mirror of
https://github.com/penpot/penpot.git
synced 2025-01-21 14:12:36 -05:00
Merge pull request #185 from tokens-studio/feat/mailslurper
Feat/mailslurper
This commit is contained in:
commit
ea5dbe275e
20 changed files with 1218 additions and 236 deletions
|
@ -1,4 +1,4 @@
|
||||||
name: penpot-frontend-preview
|
name: penpot
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: Tokens Studio
|
- name: Tokens Studio
|
||||||
url: https://tokens.studio
|
url: https://tokens.studio
|
||||||
|
@ -15,3 +15,8 @@ keywords:
|
||||||
- design
|
- design
|
||||||
sources:
|
sources:
|
||||||
- https://github.com/penpot/penpot
|
- https://github.com/penpot/penpot
|
||||||
|
dependencies:
|
||||||
|
- condition: global.redisEnabled
|
||||||
|
name: redis
|
||||||
|
repository: https://charts.bitnami.com/bitnami
|
||||||
|
version: 17.x.x
|
370
.gimlet/k8s/penpot/templates/backend/deployment.yaml
Normal file
370
.gimlet/k8s/penpot/templates/backend/deployment.yaml
Normal file
|
@ -0,0 +1,370 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}-backend
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.backend.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.backend.replicaCount }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "penpot.backendSelectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.backendSelectorLabels" . | nindent 8 }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.global.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{ if .Values.backend.podSecurityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.backend.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}-backend
|
||||||
|
{{ if .Values.backend.containerSecurityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.backend.image.imagePullPolicy }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /opt/data
|
||||||
|
name: app-data
|
||||||
|
readOnly: false
|
||||||
|
env:
|
||||||
|
- name: PENPOT_PUBLIC_URI
|
||||||
|
value: {{ .Values.config.publicURI | quote }}
|
||||||
|
- name: PENPOT_FLAGS
|
||||||
|
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||||
|
- name: PENPOT_SECRET_KEY
|
||||||
|
value: {{ .Values.config.apiSecretKey | quote }}
|
||||||
|
- name: PENPOT_DATABASE_URI
|
||||||
|
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
|
||||||
|
- name: PENPOT_DATABASE_USERNAME
|
||||||
|
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
|
||||||
|
value: {{ .Values.config.postgresql.username | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.postgresql.existingSecret }}
|
||||||
|
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_DATABASE_PASSWORD
|
||||||
|
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
|
||||||
|
value: {{ .Values.config.postgresql.password | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.postgresql.existingSecret }}
|
||||||
|
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_REDIS_URI
|
||||||
|
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
|
||||||
|
- name: PENPOT_ASSETS_STORAGE_BACKEND
|
||||||
|
value: {{ .Values.config.assets.storageBackend | quote }}
|
||||||
|
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
|
||||||
|
value: {{ .Values.config.assets.filesystem.directory | quote }}
|
||||||
|
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_REGION
|
||||||
|
value: {{ .Values.config.assets.s3.region | quote }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
|
||||||
|
value: {{ .Values.config.assets.s3.bucket | quote }}
|
||||||
|
- name: AWS_ACCESS_KEY_ID
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: AWS_SECRET_ACCESS_KEY
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.endpointURI | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_TELEMETRY_ENABLED
|
||||||
|
value: {{ .Values.config.telemetryEnabled | quote }}
|
||||||
|
|
||||||
|
{{- if .Values.config.smtp.enabled }}
|
||||||
|
- name: PENPOT_SMTP_ENABLED
|
||||||
|
value: 'true'
|
||||||
|
{{- if .Values.config.smtp.defaultFrom }}
|
||||||
|
- name: PENPOT_SMTP_DEFAULT_FROM
|
||||||
|
value: {{ .Values.config.smtp.defaultFrom | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.defaultReplyTo }}
|
||||||
|
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
|
||||||
|
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.host }}
|
||||||
|
- name: PENPOT_SMTP_HOST
|
||||||
|
value: {{ .Values.config.smtp.host | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.port }}
|
||||||
|
- name: PENPOT_SMTP_PORT
|
||||||
|
value: {{ .Values.config.smtp.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
|
||||||
|
- name: PENPOT_SMTP_USERNAME
|
||||||
|
value: {{ .Values.config.smtp.username | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_SMTP_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.smtp.existingSecret }}
|
||||||
|
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
|
||||||
|
- name: PENPOT_SMTP_PASSWORD
|
||||||
|
value: {{ .Values.config.smtp.password | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_SMTP_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.smtp.existingSecret }}
|
||||||
|
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.tls }}
|
||||||
|
- name: PENPOT_SMTP_TLS
|
||||||
|
value: {{ .Values.config.smtp.tls | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.ssl }}
|
||||||
|
- name: PENPOT_SMTP_SSL
|
||||||
|
value: {{ .Values.config.smtp.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{- if .Values.config.registrationDomainWhitelist }}
|
||||||
|
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||||
|
value: {{ .Values.config.registrationDomainWhitelist | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.google.enabled }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.google.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.google.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.github.enabled }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.github.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.github.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.gitlab.enabled }}
|
||||||
|
{{- if .Values.config.providers.gitlab.baseURI }}
|
||||||
|
- name: PENPOT_GITLAB_BASE_URI
|
||||||
|
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.gitlab.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.oidc.enabled }}
|
||||||
|
{{- if .Values.config.providers.oidc.baseURI }}
|
||||||
|
- name: PENPOT_OIDC_BASE_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.baseURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.oidc.clientID | quote}}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.authURI }}
|
||||||
|
- name: PENPOT_OIDC_AUTH_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.authURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.tokenURI }}
|
||||||
|
- name: PENPOT_OIDC_TOKEN_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.userURI }}
|
||||||
|
- name: PENPOT_OIDC_USER_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.userURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.roles }}
|
||||||
|
- name: PENPOT_OIDC_ROLES
|
||||||
|
value: {{ .Values.config.providers.oidc.roles | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.rolesAttribute }}
|
||||||
|
- name: PENPOT_OIDC_ROLES_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.scopes }}
|
||||||
|
- name: PENPOT_OIDC_SCOPES
|
||||||
|
value: {{ .Values.config.providers.oidc.scopes | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.nameAttribute }}
|
||||||
|
- name: PENPOT_OIDC_NAME_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.emailAttribute }}
|
||||||
|
- name: PENPOT_OIDC_EMAIL_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.ldap.enabled }}
|
||||||
|
{{- if .Values.config.providers.ldap.host }}
|
||||||
|
- name: PENPOT_LDAP_HOST
|
||||||
|
value: {{ .Values.config.providers.ldap.host | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.port }}
|
||||||
|
- name: PENPOT_LDAP_PORT
|
||||||
|
value: {{ .Values.config.providers.ldap.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.ssl }}
|
||||||
|
- name: PENPOT_LDAP_SSL
|
||||||
|
value: {{ .Values.config.providers.ldap.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.startTLS }}
|
||||||
|
- name: PENPOT_LDAP_STARTTLS
|
||||||
|
value: {{ .Values.config.providers.ldap.startTLS | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.baseDN }}
