Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-21 06:02:32 -05:00
Code Issues Activity

Overhaul penpot chart

Browse source
This commit is contained in:
SorsOps 2024-06-19 19:57:19 +02:00
parent 905ccfdec9
commit 034d5ad5ab
No known key found for this signature in database
GPG key ID: E9EC78C740654016
18 changed files with 1148 additions and 224 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gimlet/k8s/preview-frontend/Chart.yaml → .gimlet/k8s/penpot/Chart.yaml
View file

@ -1,4 +1,4 @@
name: penpot-frontend-preview
name: penpot
maintainers:
- name: Tokens Studio
url: https://tokens.studio
@ -15,3 +15,8 @@ keywords:
- design
sources:
- https://github.com/penpot/penpot
dependencies:
- condition: global.redisEnabled
name: redis
repository: https://charts.bitnami.com/bitnami
version: 17.x.x

0
.gimlet/k8s/preview-frontend/templates/_helpers.tpl → .gimlet/k8s/penpot/templates/_helpers.tpl
View file

380
.gimlet/k8s/penpot/templates/backend/deployment.yaml Normal file
View file

@ -0,0 +1,380 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.backend.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.backend.replicaCount }}
selector:
matchLabels:
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{ if .Values.backend.podSecurityContext.enabled }}
securityContext:
{{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/instance
operator: In
values:
- {{ .Release.Name }}
topologyKey: "kubernetes.io/hostname"
containers:
- name: {{ .Chart.Name }}-backend
{{ if .Values.backend.containerSecurityContext.enabled }}
securityContext:
{{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
volumeMounts:
- mountPath: /opt/data
name: app-data
readOnly: false
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_SECRET_KEY
value: {{ .Values.config.apiSecretKey | quote }}
- name: PENPOT_DATABASE_URI
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
- name: PENPOT_DATABASE_USERNAME
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
value: {{ .Values.config.postgresql.username | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
{{- end }}
- name: PENPOT_DATABASE_PASSWORD
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
value: {{ .Values.config.postgresql.password | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
{{- end }}
- name: PENPOT_REDIS_URI
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: {{ .Values.config.assets.storageBackend | quote }}
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
value: {{ .Values.config.assets.filesystem.directory | quote }}
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: {{ .Values.config.assets.s3.region | quote }}
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: {{ .Values.config.assets.s3.bucket | quote }}
- name: AWS_ACCESS_KEY_ID
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
{{- end }}
- name: AWS_SECRET_ACCESS_KEY
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
{{- end }}
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
value: {{ .Values.config.assets.s3.endpointURI | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
{{- end }}
{{- end }}
- name: PENPOT_TELEMETRY_ENABLED
value: {{ .Values.config.telemetryEnabled | quote }}
{{- if .Values.config.smtp.enabled }}
- name: PENPOT_SMTP_ENABLED
value: 'true'
{{- if .Values.config.smtp.defaultFrom }}
- name: PENPOT_SMTP_DEFAULT_FROM
value: {{ .Values.config.smtp.defaultFrom | quote }}
{{- end }}
{{- if .Values.config.smtp.defaultReplyTo }}
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
{{- end }}
{{- if .Values.config.smtp.host }}
- name: PENPOT_SMTP_HOST
value: {{ .Values.config.smtp.host | quote }}
{{- end }}
{{- if .Values.config.smtp.port }}
- name: PENPOT_SMTP_PORT
value: {{ .Values.config.smtp.port | quote }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
- name: PENPOT_SMTP_USERNAME
value: {{ .Values.config.smtp.username | quote }}
{{- else }}
- name: PENPOT_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
- name: PENPOT_SMTP_PASSWORD
value: {{ .Values.config.smtp.password | quote }}
{{- else }}
- name: PENPOT_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
{{- end }}
{{- if .Values.config.smtp.tls }}
- name: PENPOT_SMTP_TLS
value: {{ .Values.config.smtp.tls | quote }}
{{- end }}
{{- if .Values.config.smtp.ssl }}
- name: PENPOT_SMTP_SSL
value: {{ .Values.config.smtp.ssl | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.registrationDomainWhitelist }}
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.config.registrationDomainWhitelist | quote }}
{{- end }}
