From fa8037c4b581372178fa62819548bd34d182b521 Mon Sep 17 00:00:00 2001 From: Florian Schroedl Date: Thu, 17 Oct 2024 17:40:25 +0200 Subject: [PATCH 1/2] Deploy From 52d8bed0fc79820ebbab1d63c11f4f737dbd621a Mon Sep 17 00:00:00 2001 From: SorsOps <80043879+sorsOps@users.noreply.github.com> Date: Thu, 24 Oct 2024 09:29:38 +0200 Subject: [PATCH 2/2] Remove all gimlet and custom workflow code --- .gimlet/k8s/penpot/Chart.yaml | 22 - .gimlet/k8s/penpot/templates/_helpers.tpl | 72 --- .../penpot/templates/backend/deployment.yaml | 370 ------------- .../k8s/penpot/templates/backend/service.yaml | 16 - .gimlet/k8s/penpot/templates/db.yaml | 21 - .../penpot/templates/exporter/deployment.yaml | 355 ------------- .../penpot/templates/exporter/service.yaml | 16 - .../penpot/templates/frontend/configmap.yaml | 314 ----------- .../penpot/templates/frontend/deployment.yaml | 372 ------------- .../penpot/templates/frontend/ingress.yaml | 53 -- .../penpot/templates/frontend/service.yaml | 16 - .gimlet/k8s/penpot/templates/pvac.yaml | 24 - .../k8s/penpot/templates/serviceaccount.yaml | 13 - .gimlet/k8s/penpot/values.yaml | 496 ------------------ .gimlet/penpot-infra.yaml | 197 ------- .gimlet/penpot-pr.yaml | 86 --- .gimlet/penpot-prod.yaml | 75 --- .github/workflows/pr.yaml | 88 ---- .github/workflows/publish.yml | 91 ---- 19 files changed, 2697 deletions(-) delete mode 100644 .gimlet/k8s/penpot/Chart.yaml delete mode 100644 .gimlet/k8s/penpot/templates/_helpers.tpl delete mode 100644 .gimlet/k8s/penpot/templates/backend/deployment.yaml delete mode 100644 .gimlet/k8s/penpot/templates/backend/service.yaml delete mode 100644 .gimlet/k8s/penpot/templates/db.yaml delete mode 100644 .gimlet/k8s/penpot/templates/exporter/deployment.yaml delete mode 100644 .gimlet/k8s/penpot/templates/exporter/service.yaml delete mode 100644 .gimlet/k8s/penpot/templates/frontend/configmap.yaml delete mode 100644 .gimlet/k8s/penpot/templates/frontend/deployment.yaml delete mode 100644 .gimlet/k8s/penpot/templates/frontend/ingress.yaml delete mode 100644 .gimlet/k8s/penpot/templates/frontend/service.yaml delete mode 100644 .gimlet/k8s/penpot/templates/pvac.yaml delete mode 100644 .gimlet/k8s/penpot/templates/serviceaccount.yaml delete mode 100644 .gimlet/k8s/penpot/values.yaml delete mode 100644 .gimlet/penpot-infra.yaml delete mode 100644 .gimlet/penpot-pr.yaml delete mode 100644 .gimlet/penpot-prod.yaml delete mode 100644 .github/workflows/pr.yaml delete mode 100644 .github/workflows/publish.yml diff --git a/.gimlet/k8s/penpot/Chart.yaml b/.gimlet/k8s/penpot/Chart.yaml deleted file mode 100644 index e8e76bd46..000000000 --- a/.gimlet/k8s/penpot/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: penpot -maintainers: - - name: Tokens Studio - url: https://tokens.studio -apiVersion: v2 -appVersion: 1.16.0-beta -version: 1.0.0 -description: Penpot Preview chart -home: https://github.com/tokens-studio/tokens-studio-for-penpot -icon: https://avatars.githubusercontent.com/u/30179644?s=200&v=4 -keywords: - - kubernetes - - penpot - - penpotapp - - design -sources: - - https://github.com/penpot/penpot -dependencies: - - condition: global.redisEnabled - name: redis - repository: https://charts.bitnami.com/bitnami - version: 17.x.x \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/_helpers.tpl b/.gimlet/k8s/penpot/templates/_helpers.tpl deleted file mode 100644 index 0cf66bf0c..000000000 --- a/.gimlet/k8s/penpot/templates/_helpers.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "penpot.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "penpot.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "penpot.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels. -*/}} -{{- define "penpot.labels" -}} -helm.sh/chart: {{ include "penpot.chart" . }} -app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels. -*/}} -{{- define "penpot.frontendSelectorLabels" -}} -app.kubernetes.io/name: {{ include "penpot.name" . }}-frontend -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- define "penpot.backendSelectorLabels" -}} -app.kubernetes.io/name: {{ include "penpot.name" . }}-backend -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} -{{- define "penpot.exporterSelectorLabels" -}} -app.kubernetes.io/name: {{ include "penpot.name" . }}-exporter -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the service account to use. -*/}} -{{- define "penpot.serviceAccountName" -}} -{{- if .Values.serviceAccount.enabled -}} - {{ default (include "penpot.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/.gimlet/k8s/penpot/templates/backend/deployment.yaml b/.gimlet/k8s/penpot/templates/backend/deployment.yaml deleted file mode 100644 index 74a333ccd..000000000 --- a/.gimlet/k8s/penpot/templates/backend/deployment.yaml +++ /dev/null @@ -1,370 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "penpot.fullname" . }}-backend - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} - {{- with .Values.backend.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.backend.replicaCount }} - selector: - matchLabels: - {{- include "penpot.backendSelectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "penpot.backendSelectorLabels" . | nindent 8 }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.backend.podSecurityContext.enabled }} - securityContext: - {{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "penpot.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }}-backend - {{ if .Values.backend.containerSecurityContext.enabled }} - securityContext: - {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}" - imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }} - volumeMounts: - - mountPath: /opt/data - name: app-data - readOnly: false - env: - - name: PENPOT_PUBLIC_URI - value: {{ .Values.config.publicURI | quote }} - - name: PENPOT_FLAGS - value: "$PENPOT_FLAGS {{ .Values.config.flags }}" - - name: PENPOT_SECRET_KEY - value: {{ .Values.config.apiSecretKey | quote }} - - name: PENPOT_DATABASE_URI - value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" - - name: PENPOT_DATABASE_USERNAME - {{- if not .Values.config.postgresql.secretKeys.usernameKey }} - value: {{ .Values.config.postgresql.username | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.usernameKey }} - {{- end }} - - name: PENPOT_DATABASE_PASSWORD - {{- if not .Values.config.postgresql.secretKeys.passwordKey }} - value: {{ .Values.config.postgresql.password | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.passwordKey }} - {{- end }} - - name: PENPOT_REDIS_URI - value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: {{ .Values.config.assets.storageBackend | quote }} - {{- if eq .Values.config.assets.storageBackend "assets-fs" }} - - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY - value: {{ .Values.config.assets.filesystem.directory | quote }} - {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: {{ .Values.config.assets.s3.region | quote }} - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: {{ .Values.config.assets.s3.bucket | quote }} - - name: AWS_ACCESS_KEY_ID - {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - value: {{ .Values.config.assets.s3.accessKeyID | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - {{- end }} - - name: AWS_SECRET_ACCESS_KEY - {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} - value: {{ .Values.config.assets.s3.secretAccessKey | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} - {{- end }} - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} - value: {{ .Values.config.assets.s3.endpointURI | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} - {{- end }} - {{- end }} - - name: PENPOT_TELEMETRY_ENABLED - value: {{ .Values.config.telemetryEnabled | quote }} - - {{- if .Values.config.smtp.enabled }} - - name: PENPOT_SMTP_ENABLED - value: 'true' - {{- if .Values.config.smtp.defaultFrom }} - - name: PENPOT_SMTP_DEFAULT_FROM - value: {{ .Values.config.smtp.defaultFrom | quote }} - {{- end }} - {{- if .Values.config.smtp.defaultReplyTo }} - - name: PENPOT_SMTP_DEFAULT_REPLY_TO - value: {{ .Values.config.smtp.defaultReplyTo | quote }} - {{- end }} - {{- if .Values.config.smtp.host }} - - name: PENPOT_SMTP_HOST - value: {{ .Values.config.smtp.host | quote }} - {{- end }} - {{- if .Values.config.smtp.port }} - - name: PENPOT_SMTP_PORT - value: {{ .Values.config.smtp.port | quote }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.usernameKey }} - - name: PENPOT_SMTP_USERNAME - value: {{ .Values.config.smtp.username | quote }} - {{- else }} - - name: PENPOT_SMTP_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.usernameKey }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.passwordKey }} - - name: PENPOT_SMTP_PASSWORD - value: {{ .Values.config.smtp.password | quote }} - {{- else }} - - name: PENPOT_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.passwordKey }} - {{- end }} - {{- if .Values.config.smtp.tls }} - - name: PENPOT_SMTP_TLS - value: {{ .Values.config.smtp.tls | quote }} - {{- end }} - {{- if .Values.config.smtp.ssl }} - - name: PENPOT_SMTP_SSL - value: {{ .Values.config.smtp.ssl | quote }} - {{- end }} - {{- end }} - - - {{- if .Values.config.registrationDomainWhitelist }} - - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - value: {{ .Values.config.registrationDomainWhitelist | quote }} - {{- end }} - - {{- if .Values.config.providers.google.enabled }} - {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} - - name: PENPOT_GOOGLE_CLIENT_ID - value: {{ .Values.config.providers.google.clientID | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} - - name: PENPOT_GOOGLE_CLIENT_SECRET - value: {{ .Values.config.providers.google.clientSecret | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.github.enabled }} - {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} - - name: PENPOT_GITHUB_CLIENT_ID - value: {{ .Values.config.providers.github.clientID | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} - - name: PENPOT_GITHUB_CLIENT_SECRET - value: {{ .Values.config.providers.github.