move away from vikunja helm chart, oidc

2024-12-02 14:27:43 +01:00
parent 3814359266
commit 11ad39805d
10 changed files with 122 additions and 37 deletions
--- a/apps/todos/deployment.yaml
+++ b/apps/todos/deployment.yaml
@@ -0,0 +1,53 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: todos
  labels:
    app: todos
 spec:
  selector:
    matchLabels:
      app: todos
  replicas: 1
  template:
    metadata:
      labels:
        app: todos
    spec:
      containers:
      - name: todos
        image: todos
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 200m
            memory: 200Mi
        env:
        - name: VIKUNJA_SERVICE_PUBLICURL
          value: https://todos.kluster.moll.re
        - name: VIKUNJA_DATABASE_TYPE
          value: sqlite
        - name: VIKUNJA_DATABASE_PATH
          value: /app/vikunja/files/vikunja.db
        - name: VIKUNJA_SERVICE_ENABLEREGISTRATION
          value: false
        - name: VIKUNJA_AUTH_LOCAL_ENABLED
          value: false
        - name: VIKUNJA_AUTH_OPENID_ENABLED
          value: true
        envFrom:
          - secretRef:
              name: todos-oidc
        ports:
        - containerPort: 3456
          name: web
        volumeMounts:
        - name: data
          mountPath: /app/vikunja/files
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: data
--- a/apps/todos/ingress.yaml
+++ b/apps/todos/ingress.yaml
@@ -7,15 +7,11 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`todos.kluster.moll.re`) && PathPrefix(`/api/v1`)
+
    - match: Host(`todos.kluster.moll.re`)
      kind: Rule
      services:
-        - name: todos-api
+        - name: todos-web
          port: 3456
    - match: Host(`todos.kluster.moll.re`) && PathPrefix(`/`)
      kind: Rule
      services:
        - name: todos-frontend
          port: 80
  tls:
    certResolver: default-tls
--- a/apps/todos/kustomization.yaml
+++ b/apps/todos/kustomization.yaml
@@ -6,13 +6,13 @@ namespace: todos
 resources:
  - namespace.yaml
  - pvc.yaml
  - todos-oidc.sealedsecret.yaml
  - deployment.yaml
  - service.yaml
  - ingress.yaml
-# helmCharts:
+images:
-#   - name: vikunja
+  - name: todos
-#     version: 0.1.5
+    newName: vikunja/vikunja
-#     repo: https://charts.oecis.io
+    newTag: 0.24.5
 #     valuesFile: values.yaml
 #     releaseName: todos
 # managed by argocd directly
--- a/apps/todos/service.yaml
+++ b/apps/todos/service.yaml
@@ -0,0 +1,11 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: todos-web
 spec:
  selector:
    app: todos
  ports:
  - name: todos
    port: 3456
    targetPort: 3456
--- a/apps/todos/todos-oidc.sealedsecret.yaml
+++ b/apps/todos/todos-oidc.sealedsecret.yaml
@@ -0,0 +1,20 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: todos-oidc
  namespace: todos
 spec:
  encryptedData:
    VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_AUTHURL: AgAVa6YuhpAr6EFubgEusTAWkTY+AH6ScQMlfqJXPWx9oIf7KWkJ5FW4QMWSkCB8KjTvtAeQ5NeEU4a5R6J8BVddGN9K7Etlr5N4I/lyCUm/D3CMi6AThb+4KO1k7UYFpOnQ8HO8nYprawieV2xkhExBEqaxguQ4PplF9G68Cs+kp36rmEyg5YC3th3KacPF1tC0GJ+g+mgNFHTQmCgDl9CVSJ87pgRocQ9JYePuYOLHkYsVxXd03kDlAa/+ZIz/NgoLImnAIeHq2oZYNnTQaa4fp4Eve9xnIyK2RkGt2IlnDjZZqmF8x++fYhVgowcBajVUsra0GhY4jA8b2yqkK1s5IaJWwxkEmmYPt83dOcgOQyZMgo2pWceG/yIjScawzIr4YwzRe9mQVfaphJ7CyaeJSy8mGCCpQ6v2QHrPfbINWY45yM6TNbiy5NsfYMn9ak+cP7DuQ2oxU0rAblDei6uJ19VHVujGITm4F7hwI1JyJcSAAGUl/QH+8zS/Xr3Mwwfbm564iSlE41P1/s6FcI4ozPzTcH30fyiHLqAcYBOVKM5k+6phM4BA4VKctD8NY074fiyEMu5/gX2sCwPSNnCO/+aijs+358vAEF1cebjp2MrKk9htUOhGPp36n4Q/x0j+eZCguafcfrXUdRmatJbC4aITR3sLR7c5wxe1qpkFLrybh3KyRs3OaEAKKwHGVRE5LxxKmvFk8Vmry3UA3H8NKY5cqo+sbqKSJpKr+Q==
    VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTID: AgDAuyaOWrnlZaKLfa0m5Q2E5hsHNYlonChlzy6kELkZlwXtWXFr2sN5M6qnzSyRiXUXcNK1jKukg9o+F4pOKmYgIMGXSFtTMgEpVoItr8QQKVQML4ms48+F+PDUcPmMz+VnrdoTheWq0GasMVOAt1n/PWoUn96F0N2e6LtfIXxlBaOspPBPzm7mWvQfEhlsLEWXgqLmV/x4jpZkuJc1ySOqQB1/0TW4LBoZwHHEN8Wlht+2VX+RXpZyNNizbPztxTk1PJBBvRY1hxW057JJp28Uaarw4I33qyc1SctItWrSaUX7KSv4VmG4qACn/uopABdXhvgHLCfNHcFD6KBZl7/3CaBq8dA+AdyD4O85V8D/FOFQAcTkIBeQG7spKyduJRUJUIXDsZ60GfgJX92uRoW6vcQcPRLXleQ/w+Bhn0NgYI/sEJAnawUUPvt0v5xsyrxXmweDi2p+a8JzTyh7FSul6IQJXNiY1RehiKc1R8eXGFnxAbvEvxhrBe+85QhAZhnfwGESzABnzywAc+arRpd3ECslpKkAh9rT3Dv4WNuPVviDhl3/vHWisPH/sfuZwO1oprUPMZFaKRlipeDXqTiG0VC9mB61U4kLCXSTHHYTYsp/W74OlzpPPzrfGgN5yrUbTtBqQqqRuviWky3a3lwecYO0iLWUaQRzi31lSCxC6BVz2VGajmGImxCReUPRu3JGDyOSpw==
    VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTSECRET: AgAgAXiXnAj22mUWmSWmibKSGscWLy/lM/5ZPGvED4v3X4gJ31gl7cPHME5XzL5hghMpW9T7DbpBoti5HqCth5ytZK1DC5/uC4I/EYtCq5QMU8d1bh6wpearJK2yfyLxUilNSBKd+AmMLXwZD3Mrp5H7//TXip4tjgZcDtVZGycoDcsgmBD946VTb+2mN7u91B+HxA9KdERCZrfIrFy+/DY247BbWq5JF0cw4miQfOtTGeDdeqpYu/j7XU0wWDdzOiEFsKNQo3PWrDV0tc4fY9VLWLO3JppanKuEVoHPJmMMYHukRRHjaz/ECDJ19f61cr7/ZVndpbmlDMkj6mVxaTpd5AYY/oNLpIxOGEn6j/GFY4+eR7HrIpeizP+SCequ4nHotZ9D/m/IdNXrXskm0uXp5uP0acOLiV6MHoU65ZfrsGTOzte6l9gt8uPVHG+wWOmUzlM8ZyUU9MX8sGf0AhKAG+qQWSXVjAUq3F9SwiT3V+bdP2PLGVcjghK/We4CQCyH3ZqtYk+iHdMFC13X6hMlYF/5CoC4UvnPD92JHIFq3rMQSbtVMaHAuH1dalokm1DTlA0F+R3MmS8gMAYXn0c+ych4cja8eJGCRsby/slY26ZIoXZ7Vdw4QFqWogiw2/41sclLd56NyKsLC+YURrVJU/JiEXQgod10ZTux4yowABxYl4FYr4KqktMLUJ/OxffIBLZu2OtKzLe5qP/1UKJWdH9Rzau2z0Vbor0FyKz25JXFbjMZaDmz6D7DGc6c13xXLA==
    VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_LOGOUTURL: AgDIhxAmY2SgQKF1owGIlaHMYL0ZUATHCoemcXwrKQcR/x9R8XT739l6WXlqoHk/4BOvSfxq/UCNsfDzzVyqNqpqq75tBiuesb5Y9DMO0D2Q4pOermEZ2KBQy5V24hF0DBqAyhBAdpP6hDhTkNOfs6PZcjS/gAZPSSgI7FL2hibccvPLxGgXEeCYQ1rSOdOJd23IQEX55cR8Vr0kUwyRnGtSibKdvqQYNY8rILrK8gkxQ5tGwCPgbaWjX87dJftBZmreXxdebFS3BslayuBRqtYGNsuE/1D18go3pKr2PnSiVZrZ+Mw0xYWqQFQ7aY2HmbiMKrDrGmcTeFMJh5nJUTXu7TVQqth7Ve5nDmylCJxxAeoBTaXOKx39B/poetqkQuDFnzQkRDNf3YYXOrJtfE41+Zdl1Q4dCkzA/q6IaN3KXNyoodAnuELEIScmlLUDHAweDiRlM9jCIPBeBOkwx1dCZGrcLrOzU6LI836Ts/DNpiU/fzHjGwby8n4ZBI6yWuIChRn2nms2WWcY24VEuxbEqlb7NaRVWE4N98t6V3tOTdZMjWE9cDkDEJIS1uaqZIwKccZBrjO434qki0xsqqfHZmbGGsLHUWAhjqNRU2TEsXh5ySMQItcwhxBSfqmuf/3CnIBD6KIJ/ABYNOx5wGUIQJ9PXKFdv41gt+L5VhKJ6GY8OH3BjmlxukIpMw5vnL0OfeZuJnlgLsyvM3U9I87rorRBsGjXfY6MCM4WL04ErAHAnQ==
    VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_NAME: AgB8xVXbklEzqfTdHydc2fcw34asROYnUJ4iqHgFWX3CVU9oeaOBp2jk/2NFHGl2fYCmqcoj8u58Vi1bLp4AcDZPe5RBVN3A1oOqrvE4ufWiYUyvaWwuaveeJMPlbqqJ6dXh96dkAlmP8hBsNH09kEb4OdVSRFiCIbQEqS2oBLz0ur1d3xGY7+Ue98pVCbYjbIblG5tsRPxnKEfmLIb3ppnE8FjrZUUDhFrpkpAwJQuM11DQcl9qmuY+ECQz9h6WG/LyexqJmz6qjgGcllHWs0x6Bmqn3XkJqUjj7SQVPy8t8654YbDe5850c0Z5tUnZR1hw5vqzigtmDuwgGTyMTMMo1BodDamtrODAJo8C7EhaQ/NRbwQo1WZ/2MIYjqFDiYGxcLmTXHfVHISCzYF9wlhZ1uDCyzrAogphgbIC9KwHI1ODl4yWKT9igVYb90RM1kREcLHea9qY42mcrVAH7Khw3ovwke1VXD5bfG7TSnyQ5JJr8WcwLzFX8T71rYgeLIGcxGnG9duPoedJ8s3ViPgBYhV8kucSt39++GZrAibznllQ4/s2HjMMWCYAKISIl9RxWwBcjI6/o5F2midQ1+DXrWvOw90Li+AigWnoo89At38RvAqxYeKyKPkwrN90wMn5OSG2XiJjBKEAf+6ATvycY8sgNpKcUHZa144eaNiE9tfxos7IjqLVMv2xG+YfhOMQ5OFwHvfJdQ==
  template:
    metadata:
      creationTimestamp: null
      name: todos-oidc
      namespace: todos
    type: Opaque
--- a/apps/todos/values.yaml
+++ b/apps/todos/values.yaml
@@ -1,6 +1,9 @@
 ######################
 # VIKUNJA COMPONENTS #
 ######################
 image:
  tag: 0.22.1
 # You can find the default values that this `values.yaml` overrides, in the comment at the top of this file.
 api:
  enabled: true
@@ -33,7 +36,7 @@ api:
            type: sqlite
            path: /app/vikunja/files/vikunja.db
          registration: false
-  env:
+
 frontend:
  enabled: true
--- a/infrastructure/authelia/authelia-oidc.sealedsecret.yaml
+++ b/infrastructure/authelia/authelia-oidc.sealedsecret.yaml
--- a/infrastructure/authelia/authelia.values.yaml
+++ b/infrastructure/authelia/authelia.values.yaml
@@ -211,6 +211,22 @@ configMap:
          userinfo_signed_response_alg: 'none'
          token_endpoint_auth_method: 'client_secret_post'
          consent_mode: 'implicit'
        - client_id: 'todos'
          client_name: 'Todos'
          client_secret:
            path: '/secrets/authelia-oidc/client.todos'
          public: false
          authorization_policy: 'one_factor'
          redirect_uris:
            - 'https://todos.kluster.moll.re/auth/openid/authelia'
          scopes:
            - 'openid'
            - 'groups'
            - 'email'
            - 'profile'
          userinfo_signed_response_alg: 'none'
          token_endpoint_auth_method: 'client_secret_basic'
          consent_mode: 'implicit'
 persistence:
--- a/kluster-deployments/todos/application.yaml
+++ b/kluster-deployments/todos/application.yaml
@@ -13,20 +13,6 @@ spec:
      prune: true
      selfHeal: true
  sources:
    - repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
      targetRevision: main
      # path: apps/todos
      ref: values
    - repoURL: kolaente.dev/vikunja
      path: vikunja
      chart: vikunja
      # corresponds to oci://kolaente.dev/vikunja/vikunja
      targetRevision: 0.4.3
      helm:
        releaseName: todos
        valueFiles:
          - $values/apps/todos/values.yaml
    # creates the namespace etc.
    - repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
      targetRevision: main
      path: apps/todos
--- a/kluster-deployments/todos/kustomization.yaml
+++ b/kluster-deployments/todos/kustomization.yaml
@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - application.yaml
-  - repo.yaml
+  # - repo.yaml