{{- if .Values.config.providers.google.enabled }}
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
- name: PENPOT_GOOGLE_CLIENT_ID
value: {{ .Values.config.providers.google.clientID | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
- name: PENPOT_GOOGLE_CLIENT_SECRET
value: {{ .Values.config.providers.google.clientSecret | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.github.enabled }}
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
- name: PENPOT_GITHUB_CLIENT_ID
value: {{ .Values.config.providers.github.clientID | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
- name: PENPOT_GITHUB_CLIENT_SECRET
value: {{ .Values.config.providers.github.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.gitlab.enabled }}
{{- if .Values.config.providers.gitlab.baseURI }}
- name: PENPOT_GITLAB_BASE_URI
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
- name: PENPOT_GITLAB_CLIENT_ID
value: {{ .Values.config.providers.gitlab.clientID | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
- name: PENPOT_GITLAB_CLIENT_SECRET
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.oidc.enabled }}
{{- if .Values.config.providers.oidc.baseURI }}
- name: PENPOT_OIDC_BASE_URI
value: {{ .Values.config.providers.oidc.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
- name: PENPOT_OIDC_CLIENT_ID
value: {{ .Values.config.providers.oidc.clientID | quote}}
{{- else }}
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
- name: PENPOT_OIDC_CLIENT_SECRET
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
{{- else }}
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
{{- end }}
{{- if .Values.config.providers.oidc.authURI }}
- name: PENPOT_OIDC_AUTH_URI
value: {{ .Values.config.providers.oidc.authURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.tokenURI }}
- name: PENPOT_OIDC_TOKEN_URI
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.userURI }}
- name: PENPOT_OIDC_USER_URI
value: {{ .Values.config.providers.oidc.userURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.roles }}
- name: PENPOT_OIDC_ROLES
value: {{ .Values.config.providers.oidc.roles | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.rolesAttribute }}
- name: PENPOT_OIDC_ROLES_ATTR
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.scopes }}
- name: PENPOT_OIDC_SCOPES
value: {{ .Values.config.providers.oidc.scopes | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.nameAttribute }}
- name: PENPOT_OIDC_NAME_ATTR
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.emailAttribute }}
- name: PENPOT_OIDC_EMAIL_ATTR
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.ldap.enabled }}
{{- if .Values.config.providers.ldap.host }}
- name: PENPOT_LDAP_HOST
value: {{ .Values.config.providers.ldap.host | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.port }}
- name: PENPOT_LDAP_PORT
value: {{ .Values.config.providers.ldap.port | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.ssl }}
- name: PENPOT_LDAP_SSL
value: {{ .Values.config.providers.ldap.ssl | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.startTLS }}
- name: PENPOT_LDAP_STARTTLS
value: {{ .Values.config.providers.ldap.startTLS | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.baseDN }}
- name: PENPOT_LDAP_BASE_DN
value: {{ .Values.config.providers.ldap.baseDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindDN }}
- name: PENPOT_LDAP_BIND_DN
value: {{ .Values.config.providers.ldap.bindDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindPassword }}
- name: PENPOT_LDAP_BIND_PASSWORD
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesUsername }}
- name: PENPOT_LDAP_ATTRS_USERNAME
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesEmail }}
- name: PENPOT_LDAP_ATTRS_EMAIL
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesFullname }}
- name: PENPOT_LDAP_ATTRS_FULLNAME
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesPhoto }}
- name: PENPOT_LDAP_ATTRS_PHOTO
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.backend.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.backend.resources | nindent 12 }}
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: app-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
{{- else }}
emptyDir: {}
{{- end }}

16
.gimlet/k8s/penpot/templates/backend/service.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-backend
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
type: {{ .Values.backend.service.type }}
ports:
- port: {{ .Values.backend.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "penpot.backendSelectorLabels" . | nindent 4 }}