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.gitlab.enabled }} - {{- if .Values.config.providers.gitlab.baseURI }} - - name: PENPOT_GITLAB_BASE_URI - value: {{ .Values.config.providers.gitlab.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} - - name: PENPOT_GITLAB_CLIENT_ID - value: {{ .Values.config.providers.gitlab.clientID | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} - - name: PENPOT_GITLAB_CLIENT_SECRET - value: {{ .Values.config.providers.gitlab.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.oidc.enabled }} - {{- if .Values.config.providers.oidc.baseURI }} - - name: PENPOT_OIDC_BASE_URI - value: {{ .Values.config.providers.oidc.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} - - name: PENPOT_OIDC_CLIENT_ID - value: {{ .Values.config.providers.oidc.clientID | quote}} - {{- else }} - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} - - name: PENPOT_OIDC_CLIENT_SECRET - value: {{ .Values.config.providers.oidc.clientSecret | quote }} - {{- else }} - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} - {{- end }} - {{- if .Values.config.providers.oidc.authURI }} - - name: PENPOT_OIDC_AUTH_URI - value: {{ .Values.config.providers.oidc.authURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.tokenURI }} - - name: PENPOT_OIDC_TOKEN_URI - value: {{ .Values.config.providers.oidc.tokenURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.userURI }} - - name: PENPOT_OIDC_USER_URI - value: {{ .Values.config.providers.oidc.userURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.roles }} - - name: PENPOT_OIDC_ROLES - value: {{ .Values.config.providers.oidc.roles | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.rolesAttribute }} - - name: PENPOT_OIDC_ROLES_ATTR - value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.scopes }} - - name: PENPOT_OIDC_SCOPES - value: {{ .Values.config.providers.oidc.scopes | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.nameAttribute }} - - name: PENPOT_OIDC_NAME_ATTR - value: {{ .Values.config.providers.oidc.nameAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.emailAttribute }} - - name: PENPOT_OIDC_EMAIL_ATTR - value: {{ .Values.config.providers.oidc.emailAttribute | quote }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.ldap.enabled }} - {{- if .Values.config.providers.ldap.host }} - - name: PENPOT_LDAP_HOST - value: {{ .Values.config.providers.ldap.host | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.port }} - - name: PENPOT_LDAP_PORT - value: {{ .Values.config.providers.ldap.port | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.ssl }} - - name: PENPOT_LDAP_SSL - value: {{ .Values.config.providers.ldap.ssl | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.startTLS }} - - name: PENPOT_LDAP_STARTTLS - value: {{ .Values.config.providers.ldap.startTLS | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.baseDN }} - - name: PENPOT_LDAP_BASE_DN - value: {{ .Values.config.providers.ldap.baseDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindDN }} - - name: PENPOT_LDAP_BIND_DN - value: {{ .Values.config.providers.ldap.bindDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindPassword }} - - name: PENPOT_LDAP_BIND_PASSWORD - value: {{ .Values.config.providers.ldap.bindPassword | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesUsername }} - - name: PENPOT_LDAP_ATTRS_USERNAME - value: {{ .Values.config.providers.ldap.attributesUsername | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesEmail }} - - name: PENPOT_LDAP_ATTRS_EMAIL - value: {{ .Values.config.providers.ldap.attributesEmail | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesFullname }} - - name: PENPOT_LDAP_ATTRS_FULLNAME - value: {{ .Values.config.providers.ldap.attributesFullname | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesPhoto }} - - name: PENPOT_LDAP_ATTRS_PHOTO - value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.backend.service.port }} - protocol: TCP - resources: - {{- toYaml .Values.backend.resources | nindent 12 }} - {{- with .Values.backend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.backend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.backend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: app-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} - {{- else }} - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/backend/service.yaml b/.gimlet/k8s/penpot/templates/backend/service.yaml deleted file mode 100644 index b9668d15e..000000000 --- a/.gimlet/k8s/penpot/templates/backend/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "penpot.fullname" . }}-backend - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} -spec: - type: {{ .Values.backend.service.type }} - ports: - - port: {{ .Values.backend.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "penpot.backendSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/penpot/templates/db.yaml b/.gimlet/k8s/penpot/templates/db.yaml deleted file mode 100644 index 92d9ab90c..000000000 --- a/.gimlet/k8s/penpot/templates/db.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.postgresql.enabled -}} -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - name: {{ include "penpot.fullname" . }}-db - namespace: {{ .Release.Namespace }} -spec: - instances: 1 - superuserSecret: - name: {{ .Values.postgresql.superUser | quote }} - bootstrap: - initdb: - database: {{ .Values.postgresql.database | quote }} - owner: {{ .Values.postgresql.owner | quote }} - secret: - name: {{ .Values.postgresql.secret | quote }} - monitoring: - enablePodMonitor: true - storage: - size: 5Gi -{{- end -}} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/exporter/deployment.yaml b/.gimlet/k8s/penpot/templates/exporter/deployment.yaml deleted file mode 100644 index a4640d2b6..000000000 --- a/.gimlet/k8s/penpot/templates/exporter/deployment.yaml +++ /dev/null @@ -1,355 +0,0 @@ -{{- if and .Values.exporter.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "penpot.fullname" . }}-exporter - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.exporter.replicaCount }} - selector: - matchLabels: - {{- include "penpot.exporterSelectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "penpot.exporterSelectorLabels" . | nindent 8 }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "penpot.serviceAccountName" . }} - {{ if .Values.exporter.podSecurityContext.enabled }} - securityContext: - {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-exporter - {{ if .Values.exporter.containerSecurityContext.enabled }} - securityContext: - {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}" - imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }} - env: - - name: PENPOT_PUBLIC_URI - value: {{ .Values.config.publicURI | quote }} - - name: PENPOT_FLAGS - value: "$PENPOT_FLAGS {{ .Values.config.flags }}" - - name: PENPOT_SECRET_KEY - value: {{ .Values.config.apiSecretKey | quote }} - - name: PENPOT_DATABASE_URI - value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" - - name: PENPOT_DATABASE_USERNAME - {{- if not .Values.config.postgresql.secretKeys.usernameKey }} - value: {{ .Values.config.postgresql.username | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.usernameKey }} - {{- end }} - - name: PENPOT_DATABASE_PASSWORD - {{- if not .Values.config.postgresql.secretKeys.passwordKey }} - value: {{ .Values.config.postgresql.password | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.passwordKey }} - {{- end }} - - name: PENPOT_REDIS_URI - value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: {{ .Values.config.assets.storageBackend | quote }} - {{- if eq .Values.config.assets.storageBackend "assets-fs" }} - - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY - value: {{ .Values.config.assets.filesystem.directory | quote }} - {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: {{ .Values.config.assets.s3.region | quote }} - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: {{ .Values.config.assets.s3.bucket | quote }} - - name: AWS_ACCESS_KEY_ID - {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - value: {{ .Values.config.assets.s3.accessKeyID | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - {{- end }} - - name: AWS_SECRET_ACCESS_KEY - {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} - value: {{ .Values.config.assets.s3.secretAccessKey | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} - {{- end }} - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} - value: {{ .Values.config.assets.s3.endpointURI | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} - {{- end }} - {{- end }} - - name: PENPOT_TELEMETRY_ENABLED - value: {{ .Values.config.telemetryEnabled | quote }} - - {{- if .Values.config.smtp.enabled }} - {{- if .Values.config.smtp.defaultFrom }} - - name: PENPOT_SMTP_DEFAULT_FROM - value: {{ .Values.config.smtp.defaultFrom | quote }} - {{- end }} - {{- if .Values.config.smtp.defaultReplyTo }} - - name: PENPOT_SMTP_DEFAULT_REPLY_TO - value: {{ .Values.config.smtp.defaultReplyTo | quote }} - {{- end }} - {{- if .Values.config.smtp.host }} - - name: PENPOT_SMTP_HOST - value: {{ .Values.config.smtp.host | quote }} - {{- end }} - {{- if .Values.config.smtp.port }} - - name: PENPOT_SMTP_PORT - value: {{ .Values.config.smtp.port | quote }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.usernameKey }} - - name: PENPOT_SMTP_USERNAME - value: {{ .Values.config.smtp.username | quote }} - {{- else }} - - name: PENPOT_SMTP_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.usernameKey }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.passwordKey }} - - name: PENPOT_SMTP_PASSWORD - value: {{ .Values.config.smtp.password | quote }} - {{- else }} - - name: PENPOT_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.passwordKey }} - {{- end }} - {{- if .Values.config.smtp.tls }} - - name: PENPOT_SMTP_TLS - value: {{ .Values.config.smtp.tls | quote }} - {{- end }} - {{- if .Values.config.smtp.ssl }} - - name: PENPOT_SMTP_SSL - value: {{ .Values.config.smtp.ssl | quote }} - {{- end }} - {{- end }} - - - {{- if .Values.config.registrationDomainWhitelist }} - - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - value: {{ .Values.config.registrationDomainWhitelist | quote }} - {{- end }} - - {{- if .Values.config.providers.google.enabled }} - {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} - - name: PENPOT_GOOGLE_CLIENT_ID - value: {{ .Values.config.providers.google.clientID | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} - - name: PENPOT_GOOGLE_CLIENT_SECRET - value: {{ .Values.config.providers.google.clientSecret | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.github.enabled }} - {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} - - name: PENPOT_GITHUB_CLIENT_ID - value: {{ .Values.config.providers.github.clientID | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} - - name: PENPOT_GITHUB_CLIENT_SECRET - value: {{ .Values.config.providers.github.