diff --git a/template/edfbuilder.yaml b/template/edfbuilder.yaml index 4e9fabd..6afc8c2 100644 --- a/template/edfbuilder.yaml +++ b/template/edfbuilder.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: registry - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/core.yaml b/template/registry/core.yaml index 3a722ac..aef343d 100644 --- a/template/registry/core.yaml +++ b/template/registry/core.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/core - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml index a2ac46d..5540134 100644 --- a/template/registry/local-backup.yaml +++ b/template/registry/local-backup.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/local-backup - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/monitoring.yaml b/template/registry/monitoring.yaml index c9826bc..88b1af3 100644 --- a/template/registry/monitoring.yaml +++ b/template/registry/monitoring.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/monitoring - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/ref-implementation.yaml b/template/registry/ref-implementation.yaml index 3a6cf1a..82bbeaf 100644 --- a/template/registry/ref-implementation.yaml +++ b/template/registry/ref-implementation.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/ref-implementation - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/registry/second-cluster.yaml b/template/registry/second-cluster.yaml index 98ddd40..6ff1357 100644 --- a/template/registry/second-cluster.yaml +++ b/template/registry/second-cluster.yaml @@ -13,7 +13,7 @@ spec: namespace: argocd source: path: stacks/second-cluster - repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder' + repoURL: 'https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder' targetRevision: HEAD project: default syncPolicy: diff --git a/template/stacks/core/argocd.yaml b/template/stacks/core/argocd.yaml index a79ef6c..4f65e09 100644 --- a/template/stacks/core/argocd.yaml +++ b/template/stacks/core/argocd.yaml @@ -18,10 +18,13 @@ spec: sources: - repoURL: https://github.com/argoproj/argo-helm path: charts/argo-cd + # TODO: RIRE Can be updated when https://github.com/argoproj/argo-cd/issues/20790 is fixed and merged + # As logout make problems, it is suggested to switch from path based routing to an own argocd domain, + # similar to the CNOE amazon reference implementation and in our case, Forgejo targetRevision: argo-cd-7.7.5 helm: valueFiles: - $values/stacks/core/argocd/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/crossplane-compositions.yaml b/template/stacks/core/crossplane-compositions.yaml index f6a6bc0..d5341c8 100644 --- a/template/stacks/core/crossplane-compositions.yaml +++ b/template/stacks/core/crossplane-compositions.yaml @@ -17,7 +17,7 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-compositions - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD directory: recurse: true diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml index 760c33e..3fd69b7 100644 --- a/template/stacks/core/crossplane-providers.yaml +++ b/template/stacks/core/crossplane-providers.yaml @@ -18,6 +18,6 @@ spec: namespace: crossplane-system source: path: stacks/core/crossplane-providers - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD {{{ end }}} diff --git a/template/stacks/core/forgejo-runner.yaml b/template/stacks/core/forgejo-runner.yaml new file mode 100644 index 0000000..edff667 --- /dev/null +++ b/template/stacks/core/forgejo-runner.yaml @@ -0,0 +1,22 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forgejo-runner + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + server: "https://kubernetes.default.svc" + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/core/forgejo-runner" diff --git a/template/stacks/core/forgejo-runner/dind-docker.yaml b/template/stacks/core/forgejo-runner/dind-docker.yaml new file mode 100644 index 0000000..04b07a7 --- /dev/null +++ b/template/stacks/core/forgejo-runner/dind-docker.yaml @@ -0,0 +1,105 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: forgejo-runner + name: forgejo-runner + namespace: gitea +spec: + # Two replicas means that if one is busy, the other can pick up jobs. + replicas: 1 + selector: + matchLabels: + app: forgejo-runner + strategy: {} + template: + metadata: + creationTimestamp: null + labels: + app: forgejo-runner + spec: + restartPolicy: Always + volumes: + - name: docker-certs + emptyDir: {} + - name: runner-data + emptyDir: {} + # Initialise our configuration file using offline registration + # https://forgejo.org/docs/v1.21/admin/actions/#offline-registration + initContainers: + - name: runner-register + image: code.forgejo.org/forgejo/runner:6.0.1 + command: + - "forgejo-runner" + - "register" + - "--no-interactive" + - "--token" + - $(RUNNER_SECRET) + - "--name" + - $(RUNNER_NAME) + - "--instance" + - $(FORGEJO_INSTANCE_URL) + - "--labels" + - "docker:docker://node:20-bookworm,ubuntu-22.04:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04,ubuntu-latest:docker://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/catthehackerubuntu:act-22.04" + env: + - name: RUNNER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RUNNER_SECRET + valueFrom: + secretKeyRef: + name: forgejo-runner-token + key: token + - name: FORGEJO_INSTANCE_URL + value: https://{{{ .Env.DOMAIN_GITEA }}} + volumeMounts: + - name: runner-data + mountPath: /data + containers: + - name: runner + image: code.forgejo.org/forgejo/runner:6.0.1 + command: + - "sh" + - "-c" + - | + while ! nc -z 127.0.0.1 2376 config.yml ; + sed -i -e "s|privileged: .