||
sourceNamespace: olm
|
||||
installPlanApproval: Automatic
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
resources:
|
||||
- cert-manager
|
||||
- postgresql
|
||||
- keycloak
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
namespace: postgresql
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- subscription.yaml
|
||||
- operatorgroup.yaml
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1
|
||||
kind: OperatorGroup
|
||||
metadata:
|
||||
name: postgresql
|
||||
spec:
|
||||
targetNamespaces:
|
||||
- keycloak
|
|
@ -1,11 +0,0 @@
|
|||
---
|
||||
apiVersion: operators.coreos.com/v1alpha1
|
||||
kind: Subscription
|
||||
metadata:
|
||||
name: postgresql
|
||||
spec:
|
||||
name: postgresql
|
||||
channel: v5
|
||||
source: operatorhubio-catalog
|
||||
sourceNamespace: olm
|
||||
installPlanApproval: Automatic
|
|
@ -1,6 +0,0 @@
|
|||
(import (let lock = builtins.fromJSON (builtins.readFile ./flake.lock);
|
||||
in fetchTarball {
|
||||
url =
|
||||
"https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
|
||||
sha256 = lock.nodes.flake-compat.locked.narHash;
|
||||
}) { src = ./.; }).defaultNix
|
|
@ -1,7 +0,0 @@
|
|||
# Gitea
|
||||
|
||||
* <https://gitea.com/gitea/helm-chart/>
|
||||
|
||||
```sh
|
||||
kubectl get secrets --namespace gitea fcos-gitea-inline-config -o jsonpath="{.data.admin}" | base64 --decode
|
||||
```
|
|
@ -1,10 +0,0 @@
|
|||
# Keycloak
|
||||
|
||||
```sh
|
||||
kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.username}" | base64 --decode
|
||||
kubectl get secrets --namespace keycloak fcos-keycloak-initial-admin -o jsonpath="{.data.password}" | base64 --decode
|
||||
```
|
||||
|
||||
```sh
|
||||
python -c 'import sys, yaml, json; print(yaml.dump(json.loads(sys.stdin.read())))' < realm-export.json > realm-export.yaml
|
||||
```
|
Binary file not shown.
Before Width: | Height: | Size: 4.2 KiB |
|
@ -1,51 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<svg
|
||||
width="64.6567"
|
||||
height="64.999603"
|
||||
viewBox="0 0 64.6567 64.999603"
|
||||
fill="none"
|
||||
version="1.1"
|
||||
id="svg930"
|
||||
sodipodi:docname="fchh-logo.svg"
|
||||
inkscape:version="1.1.2 (0a00cf5339, 2022-02-04)"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:svg="http://www.w3.org/2000/svg">
|
||||
<defs
|
||||
id="defs934" />
|
||||
<sodipodi:namedview
|
||||
id="namedview932"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pagecheckerboard="0"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:zoom="8.4"
|
||||
inkscape:cx="62.619048"
|
||||
inkscape:cy="32.440476"
|
||||
inkscape:window-width="1910"
|
||||
inkscape:window-height="1164"
|
||||
inkscape:window-x="0"
|
||||
inkscape:window-y="0"
|
||||
inkscape:window-maximized="1"
|
||||
inkscape:current-layer="svg930" />
|
||||
<path
|
||||
d="M 48.5249,27.8242 V 9.80015 C 48.5247,9.61602 48.4761,9.43519 48.384,9.27578 48.2918,9.11638 48.1594,8.984 47.9999,8.89194 L 32.8528,0.140666 C 32.6931,0.048514 32.5121,0 32.3278,0 32.1435,0 31.9624,0.048514 31.8028,0.140666 L 16.6539,8.89019 C 16.4944,8.98225 16.362,9.11463 16.2698,9.27403 16.1777,9.43344 16.1291,9.61427 16.1289,9.7984 v 18.0258 l 15.6739,-9.0575 c 0.1596,-0.0922 0.3407,-0.1407 0.525,-0.1407 0.1843,0 0.3653,0.0485 0.525,0.1407 z"
|
||||
fill="#35a58e"
|
||||
id="path910" />
|
||||
<path
|
||||
d="m 32.3271,55.8487 15.6057,9.0102 c 0.1596,0.0922 0.3407,0.1407 0.525,0.1407 0.1843,0 0.3653,-0.0485 0.525,-0.1407 l 15.1489,-8.7495 c 0.1594,-0.092 0.2919,-0.2244 0.384,-0.3838 0.0922,-0.1594 0.1408,-0.3403 0.141,-0.5244 v -17.499 c -2e-4,-0.1842 -0.0488,-0.365 -0.141,-0.5244 -0.0921,-0.1594 -0.2246,-0.2918 -0.384,-0.3838 L 48.5278,27.8047 v 18.0765 c -2e-4,0.1841 -0.0488,0.365 -0.141,0.5244 -0.0921,0.1594 -0.2245,0.2918 -0.384,0.3838 z"