21
.gimlet/k8s/penpot/templates/db.yaml Normal file
View file

@ -0,0 +1,21 @@
{{- if and .Values.postgresql.enabled -}}
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: {{ include "penpot.fullname" . }}-db
namespace: {{ .Release.Namespace }}
spec:
instances: 1
superuserSecret:
name: {{ .Values.postgresql.superUser | quote }}
bootstrap:
initdb:
database: {{ .Values.postgresql.database | quote }}
owner: {{ .Values.postgresql.owner | quote }}
secret:
name: {{ .Values.postgresql.secret | quote }}
monitoring:
enablePodMonitor: true
storage:
size: 5Gi
{{- end -}}

353
.gimlet/k8s/penpot/templates/exporter/deployment.yaml Normal file
View file

@ -0,0 +1,353 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.exporter.replicaCount }}
selector:
matchLabels:
{{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
{{ if .Values.exporter.podSecurityContext.enabled }}
securityContext:
{{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}-exporter
{{ if .Values.exporter.containerSecurityContext.enabled }}
securityContext:
{{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
env:
- name: PENPOT_PUBLIC_URI
value: {{ .Values.config.publicURI | quote }}
- name: PENPOT_FLAGS
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
- name: PENPOT_SECRET_KEY
value: {{ .Values.config.apiSecretKey | quote }}
- name: PENPOT_DATABASE_URI
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
- name: PENPOT_DATABASE_USERNAME
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
value: {{ .Values.config.postgresql.username | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
{{- end }}
- name: PENPOT_DATABASE_PASSWORD
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
value: {{ .Values.config.postgresql.password | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.postgresql.existingSecret }}
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
{{- end }}
- name: PENPOT_REDIS_URI
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
- name: PENPOT_ASSETS_STORAGE_BACKEND
value: {{ .Values.config.assets.storageBackend | quote }}
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
value: {{ .Values.config.assets.filesystem.directory | quote }}
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
- name: PENPOT_STORAGE_ASSETS_S3_REGION
value: {{ .Values.config.assets.s3.region | quote }}
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
value: {{ .Values.config.assets.s3.bucket | quote }}
- name: AWS_ACCESS_KEY_ID
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
{{- end }}
- name: AWS_SECRET_ACCESS_KEY
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
{{- end }}
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
value: {{ .Values.config.assets.s3.endpointURI | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ .Values.config.assets.s3.existingSecret }}
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
{{- end }}
{{- end }}
- name: PENPOT_TELEMETRY_ENABLED
value: {{ .Values.config.telemetryEnabled | quote }}
{{- if .Values.config.smtp.enabled }}
{{- if .Values.config.smtp.defaultFrom }}
- name: PENPOT_SMTP_DEFAULT_FROM
value: {{ .Values.config.smtp.defaultFrom | quote }}
{{- end }}
{{- if .Values.config.smtp.defaultReplyTo }}
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
{{- end }}
{{- if .Values.config.smtp.host }}
- name: PENPOT_SMTP_HOST
value: {{ .Values.config.smtp.host | quote }}
{{- end }}
{{- if .Values.config.smtp.port }}
- name: PENPOT_SMTP_PORT
value: {{ .Values.config.smtp.port | quote }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
- name: PENPOT_SMTP_USERNAME
value: {{ .Values.config.smtp.username | quote }}
{{- else }}
- name: PENPOT_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
{{- end }}
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
- name: PENPOT_SMTP_PASSWORD
value: {{ .Values.config.smtp.password | quote }}
{{- else }}
- name: PENPOT_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.config.smtp.existingSecret }}
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
{{- end }}
{{- if .Values.config.smtp.tls }}
- name: PENPOT_SMTP_TLS
value: {{ .Values.config.smtp.tls | quote }}
{{- end }}
{{- if .Values.config.smtp.ssl }}
- name: PENPOT_SMTP_SSL
value: {{ .Values.config.smtp.ssl | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.registrationDomainWhitelist }}
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
value: {{ .Values.config.registrationDomainWhitelist | quote }}
{{- end }}
{{- if .Values.config.providers.google.enabled }}
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
- name: PENPOT_GOOGLE_CLIENT_ID
value: {{ .Values.config.providers.google.clientID | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