|
||||||
|
- name: PENPOT_LDAP_BASE_DN
|
||||||
|
value: {{ .Values.config.providers.ldap.baseDN | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.bindDN }}
|
||||||
|
- name: PENPOT_LDAP_BIND_DN
|
||||||
|
value: {{ .Values.config.providers.ldap.bindDN | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.bindPassword }}
|
||||||
|
- name: PENPOT_LDAP_BIND_PASSWORD
|
||||||
|
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesUsername }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_USERNAME
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesEmail }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_EMAIL
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesFullname }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_FULLNAME
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesPhoto }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_PHOTO
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: {{ .Values.backend.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.backend.resources | nindent 12 }}
|
||||||
|
{{- with .Values.backend.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.backend.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.backend.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: app-data
|
||||||
|
{{- if .Values.persistence.enabled }}
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: {{ .Values.persistence.existingClaim | default ( include "penpot.fullname" . ) }}
|
||||||
|
{{- else }}
|
||||||
|
emptyDir: {}
|
||||||
|
{{- end }}
|
16
.gimlet/k8s/penpot/templates/backend/service.yaml
Normal file
16
.gimlet/k8s/penpot/templates/backend/service.yaml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}-backend
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.backend.service.type }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.backend.service.port }}
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
{{- include "penpot.backendSelectorLabels" . | nindent 4 }}
|
21
.gimlet/k8s/penpot/templates/db.yaml
Normal file
21
.gimlet/k8s/penpot/templates/db.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{{- if and .Values.postgresql.enabled -}}
|
||||||
|
apiVersion: postgresql.cnpg.io/v1
|
||||||
|
kind: Cluster
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}-db
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
instances: 1
|
||||||
|
superuserSecret:
|
||||||
|
name: {{ .Values.postgresql.superUser | quote }}
|
||||||
|
bootstrap:
|
||||||
|
initdb:
|
||||||
|
database: {{ .Values.postgresql.database | quote }}
|
||||||
|
owner: {{ .Values.postgresql.owner | quote }}
|
||||||
|
secret:
|
||||||
|
name: {{ .Values.postgresql.secret | quote }}
|
||||||
|
monitoring:
|
||||||
|
enablePodMonitor: true
|
||||||
|
storage:
|
||||||
|
size: 5Gi
|
||||||
|
{{- end -}}
|
355
.gimlet/k8s/penpot/templates/exporter/deployment.yaml
Normal file
355
.gimlet/k8s/penpot/templates/exporter/deployment.yaml
Normal file
|
@ -0,0 +1,355 @@
|
||||||
|
{{- if and .Values.exporter.enabled -}}
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}-exporter
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
replicas: {{ .Values.exporter.replicaCount }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
{{- include "penpot.exporterSelectorLabels" . | nindent 6 }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.exporterSelectorLabels" . | nindent 8 }}
|
||||||
|
spec:
|
||||||
|
{{- with .Values.global.imagePullSecrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||||
|
{{ if .Values.exporter.podSecurityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: {{ .Chart.Name }}-exporter
|
||||||
|
{{ if .Values.exporter.containerSecurityContext.enabled }}
|
||||||
|
securityContext:
|
||||||
|
{{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
|
||||||
|
imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
|
||||||
|
env:
|
||||||
|
- name: PENPOT_PUBLIC_URI
|
||||||
|
value: {{ .Values.config.publicURI | quote }}
|
||||||
|
- name: PENPOT_FLAGS
|
||||||
|
value: "$PENPOT_FLAGS {{ .Values.config.flags }}"
|
||||||
|
- name: PENPOT_SECRET_KEY
|
||||||
|
value: {{ .Values.config.apiSecretKey | quote }}
|
||||||
|
- name: PENPOT_DATABASE_URI
|
||||||
|
value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
|
||||||
|
- name: PENPOT_DATABASE_USERNAME
|
||||||
|
{{- if not .Values.config.postgresql.secretKeys.usernameKey }}
|
||||||
|
value: {{ .Values.config.postgresql.username | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.postgresql.existingSecret }}
|
||||||
|
key: {{ .Values.config.postgresql.secretKeys.usernameKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_DATABASE_PASSWORD
|
||||||
|
{{- if not .Values.config.postgresql.secretKeys.passwordKey }}
|
||||||
|
value: {{ .Values.config.postgresql.password | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.postgresql.existingSecret }}
|
||||||
|
key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_REDIS_URI
|
||||||
|
value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
|
||||||
|
- name: PENPOT_ASSETS_STORAGE_BACKEND
|
||||||
|
value: {{ .Values.config.assets.storageBackend | quote }}
|
||||||
|
{{- if eq .Values.config.assets.storageBackend "assets-fs" }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_FS_DIRECTORY
|
||||||
|
value: {{ .Values.config.assets.filesystem.directory | quote }}
|
||||||
|
{{- else if eq .Values.config.assets.storageBackend "assets-s3" }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_REGION
|
||||||
|
value: {{ .Values.config.assets.s3.region | quote }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_BUCKET
|
||||||
|
value: {{ .Values.config.assets.s3.bucket | quote }}
|
||||||
|
- name: AWS_ACCESS_KEY_ID
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.accessKeyID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.accessKeyIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: AWS_SECRET_ACCESS_KEY
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.secretAccessKey | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.secretAccessKey }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_STORAGE_ASSETS_S3_ENDPOINT
|
||||||
|
{{- if not .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||||
|
value: {{ .Values.config.assets.s3.endpointURI | quote }}
|
||||||
|
{{- else }}
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.assets.s3.existingSecret }}
|
||||||
|
key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- name: PENPOT_TELEMETRY_ENABLED
|
||||||
|
value: {{ .Values.config.telemetryEnabled | quote }}
|
||||||
|
|
||||||
|
{{- if .Values.config.smtp.enabled }}
|
||||||
|
{{- if .Values.config.smtp.defaultFrom }}
|
||||||
|
- name: PENPOT_SMTP_DEFAULT_FROM
|
||||||
|
value: {{ .Values.config.smtp.defaultFrom | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.defaultReplyTo }}
|
||||||
|
- name: PENPOT_SMTP_DEFAULT_REPLY_TO
|
||||||
|
value: {{ .Values.config.smtp.defaultReplyTo | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.host }}
|
||||||
|
- name: PENPOT_SMTP_HOST
|
||||||
|
value: {{ .Values.config.smtp.host | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.port }}
|
||||||
|
- name: PENPOT_SMTP_PORT
|
||||||
|
value: {{ .Values.config.smtp.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.smtp.secretKeys.usernameKey }}
|
||||||
|
- name: PENPOT_SMTP_USERNAME
|
||||||
|
value: {{ .Values.config.smtp.username | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_SMTP_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.smtp.existingSecret }}
|
||||||
|
key: {{ .Values.config.smtp.secretKeys.usernameKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.smtp.secretKeys.passwordKey }}
|
||||||
|
- name: PENPOT_SMTP_PASSWORD
|
||||||
|
value: {{ .Values.config.smtp.password | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_SMTP_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.smtp.existingSecret }}
|
||||||
|
key: {{ .Values.config.smtp.secretKeys.passwordKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.tls }}
|
||||||
|
- name: PENPOT_SMTP_TLS
|
||||||
|
value: {{ .Values.config.smtp.tls | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.smtp.ssl }}
|
||||||
|
- name: PENPOT_SMTP_SSL
|
||||||
|
value: {{ .Values.config.smtp.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
|
||||||
|
