diff --git a/assets/tofu.png b/assets/tofu.png new file mode 100644 index 0000000..f37d48b Binary files /dev/null and b/assets/tofu.png differ diff --git a/helm-releases/postgresql.yaml b/helm-releases/postgresql.yaml index f018461..36b921c 100644 --- a/helm-releases/postgresql.yaml +++ b/helm-releases/postgresql.yaml @@ -1,27 +1,4 @@ -{{ if or (or .gimletd.postgresql.install .gimletDashboard.postgresql.install) .gimlet.postgresql.install -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: postgres-init - namespace: infrastructure -data: - init.sql: | - {{ if .gimletd.postgresql.install }} - CREATE DATABASE gimletd; - CREATE USER gimletd WITH ENCRYPTED PASSWORD '{{ .gimletd.postgresql.password }}'; - GRANT ALL PRIVILEGES ON DATABASE gimletd to gimletd; - {{- end }} - {{ if .gimletDashboard.postgresql.install }} - CREATE DATABASE gimlet_dashboard; - CREATE USER gimlet_dashboard WITH ENCRYPTED PASSWORD '{{ .gimletDashboard.postgresql.password }}'; - GRANT ALL PRIVILEGES ON DATABASE gimlet_dashboard to gimlet_dashboard; - {{- end }} - {{ if .gimlet.postgresql.install }} - CREATE DATABASE gimlet; - CREATE USER gimlet WITH ENCRYPTED PASSWORD '{{ .gimlet.postgresql.password }}'; - GRANT ALL PRIVILEGES ON DATABASE gimlet to gimlet; - {{- end }} +{{ if .postgresql.enabled -}} --- apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease @@ -34,15 +11,34 @@ spec: chart: spec: chart: postgresql - version: 11.6.12 + version: 15.5.31 sourceRef: kind: HelmRepository name: bitnami interval: 10m values: auth: - postgresPassword: "{{ .gimlet.postgresql.postgresPassword | default .gimletd.postgresql.postgresPassword -}}" - primary: - initdb: - scriptsConfigMap: postgres-init + existingSecret: postgresql-credentials + architecture: standalone + tls: + enabled: true + autoGenerated: true + persistence: + enabled: true + size: 8Gi + persistentVolumeClaimRetentionPolicy: + enabled: true + whenScaled: Retain + whenDeleted: Retain +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: postgresql-credentials + namespace: infrastructure + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" +spec: + encryptedData: + postgres-password: {{ .postgresql.encryptedPostgresPassword }} {{- end }} diff --git a/helm-releases/tofu-controller.yaml b/helm-releases/tofu-controller.yaml new file mode 100644 index 0000000..f2f8cb7 --- /dev/null +++ b/helm-releases/tofu-controller.yaml @@ -0,0 +1,21 @@ +{{ if or .tofuController.enabled -}} +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: tofu-controller + namespace: flux-system +spec: + interval: 60m + releaseName: tofu-controller + chart: + spec: + chart: tf-controller + version: v0.16.0-rc.4 + sourceRef: + kind: HelmRepository + name: tofu-controller + interval: 10m + values: + fullnameOverride: tofu-controller +{{- end }} diff --git a/helm-repositories/bitnami.yaml b/helm-repositories/bitnami.yaml index 4df1790..e3febbb 100644 --- a/helm-repositories/bitnami.yaml +++ b/helm-repositories/bitnami.yaml @@ -1,4 +1,4 @@ -{{ if or .gimlet.postgresql.install (or .gimletd.postgresql.install .gimletDashboard.postgresql.install) -}} +{{ if .postgresql.enabled -}} --- apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: HelmRepository @@ -8,4 +8,4 @@ metadata: spec: interval: 60m url: https://charts.bitnami.com/bitnami -{{- end }} \ No newline at end of file +{{ end }} \ No newline at end of file diff --git a/helm-repositories/onechart.yaml b/helm-repositories/onechart.yaml index 0b5ac34..51a6bda 100644 --- a/helm-repositories/onechart.yaml +++ b/helm-repositories/onechart.yaml @@ -1,4 +1,4 @@ -{{ if or .gimlet.enabled (or .gimletDashboard.enabled (or .gimletd.enabled .gimletAgent.enabled)) -}} +{{ if .gimletAgent.enabled -}} --- apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: HelmRepository diff --git a/helm-repositories/tofu-controller.yaml b/helm-repositories/tofu-controller.yaml new file mode 100644 index 0000000..126b3b6 --- /dev/null +++ b/helm-repositories/tofu-controller.yaml @@ -0,0 +1,11 @@ +{{ if .tofuController.enabled -}} +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: tofu-controller + namespace: flux-system +spec: + interval: 60m + url: https://flux-iac.github.io/tofu-controller +{{- end }} diff --git a/manifests/centralized-postgresql-ceredentials.yaml b/manifests/centralized-postgresql-ceredentials.yaml new file mode 100644 index 0000000..bd7e0ab --- /dev/null +++ b/manifests/centralized-postgresql-ceredentials.yaml @@ -0,0 +1,21 @@ +{{ if .centralizedPostgresql -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: centralized-postgresql-admin-creds + namespace: flux-system +data: + host: {{ .centralizedPostgresql.host }} + admin_username: {{ .centralizedPostgresql.adminUsername }} +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: centralized-postgresql-admin-creds + namespace: flux-system + annotations: + sealedsecrets.bitnami.com/cluster-wide: "true" +spec: + encryptedData: + admin_password: {{ .centralizedPostgresql.adminPassword }} +{{- end }} diff --git a/stack-definition.yaml b/stack-definition.yaml index 7f95729..1b0c632 100644 --- a/stack-definition.yaml +++ b/stack-definition.yaml @@ -16,6 +16,8 @@ categories: id: secrets - name: "Autoscaling" id: autoscaling + - name: "OpenTofu" + id: tofu components: - name: Nginx variable: nginx @@ -1296,7 +1298,7 @@ components: "type": "object", "title": "Docker Hub", "properties": { - "displayName": { + "displayName": { "$id": "#/properties/displayName", "type": "string", "title": "Display Name", @@ -1348,8 +1350,88 @@ components: } } ] + - name: OpenTofu workflows + variable: tofuController + category: tofu + logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/tofu.png + description: "" + onePager: "" + schema: |- + { + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "#tofuController", + "type": "object", + "title": "Terraform/OpenTofu workflows", + "description": "A gitops OpenTofu and Terraform controller for Flux", + "properties": { + "enabled": { + "$id": "#/properties/enabled", + "type": "boolean", + "title": "Enabled" + } + } + } + uiSchema: |- + [ + { + "schemaIDs": [ + "#tofuController" + ], + "uiSchema": { + }, + "metaData": {} + } + ] + - name: Centralized PostgreSQL + variable: centralizedPostgresql + category: tofu + logo: https://www.postgresql.org/media/img/about/press/elephant.png + description: "Access details of yoru centralized Postgresql instance" + onePager: "" + schema: |- + { + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "#postgresql", + "type": "object", + "title": "Centralized PostgreSQL", + "description": "", + "properties": { + "host": { + "$id": "#/properties/host", + "type": "string", + "title": "Host address", + "description": "IP address or host name without port." + }, + "adminUsername": { + "$id": "#/properties/adminUsername", + "type": "string", + "title": "Admin Username" + }, + "adminPassword": { + "$id": "#/properties/adminPassword", + "type": "string", + "title": "Admin Password" + } + } + } + uiSchema: |- + [ + { + "schemaIDs": [ + "#postgresql" + ], + "uiSchema": { + "#postgresql": { + "adminPassword": { + "ui:field": "encryptedSingleLineWidget" + } + } + }, + "metaData": {} + } + ] changeLog: | - - 🐛 fix: added missing permissions that are needed by the Gimlet footer. + - 🆕 tofu-controller for Terraform/Tofu workflows message: | Hey 👋 Laszlo here, the founder of Gimlet.io