gimlet-io · laszlocph · Sep 21, 2024 · Sep 21, 2024 · Sep 21, 2024 · Sep 21, 2024
diff --git a/assets/tofu.png b/assets/tofu.png
diff --git a/helm-releases/postgresql.yaml b/helm-releases/postgresql.yaml
@@ -1,27 +1,4 @@
-{{ if or (or .gimletd.postgresql.install .gimletDashboard.postgresql.install) .gimlet.postgresql.install -}}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: postgres-init
-  namespace: infrastructure
-data:
-  init.sql: |
-    {{ if .gimletd.postgresql.install }}
-    CREATE DATABASE gimletd;
-    CREATE USER gimletd WITH ENCRYPTED PASSWORD '{{ .gimletd.postgresql.password }}';
-    GRANT ALL PRIVILEGES ON DATABASE gimletd to gimletd;
-    {{- end }}
-    {{ if .gimletDashboard.postgresql.install }}
-    CREATE DATABASE gimlet_dashboard;
-    CREATE USER gimlet_dashboard WITH ENCRYPTED PASSWORD '{{ .gimletDashboard.postgresql.password }}';
-    GRANT ALL PRIVILEGES ON DATABASE gimlet_dashboard to gimlet_dashboard;
-    {{- end }}
-    {{ if .gimlet.postgresql.install }}
-    CREATE DATABASE gimlet;
-    CREATE USER gimlet WITH ENCRYPTED PASSWORD '{{ .gimlet.postgresql.password }}';
-    GRANT ALL PRIVILEGES ON DATABASE gimlet to gimlet;
-    {{- end }}
+{{ if .postgresql.enabled -}}
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
@@ -34,15 +11,34 @@ spec:
   chart:
     spec:
       chart: postgresql
-      version: 11.6.12
+      version: 15.5.31
       sourceRef:
         kind: HelmRepository
         name: bitnami
       interval: 10m
   values:
     auth:
-      postgresPassword: "{{  .gimlet.postgresql.postgresPassword | default .gimletd.postgresql.postgresPassword -}}"
-    primary:
-      initdb:
-        scriptsConfigMap: postgres-init
+      existingSecret: postgresql-credentials
+    architecture: standalone
+    tls:
+      enabled: true
+      autoGenerated: true
+    persistence:
+      enabled: true
+      size: 8Gi
+    persistentVolumeClaimRetentionPolicy:
+      enabled: true
+      whenScaled: Retain
+      whenDeleted: Retain
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: postgresql-credentials
+  namespace: infrastructure
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+spec:
+  encryptedData:
+    postgres-password: {{ .postgresql.encryptedPostgresPassword }}
 {{- end }}
diff --git a/helm-releases/tofu-controller.yaml b/helm-releases/tofu-controller.yaml
@@ -0,0 +1,21 @@
+{{ if or .tofuController.enabled -}}
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: tofu-controller
+  namespace: flux-system
+spec:
+  interval: 60m
+  releaseName: tofu-controller
+  chart:
+    spec:
+      chart: tf-controller
+      version: v0.16.0-rc.4
+      sourceRef:
+        kind: HelmRepository
+        name: tofu-controller
+      interval: 10m
+  values:
+    fullnameOverride: tofu-controller
+{{- end }}
diff --git a/helm-repositories/bitnami.yaml b/helm-repositories/bitnami.yaml
@@ -1,4 +1,4 @@
-{{ if or .gimlet.postgresql.install (or .gimletd.postgresql.install .gimletDashboard.postgresql.install) -}}
+{{ if .postgresql.enabled -}}
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository
@@ -8,4 +8,4 @@ metadata:
 spec:
   interval: 60m
   url: https://charts.bitnami.com/bitnami
-{{- end }}
+{{ end }}
diff --git a/helm-repositories/onechart.yaml b/helm-repositories/onechart.yaml
@@ -1,4 +1,4 @@
-{{ if or .gimlet.enabled (or .gimletDashboard.enabled (or .gimletd.enabled .gimletAgent.enabled)) -}}
+{{ if .gimletAgent.enabled -}}
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: HelmRepository

diff --git a/helm-repositories/tofu-controller.yaml b/helm-repositories/tofu-controller.yaml
@@ -0,0 +1,11 @@
+{{ if .tofuController.enabled -}}
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: tofu-controller
+  namespace: flux-system
+spec:
+  interval: 60m