- name: PENPOT_GOOGLE_CLIENT_SECRET
value: {{ .Values.config.providers.google.clientSecret | quote }}
{{- else }}
- name: PENPOT_GOOGLE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.github.enabled }}
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
- name: PENPOT_GITHUB_CLIENT_ID
value: {{ .Values.config.providers.github.clientID | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
- name: PENPOT_GITHUB_CLIENT_SECRET
value: {{ .Values.config.providers.github.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.gitlab.enabled }}
{{- if .Values.config.providers.gitlab.baseURI }}
- name: PENPOT_GITLAB_BASE_URI
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
- name: PENPOT_GITLAB_CLIENT_ID
value: {{ .Values.config.providers.gitlab.clientID | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
- name: PENPOT_GITLAB_CLIENT_SECRET
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
{{- else }}
- name: PENPOT_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.oidc.enabled }}
{{- if .Values.config.providers.oidc.baseURI }}
- name: PENPOT_OIDC_BASE_URI
value: {{ .Values.config.providers.oidc.baseURI | quote }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
- name: PENPOT_OIDC_CLIENT_ID
value: {{ .Values.config.providers.oidc.clientID | quote}}
{{- else }}
- name: PENPOT_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
{{- end }}
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
- name: PENPOT_OIDC_CLIENT_SECRET
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
{{- else }}
- name: PENPOT_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.config.providers.existingSecret }}
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
{{- end }}
{{- if .Values.config.providers.oidc.authURI }}
- name: PENPOT_OIDC_AUTH_URI
value: {{ .Values.config.providers.oidc.authURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.tokenURI }}
- name: PENPOT_OIDC_TOKEN_URI
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.userURI }}
- name: PENPOT_OIDC_USER_URI
value: {{ .Values.config.providers.oidc.userURI | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.roles }}
- name: PENPOT_OIDC_ROLES
value: {{ .Values.config.providers.oidc.roles | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.rolesAttribute }}
- name: PENPOT_OIDC_ROLES_ATTR
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.scopes }}
- name: PENPOT_OIDC_SCOPES
value: {{ .Values.config.providers.oidc.scopes | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.nameAttribute }}
- name: PENPOT_OIDC_NAME_ATTR
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
{{- end }}
{{- if .Values.config.providers.oidc.emailAttribute }}
- name: PENPOT_OIDC_EMAIL_ATTR
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
{{- end }}
{{- end }}
{{- if .Values.config.providers.ldap.enabled }}
{{- if .Values.config.providers.ldap.host }}
- name: PENPOT_LDAP_HOST
value: {{ .Values.config.providers.ldap.host | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.port }}
- name: PENPOT_LDAP_PORT
value: {{ .Values.config.providers.ldap.port | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.ssl }}
- name: PENPOT_LDAP_SSL
value: {{ .Values.config.providers.ldap.ssl | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.startTLS }}
- name: PENPOT_LDAP_STARTTLS
value: {{ .Values.config.providers.ldap.startTLS | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.baseDN }}
- name: PENPOT_LDAP_BASE_DN
value: {{ .Values.config.providers.ldap.baseDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindDN }}
- name: PENPOT_LDAP_BIND_DN
value: {{ .Values.config.providers.ldap.bindDN | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.bindPassword }}
- name: PENPOT_LDAP_BIND_PASSWORD
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesUsername }}
- name: PENPOT_LDAP_ATTRS_USERNAME
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesEmail }}
- name: PENPOT_LDAP_ATTRS_EMAIL
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesFullname }}
- name: PENPOT_LDAP_ATTRS_FULLNAME
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
{{- end }}
{{- if .Values.config.providers.ldap.attributesPhoto }}
- name: PENPOT_LDAP_ATTRS_PHOTO
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
{{- end }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.exporter.service.port }}
protocol: TCP
resources:
{{- toYaml .Values.exporter.resources | nindent 12 }}
{{- with .Values.exporter.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.exporter.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.exporter.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