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.gitlab.enabled }} - {{- if .Values.config.providers.gitlab.baseURI }} - - name: PENPOT_GITLAB_BASE_URI - value: {{ .Values.config.providers.gitlab.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} - - name: PENPOT_GITLAB_CLIENT_ID - value: {{ .Values.config.providers.gitlab.clientID | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} - - name: PENPOT_GITLAB_CLIENT_SECRET - value: {{ .Values.config.providers.gitlab.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.oidc.enabled }} - {{- if .Values.config.providers.oidc.baseURI }} - - name: PENPOT_OIDC_BASE_URI - value: {{ .Values.config.providers.oidc.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} - - name: PENPOT_OIDC_CLIENT_ID - value: {{ .Values.config.providers.oidc.clientID | quote}} - {{- else }} - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} - - name: PENPOT_OIDC_CLIENT_SECRET - value: {{ .Values.config.providers.oidc.clientSecret | quote }} - {{- else }} - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} - {{- end }} - {{- if .Values.config.providers.oidc.authURI }} - - name: PENPOT_OIDC_AUTH_URI - value: {{ .Values.config.providers.oidc.authURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.tokenURI }} - - name: PENPOT_OIDC_TOKEN_URI - value: {{ .Values.config.providers.oidc.tokenURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.userURI }} - - name: PENPOT_OIDC_USER_URI - value: {{ .Values.config.providers.oidc.userURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.roles }} - - name: PENPOT_OIDC_ROLES - value: {{ .Values.config.providers.oidc.roles | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.rolesAttribute }} - - name: PENPOT_OIDC_ROLES_ATTR - value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.scopes }} - - name: PENPOT_OIDC_SCOPES - value: {{ .Values.config.providers.oidc.scopes | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.nameAttribute }} - - name: PENPOT_OIDC_NAME_ATTR - value: {{ .Values.config.providers.oidc.nameAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.emailAttribute }} - - name: PENPOT_OIDC_EMAIL_ATTR - value: {{ .Values.config.providers.oidc.emailAttribute | quote }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.ldap.enabled }} - {{- if .Values.config.providers.ldap.host }} - - name: PENPOT_LDAP_HOST - value: {{ .Values.config.providers.ldap.host | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.port }} - - name: PENPOT_LDAP_PORT - value: {{ .Values.config.providers.ldap.port | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.ssl }} - - name: PENPOT_LDAP_SSL - value: {{ .Values.config.providers.ldap.ssl | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.startTLS }} - - name: PENPOT_LDAP_STARTTLS - value: {{ .Values.config.providers.ldap.startTLS | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.baseDN }} - - name: PENPOT_LDAP_BASE_DN - value: {{ .Values.config.providers.ldap.baseDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindDN }} - - name: PENPOT_LDAP_BIND_DN - value: {{ .Values.config.providers.ldap.bindDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindPassword }} - - name: PENPOT_LDAP_BIND_PASSWORD - value: {{ .Values.config.providers.ldap.bindPassword | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesUsername }} - - name: PENPOT_LDAP_ATTRS_USERNAME - value: {{ .Values.config.providers.ldap.attributesUsername | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesEmail }} - - name: PENPOT_LDAP_ATTRS_EMAIL - value: {{ .Values.config.providers.ldap.attributesEmail | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesFullname }} - - name: PENPOT_LDAP_ATTRS_FULLNAME - value: {{ .Values.config.providers.ldap.attributesFullname | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesPhoto }} - - name: PENPOT_LDAP_ATTRS_PHOTO - value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.exporter.service.port }} - protocol: TCP - resources: - {{- toYaml .Values.exporter.resources | nindent 12 }} - {{- with .Values.exporter.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.exporter.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.exporter.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/.gimlet/k8s/penpot/templates/exporter/service.yaml b/.gimlet/k8s/penpot/templates/exporter/service.yaml deleted file mode 100644 index 75985e86d..000000000 --- a/.gimlet/k8s/penpot/templates/exporter/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "penpot.fullname" . }}-exporter - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} -spec: - type: {{ .Values.exporter.service.type }} - ports: - - port: {{ .Values.exporter.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "penpot.exporterSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/penpot/templates/frontend/configmap.yaml b/.gimlet/k8s/penpot/templates/frontend/configmap.yaml deleted file mode 100644 index 1abd88674..000000000 --- a/.gimlet/k8s/penpot/templates/frontend/configmap.yaml +++ /dev/null @@ -1,314 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "penpot.fullname" . }}-frontend-nginx" - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} -data: - nginx-mime.types: | - types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/javascript mjs; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; - } - - nginx.conf: | - user www-data; - worker_processes auto; - pid /run/nginx.pid; - include /etc/nginx/modules-enabled/*.conf; - - events { - worker_connections 2048; - # multi_accept on; - } - - http { - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_requests 30; - keepalive_timeout 65; - types_hash_max_size 2048; - - server_tokens off; - - reset_timedout_connection on; - client_body_timeout 30s; - client_header_timeout 30s; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - error_log /dev/stdout; - access_log /dev/stdout; - - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_static on; - gzip_comp_level 4; - gzip_buffers 16 8k; - gzip_http_version 1.1; - - gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json; - - resolver {{ .Values.frontend.resolver }}; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - proxy_cache_path /tmp/cache/ levels=2:2 keys_zone=penpot:20m; - proxy_cache_methods GET HEAD; - proxy_cache_valid any 48h; - proxy_cache_key "$host$request_uri"; - - server { - listen 80 default_server; - server_name _; - - client_max_body_size 100M; - charset utf-8; - - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Scheme $scheme; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - etag off; - root /var/www/app/; - - location ~* \.(js|css).*$ { - add_header Cache-Control "max-age=86400" always; # 24 hours - } - - location ~* \.(html).*$ { - add_header Cache-Control "no-cache, max-age=0" always; - } - - location /api/export { - proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061; - } - - location /api { - proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api; - } - - location /ws/notifications { - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications; - } - - location @handle_redirect { - set $redirect_uri "$upstream_http_location"; - set $redirect_host "$upstream_http_x_host"; - set $redirect_cache_control "$upstream_http_cache_control"; - - proxy_buffering off; - - proxy_set_header Host "$redirect_host"; - proxy_hide_header etag; - proxy_hide_header x-amz-id-2; - proxy_hide_header x-amz-request-id; - proxy_hide_header x-amz-meta-server-side-encryption; - proxy_hide_header x-amz-server-side-encryption; - proxy_pass $redirect_uri; - - add_header x-internal-redirect "$redirect_uri"; - add_header x-cache-control "$redirect_cache_control"; - add_header cache-control "$redirect_cache_control"; - } - - location /assets { - proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets; - recursive_error_pages on; - proxy_intercept_errors on; - error_page 301 302 307 = @handle_redirect; - } - - location /internal/assets { - internal; - alias /opt/data/assets; - add_header x-internal-redirect "$upstream_http_x_accel_redirect"; - } - - location / { - location ~ ^/github/penpot-files/(?[a-zA-Z0-9\-\_\.]