{{- if .Values.config.registrationDomainWhitelist }}
|
||||||
|
- name: PENPOT_REGISTRATION_DOMAIN_WHITELIST
|
||||||
|
value: {{ .Values.config.registrationDomainWhitelist | quote }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.google.enabled }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.google.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.googleClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.googleClientSecretKey}}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.google.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GOOGLE_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.github.enabled }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.github.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.githubClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.github.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITHUB_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.gitlab.enabled }}
|
||||||
|
{{- if .Values.config.providers.gitlab.baseURI }}
|
||||||
|
- name: PENPOT_GITLAB_BASE_URI
|
||||||
|
value: {{ .Values.config.providers.gitlab.baseURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.gitlab.clientID | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.gitlabClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.gitlab.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_GITLAB_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.oidc.enabled }}
|
||||||
|
{{- if .Values.config.providers.oidc.baseURI }}
|
||||||
|
- name: PENPOT_OIDC_BASE_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.baseURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_ID
|
||||||
|
value: {{ .Values.config.providers.oidc.clientID | quote}}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_ID
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.oidcClientIDKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if not .Values.config.providers.secretKeys.oidcClientSecretKey}}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||||
|
value: {{ .Values.config.providers.oidc.clientSecret | quote }}
|
||||||
|
{{- else }}
|
||||||
|
- name: PENPOT_OIDC_CLIENT_SECRET
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ .Values.config.providers.existingSecret }}
|
||||||
|
key: {{ .Values.config.providers.secretKeys.oidcClientSecretKey }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.authURI }}
|
||||||
|
- name: PENPOT_OIDC_AUTH_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.authURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.tokenURI }}
|
||||||
|
- name: PENPOT_OIDC_TOKEN_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.tokenURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.userURI }}
|
||||||
|
- name: PENPOT_OIDC_USER_URI
|
||||||
|
value: {{ .Values.config.providers.oidc.userURI | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.roles }}
|
||||||
|
- name: PENPOT_OIDC_ROLES
|
||||||
|
value: {{ .Values.config.providers.oidc.roles | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.rolesAttribute }}
|
||||||
|
- name: PENPOT_OIDC_ROLES_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.rolesAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.scopes }}
|
||||||
|
- name: PENPOT_OIDC_SCOPES
|
||||||
|
value: {{ .Values.config.providers.oidc.scopes | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.nameAttribute }}
|
||||||
|
- name: PENPOT_OIDC_NAME_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.nameAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.oidc.emailAttribute }}
|
||||||
|
- name: PENPOT_OIDC_EMAIL_ATTR
|
||||||
|
value: {{ .Values.config.providers.oidc.emailAttribute | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.config.providers.ldap.enabled }}
|
||||||
|
{{- if .Values.config.providers.ldap.host }}
|
||||||
|
- name: PENPOT_LDAP_HOST
|
||||||
|
value: {{ .Values.config.providers.ldap.host | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.port }}
|
||||||
|
- name: PENPOT_LDAP_PORT
|
||||||
|
value: {{ .Values.config.providers.ldap.port | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.ssl }}
|
||||||
|
- name: PENPOT_LDAP_SSL
|
||||||
|
value: {{ .Values.config.providers.ldap.ssl | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.startTLS }}
|
||||||
|
- name: PENPOT_LDAP_STARTTLS
|
||||||
|
value: {{ .Values.config.providers.ldap.startTLS | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.baseDN }}
|
||||||
|
- name: PENPOT_LDAP_BASE_DN
|
||||||
|
value: {{ .Values.config.providers.ldap.baseDN | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.bindDN }}
|
||||||
|
- name: PENPOT_LDAP_BIND_DN
|
||||||
|
value: {{ .Values.config.providers.ldap.bindDN | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.bindPassword }}
|
||||||
|
- name: PENPOT_LDAP_BIND_PASSWORD
|
||||||
|
value: {{ .Values.config.providers.ldap.bindPassword | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesUsername }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_USERNAME
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesUsername | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesEmail }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_EMAIL
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesEmail | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesFullname }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_FULLNAME
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesFullname | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.config.providers.ldap.attributesPhoto }}
|
||||||
|
- name: PENPOT_LDAP_ATTRS_PHOTO
|
||||||
|
value: {{ .Values.config.providers.ldap.attributesPhoto | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: {{ .Values.exporter.service.port }}
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
{{- toYaml .Values.exporter.resources | nindent 12 }}
|
||||||
|
{{- with .Values.exporter.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.exporter.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.exporter.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
16
.gimlet/k8s/penpot/templates/exporter/service.yaml
Normal file
16
.gimlet/k8s/penpot/templates/exporter/service.yaml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}-exporter
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
spec:
|
||||||
|
type: {{ .Values.exporter.service.type }}
|
||||||
|
ports:
|
||||||
|
- port: {{ .Values.exporter.service.port }}
|
||||||
|
targetPort: http
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
{{- include "penpot.exporterSelectorLabels" . | nindent 4 }}
|
129
.gimlet/k8s/penpot/templates/frontend/configmap.yaml
Normal file
129
.gimlet/k8s/penpot/templates/frontend/configmap.yaml
Normal file
|
@ -0,0 +1,129 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: "{{ include "penpot.fullname" . }}-frontend-nginx"
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
nginx.conf: |
|
||||||
|
user www-data;
|
||||||
|
worker_processes auto;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 2048;
|
||||||
|
# multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_requests 30;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
reset_timedout_connection on;
|
||||||
|
client_body_timeout 30s;
|
||||||
|
client_header_timeout 30s;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
error_log /dev/stdout;
|
||||||
|
access_log /dev/stdout;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_static on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_buffers 16 8k;
|
||||||
|
gzip_http_version 1.1;
|
||||||
|
|
||||||
|
gzip_types text/plain text/css text/javascript application/javascript application/json application/transit+json;
|
||||||
|
|
||||||
|
resolver 127.0.0.11;
|
||||||
|
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
etag off;
|
||||||
|
root /var/www/app/;
|
||||||
|
|
||||||
|
location ~* \.(js|css).*$ {
|
||||||
|
add_header Cache-Control "max-age=86400" always; # 24 hours
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* \.(html).*$ {
|
||||||
|
add_header Cache-Control "no-cache, max-age=0" always;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/export {
|
||||||
|
proxy_pass http://{{ include "penpot.fullname" . }}-exporter:6061;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api {
|
||||||
|