|
||||
fill="#3a70ca"
|
||||
id="path912" />
|
||||
<path
|
||||
d="m 32.3278,55.8487 -15.6057,9.0102 c -0.1596,0.0922 -0.3407,0.1407 -0.525,0.1407 -0.1843,0 -0.3653,-0.0485 -0.5249,-0.1407 L 0.524972,56.1094 C 0.365518,56.0174 0.233077,55.885 0.140935,55.7256 0.0487924,55.5662 1.88854e-4,55.3853 0,55.2012 V 37.7022 C 1.88854e-4,37.518 0.0487924,37.3372 0.140935,37.1778 0.233077,37.0184 0.365518,36.886 0.524972,36.794 L 16.1289,27.8047 v 18.0765 c 2e-4,0.1841 0.0488,0.365 0.1409,0.5244 0.0922,0.1594 0.2246,0.2918 0.3841,0.3838 z"
|
||||
fill="#eb4544"
|
||||
id="path914" />
|
||||
</svg>
|
Before Width: | Height: | Size: 2.6 KiB |
|
@ -1,3 +0,0 @@
|
|||
# Basics
|
||||
|
||||
## Concepts
|
|
@ -1,142 +0,0 @@
|
|||
# Contributing <!-- omit in toc -->
|
||||
|
||||
First of all, thank you for contributing to FabCityOS! The goal of this document is to provide everything you need to know in order to contribute to FabCityOS and its different integrations.
|
||||
|
||||
- [Assumptions](#assumptions)
|
||||
- [How to Contribute](#how-to-contribute)
|
||||
- [Development Workflow](#development-workflow)
|
||||
- [Git Guidelines](#git-guidelines)
|
||||
- [Release Process (for internal team only)](#release-process-for-internal-team-only)
|
||||
|
||||
## Assumptions
|
||||
|
||||
1. **You're familiar with [Gitlab](https://about.gitlab.com/learn/) and the [Merge Request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)(PR) workflow.**
|
||||
2. **You've read the FabCityOS [documentation](https://www.interfacerproject.eu/) and the [README](/README.md).**
|
||||
3. **You know about the FabCityOS [community](https://matrix.to/#/#fcos:fabcity.hamburg). Please use this for help.**
|
||||
|
||||
## How to Contribute
|
||||
|
||||
1. Make sure that the contribution you want to make is explained or detailed in a GitHub issue! Find an [existing issue](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues) or [open a new one](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/issues/new).
|
||||
2. Once done, [fork the FabCityOS Core Chart repository](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) in your Gitlab account. Ask a maintainer if you want your issue to be checked before making a PR.
|
||||
3. [Create a new Git branch](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-new-branch).
|
||||
4. Review the [Development Workflow](#development-workflow) section that describes the steps to maintain the repository.
|
||||
5. Make the changes on your branch.
|
||||
6. [Submit the branch as a PR](https://docs.gitlab.com/ee/user/project/merge_requests/index.html) pointing to the `main` branch of the main fabcity-os-core-chart repository. A maintainer should comment and/or review your Pull Request within a few days. Although depending on the circumstances, it may take longer.<br>
|
||||
We do not enforce a naming convention for the PRs, but **please use something descriptive of your changes**, having in mind that the title of your PR will be automatically added to the next [release changelog](https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/releases/).
|
||||
|
||||
## Development Workflow
|
||||
|
||||
### Setup <!-- omit in toc -->
|
||||
|
||||
In order to use the different tools on this repository, you will first need to:
|
||||
|
||||
- [Install Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) on your machine. This will allow you to run commands against your Kubernetes cluster with the `kubectl` command.
|
||||
|
||||
- [Install Helm](https://helm.sh/docs/intro/install/). This will allow you to run the `helm` command, enabling the installation and manipulation of Helm charts.