+) { - proxy_pass https://raw.githubusercontent.com/penpot/penpot-files/main/$template_file; - proxy_hide_header Access-Control-Allow-Origin; - proxy_set_header User-Agent "curl/7.74.0"; - proxy_set_header Host "raw.githubusercontent.com"; - proxy_set_header Accept "*/*"; - add_header Access-Control-Allow-Origin $http_origin; - proxy_buffering off; - } - - location ~ ^/internal/gfonts/font/(?.+) { - proxy_pass https://fonts.gstatic.com/s/$font_file; - - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Cross-Origin-Resource-Policy; - proxy_hide_header Link; - proxy_hide_header Alt-Svc; - proxy_hide_header Cache-Control; - proxy_hide_header Expires; - proxy_hide_header Cross-Origin-Opener-Policy; - proxy_hide_header Report-To; - - proxy_ignore_headers Set-Cookie Vary Cache-Control Expires; - - proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"; - proxy_set_header Host "fonts.gstatic.com"; - proxy_set_header Accept "*/*"; - - proxy_cache penpot; - - add_header Access-Control-Allow-Origin $http_origin; - add_header Cache-Control max-age=86400; - add_header X-Cache-Status $upstream_cache_status; - } - - location ~ ^/internal/gfonts/css { - proxy_pass https://fonts.googleapis.com/css?$args; - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Cross-Origin-Resource-Policy; - proxy_hide_header Link; - proxy_hide_header Alt-Svc; - proxy_hide_header Cache-Control; - proxy_hide_header Expires; - - proxy_ignore_headers Set-Cookie Vary Cache-Control Expires; - - proxy_set_header User-Agent "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"; - proxy_set_header Host "fonts.googleapis.com"; - proxy_set_header Accept "*/*"; - - proxy_cache penpot; - - add_header Access-Control-Allow-Origin $http_origin; - add_header Cache-Control max-age=86400; - add_header X-Cache-Status $upstream_cache_status; - } - - location ~ ^/js/config.js$ { - add_header Cache-Control "no-store, no-cache, max-age=0" always; - } - - location ~* \.(js|css|jpg|svg|png|mjs|map)$ { - add_header Cache-Control "max-age=604800" always; # 7 days - } - - location ~ ^/(/|css|fonts|images|js|wasm|mjs|map) { - } - - location ~ ^/[^/]+/(.*)$ { - return 301 " /404"; - } - - add_header Last-Modified $date_gmt; - add_header Cache-Control "no-store, no-cache, max-age=0" always; - if_modified_since off; - try_files $uri /index.html$is_args$args /index.html =404; - } - } - } diff --git a/.gimlet/k8s/penpot/templates/frontend/deployment.yaml b/.gimlet/k8s/penpot/templates/frontend/deployment.yaml deleted file mode 100644 index fbe3b7996..000000000 --- a/.gimlet/k8s/penpot/templates/frontend/deployment.yaml +++ /dev/null @@ -1,372 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "penpot.fullname" . }}-frontend - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} - {{- with .Values.frontend.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.frontend.replicaCount }} - selector: - matchLabels: - {{- include "penpot.frontendSelectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "penpot.frontendSelectorLabels" . | nindent 8 }} - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "penpot.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }}-frontend - image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}" - imagePullPolicy: {{ .Values.frontend.image.imagePullPolicy }} - env: - - name: PENPOT_PUBLIC_URI - value: {{ .Values.config.publicURI | quote }} - - name: PENPOT_FLAGS - value: "{{ .Values.config.flags }}" - - name: PENPOT_SECRET_KEY - value: {{ .Values.config.apiSecretKey | quote }} - - name: PENPOT_DATABASE_URI - value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" - - name: PENPOT_DATABASE_USERNAME - {{- if not .Values.config.postgresql.secretKeys.usernameKey }} - value: {{ .Values.config.postgresql.username | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.usernameKey }} - {{- end }} - - name: PENPOT_DATABASE_PASSWORD - {{- if not .Values.config.postgresql.secretKeys.passwordKey }} - value: {{ .Values.config.postgresql.password | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.postgresql.existingSecret }} - key: {{ .Values.config.postgresql.secretKeys.passwordKey }} - {{- end }} - - name: PENPOT_REDIS_URI - value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" - - name: PENPOT_ASSETS_STORAGE_BACKEND - value: {{ .Values.config.assets.storageBackend | quote }} - {{- if eq .Values.config.assets.storageBackend "assets-fs" }} - - name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY - value: {{ .Values.config.assets.filesystem.directory | quote }} - {{- else if eq .Values.config.assets.storageBackend "assets-s3" }} - - name: PENPOT_STORAGE_ASSETS_S3_REGION - value: {{ .Values.config.assets.s3.region | quote }} - - name: PENPOT_STORAGE_ASSETS_S3_BUCKET - value: {{ .Values.config.assets.s3.bucket | quote }} - - name: AWS_ACCESS_KEY_ID - {{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - value: {{ .Values.config.assets.s3.accessKeyID | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }} - {{- end }} - - name: AWS_SECRET_ACCESS_KEY - {{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }} - value: {{ .Values.config.assets.s3.secretAccessKey | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }} - {{- end }} - - name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT - {{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }} - value: {{ .Values.config.assets.s3.endpointURI | quote }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.config.assets.s3.existingSecret }} - key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} - {{- end }} - {{- end }} - - name: PENPOT_TELEMETRY_ENABLED - value: {{ .Values.config.telemetryEnabled | quote }} - - {{- if .Values.config.smtp.enabled }} - {{- if .Values.config.smtp.defaultFrom }} - - name: PENPOT_SMTP_DEFAULT_FROM - value: {{ .Values.config.smtp.defaultFrom | quote }} - {{- end }} - {{- if .Values.config.smtp.defaultReplyTo }} - - name: PENPOT_SMTP_DEFAULT_REPLY_TO - value: {{ .Values.config.smtp.defaultReplyTo | quote }} - {{- end }} - {{- if .Values.config.smtp.host }} - - name: PENPOT_SMTP_HOST - value: {{ .Values.config.smtp.host | quote }} - {{- end }} - {{- if .Values.config.smtp.port }} - - name: PENPOT_SMTP_PORT - value: {{ .Values.config.smtp.port | quote }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.usernameKey }} - - name: PENPOT_SMTP_USERNAME - value: {{ .Values.config.smtp.username | quote }} - {{- else }} - - name: PENPOT_SMTP_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.usernameKey }} - {{- end }} - {{- if not .Values.config.smtp.secretKeys.passwordKey }} - - name: PENPOT_SMTP_PASSWORD - value: {{ .Values.config.smtp.password | quote }} - {{- else }} - - name: PENPOT_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.config.smtp.existingSecret }} - key: {{ .Values.config.smtp.secretKeys.passwordKey }} - {{- end }} - {{- if .Values.config.smtp.tls }} - - name: PENPOT_SMTP_TLS - value: {{ .Values.config.smtp.tls | quote }} - {{- end }} - {{- if .Values.config.smtp.ssl }} - - name: PENPOT_SMTP_SSL - value: {{ .Values.config.smtp.ssl | quote }} - {{- end }} - {{- end }} - - - {{- if .Values.config.registrationDomainWhitelist }} - - name: PENPOT_REGISTRATION_DOMAIN_WHITELIST - value: {{ .Values.config.registrationDomainWhitelist | quote }} - {{- end }} - - {{- if .Values.config.providers.google.enabled }} - {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} - - name: PENPOT_GOOGLE_CLIENT_ID - value: {{ .Values.config.providers.google.clientID | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.googleClientSecretKey}} - - name: PENPOT_GOOGLE_CLIENT_SECRET - value: {{ .Values.config.providers.google.clientSecret | quote }} - {{- else }} - - name: PENPOT_GOOGLE_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.github.enabled }} - {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} - - name: PENPOT_GITHUB_CLIENT_ID - value: {{ .Values.config.providers.github.clientID | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.githubClientSecretKey }} - - name: PENPOT_GITHUB_CLIENT_SECRET - value: {{ .Values.config.providers.github.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITHUB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.gitlab.enabled }} - {{- if .Values.config.providers.gitlab.baseURI }} - - name: PENPOT_GITLAB_BASE_URI - value: {{ .Values.config.providers.gitlab.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }} - - name: PENPOT_GITLAB_CLIENT_ID - value: {{ .Values.config.providers.gitlab.clientID | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }} - - name: PENPOT_GITLAB_CLIENT_SECRET - value: {{ .Values.config.providers.gitlab.clientSecret | quote }} - {{- else }} - - name: PENPOT_GITLAB_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.oidc.enabled }} - {{- if .Values.config.providers.oidc.baseURI }} - - name: PENPOT_OIDC_BASE_URI - value: {{ .Values.config.providers.oidc.baseURI | quote }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientIDKey }} - - name: PENPOT_OIDC_CLIENT_ID - value: {{ .Values.config.providers.oidc.clientID | quote}} - {{- else }} - - name: PENPOT_OIDC_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }} - {{- end }} - {{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}} - - name: PENPOT_OIDC_CLIENT_SECRET - value: {{ .Values.config.providers.oidc.clientSecret | quote }} - {{- else }} - - name: PENPOT_OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ .Values.config.providers.existingSecret }} - key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }} - {{- end }} - {{- if .Values.config.providers.oidc.authURI }} - - name: PENPOT_OIDC_AUTH_URI - value: {{ .Values.config.providers.oidc.authURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.tokenURI }} - - name: PENPOT_OIDC_TOKEN_URI - value: {{ .Values.config.providers.oidc.tokenURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.userURI }} - - name: PENPOT_OIDC_USER_URI - value: {{ .Values.config.providers.oidc.userURI | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.roles }} - - name: PENPOT_OIDC_ROLES - value: {{ .Values.config.providers.oidc.roles | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.rolesAttribute }} - - name: PENPOT_OIDC_ROLES_ATTR - value: {{ .Values.config.providers.oidc.rolesAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.scopes }} - - name: PENPOT_OIDC_SCOPES - value: {{ .Values.config.providers.oidc.scopes | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.nameAttribute }} - - name: PENPOT_OIDC_NAME_ATTR - value: {{ .Values.config.providers.oidc.nameAttribute | quote }} - {{- end }} - {{- if .Values.config.providers.oidc.emailAttribute }} - - name: PENPOT_OIDC_EMAIL_ATTR - value: {{ .Values.config.providers.oidc.emailAttribute | quote }} - {{- end }} - {{- end }} - - {{- if .Values.config.providers.ldap.enabled }} - {{- if .Values.config.providers.ldap.host }} - - name: PENPOT_LDAP_HOST - value: {{ .Values.config.providers.ldap.host | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.port }} - - name: PENPOT_LDAP_PORT - value: {{ .Values.config.providers.ldap.port | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.ssl }} - - name: PENPOT_LDAP_SSL - value: {{ .Values.config.providers.ldap.ssl | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.startTLS }} - - name: PENPOT_LDAP_STARTTLS - value: {{ .Values.config.providers.ldap.startTLS | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.baseDN }} - - name: PENPOT_LDAP_BASE_DN - value: {{ .Values.config.providers.ldap.baseDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindDN }} - - name: PENPOT_LDAP_BIND_DN - value: {{ .Values.config.providers.ldap.bindDN | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.bindPassword }} - - name: PENPOT_LDAP_BIND_PASSWORD - value: {{ .Values.config.providers.ldap.bindPassword | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesUsername }} - - name: PENPOT_LDAP_ATTRS_USERNAME - value: {{ .Values.config.providers.ldap.attributesUsername | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesEmail }} - - name: PENPOT_LDAP_ATTRS_EMAIL - value: {{ .Values.config.providers.ldap.attributesEmail | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesFullname }} - - name: PENPOT_LDAP_ATTRS_FULLNAME - value: {{ .Values.config.providers.ldap.attributesFullname | quote }} - {{- end }} - {{- if .Values.config.providers.ldap.attributesPhoto }} - - name: PENPOT_LDAP_ATTRS_PHOTO - value: {{ .Values.config.providers.ldap.attributesPhoto | quote }} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /opt/data - name: app-data - readOnly: false - - mountPath: /etc/nginx/nginx.conf - name: "{{ include "penpot.fullname" . }}-frontend-nginx" - readOnly: true - subPath: nginx.conf - - mountPath: /etc/nginx/nginx-mime.types - name: "{{ include "penpot.fullname" . }}-frontend-nginx" - readOnly: true - subPath: nginx-mime.types - ports: - - name: http - containerPort: {{ .Values.frontend.service.port }} - protocol: TCP - resources: - {{- toYaml .Values.frontend.resources | nindent 12 }} - {{- with .Values.frontend.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.frontend.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.frontend.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: app-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }} - {{- else }} - emptyDir: {} - {{- end }} - - configMap: - defaultMode: 420 - name: "{{ include "penpot.fullname" . }}-frontend-nginx" - name: "{{ include "penpot.fullname" . }}-frontend-nginx" diff --git a/.gimlet/k8s/penpot/templates/frontend/ingress.yaml b/.gimlet/k8s/penpot/templates/frontend/ingress.yaml deleted file mode 100644 index eeeaa66cd..000000000 --- a/.gimlet/k8s/penpot/templates/frontend/ingress.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.frontend.ingress.enabled -}} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion -}} -{{- $fullName := include "penpot.fullname" . -}} -{{- $svcPort := .Values.frontend.service.port -}} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} - {{- with .Values.frontend.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.frontend.ingress.tls }} - tls: - {{- range .Values.frontend.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.frontend.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: -{{ if semverCompare ">=1.19-0" $gitVersion }} - - path: / - pathType: Prefix - backend: - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} -{{ else }} - - path: / - backend: - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} -{{- end }} - {{- end }} -{{- end }} diff --git a/.gimlet/k8s/penpot/templates/frontend/service.yaml b/.gimlet/k8s/penpot/templates/frontend/service.yaml deleted file mode 100644 index 2ceb04fd7..000000000 --- a/.gimlet/k8s/penpot/templates/frontend/service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "penpot.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} -spec: - type: {{ .Values.frontend.service.type }} - ports: - - port: {{ .Values.frontend.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "penpot.frontendSelectorLabels" . | nindent 4 }} diff --git a/.gimlet/k8s/penpot/templates/pvac.yaml b/.gimlet/k8s/penpot/templates/pvac.yaml deleted file mode 100644 index d093f367f..000000000 --- a/.gimlet/k8s/penpot/templates/pvac.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "penpot.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{- include "penpot.labels" . | nindent 4 }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- if .Values.persistence.storageClass }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end -}} diff --git a/.gimlet/k8s/penpot/templates/serviceaccount.yaml b/.gimlet/k8s/penpot/templates/serviceaccount.yaml deleted file mode 100644 index 8c317c454..000000000 --- a/.gimlet/k8s/penpot/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "penpot.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "penpot.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/.gimlet/k8s/penpot/values.yaml b/.gimlet/k8s/penpot/values.yaml deleted file mode 100644 index 9f2522a12..000000000 --- a/.gimlet/k8s/penpot/values.yaml +++ /dev/null @@ -1,496 +0,0 @@ -## Default values for Penpot - -## @section Global parameters - -## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration. -## @param global.imagePullSecrets Global Docker registry secret names as an array. -## -global: - redisEnabled: false - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param serviceAccount.enabled Specifies whether a ServiceAccount should be created. -## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. -## @param serviceAccount.name The name of the ServiceAccount to use. If not set and enabled is true, a name is generated using the fullname template. -## -serviceAccount: - enabled: true - annotations: {} - name: "" - -## @section Backend parameters - -## Penpot Backend -## -backend: - labels: {} - ## @param backend.image.repository The Docker repository to pull the image from. - ## @param backend.image.tag The image tag to use. - ## @param backend.image.imagePullPolicy The image pull policy to use. - ## - image: - repository: penpotapp/backend - tag: 1.16.0-beta - imagePullPolicy: IfNotPresent - ## @param backend.replicaCount The number of replicas to deploy. - ## - replicaCount: 1 - ## @param backend.service.type The service type to create. - ## @param backend.service.port The service port to use. - ## - service: - type: ClusterIP - port: 6060 - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param backend.podSecurityContext.enabled Enabled Penpot pods' security context - ## @param backend.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param backend.containerSecurityContext.enabled Enabled Penpot containers' security context - ## @param backend.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser - ## @param backend.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation - ## @param backend.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped - ## @param backend.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem - ## @param backend.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: false - runAsNonRoot: true - ## @param backend.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param backend.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param backend.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Penpot backend resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param backend.resources.limits The resources limits for the Penpot backend containers - ## @param backend.resources.requests The requested resources for the Penpot backend containers - ## - resources: - limits: {} - requests: {} - -## @section Frontend parameters - -## Penpot Frontend -## -frontend: - - labels: {} - # The ip to use for dns resolution. Should be your kube-dns or core-dns ip - resolver: 10.116.208.10 - - ## @param frontend.image.repository The Docker repository to pull the image from. - ## @param frontend.image.tag The image tag to use. - ## @param frontend.image.imagePullPolicy The image pull policy to use. - ## - image: - repository: penpotapp/frontend - tag: 1.16.0-beta - imagePullPolicy: IfNotPresent - ## @param frontend.replicaCount The number of replicas to deploy. - ## - replicaCount: 1 - ## @param frontend.service.type The service type to create. - ## @param frontend.service.port The service port to use. - ## - service: - type: ClusterIP - port: 80 - ## @param frontend.ingress.enabled Enable ingress record generation for Penpot frontend. - ## @param frontend.ingress.annotations Mapped annotations for the frontend ingress. - ## @param frontend.ingress.hosts Array style hosts for the frontend ingress. - ## @param frontend.ingress.tls Array style TLS secrets for the frontend ingress. - ## - ingress: - enabled: false - ## E.g. - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## kubernetes.io/tls-acme: "true" - ## - annotations: - {} - ## E.g. - ## hosts: - ## - host: penpot-example.local - hosts: [] - ## E.g. - ## - secretName: chart-example-tls - ## hosts: - ## - chart-example.local - tls: [] - ## @param frontend.