Skip to content

Commit

Permalink
add tks-admin-tools group
Browse files Browse the repository at this point in the history
  • Loading branch information
@robertchoi80
robertchoi80 committed Sep 18, 2023
1 parent 71857e8 commit 6d27d0e
Show file tree
Hide file tree
Showing 4 changed files with 354 additions and 0 deletions.
5 changes: 5 additions & 0 deletions tks-admin-tools/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- resources.yaml

transformers:
- site-values.yaml
184 changes: 184 additions & 0 deletions tks-admin-tools/base/resources.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,184 @@
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: keycloak
name: keycloak
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: keycloak
version: 15.1.6
origin: https://github.com/bitnami/charts/tree/main/bitnami/keycloak
releaseName: keycloak
targetNamespace: keycloak
values:
global:
storageClass: "taco-storage"
auth:
adminUser: "admin"
adminPassword: "xkzhvotmdnjem"
proxy: edge
httpRelativePath: "/auth/"
production: true
replicaCount: 1 # tunable
ingress:
enabled: true
ingressClassName: nginx # tunable
hostname: TO_BE_FIXED
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: 20k
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/cluster-issuer: http0issuer
tls: true
selfSigned: false
cache:
enabled: true
stackName: kubernetes
postgresql:
enabled: false
externalDatabase:
host: "postgresql.tks-db.svc" # tunable
port: 5432
password: "xkzhvotmdnjem"
readinessProbe:
failureThreshold: 10
extraEnvVars:
- name: QUARKUS_TRANSACTION_MANAGER_ENABLE_RECOVERY
value: "true"

---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: tks-api
name: tks-api
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: tks-api
version: 0.1.2
origin: https://openinfradev.github.io/helm-repo
releaseName: tks-api
targetNamespace: tks
values:
gitBaseUrl: https://github.com
gitAccount: decapod10
db:
dbHost: postgresql.tks-db.svc
adminUser: postgres
adminPassword: tacopassword
dbUser: tksuser
dbPassword: tacopassword
tksapi:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-api
tag: v3.0.1
tksAccount:
password: admin
args:
imageRegistryUrl: "harbor.taco-cat.xyz/appserving"
harborPwSecret: "harbor-core"
gitRepositoryUrl: "github.com/openinfradev"
keycloakAddress: http://keycloak.keycloak.svc:80/auth
tksbatch:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-batch
tag: v3.0.0
tksconsole:
replicaCount: 1
image:
repository: harbor.taco-cat.xyz/tks/tks-console
tag: v3.0.1

---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
labels:
name: harbor
name: harbor
spec:
chart:
type: helmrepo
repository: https://harbor.taco-cat.xyz/chartrepo/tks
name: harbor
version: 1.11.0
origin: https://github.com/goharbor/harbor-helm
releaseName: harbor
targetNamespace: harbor
values:
expose:
tls:
certSource: secret
secret:
secretName: "harbor.taco-cat-tls" # tunable
ingress:
hosts:
core: TO_BE_FIXED
className: "nginx" # tunable
annotations:
cert-manager.io/cluster-issuer: http0issuer
acme.cert-manager.io/http01-edit-in-place: "true"
externalURL: TO_BE_FIXED
persistence:
persistentVolumeClaim:
registry:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
size: 200Gi
chartmuseum:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
size: 20Gi
jobservice:
jobLog:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
scanDataExports:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
redis:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
trivy:
storageClass: TO_BE_FIXED
database:
type: external
external:
host: "postgresql.tks-db.svc" # tunable
port: "5432"
username: "harbor"
password: "tksharborpassword"
existingSecret: ""
# "disable" - No SSL
# "require" - Always SSL (skip verification)
# "verify-ca" - Always SSL (verify that the certificate presented by the
# server was signed by a trusted CA)
# "verify-full" - Always SSL (verify that the certification presented by the
# server was signed by a trusted CA and the server host name matches the one
# in the certificate)
sslmode: "require"
notary:
enabled: false
cache:
enabled: true
core:
replicas: 2 # tunable
jobservice:
replicas: 2 # tunable
registry:
replicas: 2 # tunable
chartmuseum:
replicas: 2 # tunable
trivy:
replicas: 2 # tunable
portal:
replicas: 2 # tunable
harborAdminPassword: "Xkzhvotmdnjem1"
87 changes: 87 additions & 0 deletions tks-admin-tools/base/site-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
apiVersion: openinfradev.github.com/v1
kind: HelmValuesTransformer
metadata:
name: site