|
||||
|
||||
- A Kubernetes cluster up and running. Any Kubernetes cluster can be used, on the cloud or locally installed on your machine. This can be easily achieved by [installing k3d](https://k3d.io/#installation), and creating a local cluster by running:
|
||||
|
||||
- [Optional: Use the Nix Package Manager](https://nix.dev/tutorials/install-nix). This will allow you to make use of the [nixpkgs](https://github.com/NixOS/nixpkgs), automatically managing all required dependencies from the `nix shell env`. In addition you also need the [nixpkgs: direnv](https://search.nixos.org/packages?query=direnv) for automatic environment selection.
|
||||
|
||||
#### Setup the development Cluster <!-- omit in toc -->
|
||||
|
||||
```bash
|
||||
k3d cluster create --config test/k3d-fcos-dev.yaml
|
||||
k3d cluster list
|
||||
k3d node list
|
||||
kubectl get --output wide nodes
|
||||
kubectl get --all-namespaces pods
|
||||
```
|
||||
|
||||
#### Deploy FabCityOS to the the development Cluster<!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
kubectl kustomize overlays/dev --enable-helm | kubectl apply -f -
|
||||
```
|
||||
|
||||
#### Watch all resources <!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
watch -n 1 kubectl get all --all-namespaces
|
||||
```
|
||||
|
||||
#### Remove the development Cluster <!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
k3d cluster delete --all
|
||||
```
|
||||
|
||||
### Tests and Linter <!-- omit in toc -->
|
||||
|
||||
Each PR should pass the linter to be accepted.
|
||||
|
||||
```bash
|
||||
# Linter
|
||||
helm lint .
|
||||
```
|
||||
|
||||
Each PR should also check if the generated file `manifests/fcos.yaml` is updated with the new modifications.
|
||||
You can generated the manifest with the command line:
|
||||
|
||||
```bash
|
||||
helm template fcos . | grep -v 'helm.sh/chart:\|app.kubernetes.io/managed-by:' > manifests/FabCityOS.yaml
|
||||
```
|
||||
|
||||
Or just by comment the PR:
|
||||
|
||||
```txt
|
||||
@FabCityOS sync-manifest
|
||||
```
|
||||
|
||||
Additionally, the CI will run a test to check if there are changes introduced to the charts. If changes were introduced, it will require you to update the Chart version.
|
||||
|
||||
## Git Guidelines
|
||||
|
||||
### Git Branches <!-- omit in toc -->
|
||||
|
||||
All changes must be made in a branch and submitted as PR.
|
||||
We do not enforce any branch naming style, but please use something descriptive of your changes.
|
||||
|
||||
### Git Commits <!-- omit in toc -->
|
||||
|
||||
As minimal requirements, your commit message should:
|
||||
|
||||
- be capitalized
|
||||
- not finish by a dot or any other punctuation character (!,?)
|
||||
- start with a verb so that we can read your commit message this way: "This commit will ...", where "..." is the commit message.
|
||||
e.g.: "Fix the home page button" or "Add more tests for create_index method"
|
||||
|
||||
We don't follow any other convention, but if you want to use one, we recommend [this one](https://chris.beams.io/posts/git-commit/).
|
||||
|
||||
### Pull Requests <!-- omit in toc -->
|
||||
|
||||
Some notes on PRs:
|
||||
|
||||
<!-- TODO: fix links -->
|
||||
|
||||
- [Convert your PR as a draft]() if your changes are a work in progress: no one will review it until you pass your PR as ready for review.<br>
|
||||
The draft PR can be very useful if you want to show that you are working on something and make your work visible.
|
||||
- The branch related to the PR must be **up-to-date with `main`** before merging. Fortunately, this project [integrates a bot]() to automatically enforce this requirement without the PR author having to do it manually.
|
||||
- All PRs must be reviewed and approved by at least one maintainer.
|
||||
- The PR title should be accurate and descriptive of the changes. The title of the PR will be indeed automatically added to the next [release changelogs]().
|
||||
|
||||
## Release Process (for internal team only)
|
||||
|
||||
FabCityOS tools follow the [Semantic Versioning Convention](https://semver.org/).
|
||||
|
||||
### Automation to Rebase and Merge the PRs <!-- omit in toc -->
|
||||
|
||||
This project integrates a bot that helps us manage pull requests merging.<br>
|
||||
_[Read more about this]()._
|
||||
|
||||
### How to Publish the Release <!-- omit in toc -->
|
||||
|
||||
⚠️ Before doing anything, make sure you got through the guide about [Releasing an Integration]().
|
||||
|
||||
⚠️ Every PR that is merged to `main` introducing changes to the Helm Chart needs to modify the file, by increasing the version of the chart accordingly.
