forked from hswaw/hscloud
devtools/issues: redmine deployment
Change-Id: I71956c4132bf2063e9fc41eb24c4f37657b8fd9d
This commit is contained in:
parent
95da3d5011
commit
0572fff9a4
3 changed files with 175 additions and 0 deletions
12
devtools/issues/Dockerfile
Normal file
12
devtools/issues/Dockerfile
Normal file
|
@ -0,0 +1,12 @@
|
|||
FROM redmine:4.1.1-alpine@sha256:8396c1a7e5b2087a16d54aa08578fc1c30fa7aba85b6d4cd592a07c410f1a743
|
||||
|
||||
RUN git clone -n https://github.com/anteo/redmine_custom_workflows plugins/redmine_custom_workflows && cd plugins/redmine_custom_workflows && git checkout 2802812c331a03b0443aeba1101d74aee442e0f7
|
||||
RUN git clone -n https://github.com/informatic/redmine_openid_connect plugins/redmine_openid_connect && cd plugins/redmine_openid_connect && git checkout bfd22cef9b5916ccde7d6da9cc363b30c001f42c
|
||||
RUN git clone -n https://github.com/informatic/redmine_s3 plugins/redmine_s3 && cd plugins/redmine_s3 && git checkout 9b3881c2a80bc4093f29345b4ee6f98dc7aa874a
|
||||
RUN git clone -n https://github.com/two-pack/redmine_auto_assign_group plugins/redmine_auto_assign_group && cd plugins/redmine_auto_assign_group && git checkout aad1c4b9f5500d7a03bbfa34cc0c50b05d2a9b8a
|
||||
RUN git clone -n https://github.com/sf-cola/select_to_select2 plugins/select_to_select2 && cd plugins/select_to_select2 && git checkout 9b12893849bdbfbd75cbc321c9b1f0fb7833802c
|
||||
RUN git clone -n https://github.com/davidegiacometti/redmine_shortcuts plugins/redmine_shortcuts && cd plugins/redmine_shortcuts && git checkout a15128f9b6ccd74893cb57a157e2838591a6df4a
|
||||
|
||||
RUN bundle check || bundle install --without development test
|
||||
|
||||
ENV REDMINE_PLUGINS_MIGRATE 1
|
40
devtools/issues/prod.jsonnet
Normal file
40
devtools/issues/prod.jsonnet
Normal file
|
@ -0,0 +1,40 @@
|
|||
#
|
||||
# issues.hackerspace.pl redmine deployment
|
||||
#
|
||||
# Bootstrap:
|
||||
#
|
||||
# ns=redmine
|
||||
# kubectl -n $ns create secret generic redmine --from-literal=secret_key=$(pwgen 24 1) --from-literal=oidc_secret=...
|
||||
#
|
||||
# ceph_ns=ceph-waw3; ceph_pool=waw-hdd-redundant-3
|
||||
# kubectl -n $ceph_ns get secrets rook-ceph-object-user-${ceph_pool}-object-issues -o json | jq 'del(.metadata.namespace,.metadata.resourceVersion,.metadata.uid) | .metadata.creationTimestamp=null' | kubectl replace -f - -n $ns
|
||||
#
|
||||
|
||||
local redmine = import "./redmine.libsonnet";
|
||||
|
||||
{
|
||||
issues: redmine {
|
||||
cfg+: {
|
||||
namespace: "redmine",
|
||||
domain: "issues.hackerspace.pl",
|
||||
|
||||
storage+: {
|
||||
endpoint: "https://object.ceph-waw3.hswaw.net",
|
||||
bucket: "issues",
|
||||
|
||||
# This is required for redmine_s3 to properly create a bucket
|
||||
region: "us-east-1",
|
||||
|
||||
local rookSecret = "rook-ceph-object-user-waw-hdd-redundant-3-object-issues",
|
||||
accessKey: { secretKeyRef: { name: rookSecret, key: "AccessKey" } },
|
||||
secretKey: { secretKeyRef: { name: rookSecret, key: "SecretKey" } },
|
||||
},
|
||||
|
||||
oidc+: {
|
||||
server: "https://sso.hackerspace.pl",
|
||||
clientID: "70ee2821-2657-4409-a298-98649d1f689f",
|
||||
clientSecret: { secretKeyRef: { name: "redmine", key: "oidc_secret" } },
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
123
devtools/issues/redmine.libsonnet
Normal file
123
devtools/issues/redmine.libsonnet
Normal file
|
@ -0,0 +1,123 @@
|
|||
