diff --git a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml index f509af5..3eb458c 100644 --- a/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml +++ b/clusters/yc-k8s-test-02/infrastructure/kustomization.yaml @@ -5,8 +5,15 @@ resources: - ../../../infrastructure/istio-pilot - ../../../infrastructure/istio-gateway - ../../../infrastructure/istio-config + - ../../../infrastructure/dashboard - ../../../infrastructure/local-path-provisioner - ../../../infrastructure/minio + - ../../../infrastructure/rabbitmq + - ../../../infrastructure/kafka + - ../../../infrastructure/redis + - ../../../infrastructure/camunda + - ../../../infrastructure/zitadel + - ../../../infrastructure/keycloak - ../../../infrastructure/vault patches: - path: ./patches/istio-base.yaml @@ -37,6 +44,13 @@ patches: kind: HelmRelease name: istio-config namespace: default + - path: ./patches/dashboard.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: dashboard + namespace: kubernetes-dashboard - path: ./patches/local-path-provisioner.yaml target: group: helm.toolkit.fluxcd.io @@ -51,6 +65,48 @@ patches: kind: HelmRelease name: minio namespace: minio + - path: ./patches/rabbitmq.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: rabbitmq + namespace: rabbitmq + - path: ./patches/kafka.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: kafka + namespace: kafka + - path: ./patches/redis.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: redis + namespace: redis + - path: ./patches/camunda.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: camunda + namespace: camunda + - path: ./patches/zitadel.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: zitadel + namespace: zitadel + - path: ./patches/keycloak.yaml + target: + group: helm.toolkit.fluxcd.io + version: v2 + kind: HelmRelease + name: keycloak + namespace: keycloak - path: ./patches/vault.yaml target: group: helm.toolkit.fluxcd.io diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml new file mode 100644 index 0000000..e8ed5b9 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/camunda.yaml @@ -0,0 +1,155 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: camunda + namespace: camunda +spec: + interval: 5m + timeout: 15m + values: + global: + vault: + enabled: true + role: camunda + authPath: auth/kubernetes + image: + pullSecrets: + - name: regcred + identity: + auth: + publicIssuerUrl: "https://camunda-keycloak.contour.infra.sarex.tech/auth/realms/camunda-platform" + identity: + redirectUrl: "https://camunda-identity.contour.infra.sarex.tech" + operate: + redirectUrl: "https://camunda-operate.contour.infra.sarex.tech" + tasklist: + redirectUrl: "https://camunda-tasklist.contour.infra.sarex.tech" + optimize: + redirectUrl: "https://camunda-optimize.contour.infra.sarex.tech" + webModeler: + redirectUrl: "https://camunda-web-modeler.contour.infra.sarex.tech" + console: + redirectUrl: "https://camunda-console.contour.infra.sarex.tech" + identityPostgresql: + auth: + usePasswordFiles: true + primary: + automountServiceAccountToken: true + persistence: + size: 10Gi + storageClass: local-path + identityKeycloak: + postgresql: + auth: + usePasswordFiles: true + primary: + automountServiceAccountToken: true + persistence: + size: 10Gi + storageClass: local-path + vaultEnv: + enabled: true + role: camunda + authPath: auth/kubernetes + envFiles: + KEYCLOAK_ADMIN_PASSWORD: + path: secrets/data/camunda/keycloak-admin + key: admin-password + KEYCLOAK_PASSWORD: + path: secrets/data/camunda/keycloak-admin + key: admin-password + KEYCLOAK_DATABASE_PASSWORD: + path: secrets/data/camunda/postgresql + key: password + global: + storageClass: local-path + tolerations: [] + postgresql: + auth: + usePasswordFiles: true + primary: + automountServiceAccountToken: true + persistence: + size: 10Gi + storageClass: local-path + elasticsearch: + master: + persistence: + size: 10Gi + storageClass: local-path + tolerations: [] + metrics: + enabled: false + serviceMonitor: + enabled: false + prometheusRule: + enabled: false + tolerations: [] + camundaCanary: + enabled: false + prometheusServiceMonitor: + enabled: false + console: + image: + pullSecrets: + - name: regcred + tolerations: [] + zeebe: + pvcStorageClassName: local-path + image: + pullSecrets: + - name: regcred + tolerations: [] + zeebeGateway: + image: + pullSecrets: + - name: regcred + tolerations: [] + operate: + image: + pullSecrets: + - name: regcred + serviceAccount: + automountServiceAccountToken: true + tolerations: [] + tasklist: + image: + pullSecrets: + - name: regcred + serviceAccount: + automountServiceAccountToken: true + tolerations: [] + optimize: + image: + pullSecrets: + - name: regcred + serviceAccount: + automountServiceAccountToken: true + tolerations: [] + executionIdentity: + image: + pullSecrets: + - name: regcred + tolerations: [] + identity: + image: + pullSecrets: + - name: regcred + tolerations: [] + webModeler: + image: + pullSecrets: + - name: regcred + restapi: + tolerations: [] + webapp: + tolerations: [] + websockets: + tolerations: [] + connectors: + image: + pullSecrets: + - name: regcred + serviceAccount: + automountServiceAccountToken: true + tolerations: [] diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml new file mode 100644 index 0000000..5a7bd7d --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/dashboard.yaml @@ -0,0 +1,25 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: dashboard + namespace: kubernetes-dashboard +spec: + interval: 5m + timeout: 