|
||||
|
||||
Every PR that is merged to `main` triggers the automated release process, as specified at [``](). A GitHub Action will be triggered and publish a new release on the GitHub repository [releases](). This will enable users to start using the new version of the chart immediately after publishing.
|
||||
|
||||
<hr>
|
||||
|
||||
Thank you again for reading this through, we can not wait to begin to work with you if you made your way through this contributing guide ❤️
|
|
@ -1,11 +0,0 @@
|
|||
# Getting Started
|
||||
|
||||
## Overview
|
||||
|
||||
## Features
|
||||
|
||||
## Supported Providers
|
||||
|
||||
## Resources
|
||||
|
||||
## Security
|
113
docs/index.md
113
docs/index.md
|
@ -1,113 +0,0 @@
|
|||
<p align="center">
|
||||
<img src="https://www.fabcity.hamburg/wp-content/uploads/2021/04/cropped-Fab_City_Hamburg@4x-192x192.png" alt="FabCity Hamburg" width="192" height="192" />
|
||||
</p>
|
||||
|
||||
<h1 align="center">FabCityOS Kubernetes Integration Repo</h1>
|
||||
|
||||
<h4 align="center">
|
||||
<a href="https://github.com/FabCityOS Core/FabCityOS Core">Helm Chart</a> |
|
||||
<a href="https://reflowos.dyne.org/docs/what_is_reflowOS">Documentation</a> |
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg">Element</a> |
|
||||
<a href="https://www.interfacerproject.eu/">Website</a> |
|
||||
<a href="https://www.interfacerproject.eu/#news">Blog</a> |
|
||||
</h4>
|
||||
|
||||
<p align="center">
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/LICENSE"><img src="https://img.shields.io/badge/license-AGPL-informational" alt="License"></a>
|
||||
<a href="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/-/pipelines"><img src="https://gitlab.fabcity.hamburg/software/fabcity-os-core-chart/badges/main/pipeline.svg" alt="Build status"></a>
|
||||
<a href="https://matrix.to/#/#fcos:fabcity.hamburg"><img src="https://img.shields.io/badge/Matrix-FCOS-blue.svg?logo=element" alt="Element"></a>
|
||||
</p>
|
||||
|
||||
<p align="center">The FabCityOS Integration Repo for Kubernetes ⚓️</p>
|
||||
|
||||
This Integration repo is designed to be a lightweight way to configure FabCityOS applications.
|
||||
|
||||
**FabCityOS** is an operating system enabling a data-based circular economy via global collaboration and local production.
|
||||
|
||||
## Table of Contents <!-- omit in toc -->
|
||||
|
||||
- [📖 Documentation](#-documentation)
|
||||
- [🚀 Getting Started](#-getting-started)
|
||||
- [Repository structure](#repository-structure)
|
||||
- [🤖 Compatibility with FabCityOS](#-compatibility-with-fabcityos)
|
||||
- [⚙️ Development Workflow and Contributing](#️-development-workflow-and-contributing)
|
||||
|
||||
## 📖 Documentation
|
||||
|
||||
- [k3d](https://k3d.io/)
|
||||
- [kubectl](https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands)
|
||||
- [kustomize](https://kubectl.docs.kubernetes.io/guides/)
|
||||
- [helm](https://helm.sh/docs/)
|
||||
- [kubectx](https://kubectx.dev/)
|
||||
- [kube-linter](https://github.com/stackrox/kube-linter)
|
||||
- [k9s](https://k9scli.io/)
|
||||
- [sops](https://github.com/mozilla/sops)
|
||||
- [cert-manager](https://cert-manager.io/docs/)y
|
||||
|
||||
## 🚀 Getting Started
|
||||
|
||||
Kubernetes (K8s), is an open-source system for automating deployment, scaling, and management of containerized applications. You can run a FabCityOS Core instance inside your Kubernetes cluster, either if you want to expose it to the outside world or just let some other applications use it inside your cluster and take advantage of the instant and powerful search engine.
|
||||
|
||||
First of all, you will need a Kubernetes cluster up and running. If you are not familiar with how Kuberentes works or need some help with this step, please check the [Kubernetes documentation](https://kubernetes.io/docs/home/).