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param frontend.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param frontend.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Penpot frontend resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param frontend.resources.limits The resources limits for the Penpot frontend containers - ## @param frontend.resources.requests The requested resources for the Penpot frontend containers - ## - resources: - limits: {} - requests: {} - -## @section Exporter parameters - -## Penpot Exporter -## -exporter: - enabled: true - ## @param exporter.image.repository The Docker repository to pull the image from. - ## @param exporter.image.tag The image tag to use. - ## @param exporter.image.imagePullPolicy The image pull policy to use. - ## - image: - repository: penpotapp/exporter - tag: 1.16.0-beta - imagePullPolicy: IfNotPresent - ## @param exporter.replicaCount The number of replicas to deploy. - ## - replicaCount: 1 - ## @param exporter.service.type The service type to create. - ## @param exporter.service.port The service port to use. - ## - service: - type: ClusterIP - port: 6061 - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param exporter.podSecurityContext.enabled Enabled Penpot pods' security context - ## @param exporter.podSecurityContext.fsGroup Set Penpot pod's security context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param exporter.containerSecurityContext.enabled Enabled Penpot containers' security context - ## @param exporter.containerSecurityContext.runAsUser Set Penpot containers' security context runAsUser - ## @param exporter.containerSecurityContext.allowPrivilegeEscalation Set Penpot containers' security context allowPrivilegeEscalation - ## @param exporter.containerSecurityContext.capabilities.drop Set Penpot containers' security context capabilities to be dropped - ## @param exporter.containerSecurityContext.readOnlyRootFilesystem Set Penpot containers' security context readOnlyRootFilesystem - ## @param exporter.containerSecurityContext.runAsNonRoot Set Penpot container's security context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - allowPrivilegeEscalation: false - capabilities: - drop: - - all - readOnlyRootFilesystem: false - runAsNonRoot: true - ## @param exporter.affinity Affinity for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param exporter.nodeSelector Node labels for Penpot pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param exporter.tolerations Tolerations for Penpot pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Penpot exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param exporter.resources.limits The resources limits for the Penpot exporter containers - ## @param exporter.resources.requests The requested resources for the Penpot exporter containers - ## - resources: - limits: {} - requests: {} - -## @section Persistence parameters - -## Penpot persistence -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims. - ## - enabled: false - ## @param persistence.storageClass Persistent Volume storage class. - ## If defined, storageClassName: . - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.size Persistent Volume size. - ## - size: 8Gi - ## @param persistence.existingClaim The name of an existing PVC to use for persistence. - ## - existingClaim: "" - ## @param persistence.accessModes Persistent Volume access modes. - ## - accessModes: - - ReadWriteOnce - ## @param persistence.annotations Persistent Volume Claim annotations. - ## - annotations: {} - -## @section Configuration parameters - -## Penpot configuration -## -config: - ## @param config.publicURI The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. - ## @param config.flags The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. - ## @param config.apiSecretKey A random secret key needed for persistent user sessions. Generate with `openssl rand -hex 16` for example. - ## - publicURI: "http://localhost:8080" - flags: "enable-registration enable-login disable-demo-users disable-demo-warning enable-feature-design-tokens" - apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65" - - ## @param config.postgresql.host The PostgreSQL host to connect to. - ## @param config.postgresql.port The PostgreSQL host port to use. - ## @param config.postgresql.database The PostgreSQL database to use. - ## @param config.postgresql.username The database username to use. - ## @param config.postgresql.password The database username to use. - ## @param config.postgresql.existingSecret The name of an existing secret. - ## @param config.postgresql.secretKeys.usernameKey The username key to use from an existing secret. - ## @param config.postgresql.secretKeys.passwordKey The password key to use from an existing secret. - ## - postgresql: - host: "postgresql.penpot.svc.cluster.local" - port: 5432 - username: "" - password: "" - database: "" - existingSecret: "" - secretKeys: - usernameKey: "" - passwordKey: "" - - ## @param config.redis.host The Redis host to connect to. - ## @param config.redis.port The Redis host port to use. - ## @param config.redis.database The Redis database to connect to. - ## - redis: - host: "redis-master.penpot.svc.cluster.local" - port: 6379 - database: "0" - ## @param config.assets.storageBackend The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. - ## @param config.assets.filesystem.directory The storage directory to use if you chose the filesystem storage backend. - ## @param config.assets.s3.accessKeyID The S3 access key ID to use if you chose the S3 storage backend. - ## @param config.assets.s3.secretAccessKey The S3 secret access key to use if you chose the S3 storage backend. - ## @param config.assets.s3.region The S3 region to use if you chose the S3 storage backend. - ## @param config.assets.s3.bucket The name of the S3 bucket to use if you chose the S3 storage backend. - ## @param config.assets.s3.endpointURI The S3 endpoint URI to use if you chose the S3 storage backend. - ## @param config.assets.s3.existingSecret The name of an existing secret. - ## @param config.assets.s3.secretKeys.accessKeyIDKey The S3 access key ID to use from an existing secret. - ## @param config.assets.s3.secretKeys.secretAccessKey The S3 secret access key to use from an existing secret. - ## @param config.assets.s3.secretKeys.endpointURIKey The S3 endpoint URI to use from an existing secret. - ## - assets: - storageBackend: "assets-fs" - filesystem: - directory: "/opt/data/assets" - s3: - accessKeyID: "" - secretAccessKey: "" - region: "" - bucket: "" - endpointURI: "" - existingSecret: "" - secretKeys: - accessKeyIDKey: "" - secretAccessKey: "" - endpointURIKey: "" - ## @param config.telemetryEnabled Whether to enable sending of anonymous telemetry data. - ## - telemetryEnabled: true - ## @param config.smtp.enabled Whether to enable SMTP configuration. You also need to add the 'enable-smtp' flag to the PENPOT_FLAGS variable. - ## @param config.smtp.defaultFrom The SMTP default email to send from. - ## @param config.smtp.defaultReplyTo The SMTP default email to reply to. - ## @param config.smtp.host The SMTP host to use. - ## @param config.smtp.port The SMTP host port to use. - ## @param config.smtp.username The SMTP username to use. - ## @param config.smtp.password The SMTP password to use. - ## @param config.smtp.tls Whether to use TLS for the SMTP connection. - ## @param config.smtp.ssl Whether to use SSL for the SMTP connection. - ## @param config.smtp.existingSecret The name of an existing secret. - ## @param config.smtp.secretKeys.usernameKey The SMTP username to use from an existing secret. - ## @param config.smtp.secretKeys.passwordKey The SMTP password to use from an existing secret. - ## - smtp: - enabled: false - defaultFrom: "" - defaultReplyTo: "" - host: "" - port: "" - username: "" - password: "" - tls: true - ssl: false - existingSecret: "" - secretKeys: - usernameKey: "" - passwordKey: "" - ## @param config.registrationDomainWhitelist Comma separated list of allowed domains to register. Empty to allow all domains. - ## - registrationDomainWhitelist: "" - ## Penpot Authentication providers parameters - ## - providers: - ## @param config.providers.google.enabled Whether to enable Google configuration. To enable Google auth, add `enable-login-with-google` to the flags. - ## @param config.providers.google.clientID The Google client ID to use. To enable Google auth, add `enable-login-with-google` to the flags. - ## @param config.providers.google.clientSecret The Google client secret to use. To enable Google auth, add `enable-login-with-google` to the flags. - ## - google: - enabled: false - clientID: "" - clientSecret: "" - ## @param config.providers.github.enabled Whether to enable GitHub configuration. To enable GitHub auth, also add `enable-login-with-github` to the flags. - ## @param config.providers.github.clientID The GitHub client ID to use. - ## @param config.providers.github.clientSecret The GitHub client secret to use. - ## - github: - enabled: false - clientID: "" - clientSecret: "" - ## @param config.providers.gitlab.enabled Whether to enable GitLab configuration. To enable GitLab auth, also add `enable-login-with-gitlab` to the flags. - ## @param config.providers.gitlab.baseURI The GitLab base URI to use. - ## @param config.providers.gitlab.clientID The GitLab client ID to