10m + values: + destinationRule: + enabled: true + host: "dashboard-kong-proxy" + tlsMode: "DISABLE" + virtualService: + enabled: false + gateway: + enabled: false + app: + image: + pullSecrets: + - regcred + kong: + image: + pullSecrets: + - regcred diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml new file mode 100644 index 0000000..82237b1 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/kafka.yaml @@ -0,0 +1,57 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kafka + namespace: kafka +spec: + interval: 5m + timeout: 10m + values: + global: + imagePullSecrets: + - regcred + defaultStorageClass: local-path + image: + pullSecrets: + - regcred + controller: + replicaCount: 1 + automountServiceAccountToken: true + persistence: + size: 8Gi + storageClass: local-path + overrideConfiguration: + offsets.topic.replication.factor: 1 + transaction.state.log.replication.factor: 1 + transaction.state.log.min.isr: 1 + default.replication.factor: 1 + min.insync.replicas: 1 + broker: + replicaCount: 0 + automountServiceAccountToken: true + listeners: + client: + protocol: SASL_SSL + sslClientAuth: "none" + provisioning: + enabled: false + sasl: + managedExistingSecret: + enabled: false + existingSecret: "" + enabledMechanisms: PLAIN,SCRAM-SHA-512 + interBrokerMechanism: PLAIN + controllerMechanism: PLAIN + client: + users: [] + passwords: "" + tls: + type: PEM + vault: + enabled: true + role: kafka + authPath: auth/kubernetes + secretPath: secrets/data/kafka/bootstrap + clusterIdKey: clusterId + interBrokerPasswordKey: interBrokerPassword + controllerPasswordKey: controllerPassword diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml new file mode 100644 index 0000000..d4a7fe4 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/keycloak.yaml @@ -0,0 +1,49 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: keycloak + namespace: keycloak +spec: + interval: 5m + timeout: 15m + values: + global: + defaultStorageClass: local-path + imageRegistry: "" + persistence: + enabled: true + storageClass: local-path + size: 10Gi + postgresql: + enabled: false + vaultEnv: + enabled: true + role: keycloak + authPath: auth/kubernetes + envFiles: + KEYCLOAK_ADMIN_PASSWORD: + path: secrets/data/keycloak/admin + key: password + KEYCLOAK_PASSWORD: + path: secrets/data/keycloak/admin + key: password + KEYCLOAK_DATABASE_HOST: + path: secrets/data/keycloak/postgresql + key: host + KEYCLOAK_DATABASE_PORT: + path: secrets/data/keycloak/postgresql + key: port + KEYCLOAK_DATABASE_USER: + path: secrets/data/keycloak/postgresql + key: user + KEYCLOAK_DATABASE_NAME: + path: secrets/data/keycloak/postgresql + key: database + KEYCLOAK_DATABASE_PASSWORD: + path: secrets/data/keycloak/postgresql + key: password + externalDatabase: + host: "postgresql.postgresql.svc.cluster.local" + port: 5432 + user: keycloak + database: keycloak diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml new file mode 100644 index 0000000..ba24e8f --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/rabbitmq.yaml @@ -0,0 +1,42 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: rabbitmq + namespace: rabbitmq +spec: + interval: 5m + timeout: 10m + values: + global: + security: + allowInsecureImages: true + virtualService: null + gateway: null + certificate: null + metrics: + serviceMonitor: + enabled: false + default: + enabled: false + perObject: + enabled: false + detailed: + enabled: false + extraServiceMonitors: [] + replicaCount: 1 + resources: + requests: + memory: 1Gi + persistence: + storageClass: local-path + size: 10Gi + auth: + securePassword: true + existingPasswordSecret: "" + vault: + enabled: true + role: rabbitmq + authPath: auth/kubernetes + secretPath: secrets/data/rabbitmq/auth + usernameKey: username + passwordKey: password diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml new file mode 100644 index 0000000..a75d4e8 --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/redis.yaml @@ -0,0 +1,27 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: redis + namespace: redis +spec: + interval: 5m + timeout: 10m + values: + global: + defaultStorageClass: local-path + architecture: standalone + auth: + enabled: true + sentinel: + enabled: false + replica: + replicaCount: 0 + master: + count: 1 + resources: + requests: + memory: 1Gi + limits: {} + persistence: + storageClass: local-path + size: 10Gi diff --git a/clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml b/clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml new file mode 100644 index 0000000..c107a8b --- /dev/null +++ b/clusters/yc-k8s-test-02/infrastructure/patches/zitadel.yaml @@ -0,0 +1,35 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: zitadel + namespace: zitadel +spec: + interval: 5m + timeout: 10m + values: + postgresqlSecret: + create: false + vault: + enabled: true + role: zitadel + authPath: auth/kubernetes + secretPath: secrets/data/zitadel/postgresql + secretKey: password + zitadel: + configmapConfig: + ExternalDomain: zitadel.contour.infra.sarex.tech + login: + env: + - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED + value: "false" + - name: ZITADEL_DATABASE_POSTGRES_HOST + value: "postgresql.postgresql.svc.cluster.local" + - name: ZITADEL_DATABASE_POSTGRES_PORT + value: "5432" + env: + - name: ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED + value: "false" + - name: ZITADEL_DATABASE_POSTGRES_HOST + value: "postgresql.postgresql.svc.cluster.local" + - name: ZITADEL_DATABASE_POSTGRES_PORT + value: "5432"