|
||||
|
||||
### Repository structure
|
||||
|
||||
```yaml
|
||||
├── apps # kustomize global applications folder
|
||||
│ ├── wordpress # kustomize global application folder
|
||||
│ │ ├── kustomization.yaml # kustomize global application definition
|
||||
│ │ ├── charts # helm global chart config folder
|
||||
│ │ └── ... # kustomize global application objects
|
||||
│ └── ... # kustomize global applications objects
|
||||
├── base # kustomize global objects folder
|
||||
│ ├── kustomization.yaml # kustomize global application config
|
||||
│ └── ... # kustomize global cluster objects
|
||||
├── overlays # kustomize environment overrides
|
||||
│ ├── dev # kustomize environment folder
|
||||
│ │ ├── kustomization.yaml # kustomize environment definition
|
||||
│ │ └── apps # kustomize applications folder
|
||||
│ │ └── cert-manager # kustomize application folder
|
||||
│ │ ├── kustomization.yaml # kustomize application config
|
||||
│ │ └── ... # kustomize application objects
|
||||
│ └── ... # kustomize environment folder
|
||||
├── .envrc # direnv support file
|
||||
├── default.nix # nixos flake legacy support file
|
||||
├── flake.lock # nixos flake versions lock file
|
||||
├── flake.nix # nixos local runtime dependency
|
||||
├── shell.nix # nixos local development shell
|
||||
```
|
||||
|
||||
### Install kubectl <!-- omit in toc -->
|
||||
|
||||
`kubectl` is the most commonly used CLI to manage a Kubernetes cluster. The installation instructions are [available here](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
|
||||
|
||||
### Deploy FabCityOS <!-- omit in toc -->
|
||||
|
||||
#### Install Kustomize <!-- omit in toc -->
|
||||
|
||||
Kustomize CLI is a Command Line Interface which will automate configuration management on your Kubernetes cluster. To install Kustomize, follow the [Kustomize installation instructions](https://kubectl.docs.kubernetes.io/installation/kustomize/).
|
||||
|
||||
#### Install helm <!-- omit in toc -->
|
||||
|
||||
Helm CLI is a Command Line Interface which will automate chart management and installation on your Kubernetes cluster. To install Helm, follow the [Helm installation instructions](https://helm.sh/docs/intro/install/).
|
||||
|
||||
#### Deploy FabCityOS <!-- omit in toc -->
|
||||
|
||||
```sh
|
||||
kubectl kustomize overlays/prod --enable-helm | kubectl apply -f -
|
||||
```
|
||||
|
||||
## 🤖 Compatibility with FabCityOS
|
||||
|
||||
We recommend that the Helm chart version is aligned to the version of the product you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding production version.
|
||||
This will also ensure that the documentation and examples for the chart will work with the version of the product, you are installing.
|
||||
|
||||
For example, if you want to deploy an fcos `0.1.0` cluster, use the corresponding `0.1.0` [tag][fcos-010].
|
||||
|
||||
The `master` version of these charts is intended to support the latest pre-release versions of our products, and therefore may or may not work with current released versions.
|
||||
|
||||
## ⚙️ Development Workflow and Contributing
|
||||
|
||||
Any new contribution is more than welcome in this project!
|
||||
|
||||
If you want to know more about the development workflow or want to contribute, please visit our [contributing guidelines](/CONTRIBUTING.md) for detailed instructions!
|
116
flake.lock
116
flake.lock
|
@ -3,11 +3,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -18,11 +18,11 @@
|
|||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1656928814,
|
||||
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -31,27 +31,117 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"pre-commit-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1657425264,
|
||||
"narHash": "sha256-3aHvoI2e8vJKw3hvnHECaBpSsL5mxVsVtaLCnTdNcH8=",
|
||||
"lastModified": 1669542132,
|
||||
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "de5b3dd17034e6106e75746e81618e5bd408de8a",
|
||||
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1668984258,
|
||||
"narHash": "sha256-0gDMJ2T3qf58xgcSbYoXiRGUkPWmKyr5C3vcathWhKs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cf63ade6f74bbc9d2a017290f1b2e33e8fbfa70a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1668994630,
|
||||
"narHash": "sha256-1lqx6HLyw6fMNX/hXrrETG1vMvZRGm2XVC9O/Jt0T6c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "af50806f7c6ab40df3e6b239099e8f8385f6c78b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669152228,
|
||||
"narHash": "sha256-FEDReoTLWJHXcNso7aaAlAUU7uOqIR6Hc/C/nqlfooE=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "078b0dee35e2da01334af682ec347463b70a9986",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
104
flake.nix
104
flake.nix
|
@ -1,22 +1,96 @@
|
|||
{
|
||||
description = "SRX frugal bioreactor";
|
||||
description = "Interfacer SWKit";
|
||||
inputs = {
|
||||
nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable-small"; };
|
||||
flake-compat = {
|
||||
url = "github:edolstra/flake-compat";
|
||||
flake = false;
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
||||
};
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
pre-commit-hooks,
|
||||
utils,
|
||||
...