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/api;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /ws/notifications {
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/ws/notifications;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @handle_redirect {
|
||||||
|
set $redirect_uri "$upstream_http_location";
|
||||||
|
set $redirect_host "$upstream_http_x_host";
|
||||||
|
set $redirect_cache_control "$upstream_http_cache_control";
|
||||||
|
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
proxy_set_header Host "$redirect_host";
|
||||||
|
proxy_hide_header etag;
|
||||||
|
proxy_hide_header x-amz-id-2;
|
||||||
|
proxy_hide_header x-amz-request-id;
|
||||||
|
proxy_hide_header x-amz-meta-server-side-encryption;
|
||||||
|
proxy_hide_header x-amz-server-side-encryption;
|
||||||
|
proxy_pass $redirect_uri;
|
||||||
|
|
||||||
|
add_header x-internal-redirect "$redirect_uri";
|
||||||
|
add_header x-cache-control "$redirect_cache_control";
|
||||||
|
add_header cache-control "$redirect_cache_control";
|
||||||
|
}
|
||||||
|
|
||||||
|
location /assets {
|
||||||
|
proxy_pass http://{{ include "penpot.fullname" . }}-backend:6060/assets;
|
||||||
|
recursive_error_pages on;
|
||||||
|
proxy_intercept_errors on;
|
||||||
|
error_page 301 302 307 = @handle_redirect;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /internal/assets {
|
||||||
|
internal;
|
||||||
|
alias /opt/data/assets;
|
||||||
|
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,9 +2,12 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "penpot.fullname" . }}-frontend
|
name: {{ include "penpot.fullname" . }}-frontend
|
||||||
namespace: {{ .Values.namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "penpot.labels" . | nindent 4 }}
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.frontend.labels }}
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
spec:
|
spec:
|
||||||
replicas: {{ .Values.frontend.replicaCount }}
|
replicas: {{ .Values.frontend.replicaCount }}
|
||||||
selector:
|
selector:
|
||||||
|
@ -20,16 +23,6 @@ spec:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
serviceAccountName: {{ include "penpot.serviceAccountName" . }}
|
||||||
affinity:
|
|
||||||
podAffinity:
|
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
|
||||||
- labelSelector:
|
|
||||||
matchExpressions:
|
|
||||||
- key: app.kubernetes.io/instance
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- {{ .Release.Name }}
|
|
||||||
topologyKey: "kubernetes.io/hostname"
|
|
||||||
containers:
|
containers:
|
||||||
- name: {{ .Chart.Name }}-frontend
|
- name: {{ .Chart.Name }}-frontend
|
||||||
image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
|
image: "{{ .Values.frontend.image.repository }}:{{ .Values.frontend.image.tag }}"
|
|
@ -12,7 +12,7 @@ apiVersion: extensions/v1beta1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $fullName }}
|
name: {{ $fullName }}
|
||||||
namespace: {{ .Values.namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "penpot.labels" . | nindent 4 }}
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
{{- with .Values.frontend.ingress.annotations }}
|
{{- with .Values.frontend.ingress.annotations }}
|
||||||
|
@ -22,7 +22,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
{{- if .Values.frontend.ingress.tls }}
|
{{- if .Values.frontend.ingress.tls }}
|
||||||
tls:
|
tls:
|
||||||
{{- range .Values.ingress.tls }}
|
{{- range .Values.frontend.ingress.tls }}
|
||||||
- hosts:
|
- hosts:
|
||||||
{{- range .hosts }}
|
{{- range .hosts }}
|
||||||
- {{ . | quote }}
|
- {{ . | quote }}
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ include "penpot.fullname" . }}
|
name: {{ include "penpot.fullname" . }}
|
||||||
namespace: {{ .Values.namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
labels:
|
labels:
|
||||||
{{- include "penpot.labels" . | nindent 4 }}
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
spec:
|
spec:
|
24
.gimlet/k8s/penpot/templates/pvac.yaml
Normal file
24
.gimlet/k8s/penpot/templates/pvac.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
{{- if .Values.persistence.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{ toYaml .Values.persistence.annotations | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
{{- range .Values.persistence.accessModes }}
|
||||||
|
- {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.persistence.size | quote }}
|
||||||
|
{{- if .Values.persistence.storageClass }}
|
||||||
|
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
13
.gimlet/k8s/penpot/templates/serviceaccount.yaml
Normal file
13
.gimlet/k8s/penpot/templates/serviceaccount.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{{- if .Values.serviceAccount.enabled -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "penpot.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
{{- include "penpot.labels" . | nindent 4 }}
|
||||||
|
{{- with .Values.serviceAccount.annotations }}
|
||||||
|
annotations:
|
||||||
|
{{- toYaml . | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -2,12 +2,10 @@
|
||||||
|
|
||||||
## @section Global parameters
|
## @section Global parameters
|
||||||
|
|
||||||
## @param global.postgresqlEnabled Whether to deploy the Bitnami PostgreSQL chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/postgresql) for configuration.
|
|
||||||
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
|
## @param global.redisEnabled Whether to deploy the Bitnami Redis chart as subchart. Check [the official chart](https://artifacthub.io/packages/helm/bitnami/redis) for configuration.
|
||||||
## @param global.imagePullSecrets Global Docker registry secret names as an array.
|
## @param global.imagePullSecrets Global Docker registry secret names as an array.
|
||||||
##
|
##
|
||||||
global:
|
global:
|
||||||
postgresqlEnabled: false
|
|
||||||
redisEnabled: false
|
redisEnabled: false
|
||||||
## E.g.
|
## E.g.
|
||||||
## imagePullSecrets:
|
## imagePullSecrets:
|
||||||
|
@ -37,6 +35,7 @@ serviceAccount:
|
||||||
## Penpot Backend
|
## Penpot Backend
|
||||||
##
|
##
|
||||||
backend:
|
backend:
|
||||||
|
labels: {}
|
||||||
## @param backend.image.repository The Docker repository to pull the image from.
|
## @param backend.image.repository The Docker repository to pull the image from.
|
||||||
## @param backend.image.tag The image tag to use.
|
## @param backend.image.tag The image tag to use.
|
||||||
## @param backend.image.imagePullPolicy The image pull policy to use.
|
## @param backend.image.imagePullPolicy The image pull policy to use.
|
||||||
|
@ -106,6 +105,9 @@ backend:
|
||||||
## Penpot Frontend
|
## Penpot Frontend
|
||||||
##
|
##
|
||||||
frontend:
|
frontend:
|
||||||
|
|
||||||
|
labels: {}
|
||||||
|
|
||||||
## @param frontend.image.repository The Docker repository to pull the image from.
|
## @param frontend.image.repository The Docker repository to pull the image from.
|
||||||
## @param frontend.image.tag The image tag to use.
|
## @param frontend.image.tag The image tag to use.
|
||||||
## @param frontend.image.imagePullPolicy The image pull policy to use.
|
## @param frontend.image.imagePullPolicy The image pull policy to use.
|
||||||
|
@ -172,6 +174,7 @@ frontend:
|
||||||
## Penpot Exporter
|
## Penpot Exporter
|
||||||
##
|
##
|
||||||
exporter:
|
exporter:
|
||||||
|
enabled: true
|
||||||
## @param exporter.image.repository The Docker repository to pull the image from.
|
## @param exporter.image.repository The Docker repository to pull the image from.
|
||||||
## @param exporter.image.tag The image tag to use.
|
## @param exporter.image.tag The image tag to use.
|
||||||
## @param exporter.image.imagePullPolicy The image pull policy to use.
|
## @param exporter.image.imagePullPolicy The image pull policy to use.
|
||||||
|
@ -243,12 +246,12 @@ exporter:
|
||||||
persistence:
|
persistence:
|
||||||
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
|
## @param persistence.enabled Enable persistence using Persistent Volume Claims.
|
||||||
##
|
##
|
||||||
enabled: true
|
enabled: false
|
||||||
## @param persistence.storageClass Persistent Volume storage class.
|
## @param persistence.storageClass Persistent Volume storage class.
|
||||||
## If defined, storageClassName: <storageClass>.
|
## If defined, storageClassName: <storageClass>.
|
||||||
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner.