global:
db_host: "postgresql.tks-db.svc"

charts:
- name: keycloak
override:
global.storageClass: "taco-storage"
auth.adminPassword: "xkzhvotmdnjem"
ingress.enabled: true
ingress.hostname: TO_BE_FIXED
externalDatabase.host: $(db_host)
externalDatabase.password: "xkzhvotmdnjem"

- name: tks-api
override:
gitBaseUrl: https://github.com
gitAccount: decapod10
db:
dbHost: $(db_host)
adminPassword: tacopassword
dbUser: tksuser
dbPassword: tacopassword
tksapi:
replicaCount: 1
tksAccount:
password: admin
args:
imageRegistryUrl: "harbor.taco-cat.xyz/appserving"
gitRepositoryUrl: "github.com/openinfradev"
keycloakAddress: http://keycloak.keycloak.svc:80/auth
tksbatch:
replicaCount: 1
tksconsole:
replicaCount: 1

- name: harbor
override:
expose:
ingress:
hosts:
core: TO_BE_FIXED
className: "nginx" # tunable
externalURL: TO_BE_FIXED
persistence:
persistentVolumeClaim:
registry:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
size: 200Gi
chartmuseum:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
size: 20Gi
jobservice:
jobLog:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
scanDataExports:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
redis:
storageClass: TO_BE_FIXED
accessMode: TO_BE_FIXED
trivy:
storageClass: TO_BE_FIXED
database:
type: external
external:
host: $(db_host) # tunable
core:
replicas: 2 # tunable
jobservice:
replicas: 2 # tunable
registry:
replicas: 2 # tunable
chartmuseum:
replicas: 2 # tunable
trivy:
replicas: 2 # tunable
portal:
replicas: 2 # tunable
harborAdminPassword: "Xkzhvotmdnjem1"
78 changes: 78 additions & 0 deletions tks-admin-tools/image/image-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
apiVersion: openinfradev.github.com/v1
kind: HelmValuesTransformer
metadata:
name: image

global:
registry: harbor.taco-cat.xyz

charts:
- name: keycloak
override:
image:
registry: $(registry)
repository: bitnami/keycloak
tag: 21.1.2-debian-11-r0
- name: tks-api
override:
tks-api:
image:
repository: $(registry)/tks/tks-api
tag: v3.0.1
tksbatch:
image:
repository: $(registry)/tks/tks-batch
tag: v3.0.0
tksconsole:
image:
repository: $(registry)/tks/tks-console
tag: v3.0.1
- name: harbor
override:
portal:
image:
repository: $(registry)/goharbor/harbor-portal
tag: v2.7.0
core:
image:
repository: $(registry)/goharbor/harbor-core
tag: v2.7.0
jobservice:
image:
repository: $(registry)/goharbor/harbor-jobservice
tag: v2.7.0
registry:
registry:
image:
repository: $(registry)/goharbor/registry-photon
tag: v2.7.0
controller:
image:
repository: $(registry)/goharbor/harbor-registryctl
tag: v2.7.0
chartmuseum:
image:
repository: $(registry)/goharbor/chartmuseum-photon
tag: v2.7.0
trivy:
image:
repository: $(registry)/goharbor/trivy-adapter-photon
tag: v2.7.0
notary:
server:
image:
repository: $(registry)/goharbor/notary-server-photon
tag: v2.7.0
signer:
image:
repository: $(registry)/goharbor/notary-signer-photon
tag: v2.7.0
redis:
internal:
image:
repository: $(registry)/goharbor/redis-photon
tag: v2.7.0
exporter:
image:
repository: $(registry)/goharbor/harbor-exporter
tag: v2.7.0

0 comments on commit 6d27d0e

Please sign in to comment.