|
||||
}:
|
||||
utils.lib.eachDefaultSystem (
|
||||
system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in {
|
||||
checks = {
|
||||
pre-commit-check = pre-commit-hooks.lib.${system}.run {
|
||||
src = utils.lib.cleanSource ./.;
|
||||
hooks = {
|
||||
alejandra.enable = true;
|
||||
nix-linter.enable = true;
|
||||
statix .enable = true;
|
||||
};
|
||||
outputs = { self, nixpkgs, flake-utils, ... }@inputs:
|
||||
flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
|
||||
let
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
allowBroken = true;
|
||||
settings.nix-linter.checks = [
|
||||
"DIYInherit"
|
||||
"EmptyInherit"
|
||||
"EmptyLet"
|
||||
"EtaReduce"
|
||||
"LetInInheritRecset"
|
||||
"ListLiteralConcat"
|
||||
"NegateAtom"
|
||||
"SequentialLet"
|
||||
"SetLiteralUpdate"
|
||||
"UnfortunateArgName"
|
||||
"UnneededRec"
|
||||
"UnusedArg"
|
||||
"UnusedLetBind"
|
||||
"UpdateEmptySet"
|
||||
"BetaReduction"
|
||||
"EmptyVariadicParamSet"
|
||||
"UnneededAntiquote"
|
||||
"no-FreeLetInFunc"
|
||||
"no-AlphabeticalArgs"
|
||||
"no-AlphabeticalBindings"
|
||||
];
|
||||
};
|
||||
};
|
||||
in { devShells.default = import ./shell.nix { inherit pkgs; }; });
|
||||
devShell = with pkgs;
|
||||
mkShell {
|
||||
name = "interfacer.swkit";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
alejandra
|
||||
cmctl
|
||||
conftest
|
||||
docker
|
||||
dotenv-linter
|
||||
editorconfig-checker
|
||||
git
|
||||
gnumake
|
||||
k9s
|
||||
kube3d
|
||||
kubeconform
|
||||
kubectl
|
||||
kubectx
|
||||
kubernetes-helm
|
||||
kubeval
|
||||
kubeval-schema
|
||||
kustomize
|
||||
mdl
|
||||
mdsh
|
||||
nix-linter
|
||||
pre-commit
|
||||
rnix-lsp
|
||||
vscodium-fhs
|
||||
yaml-language-server
|
||||
yamllint
|
||||
yq
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
. <(helm completion $(basename $SHELL))
|
||||
. <(k3d completion $(basename $SHELL))
|
||||
. <(kubectl completion $(basename $SHELL))
|
||||
. <(ct completion $(basename $SHELL))
|
||||
'';
|
||||
|
||||
shellHook = ''
|
||||
${self.checks.${system}.pre-commit-check.shellHook}
|
||||
'';
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
apiVersion: k3d.io/v1alpha4
|
||||
kind: Simple
|
||||
image: docker.io/rancher/k3s:v1.23.8-k3s1
|
||||
image: docker.io/rancher/k3s:v1.23.14-k3s1
|
||||
servers: 1
|
||||
agents: 2
|
||||
ports:
|
34
mkdocs.yml
34
mkdocs.yml
|
@ -1,34 +0,0 @@
|
|||
site_name: Fab City OS
|
||||
site_description: A Kubernetes environment to rollout the Fab City OS Core and Software Kit.
|
||||
site_author: Fab City Hamburg e. V.
|
||||
site_url: https://fabcityos.fabcity.hamburg/
|
||||
repo_url: https://gitlab.fabcity.hamburg/software/fabcity-os-integration/
|
||||
copyright: © 2022 <a href="https://www.interfacerproject.eu/">INTERFACER, All rights reserved.</a>.