|
||||||
##
|
##
|
||||||
storageClass: standard-rwx
|
storageClass: ""
|
||||||
## @param persistence.size Persistent Volume size.
|
## @param persistence.size Persistent Volume size.
|
||||||
##
|
##
|
||||||
size: 8Gi
|
size: 8Gi
|
||||||
|
@ -275,6 +278,7 @@ config:
|
||||||
publicURI: "http://localhost:8080"
|
publicURI: "http://localhost:8080"
|
||||||
flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
|
flags: "enable-registration enable-login disable-demo-users disable-demo-warning"
|
||||||
apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65"
|
apiSecretKey: "b46a12cb4bedc6b9df8cb3f18c708b65"
|
||||||
|
|
||||||
## @param config.postgresql.host The PostgreSQL host to connect to.
|
## @param config.postgresql.host The PostgreSQL host to connect to.
|
||||||
## @param config.postgresql.port The PostgreSQL host port to use.
|
## @param config.postgresql.port The PostgreSQL host port to use.
|
||||||
## @param config.postgresql.database The PostgreSQL database to use.
|
## @param config.postgresql.database The PostgreSQL database to use.
|
||||||
|
@ -294,6 +298,7 @@ config:
|
||||||
secretKeys:
|
secretKeys:
|
||||||
usernameKey: ""
|
usernameKey: ""
|
||||||
passwordKey: ""
|
passwordKey: ""
|
||||||
|
|
||||||
## @param config.redis.host The Redis host to connect to.
|
## @param config.redis.host The Redis host to connect to.
|
||||||
## @param config.redis.port The Redis host port to use.
|
## @param config.redis.port The Redis host port to use.
|
||||||
## @param config.redis.database The Redis database to connect to.
|
## @param config.redis.database The Redis database to connect to.
|
||||||
|
@ -464,26 +469,24 @@ config:
|
||||||
oidcClientIDKey: ""
|
oidcClientIDKey: ""
|
||||||
oidcClientSecretKey: ""
|
oidcClientSecretKey: ""
|
||||||
|
|
||||||
|
## @section PostgreSQL configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/postgresql))
|
||||||
|
|
||||||
frontend:
|
## @param postgresql.secret The secret to reference
|
||||||
image:
|
## @param postgresql.owner The owner of the database
|
||||||
pullPolicy: IfNotPresent
|
## @param postgresql.database Name for a custom database to create.
|
||||||
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
## @param postgresql.superUser The name of the secret for the superuser
|
||||||
tag: latest
|
##
|
||||||
ingress:
|
postgresql:
|
||||||
enabled: true
|
enabled: false
|
||||||
annotations:
|
secret: db-penpot-secrets
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
owner: penpot
|
||||||
networking.gke.io/v1beta1.FrontendConfig: default-frontend-config
|
database: penpot
|
||||||
|
superUser: db-penpot-superuser-secret
|
||||||
|
|
||||||
config:
|
## @section Redis configuration (Check for [more parameters here](https://artifacthub.io/packages/helm/bitnami/redis))
|
||||||
publicURI: https://penpot.tokens.studio
|
|
||||||
redis:
|
## @param redis.auth.enabled Whether to enable password authentication.
|
||||||
host: penpot-redis-master.penpot.svc.cluster.local
|
##
|
||||||
postgresql:
|
redis:
|
||||||
host: penpot-db-rw
|
auth:
|
||||||
database: penpot
|
enabled: false
|
||||||
existingSecret: db-penpot-secrets
|
|
||||||
secretKeys:
|
|
||||||
usernameKey: username
|
|
||||||
passwordKey: password
|
|
|
@ -1,6 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: {{ .Values.namespace }}
|
|
||||||
labels:
|
|
||||||
toolkit.fluxcd.io/tenant: penpot-team
|
|
|
@ -27,11 +27,10 @@ manifests: |
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: mailslurper
|
- name: mailslurper
|
||||||
image: oryd/mailslurper:smtps-latest
|
image: sj26/mailcatcher:latest
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 1025
|
- containerPort: 1025
|
||||||
- containerPort: 4436
|
- containerPort: 1080
|
||||||
- containerPort: 4437
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
|
@ -45,3 +44,37 @@ manifests: |
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 1025
|
port: 1025
|
||||||
targetPort: 1025
|
targetPort: 1025
|
||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: db-penpot-secrets
|
||||||
|
namespace: penpot
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE=
|
||||||
|
username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw=
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: db-penpot-secrets
|
||||||
|
namespace: penpot
|
||||||
|
type: Opaque
|
||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: db-penpot-superuser-secret
|
||||||
|
namespace: penpot
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg==
|
||||||
|
username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: db-penpot-superuser-secret
|
||||||
|
namespace: penpot
|
||||||
|
type: Opaque
|
|
@ -1,25 +1,88 @@
|
||||||
app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
|
app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
|
||||||
# TODO move to staging cluster when ready
|
# TODO move to staging cluster when ready
|
||||||
env: prod
|
env: prod
|
||||||
|
namespace: penpot
|
||||||
deploy:
|
deploy:
|
||||||
event: pr
|
event: pr
|
||||||
cleanup:
|
cleanup:
|
||||||
event: branchDeleted
|
event: branchDeleted
|
||||||
app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
|
app: penpot-pr-{{ .BRANCH | sanitizeDNSName }}
|
||||||
chart:
|
chart:
|
||||||
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/preview-frontend/
|
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/
|
||||||
values:
|
