diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2946e34 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +Chart.lock +charts/ diff --git a/.sops.yaml b/.sops.yaml index e69de29..2b43931 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -0,0 +1,11 @@ +# Fingerprint | User ID +# keys in https://git.dev-at.de/smardigo-hetzner/communication-keys +creation_rules: + # list of keys for encryption in stage + - pgp: >- + E5B4FE1E0209DFFE320D2A2E47087747D89B72EC, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 9F08DA9D42379AFE6610E9E615CCEC6801DBA02E, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77, + 73C2C9954D1BC94DC6682525D2FA233B52AEC75C diff --git a/Chart.yaml b/Chart.yaml index 98b1366..1f72936 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -22,3 +22,8 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "0.1.0" + +dependencies: +- name: tenant + version: 4.5.4 + repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure diff --git a/README.md b/README.md deleted file mode 100644 index ba5a8ab..0000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -# prodwork01-mobene-deployment diff --git a/mobene-apps/kustomization.yaml b/mobene-apps/kustomization.yaml deleted file mode 100644 index 417ae2d..0000000 --- a/mobene-apps/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- mobene-minio-nsodev.yaml \ No newline at end of file diff --git a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/Chart.yaml b/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/Chart.yaml deleted file mode 100644 index 6a2e337..0000000 --- a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: mobene-minio-nsodev -description: Minio Tenant for mobene-nsodev -type: application - -version: 0.0.1 - -appVersion: latest - -dependencies: -- name: tenant - version: 4.5.4 - repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure \ No newline at end of file diff --git a/mobene-apps/mobene-minio-nsodev.yaml b/mobene-apps/mobene-minio-nsodev.yaml deleted file mode 100644 index 93670a5..0000000 --- a/mobene-apps/mobene-minio-nsodev.