Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 6ec78549d803828a27b62878dfc40567913db195 / . / core / installer / values-tmpl / penpot.cue
blob: 4a8e66af6b72cad27acfaa5ea2bb058c1f397a8f [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]2 network: #Network @name(Network)
3 subdomain: string @name(Subdomain)
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]4}
5
6_domain: "\(input.subdomain).\(input.network.domain)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]7url: "https://\(_domain)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]8
Giorgi Lekveishvilief21c132024-01-17 18:57:58 +0400[diff] [blame]9name: "Penpot"
10namespace: "app-penpot"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]11readme: "penpot application will be installed on \(input.network.name) network and be accessible to any user on https://\(_domain)"
Giorgi Lekveishvilief21c132024-01-17 18:57:58 +0400[diff] [blame]12description: "Penpot is the first Open Source design and prototyping platform meant for cross-domain teams. Non dependent on operating systems, Penpot is web based and works with open standards (SVG). Penpot invites designers all over the world to fall in love with open source while getting developers excited about the design process in return."
gio44f621b2024-04-29 09:44:38 +0400[diff] [blame]13icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 24 24'><path fill='currentColor' d='M7.654 0L5.13 3.554v2.01L2.934 6.608l-.02-.009v13.109l8.563 4.045L12 24l.523-.247l8.563-4.045V6.6l-.017.008l-2.196-1.045V3.555l-.077-.108L16.349.001l-2.524 3.554v.004L11.989.973l-1.823 2.566l-.065-.091zm.447 2.065l.976 1.374H6.232l.964-1.358zm8.694 0l.976 1.374h-2.845l.965-1.358zm-4.36.971l.976 1.375h-2.845l.965-1.359zM5.962 4.132h1.35v4.544l-1.35-.638Zm2.042 0h1.343v5.506l-1.343-.635zm6.652 0h1.35V9l-1.35.637zm2.042 0h1.343v3.905l-1.343.634zm-6.402.972h1.35v5.62l-1.35-.638zm2.042 0h1.343v4.993l-1.343.634zm6.534 1.493l1.188.486l-1.188.561zM5.13 6.6v1.047l-1.187-.561ZM3.96 8.251l7.517 3.55v10.795l-7.516-3.55zm16.08 0v10.794l-7.517 3.55V11.802z'/></svg>"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]14
15images: {
16 postgres: {
17 repository: "library"
18 name: "postgres"
19 tag: "15.3"
20 pullPolicy: "IfNotPresent"
21 }
22 backend: {
23 repository: "penpotapp"
24 name: "backend"
25 tag: "1.16.0-beta"
26 pullPolicy: "IfNotPresent"
27 }
28 frontend: {
29 repository: "penpotapp"
30 name: "frontend"
31 tag: "1.16.0-beta"
32 pullPolicy: "IfNotPresent"
33 }
34 exporter: {
35 repository: "penpotapp"
36 name: "exporter"
37 tag: "1.16.0-beta"
38 pullPolicy: "IfNotPresent"
39 }
40}
41
42charts: {
43 postgres: {
44 chart: "charts/postgresql"
45 sourceRef: {
46 kind: "GitRepository"
47 name: "pcloud"
48 namespace: global.id
49 }
50 }
51 oauth2Client: {
52 chart: "charts/oauth2-client"
53 sourceRef: {
54 kind: "GitRepository"
55 name: "pcloud"
56 namespace: global.id
57 }
58 }
59 penpot: {
60 chart: "charts/penpot"
61 sourceRef: {
62 kind: "GitRepository"
63 name: "pcloud"
64 namespace: global.id
65 }
66 }
67}
68
69_oauth2SecretName: "oauth2-credentials"
70
71helm: {
72 "oauth2-client": {
73 chart: charts.oauth2Client
74 values: {
75 name: "penpot"
76 secretName: _oauth2SecretName
77 grantTypes: ["authorization_code"]
78 responseTypes: ["code"]
79 scope: "openid profile email"
80 redirectUris: ["https://\(_domain)/api/auth/oauth/oidc/callback"]
81 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
82 tokenEndpointAuthMethod: "client_secret_post"
83 }
84 }
85 postgres: {
86 chart: charts.postgres
87 values: {
88 fullnameOverride: "postgres"
89 image: {
90 registry: images.postgres.registry
91 repository: images.postgres.imageName
92 tag: images.postgres.tag
93 pullPolicy: images.postgres.pullPolicy
94 }
95 auth: {
96 username: "penpot"
97 password: "penpot"
98 database: "penpot"
99 }
100 }
101 }
102 penpot: {
103 chart: charts.penpot
104 values: {
105 "global": {
106 postgresqlEnabled: false
107 redisEnabled: true // TODO(gio): provide redis from outside
108 }
109 fullnameOverride: "penpot"
110 backend: {
111 image: {
112 repository: images.backend.fullName
113 tag: images.backend.tag
114 imagePullPolicy: images.backend.pullPolicy
115 }
116 }
117 frontend: {
118 image: {
119 repository: images.frontend.fullName
120 tag: images.frontend.tag
121 imagePullPolicy: images.frontend.pullPolicy
122 }
123 ingress: {
124 enabled: true
125 className: input.network.ingressClass
126 if input.network.certificateIssuer != "" {
127 annotations: {
128 "acme.cert-manager.io/http01-edit-in-place": "true"
129 "cert-manager.io/cluster-issuer": input.network.certificateIssuer
130 }
131 }
132 hosts: [_domain]
133 tls: [{
134 hosts: [_domain]
135 secretName: "cert-\(_domain)"
136 }]
137 }
138 }
139 persistence: enabled: true
140 config: {
141 publicURI: _domain
142 flags: "enable-login-with-oidc enable-registration enable-insecure-register disable-demo-users disable-demo-warning" // TODO(gio): remove enable-insecure-register?
143 postgresql: {
144 host: "postgres.\(release.namespace).svc.cluster.local"
145 database: "penpot"
146 username: "penpot"
147 password: "penpot"
148 }
149 redis: host: "penpot-redis-headless.\(release.namespace).svc.cluster.local"
150 providers: {
151 oidc: {
152 enabled: true
153 baseURI: "https://hydra.\(global.domain)"
154 clientID: ""
155 clientSecret: ""
156 authURI: ""
157 tokenURI: ""
158 userURI: ""
159 roles: ""
160 rolesAttribute: ""
161 scopes: ""
162 nameAttribute: "name"
163 emailAttribute: "email"
164 }
165 existingSecret: _oauth2SecretName
166 secretKeys: {
167 oidcClientIDKey: "client_id"
168 oidcClientSecretKey: "client_secret"
169 }
170 }
171 }
172 exporter: {
173 image: {
174 repository: images.exporter.fullName
175 tag: images.exporter.tag
176 imagePullPolicy: images.exporter.pullPolicy
177 }
178 }
179 redis: image: tag: "7.0.8-debian-11-r16"
180 }
181 }
182}