*|privileged: true|" config.yml + sed -i -e "s|network: .*|network: host|" config.yml ; + sed -i -e "s|^ envs:$$| envs:\n DOCKER_HOST: tcp://127.0.0.1:2376\n DOCKER_TLS_VERIFY: 1\n DOCKER_CERT_PATH: /certs/client|" config.yml ; + sed -i -e "s|^ options:| options: -v /certs/client:/certs/client|" config.yml ; + sed -i -e "s| valid_volumes: \[\]$$| valid_volumes:\n - /certs/client|" config.yml ; + /bin/forgejo-runner --config config.yml daemon + securityContext: + allowPrivilegeEscalation: true + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + env: + - name: DOCKER_HOST + value: tcp://localhost:2376 + - name: DOCKER_CERT_PATH + value: /certs/client + - name: DOCKER_TLS_VERIFY + value: "1" + volumeMounts: + - name: docker-certs + mountPath: /certs + - name: runner-data + mountPath: /data + - name: daemon + image: docker:27.4.1-dind + env: + - name: DOCKER_TLS_CERTDIR + value: /certs + securityContext: + privileged: true + volumeMounts: + - name: docker-certs + mountPath: /certs diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml index c8328c0..9b4aeae 100644 --- a/template/stacks/core/forgejo.yaml +++ b/template/stacks/core/forgejo.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/forgejo/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/core/forgejo/values.yaml b/template/stacks/core/forgejo/values.yaml index bfcd384..1bf35c2 100644 --- a/template/stacks/core/forgejo/values.yaml +++ b/template/stacks/core/forgejo/values.yaml @@ -25,8 +25,8 @@ gitea: queue: TYPE: level server: - DOMAIN: 'gitea.{{{ .Env.DOMAIN }}}' - ROOT_URL: 'https://gitea.{{{ .Env.DOMAIN }}}:443' + DOMAIN: '{{{ .Env.DOMAIN_GITEA }}}' + ROOT_URL: 'https://{{{ .Env.DOMAIN_GITEA }}}:443' service: ssh: @@ -53,3 +53,4 @@ forgejo: - docker:docker://node:16-bullseye - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04 - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04 + - ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04 diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml index ae66d9f..ec156c5 100644 --- a/template/stacks/core/ingress-apps.yaml +++ b/template/stacks/core/ingress-apps.yaml @@ -11,7 +11,7 @@ spec: destination: server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/core/ingress-apps" project: default diff --git a/template/stacks/core/ingress-apps/forgejo.yaml b/template/stacks/core/ingress-apps/forgejo.yaml index 3143875..a5657ca 100644 --- a/template/stacks/core/ingress-apps/forgejo.yaml +++ b/template/stacks/core/ingress-apps/forgejo.yaml @@ -6,7 +6,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-body-size: 512m {{{ if eq .Env.CLUSTER_TYPE "osc" }}} dns.gardener.cloud/class: garden - dns.gardener.cloud/dnsnames: gitea.{{{ .Env.DOMAIN }}} + dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN_GITEA }}} dns.gardener.cloud/ttl: "600" {{{ end }}} name: forgejo @@ -14,7 +14,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: gitea.{{{ .Env.DOMAIN }}} + - host: {{{ .Env.DOMAIN_GITEA }}} http: paths: - backend: @@ -26,5 +26,5 @@ spec: pathType: Prefix tls: - hosts: - - gitea.{{{ .Env.DOMAIN }}} + - {{{ .Env.DOMAIN_GITEA }}} secretName: forgejo-net-tls diff --git a/template/stacks/core/ingress-nginx.yaml b/template/stacks/core/ingress-nginx.yaml index 4e1f1a8..cb69681 100644 --- a/template/stacks/core/ingress-nginx.yaml +++ b/template/stacks/core/ingress-nginx.yaml @@ -22,6 +22,6 @@ spec: helm: valueFiles: - $values/stacks/core/ingress-nginx/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml index 5163ef0..7de20cd 100644 --- a/template/stacks/local-backup/minio.yaml +++ b/template/stacks/local-backup/minio.yaml @@ -17,10 +17,10 @@ spec: valueFiles: - $values/stacks/local-backup/minio/helm/values.yaml chart: minio - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/local-backup/minio/manifests" destination: diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml index a798f63..e668cf6 100644 --- a/template/stacks/local-backup/velero.yaml +++ b/template/stacks/local-backup/velero.yaml @@ -17,7 +17,7 @@ spec: valueFiles: - $values/stacks/local-backup/velero/helm/values.yaml chart: velero - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values destination: diff --git a/template/stacks/ref-implementation/forgejo-runner.yaml b/template/stacks/monitoring/alloy.yaml similarity index 53% rename from template/stacks/ref-implementation/forgejo-runner.yaml rename to template/stacks/monitoring/alloy.yaml index bceefc7..7d4d614 100644 --- a/template/stacks/ref-implementation/forgejo-runner.yaml +++ b/template/stacks/monitoring/alloy.