values:
|
||||||
namespace: "{{ .BRANCH | sanitizeDNSName }}"
|
redis:
|
||||||
|
replica:
|
||||||
|
replicaCount: 0
|
||||||
|
global:
|
||||||
|
# Try use the existing redis
|
||||||
|
redisEnabled: false
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: ghcr-login-secret
|
||||||
|
postgresql:
|
||||||
|
# use the existing db
|
||||||
|
enabled: false
|
||||||
|
owner: penpot
|
||||||
|
database: penpot
|
||||||
|
# Assumed specified in infra
|
||||||
|
secret: db-penpot-secrets
|
||||||
|
superUser: db-penpot-superuser-secret
|
||||||
|
config:
|
||||||
|
telemetryEnabled: false
|
||||||
|
assets:
|
||||||
|
storageBackend: assets-s3
|
||||||
|
s3:
|
||||||
|
region: eu-west
|
||||||
|
bucket: assets
|
||||||
|
endpointURI: http://minio.penpot.svc.cluster.local:80
|
||||||
|
existingSecret:
|
||||||
|
penpot-assets-user-0
|
||||||
|
secretKeys:
|
||||||
|
accessKeyIDKey: CONSOLE_ACCESS_KEY
|
||||||
|
secretAccessKey: CONSOLE_SECRET_KEY
|
||||||
|
flags: 'enable-smtp'
|
||||||
|
smtp:
|
||||||
|
enabled: true
|
||||||
|
host: mailslurper
|
||||||
|
defaultFrom: no-reply@penpot.tokens.studio
|
||||||
|
defaultReplyTo: no-reply@penpot.tokens.studio
|
||||||
|
username: test
|
||||||
|
password: test
|
||||||
|
tls: false
|
||||||
|
ssl: false
|
||||||
|
port: 1025
|
||||||
|
publicURI: https://{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio
|
||||||
|
redis:
|
||||||
|
host: penpot-redis-master.penpot.svc.cluster.local
|
||||||
|
postgresql:
|
||||||
|
# note that this is unchanged
|
||||||
|
host: penpot-db-rw
|
||||||
|
database: penpot
|
||||||
|
existingSecret: db-penpot-secrets
|
||||||
|
secretKeys:
|
||||||
|
usernameKey: username
|
||||||
|
passwordKey: password
|
||||||
|
backend:
|
||||||
|
image:
|
||||||
|
pullPolicy: Always
|
||||||
|
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
||||||
|
tag: 'pr-backend-{{ .BRANCH | sanitizeDNSName }}'
|
||||||
|
exporter:
|
||||||
|
# Unlikely to be used
|
||||||
|
enabled: false
|
||||||
frontend:
|
frontend:
|
||||||
image:
|
labels:
|
||||||
pullPolicy: IfNotPresent
|
portService: tokens-studio-for-penpot
|
||||||
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
image:
|
||||||
tag: 'frontend-pr-{{ .SHA }}'
|
pullPolicy: Always
|
||||||
ingress:
|
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
||||||
hosts:
|
tag: 'pr-frontend-{{ .BRANCH | sanitizeDNSName }}'
|
||||||
- host: "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio"
|
ingress:
|
||||||
tls:
|
enabled: true
|
||||||
- secretName: tls-penpot
|
annotations:
|
||||||
hosts:
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
- "{{ .BRANCH | sanitizeDNSName }}.penpot.staging.tokens.studio"
|
hosts:
|
||||||
|
- host: "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio"
|
||||||
|
tls:
|
||||||
|
- secretName: tls-penpot-{{ .BRANCH | sanitizeDNSName }}
|
||||||
|
hosts:
|
||||||
|
- "{{ .BRANCH | sanitizeDNSName }}.penpot.alpha.tokens.studio"
|
||||||
|
|
|
@ -1,175 +1,78 @@
|
||||||
app: penpot
|
app: penpot
|
||||||
env: prod
|
env: prod
|
||||||
|
namespace: penpot
|
||||||
deploy:
|
deploy:
|
||||||
branch: token-studio-develop
|
branch: token-studio-develop
|
||||||
event: push
|
event: push
|
||||||
manifests: |
|
chart:
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
name: https://github.com/tokens-studio/tokens-studio-for-penpot.git?branch={{ .BRANCH }}&path=/.gimlet/k8s/penpot/
|
||||||
kind: HelmRepository
|
values:
|
||||||
metadata:
|
redis:
|
||||||
name: codechem
|
replica:
|
||||||
namespace: penpot
|
replicaCount: 0
|
||||||
spec:
|
global:
|
||||||
interval: 5m
|
redisEnabled: true
|
||||||
url: https://charts.codechem.com
|
imagePullSecrets:
|
||||||
---
|
- name: ghcr-login-secret
|
||||||
apiVersion: bitnami.com/v1alpha1
|
postgresql:
|
||||||
kind: SealedSecret
|
enabled: true
|
||||||
metadata:
|
owner: penpot
|
||||||
creationTimestamp: null
|
database: penpot
|
||||||
name: db-penpot-secrets
|
# Assumed specified in infra
|
||||||
namespace: penpot
|
secret: db-penpot-secrets
|
||||||
spec:
|
superUser: db-penpot-superuser-secret
|
||||||
encryptedData:
|
config:
|
||||||
password: AgBzAKLzhBGDrga3ojwgBnbaDmzxQkfoIcu90ji4iutq7t2OQCuJ/8NFD1KUw8hmQ6FlwQY3reaGqRnONdzdM2VyHQmXkaoXEzCAiARh9CWiwzwW2PG6KbSmHzo/YAt17Vkux0euc0z4JAceWqbXdm8Tl8FgUktFmJNY0OGIJ8CfLFNX8p6YujSoYpIRwjG0juiGhbPGeSkJguAAR7uwLwtjCNfFRuSqEDYeaRYHvhxGgh6pyJ70+qVzUQClFJEkVzNJu9CyGx48WSPDDpPbp+h84AWIIY25Cphk48DK/oNVikQitgMVOVBU8swcpz7MSVmKxs407vKRAWN4MGV2HkNrFwFjpQsksNAQ0KTfQrVigz1Hf985w4hji1gjifK7GbSgD9Kzz8pMni3gPMj0mr4y6Nhes+hc8AGTD3N+bhpJsAZKMzSZesdamWDiwyLi+ZPuPu+1/LBVLL68DAp6odKaposQfxeTKAkxqt/6s5jvKWPl3kQ9ud2cg/8Mw3B5pqzKK4dUwUdI1pNV4GyLTj9b+M1aDYaqGmYLzZVcYxeBVh27EFC2aon8/3zkXy6Hm/BZK/aZkrmO5sJTQRYRjnlG6rRtHCWcnXI6KKqKjU5GDFk2otqrlxPMQyXyjbwycP3rTHmhAaHWkR+fOETcq+kNbVUcaR3XTCw7T1qFZ4dtaBN02RHbRE3qxs/SjGMPnzfKQs1626gHAayZqxprpfz6mT0u0Hkn2NGg6RlJr36CxfE=
|
flags: 'enable-smtp'
|
||||||
username: AgBw5ALuBj1TpQc5dmyLW927WQO9AXgdyqYeXHwzXbLKIdyAkyihVIkTSD/MS/InTbsiFIYPvZptpAjpWc9p2IN8nvLbEjc8JXS7DA3NDr/SN7J70oDOKS/vT4Vlz4yX/6fmU8pGvjMh22ELBbruxWS+a6Nty/XcZPqJ8gMuj/vAnticq+i4Rmuy1aghEfsYzPVSigS5QfnnFsMBA5lZS7rgiv4voudi5aAh8luIsDx9eCk2WxcN+9f816MYXBxcZL853h4lIQziOfs8LK0jCZm62yOeckmuMt0EznGEwAS1Magrw9PnZdSDOHvTrugRT/sx8JzkpEorJQXTA/6hXT9tqTbZuLnHMcdVGAcU9+1QcJPtlhYH05irbDqMs5IgxqCW7ch3gtiIS1hTRGpaG+LoNGREcZZtiWxkgcVhJG8E+5ailyt0B/NO+RgjYjjK+tH/hcGd2hABvkmS1f9FUHIRdE0uiwvwM/hWU9qTJcSHdN3mJ96/7lQvfnDoDDP8zS09Co0E0zLmLFSAEvOIz7HMvE0Bw2UPzcy4N8J2y+u4m0327FUUN96Y3e2L+o1SrVw/CJO1/haN34j1SMUFh/4q63VvNLDfUD69QbpjMtjNrvhqNWyyET1QNWl4SFsfbMdC7/rXM9Lpg4GEZ6R5G/QcTb27Zo5UuOeFP060XiWJ1/bD8tiZKU1K1QTwJ0Uur3MDcrYRvGw=