16
.gimlet/k8s/penpot/templates/exporter/service.yaml Normal file
View file

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}-exporter
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:
type: {{ .Values.exporter.service.type }}
ports:
- port: {{ .Values.exporter.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "penpot.exporterSelectorLabels" . | nindent 4 }}

129
.gimlet/k8s/penpot/templates/frontend/configmap.yaml Normal file
View file

@ -0,0 +1,129 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ include "penpot.fullname" . }}-frontend-nginx"
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
data:
nginx.conf: |
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2048;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_requests 30;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
reset_timedout_connection on;
client_body_timeout 30s;
client_header_timeout 30s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /dev/stdout;
access_log /dev/stdout;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_static on;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
resolver 127.0.0.11;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80 default_server;
server_name _;
client_max_body_size 100M;
charset utf-8;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
etag off;
root /var/www/app/;
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
location /api/export {
proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
}
location /api {
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
}
location /ws/notifications {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
}
location @handle_redirect {
set $redirect_uri "$upstream_http_location";
set $redirect_host "$upstream_http_x_host";
set $redirect_cache_control "$upstream_http_cache_control";
proxy_buffering off;
proxy_set_header Host "$redirect_host";
proxy_hide_header etag;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_pass $redirect_uri;
add_header x-internal-redirect "$redirect_uri";
add_header x-cache-control "$redirect_cache_control";
add_header cache-control "$redirect_cache_control";
}
location /assets {
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location /internal/assets {
internal;
alias /opt/data/assets;
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
}
}
}

5
.gimlet/k8s/preview-frontend/templates/frontend.yaml → .gimlet/k8s/penpot/templates/frontend/deployment.yaml
View file

@ -2,9 +2,12 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "penpot.fullname" . }}-frontend
namespace: {{ .Values.namespace }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.frontend.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.frontend.replicaCount }}
selector:

4
.gimlet/k8s/preview-frontend/templates/ingress.yaml → .gimlet/k8s/penpot/templates/frontend/ingress.yaml
View file

@ -12,7 +12,7 @@ apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Values.namespace }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.frontend.ingress.annotations }}
@ -22,7 +22,7 @@ metadata:
spec:
{{- if .Values.frontend.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
{{- range .Values.frontend.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}

2
.gimlet/k8s/preview-frontend/templates/service.yaml → .gimlet/k8s/penpot/templates/frontend/service.yaml
View file

@ -2,7 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "penpot.fullname" . }}
namespace: {{ .Values.namespace }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
spec:

24
.gimlet/k8s/penpot/templates/pvac.yaml Normal file
View file

@ -0,0 +1,24 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "penpot.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end -}}

13
.gimlet/k8s/penpot/templates/serviceaccount.yaml Normal file
View file

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "penpot.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "penpot.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end -}}

52
.gimlet/k8s/preview-frontend/values.yaml → .gimlet/k8s/penpot/values.yaml
View file

