devtools/issues: redmine deployment

Change-Id: I71956c4132bf2063e9fc41eb24c4f37657b8fd9d
This commit is contained in:
informatic 2021-02-06 22:23:53 +01:00
parent 95da3d5011
commit 0572fff9a4
3 changed files with 175 additions and 0 deletions

View file

@ -0,0 +1,12 @@
FROM redmine:4.1.1-alpine@sha256:8396c1a7e5b2087a16d54aa08578fc1c30fa7aba85b6d4cd592a07c410f1a743
RUN git clone -n https://github.com/anteo/redmine_custom_workflows plugins/redmine_custom_workflows && cd plugins/redmine_custom_workflows && git checkout 2802812c331a03b0443aeba1101d74aee442e0f7
RUN git clone -n https://github.com/informatic/redmine_openid_connect plugins/redmine_openid_connect && cd plugins/redmine_openid_connect && git checkout bfd22cef9b5916ccde7d6da9cc363b30c001f42c
RUN git clone -n https://github.com/informatic/redmine_s3 plugins/redmine_s3 && cd plugins/redmine_s3 && git checkout 9b3881c2a80bc4093f29345b4ee6f98dc7aa874a
RUN git clone -n https://github.com/two-pack/redmine_auto_assign_group plugins/redmine_auto_assign_group && cd plugins/redmine_auto_assign_group && git checkout aad1c4b9f5500d7a03bbfa34cc0c50b05d2a9b8a
RUN git clone -n https://github.com/sf-cola/select_to_select2 plugins/select_to_select2 && cd plugins/select_to_select2 && git checkout 9b12893849bdbfbd75cbc321c9b1f0fb7833802c
RUN git clone -n https://github.com/davidegiacometti/redmine_shortcuts plugins/redmine_shortcuts && cd plugins/redmine_shortcuts && git checkout a15128f9b6ccd74893cb57a157e2838591a6df4a
RUN bundle check || bundle install --without development test
ENV REDMINE_PLUGINS_MIGRATE 1

View file

@ -0,0 +1,40 @@
#
# issues.hackerspace.pl redmine deployment
#
# Bootstrap:
#
# ns=redmine
# kubectl -n $ns create secret generic redmine --from-literal=secret_key=$(pwgen 24 1) --from-literal=oidc_secret=...
#
# ceph_ns=ceph-waw3; ceph_pool=waw-hdd-redundant-3
# kubectl -n $ceph_ns get secrets rook-ceph-object-user-${ceph_pool}-object-issues -o json | jq 'del(.metadata.namespace,.metadata.resourceVersion,.metadata.uid) | .metadata.creationTimestamp=null' | kubectl replace -f - -n $ns
#
local redmine = import "./redmine.libsonnet";
{
issues: redmine {
cfg+: {
namespace: "redmine",
domain: "issues.hackerspace.pl",
storage+: {
endpoint: "https://object.ceph-waw3.hswaw.net",
bucket: "issues",
# This is required for redmine_s3 to properly create a bucket
region: "us-east-1",
local rookSecret = "rook-ceph-object-user-waw-hdd-redundant-3-object-issues",
accessKey: { secretKeyRef: { name: rookSecret, key: "AccessKey" } },
secretKey: { secretKeyRef: { name: rookSecret, key: "SecretKey" } },
},
oidc+: {
server: "https://sso.hackerspace.pl",
clientID: "70ee2821-2657-4409-a298-98649d1f689f",
clientSecret: { secretKeyRef: { name: "redmine", key: "oidc_secret" } },
},
},
},
}

View file

@ -0,0 +1,123 @@
local kube = import "../../kube/kube.libsonnet";
local postgres = import "../../kube/postgres.libsonnet";
{
local app = self,
local cfg = app.cfg,
cfg:: {
namespace: "redmine",
image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df",
domain: error "domain must be set",
storageClassName: "waw-hdd-redundant-3",
database: {
host: "postgres",
name: "redmine",
username: "redmine",
password: { secretKeyRef: { name: "redmine", key: "postgres_password" } },
port: 5432,
},
storage: {
endpoint: error "storage.endpoint must be set",
region: error "storage.region must be set",
bucket: error "storage.bucket must be set",
accessKey: error "storage.accessKey must be set",
secretKey: error "storage.secretKey must be set",
},
oidc: {
server: error "oidc.server must be set",
clientID: error "oidc.clientID must be set",
clientSecret: error "oidc.clientSecret must be set",
},
},
ns: kube.Namespace(app.cfg.namespace),
postgres: postgres {
cfg+: {
namespace: cfg.namespace,
appName: "redmine",
database: cfg.database.name,
username: cfg.database.username,
password: cfg.database.password,
storageClassName: cfg.storageClassName,
},
},
deployment: app.ns.Contain(kube.Deployment("redmine")) {
spec+: {
replicas: 1,
template+: {
spec+: {
securityContext: {
runAsUser: 999,
runAsGroup: 999,
fsGroup: 999,
},
containers_: {
web: kube.Container("redmine") {
image: cfg.image,
ports_: {
http: { containerPort: 3000 },
},
env_: {
REDMINE_DB_POSTGRES: cfg.database.host,
REDMINE_DB_PORT: cfg.database.port,
REDMINE_DB_USERNAME: cfg.database.username,
REDMINE_DB_PASSWORD: cfg.database.password,
REDMINE_DB_DATABASE: cfg.database.name,
REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } },
REDMINE_OIDC_SERVER: cfg.oidc.server,
REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID,
REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret,
REDMINE_OIDC_ADMIN_GROUP: "issues-admin",
REDMINE_S3_ENDPOINT: cfg.storage.endpoint,
REDMINE_S3_BUCKET: cfg.storage.bucket,
REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey,
REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey,
REDMINE_S3_REGION: cfg.storage.region,
},
},
},
},
},
},
},
svc: app.ns.Contain(kube.Service("redmine")) {
target_pod:: app.deployment.spec.template,
},
ingress: app.ns.Contain(kube.Ingress("redmine")) {
metadata+: {
annotations+: {
"kubernetes.io/tls-acme": "true",
"certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
"nginx.ingress.kubernetes.io/proxy-body-size": "0",
},
},
spec+: {
tls: [
{
hosts: [cfg.domain],
secretName: "redmine-tls",
},
],
rules: [
{
host: cfg.domain,
http: {
paths: [
{ path: "/", backend: app.svc.name_port },
]
},
}
],
},
},
}