|
assets:
|
||||||
template:
|
storageBackend: assets-s3
|
||||||
metadata:
|
s3:
|
||||||
creationTimestamp: null
|
region: eu-west
|
||||||
name: db-penpot-secrets
|
bucket: assets
|
||||||
namespace: penpot
|
endpointURI: http://minio.penpot.svc.cluster.local:80
|
||||||
type: Opaque
|
existingSecret:
|
||||||
---
|
penpot-assets-user-0
|
||||||
apiVersion: bitnami.com/v1alpha1
|
secretKeys:
|
||||||
kind: SealedSecret
|
accessKeyIDKey: CONSOLE_ACCESS_KEY
|
||||||
metadata:
|
secretAccessKey: CONSOLE_SECRET_KEY
|
||||||
creationTimestamp: null
|
smtp:
|
||||||
name: db-penpot-superuser-secret
|
enabled: true
|
||||||
namespace: penpot
|
host: mailslurper
|
||||||
spec:
|
defaultFrom: no-reply@penpot.tokens.studio
|
||||||
encryptedData:
|
defaultReplyTo: no-reply@penpot.tokens.studio
|
||||||
password: AgBwTdp950SD3x9c1CjlAz4MGEN3tTDQH0iKLW1e4itCEB+W7c6hf+t2nc4VYLAhxCbMfs+sS2onSuoIuzr7/wTLtia3gSaRAgPFu2t91m6s51ewMMrPxoAmIdpHiojCnBXdhuc6XjinOs40MOoS6/qY1WjEXaPyvKBeMdFkKAdDTvMW6WA9xel8Jyf3U6Tz8/Onj1VAAnhgehFvPMZ1uDCEtUfKDPAe+za4S1SRAL81iNwJCVQJrQdetDpcIMnKkMbUvy8RFDmPPKJ6lxZHFk8ztJgCXlj55ViWlEmUC3QHtktnB0QYd+B2rFf6j/66ozgzyiqHd4nXCuRiCxnFSgFMrWYbaDheJEN4rgDNZBITIBiqnlH5HntieQHj9YohsVkr7r0FObtKpePV1t+Sb0RptJ9+LWexkSs6Rvq3HNj7JdOLN/QVsIZbiU4ctRMjxiVsyl7PDZe84tx3Kl6BiUOrClN8QR6huLLnIdVXetMbrPDDQOCI4FiH5UghLRlPdNkvpoeYLfL79Mxy5yOG+xkydM5HR7//NMGDqP7hf+vZFe8/EKuaSExUX6S0AT+hQVkmWcwy7OKq2Ra37XezjmWf6KGiHAL8Idn47E+PQ5axAlkZ1MgkjB+pc/2Lpyo3bfINa7avf03nOKwJl01cChB9O4bDkUfDh7N+26YkqlwMm6aU4dm80fydsPRBikTKTWafpLsQqtimv1ANTYHvbDDEsufK95O/cq8ER/fTAmmrcg==
|
username: test
|
||||||
username: AgAIwqIbS5Ze9e4sefyg77opd801epCHPewxEb+VuuJrxIl4+gFroopQNf/lhRQRFX1unI0PaR/iV5szaIaDmIYz3JQ3OxCyF1zeDYr6YhYNQMtkLgRJRrBr0j7TQPAKwLmgtZok7hDIvTj5bQ2dydibQ1Zg8N1valb03X6Vs/ivvvO3KvQEDckdGgD7UauL8onapU6KAFU5Hu9aEkvMTk4CGNpuLxGhYdA1+HLpLdQYBQPaJyEblGoko4wyv+pF/3m1tRBSQ1L8HsUXfAEn5dAd+0qkS5IvwOM8zXnZcT0ohXmY2mXjvPyv2phOKElQYURPwq9PPI+Sc5Ff7QHcVLjwQ+DYtSMDlRSt5BektWC+peBJfxZQ/X6w2AmICtdkOT03rrMxn0sWKIgQkvmJ0jkERAYlvifcoRmbof0wbFh+ANa0NpGLvxwiG+DsQ6eAsTB0Nu3wPCCBFZOUuTxS+yb4BjE3KPNGgVI6XtArxPnO3z3xglfI/nKDTY1rC2e0ZE72BDnhsLAwQTTgb/R/X2mvS7a0YXJ0gOpAgwP92K9zy1GA9ov2uTVZ2wbb39E69OxMKcbetDWirQrSYMqLYzJ1+W2cBbNdCcYQ2xnSM9cdEd2sPcFJ3NDVQeQRhxSTI6UfKWphUeksqwdW+VN7aODlUzMSxBCwGnxuaS6OVzOdLzQnORdyhyD8zclh5e0AXJpvqs+Z4CuvZA==
|
password: test
|
||||||
template:
|
tls: false
|
||||||
metadata:
|
ssl: false
|
||||||
creationTimestamp: null
|
port: 1025
|
||||||
name: db-penpot-superuser-secret
|
publicURI: https://penpot.tokens.studio
|
||||||
namespace: penpot
|
redis:
|
||||||
type: Opaque
|
host: penpot-redis-master.penpot.svc.cluster.local
|
||||||
---
|
postgresql:
|
||||||
apiVersion: postgresql.cnpg.io/v1
|
host: penpot-db-rw
|
||||||
kind: Cluster
|
database: penpot
|
||||||
metadata:
|
existingSecret: db-penpot-secrets
|
||||||
name: penpot-db
|
secretKeys:
|
||||||
namespace: penpot
|
usernameKey: username
|
||||||
spec:
|
passwordKey: password
|
||||||
instances: 1
|
backend:
|
||||||
superuserSecret:
|
image:
|
||||||
name: db-penpot-superuser-secret
|
pullPolicy: IfNotPresent
|
||||||
bootstrap:
|
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
||||||
initdb:
|
tag: 'backend-{{ .SHA }}'
|
||||||
database: penpot
|
frontend:
|
||||||
owner: penpot
|
labels:
|
||||||
secret:
|
portService: tokens-studio-for-penpot
|
||||||
name: db-penpot-secrets
|
image:
|
||||||
monitoring:
|
pullPolicy: IfNotPresent
|
||||||
enablePodMonitor: true
|
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
||||||
storage:
|
tag: 'frontend-{{ .SHA }}'
|
||||||
size: 5Gi
|
ingress:
|
||||||
---
|
enabled: true
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2beta2
|
annotations:
|
||||||
kind: HelmRelease
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
metadata:
|
hosts:
|
||||||
name: penpot
|
- host: "penpot.tokens.studio"
|
||||||
namespace: penpot
|
tls:
|
||||||
spec:
|
- secretName: tls-penpot
|
||||||
releaseName: penpot
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
version: "1.0.10"
|
|
||||||
chart: penpot
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: codechem
|
|
||||||
interval: 50m
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
values:
|
|
||||||
redis:
|
|
||||||
replica:
|
|
||||||
replicaCount: 0
|
|
||||||
global:
|
|
||||||
postgresqlEnabled: false
|
|
||||||
redisEnabled: true
|
|
||||||
imagePullSecrets:
|
|
||||||
- name: ghcr-login-secret
|
|
||||||
persistence:
|
|
||||||
enabled: true
|
|
||||||
storageClass: standard-rwx
|
|
||||||
backend:
|
|
||||||
image:
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
|
||||||
tag: 'backend-{{ .SHA }}'
|
|
||||||
frontend:
|
|
||||||
image:
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
repository: ghcr.io/tokens-studio/tokens-studio-for-penpot
|
|
||||||
tag: 'frontend-{{ .SHA }}'
|
|
||||||
ingress:
|
|
||||||
enabled: true
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
||||||
hosts:
|
hosts:
|
||||||
- host: penpot.tokens.studio
|
- penpot.tokens.studio
|
||||||
tls:
|
|
||||||
- secretName: tls-penpot
|
|
||||||
hosts:
|
|
||||||
- penpot.tokens.studio
|
|
||||||
# https://github.com/codechem/helm/issues/15
|
|