@ -2,12 +2,10 @@
## @section Global parameters
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
## @param global.imagePullSecrets Global Docker registry secret names as an array.
##
global:
postgresqlEnabled: false
redisEnabled: false
## E.g.
## imagePullSecrets:
@ -37,6 +35,7 @@ serviceAccount:
## Penpot Backend
##
backend:
labels: {}
## @param backend.image.repository The Docker repository to pull the image from.
## @param backend.image.tag The image tag to use.
## @param backend.image.imagePullPolicy The image pull policy to use.
@ -106,6 +105,9 @@ backend:
## Penpot Frontend
##
frontend:
labels: {}
## @param frontend.image.repository The Docker repository to pull the image from.
## @param frontend.image.tag The image tag to use.
## @param frontend.image.imagePullPolicy The image pull policy to use.
@ -243,12 +245,12 @@ exporter:
persistence:
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
##
enabled: true
enabled: false
## @param persistence.storageClass Persistent Volume storage class.
## If defined, storageClassName: <storageClass>.
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
##
storageClass: standard-rwx
storageClass: ""
## @param persistence.size Persistent Volume size.
##
size: 8Gi
@ -275,6 +277,7 @@ config:
publicURI: "http://localhost:8080"
flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65"
## @param config.postgresql.host The PostgreSQL host to connect to.
## @param config.postgresql.port The PostgreSQL host port to use.
## @param config.postgresql.database The PostgreSQL database to use.
@ -294,6 +297,7 @@ config:
secretKeys:
usernameKey: ""
passwordKey: ""
## @param config.redis.host The Redis host to connect to.
## @param config.redis.port The Redis host port to use.
## @param config.redis.database The Redis database to connect to.
@ -464,26 +468,24 @@ config:
oidcClientIDKey: ""
oidcClientSecretKey: ""
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
frontend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: latest
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
networking.gke.io/v1beta1.FrontendConfig: default-frontend-config
## @param postgresql.secret The secret to reference
## @param postgresql.owner The owner of the database
## @param postgresql.database Name for a custom database to create.
## @param postgresql.superUser The name of the secret for the superuser
##
postgresql:
enabled: false
secret: db-penpot-secrets
owner: penpot
database: penpot
superUser: db-penpot-superuser-secret
config:
publicURI: https://penpot.tokens.studio
redis:
host: penpot-redis-master.penpot.svc.cluster.local
postgresql:
host: penpot-db-rw
database: penpot
existingSecret: db-penpot-secrets
secretKeys:
usernameKey: username
passwordKey: password
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
## @param redis.auth.enabled Whether to enable password authentication.
##
redis:
auth:
enabled: false

6
.gimlet/k8s/preview-frontend/templates/namespace.yaml
View file

@ -1,6 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.namespace }}
labels:
toolkit.fluxcd.io/tenant: penpot-team

34
.gimlet/penpot-infra.yaml
View file

@ -45,3 +45,37 @@ manifests: |
- protocol: TCP
port: 1025
targetPort: 1025
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: db-penpot-secrets
namespace: penpot
spec:
encryptedData:
password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE=
username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw=
template:
metadata:
creationTimestamp: null
name: db-penpot-secrets
namespace: penpot
type: Opaque
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: db-penpot-superuser-secret
namespace: penpot
spec:
encryptedData:
password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg==
username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA==
template:
metadata:
creationTimestamp: null
name: db-penpot-superuser-secret
namespace: penpot
type: Opaque

75
.gimlet/penpot-pr.yaml
View file

@ -7,19 +7,66 @@ cleanup:
event: branchDeleted
app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
chart:
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/preview-frontend/
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/
values:
namespace: "{{ .BRANCH | sanitizeDNSName }}"
namespace: "penpot"
redis:
replica:
replicaCount: 0
global:
# Try use the existing redis
redisEnabled: false
imagePullSecrets:
- name: ghcr-login-secret
persistence:
enabled: true
storageClass: standard-rwx
postgresql:
# use the existing db
enabled: false
owner: penpot
database: penpot
# Assumed specified in infra
secret: db-penpot-secrets
superUser: db-penpot-superuser-secret
config:
smtp:
enabled: true
host: mailslurper
tls: false
port: 1025
publicURI: https://{{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio
redis:
host: penpot-redis-master.penpot.svc.cluster.local
postgresql:
# note that this is unchanged
host: penpot-db-rw
database: penpot
existingSecret: db-penpot-secrets
secretKeys:
usernameKey: username
passwordKey: password
backend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'backend-pr-{{ .SHA }}'
frontend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'frontend-pr-{{ .SHA }}'
ingress:
hosts:
- host: "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio"
tls:
- secretName: tls-penpot
hosts:
- "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio"
labels:
portService: tokens-studio-for-penpot
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'frontend-pr-{{ .SHA }}'
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: "{{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio"
tls:
- secretName: tls-penpot
hosts:
- {{ .BRANCH | sanitizeDNSName }}.penpot.dev.tokens.studio

