From 0572fff9a475341933fdd6707c7664b788fd5323 Mon Sep 17 00:00:00 2001 From: Piotr Dobrowolski Date: Sat, 6 Feb 2021 22:23:53 +0100 Subject: [PATCH] devtools/issues: redmine deployment Change-Id: I71956c4132bf2063e9fc41eb24c4f37657b8fd9d --- devtools/issues/Dockerfile | 12 +++ devtools/issues/prod.jsonnet | 40 ++++++++++ devtools/issues/redmine.libsonnet | 123 ++++++++++++++++++++++++++++++ 3 files changed, 175 insertions(+) create mode 100644 devtools/issues/Dockerfile create mode 100644 devtools/issues/prod.jsonnet create mode 100644 devtools/issues/redmine.libsonnet diff --git a/devtools/issues/Dockerfile b/devtools/issues/Dockerfile new file mode 100644 index 00000000..264ed649 --- /dev/null +++ b/devtools/issues/Dockerfile @@ -0,0 +1,12 @@ +FROM redmine:4.1.1-alpine@sha256:8396c1a7e5b2087a16d54aa08578fc1c30fa7aba85b6d4cd592a07c410f1a743 + +RUN git clone -n https://github.com/anteo/redmine_custom_workflows plugins/redmine_custom_workflows && cd plugins/redmine_custom_workflows && git checkout 2802812c331a03b0443aeba1101d74aee442e0f7 +RUN git clone -n https://github.com/informatic/redmine_openid_connect plugins/redmine_openid_connect && cd plugins/redmine_openid_connect && git checkout bfd22cef9b5916ccde7d6da9cc363b30c001f42c +RUN git clone -n https://github.com/informatic/redmine_s3 plugins/redmine_s3 && cd plugins/redmine_s3 && git checkout 9b3881c2a80bc4093f29345b4ee6f98dc7aa874a +RUN git clone -n https://github.com/two-pack/redmine_auto_assign_group plugins/redmine_auto_assign_group && cd plugins/redmine_auto_assign_group && git checkout aad1c4b9f5500d7a03bbfa34cc0c50b05d2a9b8a +RUN git clone -n https://github.com/sf-cola/select_to_select2 plugins/select_to_select2 && cd plugins/select_to_select2 && git checkout 9b12893849bdbfbd75cbc321c9b1f0fb7833802c +RUN git clone -n https://github.com/davidegiacometti/redmine_shortcuts plugins/redmine_shortcuts && cd plugins/redmine_shortcuts && git checkout a15128f9b6ccd74893cb57a157e2838591a6df4a + +RUN bundle check || bundle install --without development test + +ENV REDMINE_PLUGINS_MIGRATE 1 diff --git a/devtools/issues/prod.jsonnet b/devtools/issues/prod.jsonnet new file mode 100644 index 00000000..2218716e --- /dev/null +++ b/devtools/issues/prod.jsonnet @@ -0,0 +1,40 @@ +# +# issues.hackerspace.pl redmine deployment +# +# Bootstrap: +# +# ns=redmine +# kubectl -n $ns create secret generic redmine --from-literal=secret_key=$(pwgen 24 1) --from-literal=oidc_secret=... +# +# ceph_ns=ceph-waw3; ceph_pool=waw-hdd-redundant-3 +# kubectl -n $ceph_ns get secrets rook-ceph-object-user-${ceph_pool}-object-issues -o json | jq 'del(.metadata.namespace,.metadata.resourceVersion,.metadata.uid) | .metadata.creationTimestamp=null' | kubectl replace -f - -n $ns +# + +local redmine = import "./redmine.libsonnet"; + +{ + issues: redmine { + cfg+: { + namespace: "redmine", + domain: "issues.hackerspace.pl", + + storage+: { + endpoint: "https://object.ceph-waw3.hswaw.net", + bucket: "issues", + + # This is required for redmine_s3 to properly create a bucket + region: "us-east-1", + + local rookSecret = "rook-ceph-object-user-waw-hdd-redundant-3-object-issues", + accessKey: { secretKeyRef: { name: rookSecret, key: "AccessKey" } }, + secretKey: { secretKeyRef: { name: rookSecret, key: "SecretKey" } }, + }, + + oidc+: { + server: "https://sso.hackerspace.pl", + clientID: "70ee2821-2657-4409-a298-98649d1f689f", + clientSecret: { secretKeyRef: { name: "redmine", key: "oidc_secret" } }, + }, + }, + }, +} diff --git a/devtools/issues/redmine.libsonnet b/devtools/issues/redmine.libsonnet new file mode 100644 index 00000000..420e488c --- /dev/null +++ b/devtools/issues/redmine.libsonnet @@ -0,0 +1,123 @@ +local kube = import "../../kube/kube.libsonnet"; +local postgres = import "../../kube/postgres.libsonnet"; + +{ + local app = self, + local cfg = app.cfg, + + cfg:: { + namespace: "redmine", + image: "registry.k0.hswaw.net/informatic/redmine@sha256:b04d1fd04549424e505722c9feb0b6741a057cb8f0fab68ad3730ecb167417df", + domain: error "domain must be set", + storageClassName: "waw-hdd-redundant-3", + database: { + host: "postgres", + name: "redmine", + username: "redmine", + password: { secretKeyRef: { name: "redmine", key: "postgres_password" } }, + port: 5432, + }, + + storage: { + endpoint: error "storage.endpoint must be set", + region: error "storage.region must be set", + bucket: error "storage.bucket must be set", + accessKey: error "storage.accessKey must be set", + secretKey: error "storage.secretKey must be set", + }, + + oidc: { + server: error "oidc.server must be set", + clientID: error "oidc.clientID must be set", + clientSecret: error "oidc.clientSecret must be set", + }, + }, + + ns: kube.Namespace(app.cfg.namespace), + + postgres: postgres { + cfg+: { + namespace: cfg.namespace, + appName: "redmine", + database: cfg.database.name, + username: cfg.database.username, + password: cfg.database.password, + storageClassName: cfg.storageClassName, + }, + }, + + deployment: app.ns.Contain(kube.Deployment("redmine")) { + spec+: { + replicas: 1, + template+: { + spec+: { + securityContext: { + runAsUser: 999, + runAsGroup: 999, + fsGroup: 999, + }, + containers_: { + web: kube.Container("redmine") { + image: cfg.image, + ports_: { + http: { containerPort: 3000 }, + }, + env_: { + REDMINE_DB_POSTGRES: cfg.database.host, + REDMINE_DB_PORT: cfg.database.port, + REDMINE_DB_USERNAME: cfg.database.username, + REDMINE_DB_PASSWORD: cfg.database.password, + REDMINE_DB_DATABASE: cfg.database.name, + + REDMINE_SECRET_KEY_BASE: { secretKeyRef: { name: "redmine", key: "secret_key" } }, + + REDMINE_OIDC_SERVER: cfg.oidc.server, + REDMINE_OIDC_CLIENT_ID: cfg.oidc.clientID, + REDMINE_OIDC_CLIENT_SECRET: cfg.oidc.clientSecret, + REDMINE_OIDC_ADMIN_GROUP: "issues-admin", + + REDMINE_S3_ENDPOINT: cfg.storage.endpoint, + REDMINE_S3_BUCKET: cfg.storage.bucket, + REDMINE_S3_ACCESS_KEY_ID: cfg.storage.accessKey, + REDMINE_S3_SECRET_ACCESS_KEY: cfg.storage.secretKey, + REDMINE_S3_REGION: cfg.storage.region, + }, + }, + }, + }, + }, + }, + }, + + svc: app.ns.Contain(kube.Service("redmine")) { + target_pod:: app.deployment.spec.template, + }, + + ingress: app.ns.Contain(kube.Ingress("redmine")) { + metadata+: { + annotations+: { + "kubernetes.io/tls-acme": "true", + "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod", + "nginx.ingress.kubernetes.io/proxy-body-size": "0", + }, + }, + spec+: { + tls: [ + { + hosts: [cfg.domain], + secretName: "redmine-tls", + }, + ], + rules: [ + { + host: cfg.domain, + http: { + paths: [ + { path: "/", backend: app.svc.name_port }, + ] + }, + } + ], + }, + }, +}