|
||||
theme:
|
||||
name: material
|
||||
locale: en
|
||||
logo: assets/fc_logo.svg
|
||||
favicon: assets/fc_logo.ico
|
||||
nav:
|
||||
- Home: index.md
|
||||
- Getting started: getting-started.md
|
||||
- Application:
|
||||
- Keycloak: applications/keycloak.md
|
||||
- Gitea: applications/gitea.md
|
||||
- Development:
|
||||
- Contributing: development/contributing.md
|
||||
markdown_extensions:
|
||||
- attr_list
|
||||
- md_in_html
|
||||
- tables
|
||||
- toc
|
||||
- pymdownx.highlight:
|
||||
anchor_linenums: true
|
||||
- pymdownx.inlinehilite
|
||||
- pymdownx.snippets
|
||||
- pymdownx.superfences
|
||||
plugins:
|
||||
- search
|
||||
extra:
|
||||
generator: false
|
||||
homepage: https://www.interfacerproject.eu/
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
namespace: cert-manager
|
||||
resources:
|
||||
- selfsigned.yaml
|
||||
- letsencrypt.yaml
|
||||
|
|
15
overlays/dev/cert-manager/letsencrypt.yaml
Normal file
15
overlays/dev/cert-manager/letsencrypt.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
spec:
|
||||
isCA: true
|
||||
duration: 8760h
|
||||
secretName: tls-selfsigned-issuer
|
||||
commonName: selfsigned-issuer
|
||||
subject:
|
||||
organizations:
|
||||
- k8s-local-dev
|
||||
issuerRef:
|
||||
name: selfsigned-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
22
overlays/dev/gitea/ingress.yaml
Normal file
22
overlays/dev/gitea/ingress.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: gitea
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- code.k8s.dev.fabcity-hamburg.de
|
24
overlays/dev/gitea/kustomization.yaml
Normal file
24
overlays/dev/gitea/kustomization.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
namespace: gitea
|
||||
# patches:
|
||||
# - target:
|
||||
# kind: Ingress
|
||||
# group: networking.k8s.io
|
||||
# version: v1
|
||||
# labelSelector: "app=gitea"
|
||||
# patch: |-
|
||||
# - op: replace
|
||||
# path: /spec/rules
|
||||
# value:
|
||||
# - host: code.k8s.dev.fabcity-hamburg.de
|
||||
# http:
|
||||
# paths:
|
||||
# - path: /
|
||||
# pathType: Prefix
|
||||
|
||||
# - op: replace
|
||||
# path: /spec/tls
|
||||
# value:
|
||||
# - secretName: gitea-tls
|
||||
# hosts:
|
||||
# - code.k8s.dev.fabcity-hamburg.de
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: tls-keycloak
|
||||
labels:
|
||||
app: keycloak
|
||||
spec:
|
||||
secretName: tls-keycloak
|
||||
isCA: false
|
||||
privateKey:
|
||||
algorithm: RSA
|
||||
encoding: PKCS1
|
||||
size: 2048
|
||||
rotationPolicy: Always
|
||||
subject:
|
||||
organizations:
|
||||
- keycloak
|
||||
duration: 2160h
|
||||
renewBefore: 360h
|
||||
issuerRef:
|
||||
name: selfsigned-issuer
|
||||
kind: ClusterIssuer
|
||||
commonName: "id.dev.fabcity-hamburg.de"
|
||||
dnsNames:
|
||||
- "id.dev.fabcity-hamburg.de"
|
|
@ -1,4 +0,0 @@
|
|||
---
|
||||
namespace: keycloak
|
||||
resources:
|
||||
- certificate.yaml
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
- ../../apps
|
||||
- cert-manager
|
||||
- keycloak
|
||||
- gitea
|
||||
|
|
15
overlays/prod/cert-manager/letsencrypt.yaml
Normal file
15
overlays/prod/cert-manager/letsencrypt.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt
|
||||
spec:
|
||||
acme:
|
||||
email: hostmaster@fabcity-hamburg.de
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-key
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: nginx
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
namespace: gitea
|
||||
patches:
|
||||
- target:
|
||||
kind: Ingress
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
labelSelector: "app=gitea"
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/rules
|
||||
value:
|
||||
- host: code.fabcity-hamburg.de
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
|
||||
- op: replace
|
||||
path: /spec/tls
|
||||
value:
|
||||
- secretName: gitea-tls
|
||||
hosts:
|
||||
- code.fabcity-hamburg.de
|
22
overlays/prod/interfacer-webpresence/ingress.yaml
Normal file
22
overlays/prod/interfacer-webpresence/ingress.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: interfacer-webpresence
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
spec:
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: interfacer-webpresence
|
||||
port:
|
||||
name: http
|
||||
tls:
|
||||
- hosts:
|
||||
- www.k8s.dev.fabcity-hamburg.de