local kube = import "../../kube/kube.libsonnet";
|
||||
local postgres = import "../../kube/postgres.libsonnet";
|
||||
|
||||
{
|
||||
local app = self,
|
||||
local cfg = app.cfg,
|
||||
|
||||
cfg:: {
|
||||
namespace: "redmine",
|
||||
image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
|
||||
domain: error "domain must be set",
|
||||
storageClassName: "waw-hdd-redundant-3",
|
||||
database: {
|
||||
host: "postgres",
|
||||
name: "redmine",
|
||||
username: "redmine",
|
||||
password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
|
||||
port: 5432,
|
||||
},
|
||||
|
||||
storage: {
|
||||
endpoint: error "storage.endpoint must be set",
|
||||
region: error "storage.region must be set",
|
||||
bucket: error "storage.bucket must be set",
|
||||
accessKey: error "storage.accessKey must be set",
|
||||
secretKey: error "storage.secretKey must be set",
|
||||
},
|
||||
|
||||
oidc: {
|
||||
server: error "oidc.server must be set",
|
||||
clientID: error "oidc.clientID must be set",
|
||||
clientSecret: error "oidc.clientSecret must be set",
|
||||
},
|
||||
},
|
||||
|
||||
ns: kube.Namespace(app.cfg.namespace),
|
||||
|
||||
postgres: postgres {
|
||||
cfg+: {
|
||||
namespace: cfg.namespace,
|
||||
appName: "redmine",
|
||||
database: cfg.database.name,
|
||||
username: cfg.database.username,
|
||||
password: cfg.database.password,
|
||||
storageClassName: cfg.storageClassName,
|
||||
},
|
||||
},
|
||||
|
||||
deployment: app.ns.Contain(kube.Deployment("redmine")) {
|
||||
spec+: {
|
||||
replicas: 1,
|
||||
template+: {
|
||||
spec+: {
|
||||
securityContext: {
|
||||
runAsUser: 999,
|
||||
runAsGroup: 999,
|
||||
fsGroup: 999,
|
||||
},
|
||||
containers_: {
|
||||
web: kube.Container("redmine") {
|
||||
image: cfg.image,
|
||||
ports_: {
|
||||
http: { containerPort: 3000 },
|
||||
},
|
||||
env_: {
|
||||
REDMINE_DB_POSTGRES: cfg.database.host,
|
||||
REDMINE_DB_PORT: cfg.database.port,
|
||||
REDMINE_DB_USERNAME: cfg.database.username,
|
||||
REDMINE_DB_PASSWORD: cfg.database.password,
|
||||
REDMINE_DB_DATABASE: cfg.database.name,
|
||||
|
||||
REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
|
||||
|
||||
REDMINE_OIDC_SERVER: cfg.oidc.server,
|
||||
REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
|
||||
REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
|
||||
REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
|
||||
|
||||
REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
|
||||
REDMINE_S3_BUCKET: cfg.storage.bucket,
|
||||
REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
|
||||
REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
|
||||
REDMINE_S3_REGION: cfg.storage.region,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
svc: app.ns.Contain(kube.Service("redmine")) {
|
||||
target_pod:: app.deployment.spec.template,
|
||||
},
|
||||
|
||||
ingress: app.ns.Contain(kube.Ingress("redmine")) {
|
||||
metadata+: {
|
||||
annotations+: {
|
||||
"kubernetes.io/tls-acme": "true",
|
||||
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
|
||||
},
|
||||
},
|
||||
spec+: {
|
||||
tls: [
|
||||
{
|
||||
hosts: [cfg.domain],
|
||||
secretName: "redmine-tls",
|
||||
},
|
||||
],
|
||||
rules: [
|
||||
{
|
||||
host: cfg.domain,
|
||||
http: {
|
||||
paths: [
|
||||
{ path: "/", backend: app.svc.name_port },
|
||||
]
|
||||
},
|
||||
}
|
||||
],
|
||||
},
|
||||
},
|
||||
}
|
Loading…
Reference in a new issue