||||||
ingress:
|
|
||||||
tls:
|
|
||||||
- secretName: tls-penpot
|
|
||||||
hosts:
|
|
||||||
- penpot.tokens.studio
|
|
||||||
config:
|
|
||||||
publicURI: https://penpot.tokens.studio
|
|
||||||
smtp:
|
|
||||||
enabled: true
|
|
||||||
host: mailslurper
|
|
||||||
tls: false
|
|
||||||
port: 1025
|
|
||||||
redis:
|
|
||||||
host: penpot-redis-master.penpot.svc.cluster.local
|
|
||||||
postgresql:
|
|
||||||
host: penpot-db-rw
|
|
||||||
database: penpot
|
|
||||||
existingSecret: db-penpot-secrets
|
|
||||||
secretKeys:
|
|
||||||
usernameKey: username
|
|
||||||
passwordKey: password
|
|
||||||
json6902Patches:
|
|
||||||
- target:
|
|
||||||
group: "apps"
|
|
||||||
version: "v1"
|
|
||||||
kind: "Deployment"
|
|
||||||
name: "penpot-frontend"
|
|
||||||
patch: |
|
|
||||||
---
|
|
||||||
- op: add
|
|
||||||
path: /metadata/labels
|
|
||||||
value:
|
|
||||||
portService: tokens-studio-for-penpot
|
|
||||||
- target:
|
|
||||||
group: "apps"
|
|
||||||
version: "v1"
|
|
||||||
kind: "Deployment"
|
|
||||||
name: "penpot-exporter"
|
|
||||||
patch: |
|
|
||||||
---
|
|
||||||
- op: add
|
|
||||||
path: /metadata/labels
|
|
||||||
value:
|
|
||||||
portService: tokens-studio-for-penpot
|
|
||||||
- target:
|
|
||||||
group: "apps"
|
|
||||||
version: "v1"
|
|
||||||
kind: "Deployment"
|
|
||||||
name: "penpot-backend"
|
|
||||||
patch: |
|
|
||||||
---
|
|
||||||
- op: add
|
|
||||||
path: /metadata/labels
|
|
||||||
value:
|
|
||||||
portService: tokens-studio-for-penpot
|
|
30
.github/workflows/cleanup.yaml
vendored
30
.github/workflows/cleanup.yaml
vendored
|
@ -10,8 +10,36 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
- name: Determine the branch name
|
||||||
|
id: determine_branch
|
||||||
|
run: |
|
||||||
|
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
||||||
|
echo "branch_name=${{ github.head_ref }}" >> $GITHUB_ENV
|
||||||
|
else
|
||||||
|
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
|
||||||
|
fi
|
||||||
|
- name: Replace / with - in branch name
|
||||||
|
id: replace_slash
|
||||||
|
run: |
|
||||||
|
SANITIZED_BRANCH_NAME=$(echo "${{ env.branch_name }}" | tr '/' '-')
|
||||||
|
echo "sanitized_branch_name=${SANITIZED_BRANCH_NAME}" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: 🍍 Deploy with Gimlet
|
- name: 🍍 Deploy with Gimlet
|
||||||
uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3
|
uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3
|
||||||
env:
|
env:
|
||||||
GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }}
|
GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }}
|
||||||
GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }}
|
GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }}
|
||||||
|
- name: Delete image
|
||||||
|
uses: bots-house/ghcr-delete-image-action@v1.1.0
|
||||||
|
with:
|
||||||
|
owner: tokens-studio
|
||||||
|
name: tokens-studio-for-penpot
|
||||||
|
token: ${{ secrets.PAT_TOKEN }}
|
||||||
|
tag: pr-frontend-${{ env.sanitized_branch_name }}
|
||||||
|
- name: Delete image
|
||||||
|
uses: bots-house/ghcr-delete-image-action@v1.1.0
|
||||||
|
with:
|
||||||
|
owner: tokens-studio
|
||||||
|
name: tokens-studio-for-penpot
|
||||||
|
token: ${{ secrets.PAT_TOKEN }}
|
||||||
|
tag: pr-backend-${{ env.sanitized_branch_name }}
|
22
.github/workflows/pr.yaml
vendored
22
.github/workflows/pr.yaml
vendored
|
@ -14,6 +14,9 @@ jobs:
|
||||||
- dockerfile: Dockerfile.frontend
|
- dockerfile: Dockerfile.frontend
|
||||||
type: pr-frontend
|
type: pr-frontend
|
||||||
name: frontend
|
name: frontend
|
||||||
|
- dockerfile: Dockerfile.backend
|
||||||
|
type: pr-backend
|
||||||
|
name: backend
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
|
@ -32,13 +35,27 @@ jobs:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.actor }}
|
username: ${{ github.actor }}
|
||||||
password: ${{ secrets.PAT_TOKEN }}
|
password: ${{ secrets.PAT_TOKEN }}
|
||||||
|
- name: Determine the branch name
|
||||||
|
id: determine_branch
|
||||||
|
run: |
|
||||||
|
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
||||||
|
echo "branch_name=${{ github.head_ref }}" >> $GITHUB_ENV
|
||||||
|
else
|
||||||
|
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Replace / with - in branch name
|
||||||
|
id: replace_slash
|
||||||
|
run: |
|
||||||
|
SANITIZED_BRANCH_NAME=$(echo "${{ env.branch_name }}" | tr '/' '-')
|
||||||
|
echo "sanitized_branch_name=${SANITIZED_BRANCH_NAME}" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Docker meta
|
- name: Docker meta
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
with:
|
with:
|
||||||
tags: |
|
tags: |
|
||||||
type=sha,format=long,prefix=${{matrix.type}}-
|
type=raw,enable=true,prefix=${{matrix.type}}-,value=${{ env.sanitized_branch_name }}
|
||||||
images: |
|
images: |
|
||||||
ghcr.io/tokens-studio/tokens-studio-for-penpot
|
ghcr.io/tokens-studio/tokens-studio-for-penpot
|
||||||
- name: prebuild
|
- name: prebuild
|
||||||
|
@ -67,5 +84,4 @@ jobs:
|
||||||
uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3
|
uses: gimlet-io/gimlet-artifact-shipper-action@v0.8.3
|
||||||
env:
|
env:
|
||||||
GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }}
|
GIMLET_SERVER: ${{ secrets.GIMLET_SERVER }}
|
||||||
GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }}
|
GIMLET_TOKEN: ${{ secrets.GIMLET_TOKEN }}
|
||||||
DEPLOY: 'true'
|
|
Loading…
Add table
Reference in a new issue