+  url: https://flux-iac.github.io/tofu-controller
+{{- end }}
diff --git a/manifests/centralized-postgresql-ceredentials.yaml b/manifests/centralized-postgresql-ceredentials.yaml
@@ -0,0 +1,21 @@
+{{ if .centralizedPostgresql -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: centralized-postgresql-admin-creds
+  namespace: flux-system
+data:
+  host: {{ .centralizedPostgresql.host }}
+  admin_username: {{ .centralizedPostgresql.adminUsername }}
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: centralized-postgresql-admin-creds
+  namespace: flux-system
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: "true"
+spec:
+  encryptedData:
+    admin_password: {{ .centralizedPostgresql.adminPassword }}
+{{- end }}
diff --git a/stack-definition.yaml b/stack-definition.yaml
@@ -16,6 +16,8 @@ categories:
     id: secrets
   - name: "Autoscaling"
     id: autoscaling
+  - name: "OpenTofu"
+    id: tofu
 components:
   - name: Nginx
     variable: nginx
@@ -1296,7 +1298,7 @@ components:
         "type": "object",
         "title": "Docker Hub",
         "properties": {
-                    "displayName": {
+          "displayName": {
             "$id": "#/properties/displayName",
             "type": "string",
             "title": "Display Name",
@@ -1348,8 +1350,88 @@ components:
           }
         }
       ]
+  - name: OpenTofu workflows
+    variable: tofuController
+    category: tofu
+    logo: https://raw.githubusercontent.com/gimlet-io/gimlet-stack-reference/main/assets/tofu.png
+    description: ""
+    onePager: ""
+    schema: |-
+      {
+        "$schema": "http://json-schema.org/draft-07/schema",
+        "$id": "#tofuController",
+        "type": "object",
+        "title": "Terraform/OpenTofu workflows",
+        "description": "A gitops OpenTofu and Terraform controller for Flux",
+        "properties": {
+          "enabled": {
+            "$id": "#/properties/enabled",
+            "type": "boolean",
+            "title": "Enabled"
+          }
+        }
+      }
+    uiSchema: |-
+      [
+        {
+          "schemaIDs": [
+            "#tofuController"
+          ],
+          "uiSchema": {
+          },
+          "metaData": {}
+        }
+      ]
+  - name: Centralized PostgreSQL
+    variable: centralizedPostgresql
+    category: tofu
+    logo: https://www.postgresql.org/media/img/about/press/elephant.png
+    description: "Access details of yoru centralized Postgresql instance"
+    onePager: ""
+    schema: |-
+      {
+        "$schema": "http://json-schema.org/draft-07/schema",
+        "$id": "#postgresql",
+        "type": "object",
+        "title": "Centralized PostgreSQL",
+        "description": "",
+        "properties": {
+          "host": {
+            "$id": "#/properties/host",
+            "type": "string",
+            "title": "Host address",
+            "description": "IP address or host name without port."
+          },
+          "adminUsername": {
+            "$id": "#/properties/adminUsername",
+            "type": "string",
+            "title": "Admin Username"
+          },
+          "adminPassword": {
+            "$id": "#/properties/adminPassword",
+            "type": "string",
+            "title": "Admin Password"
+          }
+        }
+      }
+    uiSchema: |-
+      [
+        {
+          "schemaIDs": [
+            "#postgresql"
+          ],
+          "uiSchema": {
+            "#postgresql": {
+              "adminPassword": {
+                "ui:field": "encryptedSingleLineWidget"
+              }
+            }
+          },
+          "metaData": {}
+        }
+      ]
 changeLog: |
-  - 🐛 fix: added missing permissions that are needed by the Gimlet footer.
+  - 🆕 tofu-controller for Terraform/Tofu workflows
 message: |
 
   Hey 👋 Laszlo here, the founder of Gimlet.io