235
.gimlet/penpot-prod.yaml
View file

@ -3,178 +3,65 @@ env: prod
deploy:
branch: token-studio-develop
event: push
manifests: |
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: codechem
namespace: penpot
spec:
interval: 5m
url: https://charts.codechem.com
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: db-penpot-secrets
namespace: penpot
spec:
encryptedData:
password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE=
username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw=
template:
metadata:
creationTimestamp: null
name: db-penpot-secrets
namespace: penpot
type: Opaque
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: db-penpot-superuser-secret
namespace: penpot
spec:
encryptedData:
password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg==
username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA==
template:
metadata:
creationTimestamp: null
name: db-penpot-superuser-secret
namespace: penpot
type: Opaque
---
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: penpot-db
namespace: penpot
spec:
instances: 1
superuserSecret:
name: db-penpot-superuser-secret
bootstrap:
initdb:
database: penpot
owner: penpot
secret:
name: db-penpot-secrets
monitoring:
enablePodMonitor: true
storage:
size: 5Gi
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: penpot
namespace: penpot
spec:
releaseName: penpot
chart:
spec:
version: "1.0.10"
chart: penpot
sourceRef:
kind: HelmRepository
name: codechem
interval: 50m
install:
remediation:
retries: 3
values:
redis:
replica:
replicaCount: 0
global:
postgresqlEnabled: false
redisEnabled: true
imagePullSecrets:
- name: ghcr-login-secret
persistence:
enabled: true
storageClass: standard-rwx
backend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'backend-{{ .SHA }}'
frontend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'frontend-{{ .SHA }}'
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
chart:
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/
values:
namespace: "penpot"
redis:
replica:
replicaCount: 0
global:
redisEnabled: true
imagePullSecrets:
- name: ghcr-login-secret
persistence:
enabled: true
storageClass: standard-rwx
postgresql:
enabled: true
owner: penpot
database: penpot
# Assumed specified in infra
secret: db-penpot-secrets
superUser: db-penpot-superuser-secret
config:
smtp:
enabled: true
host: mailslurper
tls: false
port: 1025
publicURI: https://penpot.tokens.studio
redis:
host: penpot-redis-master.penpot.svc.cluster.local
postgresql:
host: penpot-db-rw
database: penpot
existingSecret: db-penpot-secrets
secretKeys:
usernameKey: username
passwordKey: password
backend:
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'backend-{{ .SHA }}'
frontend:
labels:
portService: tokens-studio-for-penpot
image:
pullPolicy: IfNotPresent
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
tag: 'frontend-{{ .SHA }}'
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: "penpot.tokens.studio"
tls:
- secretName: tls-penpot
hosts:
- host: penpot.tokens.studio
tls:
- secretName: tls-penpot
hosts:
- penpot.tokens.studio
# https://github.com/codechem/helm/issues/15
ingress:
tls:
- secretName: tls-penpot
hosts:
- penpot.tokens.studio
config:
publicURI: https://penpot.tokens.studio
smtp:
enabled: true
host: mailslurper
tls: false
port: 1025
redis:
host: penpot-redis-master.penpot.svc.cluster.local
postgresql:
host: penpot-db-rw
database: penpot
existingSecret: db-penpot-secrets
secretKeys:
usernameKey: username
passwordKey: password
json6902Patches:
- target:
group: "apps"
version: "v1"
kind: "Deployment"
name: "penpot-frontend"
patch: |
---
- op: add
path: /metadata/labels
value:
portService: tokens-studio-for-penpot
- target:
group: "apps"
version: "v1"
kind: "Deployment"
name: "penpot-exporter"
patch: |
---
- op: add
path: /metadata/labels
value:
portService: tokens-studio-for-penpot
- target:
group: "apps"
version: "v1"
kind: "Deployment"
name: "penpot-backend"
patch: |
---
- op: add
path: /metadata/labels
value:
portService: tokens-studio-for-penpot
- op: add
path: /spec/template/spec/containers/0/env
value:
name: PENPOT_SMTP_ENABLED
value: 'true'
- penpot.tokens.studio