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: forgejo-runner + name: alloy namespace: argocd labels: env: dev @@ -16,14 +16,14 @@ spec: - CreateNamespace=true destination: name: in-cluster - namespace: gitea + namespace: monitoring sources: - - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-runner.git - path: forgejo-runner - targetRevision: HEAD + - repoURL: https://github.com/grafana/alloy.git + path: operations/helm/charts/alloy + targetRevision: HEAD helm: valueFiles: - - $values/stacks/ref-implementation/forgejo-runner/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - $values/stacks/monitoring/alloy/values.yaml + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD - ref: values + ref: values \ No newline at end of file diff --git a/template/stacks/monitoring/alloy/values.yaml b/template/stacks/monitoring/alloy/values.yaml new file mode 100644 index 0000000..3f038fa --- /dev/null +++ b/template/stacks/monitoring/alloy/values.yaml @@ -0,0 +1,4 @@ +alloy: + create: false + name: alloy-config + key: config.alloy diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml index f27e669..186f692 100644 --- a/template/stacks/monitoring/grafana-dashboards.yaml +++ b/template/stacks/monitoring/grafana-dashboards.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/monitoring/kube-prometheus/dashboards" destination: diff --git a/template/stacks/monitoring/kube-prometheus-sso.yaml b/template/stacks/monitoring/kube-prometheus-sso.yaml new file mode 100644 index 0000000..0e6e43a --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus-sso.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-prometheus-sso + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/monitoring/kube-prometheus-sso" + destination: + server: "https://kubernetes.default.svc" + namespace: monitoring + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s diff --git a/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml b/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml new file mode 100644 index 0000000..896ec1b --- /dev/null +++ b/template/stacks/monitoring/kube-prometheus-sso/secret-grafana.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: auth-generic-oauth-secret + namespace: monitoring +spec: + secretStoreRef: + name: keycloak + kind: ClusterSecretStore + refreshInterval: "0" + target: + name: auth-generic-oauth-secret + template: + engineVersion: v2 + data: + client_secret: "{{.GRAFANA_CLIENT_SECRET}}" + data: + - secretKey: GRAFANA_CLIENT_SECRET + remoteRef: + key: keycloak-clients + property: GRAFANA_CLIENT_SECRET diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml index f4f6ea5..7bcf3ca 100644 --- a/template/stacks/monitoring/kube-prometheus.yaml +++ b/template/stacks/monitoring/kube-prometheus.yaml @@ -15,6 +15,12 @@ spec: syncOptions: - CreateNamespace=true - ServerSideApply=true # do not copy metdata, since (because of its large size) it can lead to sync failure + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s destination: name: in-cluster namespace: monitoring @@ -25,6 +31,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/kube-prometheus/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml index 9c0ca32..901345f 100644 --- a/template/stacks/monitoring/kube-prometheus/values.yaml +++ b/template/stacks/monitoring/kube-prometheus/values.yaml @@ -33,7 +33,33 @@ grafana: domain: {{{ .Env.DOMAIN }}} root_url: "%(protocol)s://%(domain)s/grafana" serve_from_sub_path: true + auth: + disable_login: true + disable_login_form: true + auth.generic_oauth: + enabled: true + name: Keycloak-OAuth + allow_sign_up: true + use_refresh_token: true + client_id: grafana + client_secret: $__file{/etc/secrets/auth_generic_oauth/client_secret} + scopes: openid email profile offline_access roles + email_attribute_path: email + login_attribute_path: username + name_attribute_path: full_name + auth_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/auth + token_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/token + api_url: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe/protocol/openid-connect/userinfo + redirect_uri: http://{{{ .Env.DOMAIN }}}/grafana/login/generic_oauth + role_attribute_path: "contains(groups[*], 'admin') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'" + extraSecretMounts: + - name: auth-generic-oauth-secret-mount + secretName: auth-generic-oauth-secret + defaultMode: 0440 + mountPath: /etc/secrets/auth_generic_oauth + readOnly: true + serviceMonitor: # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator enabled: true diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml index 8494955..a2f0238 100644 --- a/template/stacks/monitoring/loki.yaml +++ b/template/stacks/monitoring/loki.