|
3
overlays/prod/interfacer-webpresence/kustomization.yaml
Normal file
3
overlays/prod/interfacer-webpresence/kustomization.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
resources:
|
||||
- ingress.yaml
|
|
@ -1,44 +0,0 @@
|
|||
---
|
||||
namespace: keycloak
|
||||
patches:
|
||||
- target:
|
||||
kind: PostgresCluster
|
||||
group: postgres-operator.crunchydata.com
|
||||
version: v1beta1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/instances
|
||||
value:
|
||||
- replicas: 2
|
||||
dataVolumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
podAffinityTerm:
|
||||
topologyKey: kubernetes.io/hostname
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
postgres-operator.crunchydata.com/cluster: keycloak-db
|
||||
postgres-operator.crunchydata.com/instance-set: "00"
|
||||
- target:
|
||||
kind: Keycloak
|
||||
group: k8s.keycloak.org
|
||||
version: v2alpha1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/instances
|
||||
value: 2
|
||||
- target:
|
||||
kind: Keycloak
|
||||
group: k8s.keycloak.org
|
||||
version: v2alpha1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /spec/hostname
|
||||
value: id.fabcity-hamburg.de
|
|
@ -1,17 +1,6 @@
|
|||
---
|
||||
resources:
|
||||
- ../../base
|
||||
- keycloak
|
||||
- gitea
|
||||
patches:
|
||||
- target:
|
||||
kind: Ingress
|
||||
group: networking.k8s.io
|
||||
version: v1
|
||||
patch: |-
|
||||
- op: replace
|
||||
path: /metadata/annotations
|
||||
value:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
kubernetes.io/tls-acme: "true"
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-acme
|
||||
- ../../apps
|
||||
- cert-manager
|
||||
- interfacer-webpresence
|
||||
|
|
54
shell.nix
54
shell.nix
|
@ -1,54 +0,0 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
mkShell {
|
||||
name = "fcos.integration";
|
||||
buildInputs = with pkgs; [
|
||||
cmctl
|
||||
conftest
|
||||
editorconfig-checker
|
||||
git
|
||||
gnumake
|
||||
hadolint
|
||||
k9s
|
||||
krew
|
||||
kube-score
|
||||
kube3d
|
||||
kubeconform
|
||||
kubectl
|
||||
kubectx
|
||||
kubernetes-helm
|
||||
kubeval
|
||||
kubeval-schema
|
||||
kustomize
|
||||
lens
|
||||
mdl
|
||||
mdsh
|
||||
minio
|
||||
nix-linter
|
||||
nixpkgs-fmt
|
||||
open-policy-agent
|
||||
operator-sdk
|
||||
pre-commit
|
||||
python310Packages.mkdocs
|
||||
python310Packages.mkdocs-material
|
||||
python310Packages.mkdocs-material-extensions
|
||||
rnix-lsp
|
||||
vscodium-fhs
|
||||
yamale
|
||||
yaml-language-server
|
||||
yamllint
|
||||
yq
|
||||
];
|
||||
|
||||
postInstall = ''
|
||||
. <(helm completion $(basename $SHELL))
|
||||
. <(k3d completion $(basename $SHELL))
|
||||
. <(k9s completion $(basename $SHELL))
|
||||
. <(kubectl completion $(basename $SHELL))
|
||||
. <(kustomize completion $(basename $SHELL))
|
||||
. <(opa completion $(basename $SHELL))
|
||||
. <(operator-sdk completion $(basename $SHELL))
|
||||
'';
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
package main
|
||||
|
||||
import data.kubernetes
|
||||
|
||||
name = input.metadata.name
|
||||
|
||||
required_deployment_labels {
|
||||
input.metadata.labels["app.kubernetes.io/name"]
|
||||
input.metadata.labels["app.kubernetes.io/instance"]
|
||||
input.metadata.labels["app.kubernetes.io/version"]
|
||||
input.metadata.labels["app.kubernetes.io/component"]
|
||||
input.metadata.labels["app.kubernetes.io/part-of"]
|
||||
input.metadata.labels["app.kubernetes.io/managed-by"]
|
||||
}
|
||||
|
||||
deny[msg] {
|
||||
kubernetes.is_deployment
|
||||
not required_deployment_labels
|
||||
msg = sprintf("%s must include Kubernetes recommended labels: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
package main
|
||||
|
||||
deny[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.template.spec.securityContext.runAsNonRoot = true
|
||||
msg = sprintf("%s Containers must not run as root", [name])
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
package main
|
||||
|
||||
import data.kubernetes
|
||||
|
||||
name = input.metadata.name
|
||||
|
||||
deny[msg] {
|
||||
input.kind = "Deployment"
|
||||
not input.spec.selector.matchLabels.app
|
||||
msg = sprintf("%s must provide app label for pod selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/#labels", [name])
|
||||
}
|
Loading…
Reference in a new issue