| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame^] | 1 | input: { |
| 2 | network: #Network |
| 3 | subdomain: string |
| 4 | } |
| 5 | |
| 6 | _domain: "\(input.subdomain).\(input.network.domain)" |
| 7 | |
| 8 | readme: "penpot application will be installed on \(input.network.name) network and be accessible to any user on https://\(_domain)" |
| 9 | |
| 10 | images: { |
| 11 | postgres: { |
| 12 | repository: "library" |
| 13 | name: "postgres" |
| 14 | tag: "15.3" |
| 15 | pullPolicy: "IfNotPresent" |
| 16 | } |
| 17 | backend: { |
| 18 | repository: "penpotapp" |
| 19 | name: "backend" |
| 20 | tag: "1.16.0-beta" |
| 21 | pullPolicy: "IfNotPresent" |
| 22 | } |
| 23 | frontend: { |
| 24 | repository: "penpotapp" |
| 25 | name: "frontend" |
| 26 | tag: "1.16.0-beta" |
| 27 | pullPolicy: "IfNotPresent" |
| 28 | } |
| 29 | exporter: { |
| 30 | repository: "penpotapp" |
| 31 | name: "exporter" |
| 32 | tag: "1.16.0-beta" |
| 33 | pullPolicy: "IfNotPresent" |
| 34 | } |
| 35 | } |
| 36 | |
| 37 | charts: { |
| 38 | postgres: { |
| 39 | chart: "charts/postgresql" |
| 40 | sourceRef: { |
| 41 | kind: "GitRepository" |
| 42 | name: "pcloud" |
| 43 | namespace: global.id |
| 44 | } |
| 45 | } |
| 46 | oauth2Client: { |
| 47 | chart: "charts/oauth2-client" |
| 48 | sourceRef: { |
| 49 | kind: "GitRepository" |
| 50 | name: "pcloud" |
| 51 | namespace: global.id |
| 52 | } |
| 53 | } |
| 54 | penpot: { |
| 55 | chart: "charts/penpot" |
| 56 | sourceRef: { |
| 57 | kind: "GitRepository" |
| 58 | name: "pcloud" |
| 59 | namespace: global.id |
| 60 | } |
| 61 | } |
| 62 | } |
| 63 | |
| 64 | _oauth2SecretName: "oauth2-credentials" |
| 65 | |
| 66 | helm: { |
| 67 | "oauth2-client": { |
| 68 | chart: charts.oauth2Client |
| 69 | values: { |
| 70 | name: "penpot" |
| 71 | secretName: _oauth2SecretName |
| 72 | grantTypes: ["authorization_code"] |
| 73 | responseTypes: ["code"] |
| 74 | scope: "openid profile email" |
| 75 | redirectUris: ["https://\(_domain)/api/auth/oauth/oidc/callback"] |
| 76 | hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local" |
| 77 | tokenEndpointAuthMethod: "client_secret_post" |
| 78 | } |
| 79 | } |
| 80 | postgres: { |
| 81 | chart: charts.postgres |
| 82 | values: { |
| 83 | fullnameOverride: "postgres" |
| 84 | image: { |
| 85 | registry: images.postgres.registry |
| 86 | repository: images.postgres.imageName |
| 87 | tag: images.postgres.tag |
| 88 | pullPolicy: images.postgres.pullPolicy |
| 89 | } |
| 90 | auth: { |
| 91 | username: "penpot" |
| 92 | password: "penpot" |
| 93 | database: "penpot" |
| 94 | } |
| 95 | } |
| 96 | } |
| 97 | penpot: { |
| 98 | chart: charts.penpot |
| 99 | values: { |
| 100 | "global": { |
| 101 | postgresqlEnabled: false |
| 102 | redisEnabled: true // TODO(gio): provide redis from outside |
| 103 | } |
| 104 | fullnameOverride: "penpot" |
| 105 | backend: { |
| 106 | image: { |
| 107 | repository: images.backend.fullName |
| 108 | tag: images.backend.tag |
| 109 | imagePullPolicy: images.backend.pullPolicy |
| 110 | } |
| 111 | } |
| 112 | frontend: { |
| 113 | image: { |
| 114 | repository: images.frontend.fullName |
| 115 | tag: images.frontend.tag |
| 116 | imagePullPolicy: images.frontend.pullPolicy |
| 117 | } |
| 118 | ingress: { |
| 119 | enabled: true |
| 120 | className: input.network.ingressClass |
| 121 | if input.network.certificateIssuer != "" { |
| 122 | annotations: { |
| 123 | "acme.cert-manager.io/http01-edit-in-place": "true" |
| 124 | "cert-manager.io/cluster-issuer": input.network.certificateIssuer |
| 125 | } |
| 126 | } |
| 127 | hosts: [_domain] |
| 128 | tls: [{ |
| 129 | hosts: [_domain] |
| 130 | secretName: "cert-\(_domain)" |
| 131 | }] |
| 132 | } |
| 133 | } |
| 134 | persistence: enabled: true |
| 135 | config: { |
| 136 | publicURI: _domain |
| 137 | flags: "enable-login-with-oidc enable-registration enable-insecure-register disable-demo-users disable-demo-warning" // TODO(gio): remove enable-insecure-register? |
| 138 | postgresql: { |
| 139 | host: "postgres.\(release.namespace).svc.cluster.local" |
| 140 | database: "penpot" |
| 141 | username: "penpot" |
| 142 | password: "penpot" |
| 143 | } |
| 144 | redis: host: "penpot-redis-headless.\(release.namespace).svc.cluster.local" |
| 145 | providers: { |
| 146 | oidc: { |
| 147 | enabled: true |
| 148 | baseURI: "https://hydra.\(global.domain)" |
| 149 | clientID: "" |
| 150 | clientSecret: "" |
| 151 | authURI: "" |
| 152 | tokenURI: "" |
| 153 | userURI: "" |
| 154 | roles: "" |
| 155 | rolesAttribute: "" |
| 156 | scopes: "" |
| 157 | nameAttribute: "name" |
| 158 | emailAttribute: "email" |
| 159 | } |
| 160 | existingSecret: _oauth2SecretName |
| 161 | secretKeys: { |
| 162 | oidcClientIDKey: "client_id" |
| 163 | oidcClientSecretKey: "client_secret" |
| 164 | } |
| 165 | } |
| 166 | } |
| 167 | exporter: { |
| 168 | image: { |
| 169 | repository: images.exporter.fullName |
| 170 | tag: images.exporter.tag |
| 171 | imagePullPolicy: images.exporter.pullPolicy |
| 172 | } |
| 173 | } |
| 174 | redis: image: tag: "7.0.8-debian-11-r16" |
| 175 | } |
| 176 | } |
| 177 | } |