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/monitoring/loki/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml index bc4682d..8f4af77 100644 --- a/template/stacks/monitoring/promtail.yaml +++ b/template/stacks/monitoring/promtail.yaml @@ -24,6 +24,6 @@ spec: helm: valueFiles: - $values/stacks/monitoring/promtail/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values \ No newline at end of file diff --git a/template/stacks/ref-implementation/argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows.yaml index 93cc7b1..ef23482 100644 --- a/template/stacks/ref-implementation/argo-workflows.yaml +++ b/template/stacks/ref-implementation/argo-workflows.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/argo-workflows/manifests/dev" destination: @@ -23,3 +23,7 @@ spec: selfHeal: true retry: limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s diff --git a/template/stacks/ref-implementation/backstage-templates.yaml b/template/stacks/ref-implementation/backstage-templates.yaml index adb5f08..2749418 100644 --- a/template/stacks/ref-implementation/backstage-templates.yaml +++ b/template/stacks/ref-implementation/backstage-templates.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage-templates/entities" directory: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml index bc52aa8..dbe0264 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml @@ -20,7 +20,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml index 34ee8da..fd440d3 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml @@ -100,7 +100,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -111,7 +111,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}} path: "kustomize/base" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml index 04416ba..ccdf3d0 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml @@ -14,7 +14,7 @@ metadata: apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}} apache-spark.cnoe.io/cluster-name: local links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml index f6e3083..12c68a3 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml @@ -35,7 +35,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -46,7 +46,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml index 102ff01..e583206 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml @@ -10,7 +10,7 @@ metadata: backstage.io/kubernetes-namespace: default argocd/app-name: ${{values.name | dump}} links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Repo URL icon: github spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml index 7fb96a7..e69d13c 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml @@ -31,7 +31,7 @@ spec: input: description: This is an example app # Hard coded value for this demo purposes only. - repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}} defaultBranch: main - id: create-argocd-app name: Create ArgoCD App @@ -42,7 +42,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}} path: "manifests" - id: register name: Register diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml index f75a37f..07090f2 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml @@ -9,7 +9,7 @@ metadata: backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' backstage.io/kubernetes-namespace: gitea links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Repo URL icon: git spec: @@ -26,7 +26,7 @@ metadata: annotations: backstage.io/techdocs-ref: dir:. links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Gitea Repo icon: git spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml index 133e70e..6e9421d 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml @@ -33,7 +33,7 @@ spec: name: Publish to Gitea action: publish:gitea input: - repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}} description: This is the repository for ${{ parameters.name }} sourcePath: ./skeleton defaultBranch: main diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml deleted file mode 100644 index 61fadfd..0000000 --- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml +++ /dev/null @@ -1,32 +0,0 @@ -# This workflow will build a Java project with Gradle, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle - -name: Java CI with Gradle - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - -jobs: - build: - - runs-on: ubuntu-latest - strategy: - matrix: - java: [ '17' ] - - steps: - - uses: actions/checkout@v4 - - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %} - uses: https://github.com/actions/setup-java@v4 - with: - java-version: '{% raw %}${{matrix.java}}{% endraw %}' - distribution: 'adopt' - cache: maven - - name: Setup Gradle - uses: https://github.com/gradle/actions/setup-gradle@v4 - - name: Build with Gradle - run: ./gradlew build - diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml index f04cf78..62cbd53 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml @@ -28,12 +28,12 @@ jobs: distribution: 'adopt' cache: maven - name: Build with Maven Wrapper - run: ./mvnw -B verify + run: ./mvnw -B -DskipTests verify - name: Build image #run: ./mvnw spring-boot:build-image # the original image build run: | export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]') - ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea.{{{ .Env.DOMAIN }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} + ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage={{{ .Env.DOMAIN_GITEA }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %} -Djib.from.platforms=linux/arm64,linux/amd64 - name: Build image as tar run: | ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true @@ -57,7 +57,11 @@ jobs: NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this - name: install trivy from deb package run: | - wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb + if [[ "$(uname -m)" == "x86_64" ]]; then + wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb + else + wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-ARM64.deb + fi DEBIAN_FRONTEND=noninteractive dpkg -i trivy.deb - name: scan the image run: trivy image --input jib-image.tar diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml index 94a7880..f9d4b3d 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml @@ -9,7 +9,7 @@ metadata: backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}' backstage.io/kubernetes-namespace: gitea links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Repo URL icon: git spec: @@ -26,7 +26,7 @@ metadata: annotations: backstage.io/techdocs-ref: dir:. links: - - url: https://gitea.{{{ .Env.DOMAIN }}}:443 + - url: https://{{{ .Env.DOMAIN_GITEA }}}:443 title: Gitea Repo icon: git spec: diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml index 5098ca3..aa6b3d4 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml @@ -58,7 +58,7 @@ spec: spec: containers: - name: workload - image: gitea.{{{ .Env.DOMAIN }}}/giteaadmin/${{ values.name }} + image: {{{ .Env.DOMAIN_GITEA }}}/giteaadmin/${{ values.name }} env: - name: SPRING_PROFILES_ACTIVE value: postgres diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml index 50afc43..84dc871 100644 --- a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml +++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml @@ -50,7 +50,7 @@ spec: name: Publish to Gitea action: publish:gitea input: - repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}} + repoUrl: {{{ .Env.DOMAIN_GITEA }}}:443/?repo=${{parameters.name}} description: This is the repository for ${{ parameters.name }} sourcePath: ./ defaultBranch: main @@ -64,7 +64,7 @@ spec: argoInstance: in-cluster projectName: default # necessary until we generate our own cert - repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}} + repoUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/${{parameters.name}} path: "k8s" - id: register diff --git a/template/stacks/ref-implementation/backstage.yaml b/template/stacks/ref-implementation/backstage.yaml index f162001..01932dc 100644 --- a/template/stacks/ref-implementation/backstage.yaml +++ b/template/stacks/ref-implementation/backstage.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/backstage/manifests" destination: @@ -23,3 +23,7 @@ spec: selfHeal: true retry: limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml index b46fbd4..b3bfd57 100644 --- a/template/stacks/ref-implementation/backstage/manifests/install.yaml +++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml @@ -106,12 +106,12 @@ data: integrations: gitea: - - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}:443 - host: gitea.{{{ .Env.DOMAIN }}}:443 + - baseUrl: https://{{{ .Env.DOMAIN_GITEA }}}:443 + host: {{{ .Env.DOMAIN_GITEA }}}:443 username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} - - baseUrl: https://gitea.{{{ .Env.DOMAIN }}} - host: gitea.{{{ .Env.DOMAIN }}} + - baseUrl: https://{{{ .Env.DOMAIN_GITEA }}} + host: {{{ .Env.DOMAIN_GITEA }}} username: ${GITEA_USERNAME} password: ${GITEA_PASSWORD} - baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live @@ -167,7 +167,7 @@ data: locations: # Examples from a public GitHub repository. - type: url - target: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml + target: https://{{{ .Env.DOMAIN_GITEA }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml rules: - allow: [Component, System, API, Resource, Location, Template, User, Group] kubernetes: diff --git a/template/stacks/ref-implementation/external-secrets.yaml b/template/stacks/ref-implementation/external-secrets.yaml index de2c53a..37e8004 100644 --- a/template/stacks/ref-implementation/external-secrets.yaml +++ b/template/stacks/ref-implementation/external-secrets.yaml @@ -12,7 +12,7 @@ spec: namespace: external-secrets server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/external-secrets/manifests" project: default diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml index b049686..91b7b2f 100644 --- a/template/stacks/ref-implementation/fibonacci-app.yaml +++ b/template/stacks/ref-implementation/fibonacci-app.yaml @@ -10,7 +10,7 @@ metadata: spec: project: default source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/fibonacci-app" destination: diff --git a/template/stacks/ref-implementation/forgejo-runner/values.yaml b/template/stacks/ref-implementation/forgejo-runner/values.yaml deleted file mode 100644 index 2fdc97c..0000000 --- a/template/stacks/ref-implementation/forgejo-runner/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -replicaCount: 2 - -image: - repository: code.forgejo.org/forgejo/runner - pullPolicy: IfNotPresent - tag: "6.0.1" - -forgejoUrl: http://forgejo-http.gitea.svc.cluster.local:3000 diff --git a/template/stacks/ref-implementation/keycloak.yaml b/template/stacks/ref-implementation/keycloak.yaml index e4fb166..93d8db7 100644 --- a/template/stacks/ref-implementation/keycloak.yaml +++ b/template/stacks/ref-implementation/keycloak.yaml @@ -12,7 +12,7 @@ spec: namespace: keycloak server: "https://kubernetes.default.svc" source: - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD path: "stacks/ref-implementation/keycloak/manifests" project: default diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml index e2a0981..6c8d603 100644 --- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml +++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml @@ -100,11 +100,11 @@ data: user-user1.json: | { "username": "user1", - "email": "", + "email": "user1@user.de", "firstName": "user", "lastName": "one", "requiredActions": [], - "emailVerified": false, + "emailVerified": true, "groups": [ "/admin" ], @@ -113,11 +113,11 @@ data: user-user2.json: | { "username": "user2", - "email": "", + "email": "user2@user.de", "firstName": "user", "lastName": "two", "requiredActions": [], - "emailVerified": false, + "emailVerified": true, "groups": [ "/base-user" ], @@ -181,6 +181,44 @@ data: ] } + grafana-client-payload.json: | + { + "clientId": "grafana", + "name": "Grafana Client", + "description": "Used for Grafana SSO", + "rootUrl": "https://{{{ .Env.DOMAIN }}}/grafana", + "adminUrl": "https://{{{ .Env.DOMAIN }}}/grafana", + "baseUrl": "https://{{{ .Env.DOMAIN }}}/grafana", + "alwaysDisplayInConsole": false, + "redirectUris": [ + "http://{{{ .Env.DOMAIN }}}/grafana/*" + ], + "webOrigins": [ + "https://{{{ .Env.DOMAIN }}}/grafana" + ], + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "saml_idp_initiated_sso_url_name": "", + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false" + }, + "defaultClientScopes": [ + "web-origins", + "acr", + "offline_access", + "roles", + "profile", + "groups", + "email" + ] + } + --- apiVersion: batch/v1 kind: Job @@ -247,7 +285,11 @@ spec: fi set -e - curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/amd64/kubectl" + if [[ "$(uname -m)" == "x86_64" ]]; then + curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/amd64/kubectl" + else + curl -sS -LO "https://dl.k8s.io/release/v1.28.3//bin/linux/arm64/kubectl" + fi chmod +x kubectl echo "creating cnoe realm and groups" @@ -330,7 +372,24 @@ spec: ARGO_WORKFLOWS_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \ -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret') + + echo "creating Grafana client" + curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X POST --data @/var/config/grafana-client-payload.json \ + ${KEYCLOAK_URL}/admin/realms/cnoe/clients + CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "grafana") | .id') + + CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id') + curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID} + + GRAFANA_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \ + -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ + -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret') + echo "creating Backstage client" curl -sS -H "Content-Type: application/json" \ -H "Authorization: bearer ${KEYCLOAK_TOKEN}" \ @@ -365,6 +424,8 @@ spec: ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN} BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET} BACKSTAGE_CLIENT_ID: backstage + GRAFANA_CLIENT_SECRET: ${GRAFANA_CLIENT_SECRET} + GRAFANA_CLIENT_ID: grafana " > /tmp/secret.yaml ./kubectl apply -f /tmp/secret.yaml diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml index a6f3ec8..ffc2923 100644 --- a/template/stacks/ref-implementation/openbao.yaml +++ b/template/stacks/ref-implementation/openbao.yaml @@ -24,7 +24,7 @@ spec: helm: valueFiles: - $values/stacks/ref-implementation/openbao/values.yaml - - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + - repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD ref: values ignoreDifferences: diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml index e71b4f0..26a70eb 100644 --- a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml +++ b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml @@ -19,5 +19,5 @@ spec: namespace: crossplane-system source: path: stacks/second-cluster/create-new-cluster-guestbook - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder targetRevision: HEAD