use. - ## @param config.providers.gitlab.clientSecret The GitLab client secret to use. - ## - gitlab: - enabled: false - baseURI: "https://gitlab.com" - clientID: "" - clientSecret: "" - ## @param config.providers.oidc.enabled Whether to enable OIDC configuration. To enable OpenID Connect auth, also add `enable-login-with-oidc` to the flags. - ## @param config.providers.oidc.baseURI The OpenID Connect base URI to use. - ## @param config.providers.oidc.clientID The OpenID Connect client ID to use. - ## @param config.providers.oidc.clientSecret The OpenID Connect client secret to use. - ## @param config.providers.oidc.authURI Optional OpenID Connect auth URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.tokenURI Optional OpenID Connect token URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.userURI Optional OpenID Connect user URI to use. Auto discovered if not provided. - ## @param config.providers.oidc.roles Optional OpenID Connect roles to use. If no role is provided, roles checking disabled. - ## @param config.providers.oidc.rolesAttribute Optional OpenID Connect roles attribute to use. If not provided, the roles checking will be disabled. - ## @param config.providers.oidc.scopes Optional OpenID Connect scopes to use. This settings allow overwrite the required scopes, use with caution because penpot requres at least `name` and `email` attrs found on the user info. Optional, defaults to `openid profile`. - ## @param config.providers.oidc.nameAttribute Optional OpenID Connect name attribute to use. If not provided, the `name` prop will be used. - ## @param config.providers.oidc.emailAttribute Optional OpenID Connect email attribute to use. If not provided, the `email` prop will be used. - ## - oidc: - enabled: false - baseURI: "" - clientID: "" - clientSecret: "" - authURI: "" - tokenURI: "" - userURI: "" - roles: "role1 role2" - rolesAttribute: "" - scopes: "scope1 scope2" - nameAttribute: "" - emailAttribute: "" - ## @param config.providers.ldap.enabled Whether to enable LDAP configuration. To enable LDAP, also add `enable-login-with-ldap` to the flags. - ## @param config.providers.ldap.host The LDAP host to use. - ## @param config.providers.ldap.port The LDAP port to use. - ## @param config.providers.ldap.ssl Whether to use SSL for the LDAP connection. - ## @param config.providers.ldap.startTLS Whether to utilize StartTLS for the LDAP connection. - ## @param config.providers.ldap.baseDN The LDAP base DN to use. - ## @param config.providers.ldap.bindDN The LDAP bind DN to use. - ## @param config.providers.ldap.bindPassword The LDAP bind password to use. - ## @param config.providers.ldap.attributesUsername The LDAP attributes username to use. - ## @param config.providers.ldap.attributesEmail The LDAP attributes email to use. - ## @param config.providers.ldap.attributesFullname The LDAP attributes fullname to use. - ## @param config.providers.ldap.attributesPhoto The LDAP attributes photo format to use. - ## - ldap: - enabled: false - host: "ldap" - port: 10389 - ssl: false - startTLS: false - baseDN: "ou=people,dc=planetexpress,dc=com" - bindDN: "cn=admin,dc=planetexpress,dc=com" - bindPassword: "GoodNewsEveryone" - attributesUsername: "uid" - attributesEmail: "mail" - attributesFullname: "cn" - attributesPhoto: "jpegPhoto" - ## @param config.providers.existingSecret The name of an existing secret to use. - ## @param config.providers.secretKeys.googleClientIDKey The Google client ID key to use from an existing secret. - ## @param config.providers.secretKeys.googleClientSecretKey The Google client secret key to use from an existing secret. - ## @param config.providers.secretKeys.githubClientIDKey The GitHub client ID key to use from an existing secret. - ## @param config.providers.secretKeys.githubClientSecretKey The GitHub client secret key to use from an existing secret. - ## @param config.providers.secretKeys.gitlabClientIDKey The GitLab client ID key to use from an existing secret. - ## @param config.providers.secretKeys.gitlabClientSecretKey The GitLab client secret key to use from an existing secret. - ## @param config.providers.secretKeys.oidcClientIDKey The OpenID Connect client ID key to use from an existing secret. - ## @param config.providers.secretKeys.oidcClientSecretKey The OpenID Connect client secret key to use from an existing secret. - ## - existingSecret: "" - secretKeys: - googleClientIDKey: "" - googleClientSecretKey: "" - githubClientIDKey: "" - githubClientSecretKey: "" - gitlabClientIDKey: "" - gitlabClientSecretKey: "" - oidcClientIDKey: "" - oidcClientSecretKey: "" - -## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql)) - -## @param postgresql.secret The secret to reference -## @param postgresql.owner The owner of the database -## @param postgresql.database Name for a custom database to create. -## @param postgresql.superUser The name of the secret for the superuser -## -postgresql: - enabled: false - secret: db-penpot-secrets - owner: penpot - database: penpot - superUser: db-penpot-superuser-secret - -## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis)) - -## @param redis.auth.enabled Whether to enable password authentication. -## -redis: - replica: - replicaCount: 0 - auth: - enabled: false \ No newline at end of file diff --git a/.gimlet/penpot-infra.yaml b/.gimlet/penpot-infra.yaml deleted file mode 100644 index 0f8ba846a..000000000 --- a/.gimlet/penpot-infra.yaml +++ /dev/null @@ -1,197 +0,0 @@ -app: penpot-infra -env: prod -manifests: | - apiVersion: v1 - kind: Namespace - metadata: - name: penpot - labels: - toolkit.fluxcd.io/tenant: penpot-team - --- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: mailslurper - namespace: penpot - labels: - app: mailslurper - spec: - replicas: 1 - selector: - matchLabels: - app: mailslurper - template: - metadata: - labels: - app: mailslurper - spec: - containers: - - name: mailslurper - image: sj26/mailcatcher:latest - ports: - - containerPort: 1025 - - containerPort: 1080 - --- - apiVersion: v1 - kind: Service - metadata: - name: mailslurper - namespace: penpot - spec: - selector: - app: mailslurper - ports: - - protocol: TCP - port: 1025 - targetPort: 1025 - --- - apiVersion: v1 - kind: Service - metadata: - name: mailslurper-ui - namespace: penpot - spec: - selector: - app: mailslurper - ports: - - protocol: TCP - port: 1080 - targetPort: 1080 - --- - apiVersion: bitnami.com/v1alpha1 - kind: SealedSecret - metadata: - creationTimestamp: null - name: db-penpot-secrets - namespace: penpot - spec: - encryptedData: - password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE= - username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw= - template: - metadata: - creationTimestamp: null - name: db-penpot-secrets - namespace: penpot - type: Opaque - --- - apiVersion: bitnami.com/v1alpha1 - kind: SealedSecret - metadata: - creationTimestamp: null - name: db-penpot-superuser-secret - namespace: penpot - spec: - encryptedData: - password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg== - username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA== - template: - metadata: - creationTimestamp: null - name: db-penpot-superuser-secret - namespace: penpot - type: Opaque - --- - apiVersion: source.toolkit.fluxcd.io/v1beta2 - kind: HelmRepository - metadata: - name: redis - namespace: penpot - spec: - interval: 5m - url: https://charts.bitnami.com/bitnami - --- - apiVersion: helm.toolkit.fluxcd.io/v2beta2 - kind: HelmRelease - metadata: - name: redis - namespace: penpot - spec: - chart: - spec: - chart: redis - sourceRef: - kind: HelmRepository - name: redis - version: 17.17.1 - install: - remediation: - retries: 3 - interval: 50m - releaseName: penpot-redis - values: - auth: - enabled: false - replica: - replicaCount: 0 - --- - apiVersion: source.toolkit.fluxcd.io/v1beta1 - kind: HelmRepository - metadata: - name: oauth - namespace: penpot - spec: - interval: 60m - url: https://oauth2-proxy.github.io/manifests - --- - apiVersion: bitnami.com/v1alpha1 - kind: SealedSecret - metadata: - creationTimestamp: null - name: oauth-secret - namespace: penpot - spec: - encryptedData: - client-id: AgAAdMf9uIqEgGAij4ovrpmCHU5lVU3vjnJyOwBoolqbHGFDwL4u1NxzZmMyjjtLeP7vdF8U9A6mO7C9ti2/1KSZQN0TXj0pT8Yz85GxGVMPCOPSZPq6Bi88cV+KmgU7j1XGK+xoXD3w+fP8trOYcv6d5ZUOfnbZ9tHHF09922/U4gV5HXlSdLVSo4dSJvKSOG8lzTkac9kvmQqGIKxbpcH4HHijgj0gGpLGdEectKb38vnCob1Vk2iVTIdmyr2UGzHMATdPK5bbY7gyBcTvxsOQK4XMKd03/hbvF3SsmhDgSy1VOqUx4cGhONT0LEYABmPT7rFmsKk+2/rESYcUMGX7HVgV1vmV37vbsFuAq34vgOZX9hLecF4kyRjPXiuLdhW23APzEWzb7m/GFSlM3oqalBznYUJtJMNd9fF2OH5tyHstJqnNYFNdumW+6gIWQ2GmyTV7k2ESqThNkTEcZivBpO40hAj/uVg/2nRXMba4iEw3bg+cq47fedEtQaSd6zIbf5N5YKm4+TUq5UnK7n/NYP2pPO/uvCm3oXg1AV9DaDmHRBzHkTdaSF4HrNdEfa7o7OS+aieOl/Qf9HhmkEd6YAY/98pdtmdobRdr4pwv2aCiScqI/UMRBJN8Kr85JI5NtjJGk6C2aFoeiBb/kTtNlzPvuSEvPSLCeMHH3UbTb9e/ktQptRuGRqRdLCwZyJrAlAEBxLIl956WgFjH4qbIFay8gfXhf/BgYlpNrkp6IzZkLRMSODpB - client-secret: AgAveYBq0zhGemNt6NsnFDymHFBW1PqTCLZW2pXhPTv2xZgy1863/S0YaN341gpD+Ny81r8X/5zhvWQ/vWEOL805yrP/F9Zui6axsuuaMtf018azgmU5Ddn4FyxI6TKzgWTFdRpm5LfmLj2P6ttxoM5Uxe5p15HyKzuSKslK2N0IufT8x2d+qDtOpWzOgNk6jMPVE0NUvhzoX0YySG/AeOqF//oFM9h3F/ywjGiEm3JW4AvTU+zHI9dD97ECWJ7bFp1ffi9Q9cKpoM/2mC1/K/qzkxTdZsQpI5fjZmhimU7HAxzgsswSYNg53RA3XbpSm7K6seo7BKnrX4gXKRj+w2ApOAkmpQAND3j7/w5yTxuzr2I+9ihyh9V1z6bpPqMM7TbnOyF2Ze/MFnx07/gnzbcQ5VhEhjZiXFAwEv/kekEAtiscK9KNriTA4AlHB9o6k92WPso8YLzZYE4GZflerpGlRVdlRoroSFmngvZUQFzCw2JvvHiY/nTBys1R8BSLYcQ7a6bDGOcIk+94RGZGEZS/1utmirJCUWWA8F4tdawB9fkd7NNOrzkAG2Po1wnW0ZkNhT9uOOwPB+msLupKL/SrDGUv7kQKwIf/eELi1xVWCMJl0+iz3NnCPfRIMldbrjP0k8BCUQkjxHH0/AO1xBmgXjCpcPyX7rvHzuE1IRcHOvI6ADewCcqWueu8eSCIFzUYjtFxlH6dLeh/rsUdwbdqdm6MTbD5OhYtmRedHxLIWboKF2tV6fnrJPCygj0enhciHqrPfKbLk0ZeF0f8C3s92pnSQHaYyHSNdePv2gKYs4RPoL3QEFZbLm1aWDWhIJ8697jtCtyVMaMeDKClTotBm6VSaFbH9s0WWmA5ugsYVA== - cookie-secret: AgA32CK7bAqb1ym43mJo01vgaTQkQnv744gFj+Uw2s6C6/zHirmZ+/rD7bJAQqyIYkxOet3XHRJEBFHLit0npIdk7mHJInwOGEjgxWab20beiqefknMBGi/vzFhK7vyMU516vjfqL2qH7u6wdP7X0W3KuS6yccdV+9G/OJ3X71qB+RRXW8/qsrnBahvkaiqLNK6S+riUMAf72OPZvqy6b010ErM+jfJzxxYDYUUmfJpHiXzNMp68Zo83fZ0vwEMXJNuhaAAY68qYQn6RFT+VRJIaC6gds6+QkbODlWMClQMp11ldix/T8urSG76ng4aQAmAqIhMN65Sj6iF/94P4AVdUaXZVBw5SmxWZx5Ejh0Z981JL9opzbbYsVpOPDoHK/73fhiRVWNDKL87aFFlJogXSfxOHLPJv2i4U8G8uu8gU5ZcVuH+uOewBP3aV+nBcAzTRHyOhx1jriM1UCaeIr3it8Kt7ecAklbwYslFJ2p5sJKr/tNSo/GarLZChfrboCayGjVWgA+QR2rh30bwvsAvo+JwSmAmk3p9lfcChO62KXPqbty5G7l7MC5vZjUDlIg3lYIUJDQOATk+GnkU8rTrrzM3hf8a/JBX18EDbCnJcVEp4AsOETg4ZltxmNej7UkI4AU8Ww35teWsvjrse9wVViNOT0Z6E++1kTD2LjZmhakxzzVIgp65of2ZIiN2Y5zL2a/XuH1yKniBvo2eWQcuYQZvJ7Jz20JXhIb9fzTwrWg== - template: - metadata: - creationTimestamp: null - name: oauth-secret - namespace: penpot - type: Opaque - --- - apiVersion: helm.toolkit.fluxcd.io/v2beta2 - kind: HelmRelease - metadata: - name: oauth2-proxy-penpot - namespace: penpot - spec: - interval: 60m - releaseName: oauth2-proxy-penpot - chart: - spec: - chart: oauth2-proxy - version: 7.5.4 - sourceRef: - kind: HelmRepository - name: oauth - interval: 10m - values: - ingress: - enabled: true - className: traefik - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.tls: 'true' - hosts: - - mail.penpot.tokens.studio - tls: - - secretName: tls-penpot-mail - hosts: - - mail.penpot.tokens.studio - config: - existingSecret: oauth-secret - configFile: | - provider = "oidc" - http_address = ":80" - upstreams = ["http://mailslurper-ui.penpot.svc:1080"] - redirect_url = "https://mail.penpot.tokens.studio/oauth2/callback" - oidc_issuer_url = "https://auth.tokens.studio/application/o/penpot-mail/" - email_domains = "*" - cookie_secure = "true" - oidc_groups_claim = "groups" - user_id_claim = "preferred_username" - skip_provider_button = "true" \ No newline at end of file diff --git a/.gimlet/penpot-pr.yaml b/.gimlet/penpot-pr.yaml deleted file mode 100644 index f44109369..000000000 --- a/.gimlet/penpot-pr.yaml +++ /dev/null @@ -1,86 +0,0 @@ -app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} -# TODO move to staging cluster when ready -env: prod -namespace: penpot -deploy: - event: pr -cleanup: - branch: "*" - event: branchDeleted - app: penpot-pr-{{ .BRANCH | sanitizeDNSName }} -chart: - name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/ -values: - global: - # Try use the existing redis - redisEnabled: false - imagePullSecrets: - - name: ghcr-login-secret - postgresql: - # use the existing db - enabled: false - owner: penpot - database: penpot - # Assumed specified in infra - secret: db-penpot-secrets - superUser: db-penpot-superuser-secret - config: - telemetryEnabled: false - assets: - storageBackend: assets-s3 - s3: - region: eu-west - bucket: assets - endpointURI: http://minio.penpot.svc.cluster.local:80 - existingSecret: - penpot-assets-user-penpot - secretKeys: - accessKeyIDKey: CONSOLE_ACCESS_KEY - secretAccessKey: CONSOLE_SECRET_KEY - flags: 'enable-smtp enable-feature-design-tokens' - smtp: - enabled: true - host: mailslurper - defaultFrom: no-reply@penpot.tokens.studio - defaultReplyTo: no-reply@penpot.tokens.studio - username: test - password: test - tls: false - ssl: false - port: 1025 - publicURI: https://{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio - redis: - host: penpot-redis-master.penpot.svc.cluster.local - postgresql: - # note that this is unchanged - host: penpot-db-rw - database: penpot - existingSecret: db-penpot-secrets - secretKeys: - usernameKey: username - passwordKey: password - backend: - image: - pullPolicy: Always - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'pr-backend-{{ .BRANCH | sanitizeDNSName }}' - exporter: - # Unlikely to be used - enabled: false - frontend: - labels: - portService: tokens-studio-for-penpot - image: - pullPolicy: Always - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'pr-frontend-{{ .BRANCH | sanitizeDNSName }}' - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio" - tls: - - secretName: tls-penpot-{{ .BRANCH | sanitizeDNSName }} - hosts: - - "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio" diff --git a/.gimlet/penpot-prod.yaml b/.gimlet/penpot-prod.yaml deleted file mode 100644 index 8b09c022d..000000000 --- a/.gimlet/penpot-prod.yaml +++ /dev/null @@ -1,75 +0,0 @@ -app: penpot -env: prod -namespace: penpot -deploy: - branch: token-studio-develop - event: push -chart: - name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/ -values: - global: - redisEnabled: true - imagePullSecrets: - - name: ghcr-login-secret - postgresql: - enabled: true - owner: penpot - database: penpot - # Assumed specified in infra - secret: db-penpot-secrets - superUser: db-penpot-superuser-secret - config: - flags: 'enable-smtp enable-feature-design-tokens' - assets: - storageBackend: assets-s3 - s3: - region: eu-west - bucket: assets - endpointURI: http://minio.penpot.svc.cluster.local:80 - existingSecret: - penpot-assets-user-penpot - secretKeys: - accessKeyIDKey: CONSOLE_ACCESS_KEY - secretAccessKey: CONSOLE_SECRET_KEY - smtp: - enabled: true - host: mailslurper - defaultFrom: no-reply@penpot.tokens.studio - defaultReplyTo: no-reply@penpot.tokens.studio - username: test - password: test - tls: false - ssl: false - port: 1025 - publicURI: https://penpot.tokens.studio - redis: - host: penpot-redis-master.penpot.svc.cluster.local - postgresql: - host: penpot-db-rw - database: penpot - existingSecret: db-penpot-secrets - secretKeys: - usernameKey: username - passwordKey: password - backend: - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'backend-{{ .SHA }}' - frontend: - labels: - portService: tokens-studio-for-penpot - image: - pullPolicy: IfNotPresent - repository: ghcr.io/tokens-studio/tokens-studio-for-penpot - tag: 'frontend-{{ .SHA }}' - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - host: "penpot.tokens.studio" - tls: - - secretName: tls-penpot - hosts: - - penpot.tokens.studio diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml deleted file mode 100644 index c01d1bf7e..000000000 --- a/.github/workflows/pr.yaml +++ /dev/null @@ -1,88 +0,0 @@ -name: Publish docker image - -on: - pull_request: - types: [opened, synchronize] - branches: - - "*" - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - include: - - dockerfile: Dockerfile.frontend - type: pr-frontend - name: frontend - - dockerfile: Dockerfile.backend - type: pr-backend - name: backend - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} - - name: Determine the branch name - id: determine_branch - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - echo "branch_name=${{ github.head_ref }}" >> $GITHUB_ENV - else - echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV - fi - - - name: Replace / with - in branch name - id: replace_slash - run: | - SANITIZED_BRANCH_NAME=$(echo "${{ env.branch_name }}" | tr '/' '-') - echo "sanitized_branch_name=${SANITIZED_BRANCH_NAME}" >> $GITHUB_ENV - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - tags: | - type=raw,enable=true,prefix=${{matrix.type}}-,value=${{ env.sanitized_branch_name }} - images: | - ghcr.io/tokens-studio/tokens-studio-for-penpot - - name: prebuild - run: | - echo "Building ${{ matrix.name }} image" - ./manage.sh build-${{matrix.name}}-bundle - mv ./bundles/${{matrix.name}} ./docker/images/bundle-${{matrix.name}}/ - - - name: Publish Docker images - uses: docker/build-push-action@v5 - with: - context: ./docker/images - file: ./docker/images/${{ matrix.dockerfile }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - deploy: - runs-on: ubuntu-latest - needs: - - "build" - steps: - - uses: actions/checkout@v4 - - name: 🍍 Deploy with Gimlet - uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 - env: - GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} - GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml deleted file mode 100644 index b278fef22..000000000 --- a/.github/workflows/publish.yml +++ /dev/null @@ -1,91 +0,0 @@ -name: Publish docker image - -on: - push: - branches: [ token-studio-develop ] - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - include: - - dockerfile: Dockerfile.backend - type: backend - - dockerfile: Dockerfile.frontend - type: frontend - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.PAT_TOKEN }} - - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - tags: | - type=sha,format=long,prefix=${{matrix.type}}- - images: | - ghcr.io/tokens-studio/tokens-studio-for-penpot - - name: prebuild - run: | - echo "Building ${{ matrix.type }} image" - ./manage.sh build-${{matrix.type}}-bundle - mv ./bundles/${{matrix.type}} ./docker/images/bundle-${{matrix.type}}/ - - - name: Publish Docker images - uses: docker/build-push-action@v5 - with: - context: ./docker/images - file: ./docker/images/${{ matrix.dockerfile }} - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - deploy: - runs-on: ubuntu-latest - needs: - - "build" - steps: - - uses: actions/checkout@v4 - - name: 🍍 Deploy with Gimlet - uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3 - env: - GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }} - GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }} - with: - ENV: "prod" - APP: "penpot" - WAIT: "true" - smoke: - runs-on: ubuntu-latest - needs: - - "deploy" - steps: - - - name: Check if URL can be accessed - run: | - URL="https://penpot.tokens.studio" - STATUS=$(curl -o /dev/null -s -w "%{http_code}\n" $URL) - if [ $STATUS -ne 200 ]; then - echo "Error: Unable to access $URL. HTTP Status: $STATUS" - exit 1 - else - echo "Success: $URL is accessible. HTTP Status: $STATUS" - fi \ No newline at end of file