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: mobene-minio-nsodev - namespace: argo-cd - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - project: mobene - source: - repoURL: https://prodnso-gitea-01.smardigo.digital/argocd/prodwork01-mobene-deployment.git - path: mobene-apps/minio-apps/tenants/mobene-minio-nsodev - targetRevision: main - - destination: - server: https://kubernetes.default.svc - namespace: mobene-nsodev - - syncPolicy: - automated: - prune: true - selfHeal: true - diff --git a/secrets.yaml b/secrets_cusprod.yaml similarity index 100% rename from secrets.yaml rename to secrets_cusprod.yaml diff --git a/values.yaml b/secrets_cusqa.yaml similarity index 100% rename from values.yaml rename to secrets_cusqa.yaml diff --git a/secrets_nsodev.yaml b/secrets_nsodev.yaml new file mode 100644 index 0000000..53050a7 --- /dev/null +++ b/secrets_nsodev.yaml @@ -0,0 +1,131 @@ +minio_tenant_users: + - name: ENC[AES256_GCM,data:FcDv3B0=,iv:Qko14QGJ00Vz8qLCMraWP+enD8dI/4gTmYOyhff7LJo=,tag:EFlC2QG2PR0H/LE1mpUX1w==,type:str] + password: ENC[AES256_GCM,data:rcLYIqc+iQ1hXdya27+WYZ9f8Dor0HGeQw==,iv:8jlOC3yphgs+tNH18gTQFinjaLRPI38rKkdDa/S12hE=,tag:58P+soF2DkQyYA5Ysnx6rA==,type:str] + - name: ENC[AES256_GCM,data:0gvhV+c=,iv:aHv/GEH0MqDKSFBdWHLwals4YGSc/LEeS0AptvIqbXE=,tag:uoex6gxSAJ5xYJHBoHjlJg==,type:str] + password: ENC[AES256_GCM,data:YupFLbGXghBHHMvQ+2a06y/ZsaZT2rpJ9w==,iv:/7XVh0nMb+z4CPuO1y3eIUdWiWeR2lmb/VSPjgfBGSM=,tag:XX33bBCbQC9+WXssCsCGsg==,type:str] +#ENC[AES256_GCM,data:MoH0qxwtAzM8hdf4eRggu9Gtfy6+1acOy5OhONNrH2YxtPS+gw==,iv:76ab4fFTVsWH5Q6rPjURmqrDOkfj2GtBv0ausg9NUaY=,tag:v3AgGxXNT4k0zSzvUzrQ0A==,type:comment] +tenant: + secrets: + name: ENC[AES256_GCM,data:rir4IB0EcHx40ryiPHXPNjvOX+f4cZo=,iv:1uXS0WL9iyHPS4f9i3sQ0lV6sNfNf2WZusTkupTpnLI=,tag:5+dL9YKkAlNOZuv26YtoaA==,type:str] + accessKey: ENC[AES256_GCM,data:Vapnnw==,iv:+SYqQBDpvpd498CSsAAeo/LQg48QGDm5UEHksrYuFeg=,tag:DWN7Gqt6AzXJvbD5oi8XRw==,type:str] + secretKey: ENC[AES256_GCM,data:JKcMO1/4XeQRaBJ9JIJvwcimNxj3oSid1Q==,iv:16US5xnfuZ4twV1QiI3CKQGIXaRLeLwaB0rsOE91H84=,tag:j4b8Q6/6BapY0rUI6eN0jg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-11-16T20:52:14Z" + mac: ENC[AES256_GCM,data:xF6u/oXAGliCIC53i8NipsJ8+ptLVuRmEaMOLCPVhZz4Tspw2jqnnzdt0oJmE1F+9CFqfHID5J6kZZPN0vMnEk4Doa0zVI9HR2KA3ksYlFCbD3aCgPatsctJ+NBP2tCSO4MUSbS8+YrgJ7vaxWmMHWWFu/ateujoq115ip3WSNE=,iv:l7tODfq0IDx6zjFxy1PAqFbagKPHUBDRBQu4qknN2L4=,tag:WrNJYCtZb2z7lVCGfoHpKw==,type:str] + pgp: + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nAQ/+LiihBBPGUdu/uHlVc4RJJB6mP+MvAdObFbdyjVi1BLSd + ycaMJSYAKfN/seaOYfXdpdIb66giMokenWkMAWAZIDOfvFpq2JvHhuWTCqzliMhN + 663FMEBMdkWrce/4OAlp7hq384gzQ19dSDar3fCGsw39JPmE4L+AqtQw/WrBMGdq + /ewYOTwQERip7LILHL67RfTzwfabCPuZDlC0tD4oD4EBhAaYLuuef14udiLqcOiI + URGYCUnNrGn24RZBfQg/mYmxfj34DOAYVvFO4mjeT1vYSNl+Z+yoSGhQsY2zEOR/ + aYUmPVimCa0slB0E3MQ/lQ/t8ot6914MZJwVmRtnybDQOUfEgibol7Bg2lsxUM8M + i1x/cS8B2thrArwBJ9mjEqozpc2iHC0V56WPWY6NVrqPByNUJV92/g8w/qNdvf/r + prSFXGhqZ2Tk11upte37V7AhYtstNRDXsDFwKXXc+b5Aavqa2IJhNoR5/KExmkN7 + z3v9EvIIhmJMPzqYgACv6PEEfgGBT5ZYdjWBCDnTxPU7AJYkdySIXCjdjvO16641 + QyUjYnTLsQ/zIk7zPrvMXfiz0tdWwXKqhfnCJwpmO6JPE8PQUT3fzx9yKsEwqVxt + AyQDTLl9ySzSgj15u2Acq+Z417zdMJy4fYXpzDjweT7Mikb9mTLQ0uV2hirZi3nS + XgHlDbHmFEKsrflKQYTb0pyGOqpr5rBnt9RnsoeLZ4Xt3LNpiB8LvEhimbxv1gXA + 3KT/3CQ8Lm/AChTqjv4PU2qakIgxDeWdfbZuqRLb160iuREy2fBj2+IRy8esN3U= + =n/of + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ/+OLmtIxrmqao8Wnt/igRC7eVpD5pqcm6ywruxktLkqsGp + 7fuxLwUlIN/eCSgThvwANSGDvq/B9caWkRoAR+ZjWQu1C/QMDYGlIn4D23xpjPl4 + gJGT80HLQw6Ldy14VO0Ov9JzUyXVrET5r37sGKalqp6/0V/RGH2FiRHV51TBGMjy + xSWYLT0U+FZvcwbkbll4UBA6sf9wcAnc4QSaHrkIAkUyeOca6fU4mLM5EXTtsF6D + /d8ORRJCUeWSXqbW8/Wu+rBHRJgxmzDCVb3DaPBonO+eDTrLoky27gf82xQBtEDJ + gQeff6Db5QWxFKSeAbbwxWdz0QvhWJVNtXiS1QwnO15ppwTZeJTRSPub8Fa1p1Yv + yP4FfCewZPbWhWS9izEVkepxE69igderwyzAI2cS/E8Yp4I9sM/MInJF3hjgkt/Y + 73U2mHm4y73cizR+P0u2Lo5jNVaL4tuKg53ODg86r42Sf4EZ3FNIfVHz0XFIm48H + uvqQUHQfsmifjPo/LPDqiZlZnJc9zDKYKVTtF9zLFc2L/Uh4z1GwDkt00RjIPK7W + 8goygbX2KdWcaqKbDMg6EIzU6zB3As9ilQ4Yf3eleoNCWGGUygH2CYBL/ozy6+6t + IFQknLUSo84KfHm2bhdMiVpl7E3KmRwPqHQ4TjrXaCIM6agNRs0A/f2SRAMJWLbS + XgEpNnst3NPGlucD12dkhrhHc4nXgctvfA9HDmhvfNrSJCHSDklr6IDMnKvsA7vm + KgLAj3W0g9GeZreXhRoXA9/wEjyetzqpwsy2W6VX0yrNzR8HNALYhS2JtFWgfwQ= + =MMEk + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ/+IFURhIhDGZGMUguhAckddATvjBZtTOBSbVUIcqjO4WQJ + YzqXt9tqey3UxdQQbr2zbRrWGy46rh2VbyemlWFsXKKg5kgioshDUIzsNblXKhYX + 4Mn64T6ldAFajpB2tnB8O4SU08/zjRwp/D+7t/ftmD0D9iaHovd8A3VPZZ+AC5eW + fuuH3q4KCWwuFxXmOkMfvCRd/8bLtqmmlzxOdWiOluUOO0c0h2slI+Cd+jIb1jP8 + eRD5VgGzHUKa43UZAKIc4OQkL11uohUmNAUFMackgA1hQFIbHoedXrVw7p4GNt7A + YCocmekPXtWJuJr0K87D9btRNkeJfCjsPUfhoubTftR7zasteZPR/kvH96R0l3C+ + M77k0SAkx/6EArG7EPjWpSXcKlvU6r4QdfYO8ZfritPgNsfs/l7sOG2D4kdANEYl + hNQONhaZ5Wp1kyFzBsNbghKw9PlnM73jaO/Bo29nCDFznrLn9eawz2Bd9nGVFMb9 + goBCATEccF9EVF1yBB/LhcJsD88+66kf8qs/3Sta0HIb2dkz/lflHU6/L7Hb4/uZ + kMMgvGMRg+WWXJsbGiuEHpdzH93CIiQBX+icJfbOtrlaD6fToRG6CFz1xcHgyH1w + nPX+iEXwQgkWJhvoQyV9fJep+6j/br4EX1lFQfC/m4DziP9uE8ZdCRDxKeQqD0PS + XgGaGtWA2xpZ98g+6e0Jnu1KROWDCF7IhUf6Qlto4qzHnC71gpsWih4NQjPHHfNf + RPUICYJDptIrxS+R1LZgMzhNmyY3qr3PoF6nyfIHX17rWON+LQaTdFEccRscSRs= + =9z+V + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQGMA+cOSmNXMUmKAQv+MjYe8FqzSaQMcJr37Cg1jcOLtX30q9ZAdjIvsY23KrHB + 7PZz4XppRih8MuSjNXmljIHUQSAP3ajpq3lli1DB+x6FYK92TltslMccqDHtTTZr + 6nf4I0vfIxYmvQE+AbZ0lUAgOxvpQInFwzJd2GeBIrbG/FnQCi6bb8ZK1eAtiJTr + 3TAmbmMo/+isw/qNZdW1hn/6MZsoQHHPBLWl2x9dYifQ/vkr32W6WA6J4CqrcwgC + eh1qRlshf15SRQ8ZRP4fHbWt3P0sppGN+xMZ93lqdbcGx6EdIbEt7tQnlL0JXAFe + 3C+dwOkZzEWhrUCl7bq3CvvLN7b9raZ4iebV6Qln5V2jKJyDb5ibOO71hnKerqzE + TMVUUASgAsfjSE7veo8470j8xmKryRqcMAK3i0NuuOMSG2wTs8fgI7vHz4q92x/F + /Zfpr9mQv6/BM7M+D34zLKqwbwu1+HrKvBKZ5ObHlakn+mbh7Owm/QU576SfvEcF + zfMt0sr4+xLVEkDIr6Lk0l4BrAn+Vo+ULZzUvV6LaCb2S3gG8HVv414gy+siKxGV + +w0cfmmXeG74l9M6o/aUUpdz50R3M8FVAqT/b/f3NRbX6/8tI9HtKK3iVtF/HSyD + 9dA2a+rxPP4FjTomDe+M + =yj6E + -----END PGP MESSAGE----- + fp: 9F08DA9D42379AFE6610E9E615CCEC6801DBA02E + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/+IBOZ1C8EVraszkPhOFNVfvE8jukXrVgfOw+ozsC7NehF + 07QoVz4pkuevrlA/W0IlVHRDJIkze/2gHKFUnW1+7UWi7cbOMBmDwx0IP2wJCWyN + 4QDo4h18jD3ScPxTYj4VQIzfGF7oa9oRj+dr+iu49vu8Ri5HAqUQe7uc5UzAMs1k + 6IXDQTllxDbFcr5vBtJC+YF+Mn8sU/EHzkzKKznvXp6RoTe08ILRQqtzl8sHSgzz + Rx5E94jv2P+FF+oPGnB7iYM4hGuj2kihzLGRAsQ1oe2KSVOKR4bq2AoA6tIYvgs4 + btvnwxiAYzGeHKc22i6J0gQfSl3+MQzAjnIFc9CDuk0eNKRrgEM8ysHZFzLyMvQ2 + rvYRYI3Wt/ue65C79RsOKeKZSvGf1RwvGc88OMKkBorluYQUQ5G1gUy1mplTcWd0 + xppNmCSiM6qlOkCtZqpzpB5YO+L9C4TCF1dZuO+tdpYxui+2uRsozrnTLq558sPC + 3US7o4cQ9bt7qi8cVNOdvpkFoAJt/yY3zOJMj9Tjmemy1eW3bmWwv8sdX1lOhU85 + vCm9Jy7UDBeKOxNycBeOLd/DxxZDO4SKPLu7FMG+oNYkWwd1gHb4fEzVpK7pGWS3 + oRio5uwN2u4Waoeaqu4bbWP+UtTUE57COIuNFxQ8T5oi4EecBJ/VsHaX1IXk3wrS + XgFxVgxxtC4kc2j/W7fvHm5RE95AZMRHIyd8xv6E0p/t2qPJzRKWdlCDheN7A+yK + FQ9pW3VF0bvtKMn3FsxLtIBh6USEqOwYpv392HZSlLvHx97TmIBMtr5p9ssPuBE= + =HK1h + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + - created_at: "2022-11-16T20:12:49Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4DZmNQj/lmIGsSAQdA+lBNqJWJdzkd3CA+1ZiYrJJwAAZfjc1csaBP+pNE/xMw + btJiLvTTGD7FktsKXzBrdVCBobUPDxVz5GKGvzLZIPN4uq44pDe6s4YRF6nsG6W6 + 0l4BM+BigVopgpSw065ezF7d1U3E/XgVmDAh4Wi66gEIVROWJ/qJSJ/vl/MFKXiF + jKcnKVJixR9hjicI4KndcIFJu2l7TCRQa2HZe+ettVqe2nomMP/wIFh6Ab+oUpoa + =CMXT + -----END PGP MESSAGE----- + fp: 73C2C9954D1BC94DC6682525D2FA233B52AEC75C + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/templates/secret_minio_user1.yaml b/templates/secret_minio_user1.yaml new