Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 525933992ab86d6902969647e44ca663cff1dca1 / . / core / installer / values-tmpl / penpot.cue
blob: 0dcd7c74daa441395eabe068337d171775b5b6f3 [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
2 network: #Network
3 subdomain: string
4}
5
6_domain: "\(input.subdomain).\(input.network.domain)"
7
Giorgi Lekveishvilief21c132024-01-17 18:57:58 +0400[diff] [blame]8name: "Penpot"
9namespace: "app-penpot"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]10readme: "penpot application will be installed on \(input.network.name) network and be accessible to any user on https://\(_domain)"
Giorgi Lekveishvilief21c132024-01-17 18:57:58 +0400[diff] [blame]11description: "Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return."
12icon: "<svg xmlns='http://www.w3.org/2000/svg' width='24' height='24' viewBox='0 0 24 24'><path fill='currentColor' d='M7.654 0L5.13 3.554v2.01L2.934 6.608l-.02-.009v13.109l8.563 4.045L12 24l.523-.247l8.563-4.045V6.6l-.017.008l-2.196-1.045V3.555l-.077-.108L16.349.001l-2.524 3.554v.004L11.989.973l-1.823 2.566l-.065-.091zm.447 2.065l.976 1.374H6.232l.964-1.358zm8.694 0l.976 1.374h-2.845l.965-1.358zm-4.36.971l.976 1.375h-2.845l.965-1.359zM5.962 4.132h1.35v4.544l-1.35-.638Zm2.042 0h1.343v5.506l-1.343-.635zm6.652 0h1.35V9l-1.35.637zm2.042 0h1.343v3.905l-1.343.634zm-6.402.972h1.35v5.62l-1.35-.638zm2.042 0h1.343v4.993l-1.343.634zm6.534 1.493l1.188.486l-1.188.561zM5.13 6.6v1.047l-1.187-.561ZM3.96 8.251l7.517 3.55v10.795l-7.516-3.55zm16.08 0v10.794l-7.517 3.55V11.802z'/></svg>"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]13
14images: {
15 postgres: {
16 repository: "library"
17 name: "postgres"
18 tag: "15.3"
19 pullPolicy: "IfNotPresent"
20 }
21 backend: {
22 repository: "penpotapp"
23 name: "backend"
24 tag: "1.16.0-beta"
25 pullPolicy: "IfNotPresent"
26 }
27 frontend: {
28 repository: "penpotapp"
29 name: "frontend"
30 tag: "1.16.0-beta"
31 pullPolicy: "IfNotPresent"
32 }
33 exporter: {
34 repository: "penpotapp"
35 name: "exporter"
36 tag: "1.16.0-beta"
37 pullPolicy: "IfNotPresent"
38 }
39}
40
41charts: {
42 postgres: {
43 chart: "charts/postgresql"
44 sourceRef: {
45 kind: "GitRepository"
46 name: "pcloud"
47 namespace: global.id
48 }
49 }
50 oauth2Client: {
51 chart: "charts/oauth2-client"
52 sourceRef: {
53 kind: "GitRepository"
54 name: "pcloud"
55 namespace: global.id
56 }
57 }
58 penpot: {
59 chart: "charts/penpot"
60 sourceRef: {
61 kind: "GitRepository"
62 name: "pcloud"
63 namespace: global.id
64 }
65 }
66}
67
68_oauth2SecretName: "oauth2-credentials"
69
70helm: {
71 "oauth2-client": {
72 chart: charts.oauth2Client
73 values: {
74 name: "penpot"
75 secretName: _oauth2SecretName
76 grantTypes: ["authorization_code"]
77 responseTypes: ["code"]
78 scope: "openid profile email"
79 redirectUris: ["https://\(_domain)/api/auth/oauth/oidc/callback"]
80 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
81 tokenEndpointAuthMethod: "client_secret_post"
82 }
83 }
84 postgres: {
85 chart: charts.postgres
86 values: {
87 fullnameOverride: "postgres"
88 image: {
89 registry: images.postgres.registry
90 repository: images.postgres.imageName
91 tag: images.postgres.tag
92 pullPolicy: images.postgres.pullPolicy
93 }
94 auth: {
95 username: "penpot"
96 password: "penpot"
97 database: "penpot"
98 }
99 }
100 }
101 penpot: {
102 chart: charts.penpot
103 values: {
104 "global": {
105 postgresqlEnabled: false
106 redisEnabled: true // TODO(gio): provide redis from outside
107 }
108 fullnameOverride: "penpot"
109 backend: {
110 image: {
111 repository: images.backend.fullName
112 tag: images.backend.tag
113 imagePullPolicy: images.backend.pullPolicy
114 }
115 }
116 frontend: {
117 image: {
118 repository: images.frontend.fullName
119 tag: images.frontend.tag
120 imagePullPolicy: images.frontend.pullPolicy
121 }
122 ingress: {
123 enabled: true
124 className: input.network.ingressClass
125 if input.network.certificateIssuer != "" {
126 annotations: {
127 "acme.cert-manager.io/http01-edit-in-place": "true"
128 "cert-manager.io/cluster-issuer": input.network.certificateIssuer
129 }
130 }
131 hosts: [_domain]
132 tls: [{
133 hosts: [_domain]
134 secretName: "cert-\(_domain)"
135 }]
136 }
137 }
138 persistence: enabled: true
139 config: {
140 publicURI: _domain
141 flags: "enable-login-with-oidc enable-registration enable-insecure-register disable-demo-users disable-demo-warning" // TODO(gio): remove enable-insecure-register?
142 postgresql: {
143 host: "postgres.\(release.namespace).svc.cluster.local"
144 database: "penpot"
145 username: "penpot"
146 password: "penpot"
147 }
148 redis: host: "penpot-redis-headless.\(release.namespace).svc.cluster.local"
149 providers: {
150 oidc: {
151 enabled: true
152 baseURI: "https://hydra.\(global.domain)"
153 clientID: ""
154 clientSecret: ""
155 authURI: ""
156 tokenURI: ""
157 userURI: ""
158 roles: ""
159 rolesAttribute: ""
160 scopes: ""
161 nameAttribute: "name"
162 emailAttribute: "email"
163 }
164 existingSecret: _oauth2SecretName
165 secretKeys: {
166 oidcClientIDKey: "client_id"
167 oidcClientSecretKey: "client_secret"
168 }
169 }
170 }
171 exporter: {
172 image: {
173 repository: images.exporter.fullName
174 tag: images.exporter.tag
175 imagePullPolicy: images.exporter.pullPolicy
176 }
177 }
178 redis: image: tag: "7.0.8-debian-11-r16"
179 }
180 }
181}