file mode 100644 index 0000000..fd94fe6 --- /dev/null +++ b/templates/secret_minio_user1.yaml @@ -0,0 +1,10 @@ +{{- range $users := .Values.minio_tenant_users }} +apiVersion: v1 +stringData: + CONSOLE_ACCESS_KEY: {{ $users.name }} + CONSOLE_SECRET_KEY: {{ $users.password }} +kind: Secret +metadata: + name: {{ $users.name }} +type: Opaque +{{- end }} diff --git a/values_cusprod.yaml b/values_cusprod.yaml new file mode 100644 index 0000000..e69de29 diff --git a/values_cusqa.yaml b/values_cusqa.yaml new file mode 100644 index 0000000..e69de29 diff --git a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/values.yaml b/values_nsodev.yaml similarity index 55% rename from mobene-apps/minio-apps/tenants/mobene-minio-nsodev/values.yaml rename to values_nsodev.yaml index c21afc4..b63c24e 100644 --- a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/values.yaml +++ b/values_nsodev.yaml @@ -1,26 +1,23 @@ + + # minio tenant tenant: - secrets: - name: mobene-nsodev-minio-env-configuration - accessKey: minio - secretKey: PknzRZAfgeHEUK9f0jk9xp5Az - tenant: - name: mobene-nsodev-minio-tenant + name: s3-prodwork01 pools: - servers: 2 volumesPerServer: 2 storageClassName: hcloud-volumes + size: 10Gi buckets: - - name: mobene-nsodev-postgres-bkp-bucket - log: - db: - volumeClaimTemplate: - spec: - storageClassName: hcloud-volumes - prometheus: - diskCapacityGB: 1 - storageClassName: hcloud-volumes + - name: mysql + region: '' + - name: postgres + region: '' + users: + - name: user1 + - name: user2 + prometheusOperator: true ingress: api: enabled: true @@ -31,11 +28,11 @@ tenant: nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-body-size: 32m - host: prodwork01-mobene-minio.smardigo.digital + host: s3storage-prodwork01.smardigo.digital tls: - - secretName: prodwork01-mobene-minio-cert + - secretName: s3-miniotest-cert hosts: - - prodwork01-mobene-minio.smardigo.digital + - s3-prodwork01.smardigo.digital console: enabled: true ingressClassName: nginx @@ -44,8 +41,8 @@ tenant: cert-manager.io/issue-temporary-certificate: 'true' nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' - host: prodwork01-mobene-minio-console.smardigo.digital + host: s3-console-prodwork01.smardigo.digital tls: - - secretName: prodwork01-mobene-minio-console-cert + - secretName: s3-console-cert hosts: - - prodwork01-mobene-minio-console.smardigo.digital + - s3-console-prodwork01.smardigo.digital