DEV-669: init checkin nsodev

3 years ago · 04474dab97
parent f163d07fe8
commit 04474dab97
14 changed files with 177 additions and 60 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 Chart.lock
 charts/
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,11 @@
 # Fingerprint  | User ID
 # keys in https://git.dev-at.de/smardigo-hetzner/communication-keys
 creation_rules:
  # list of keys for encryption in stage
  - pgp: >-
      E5B4FE1E0209DFFE320D2A2E47087747D89B72EC,
      D65D400040387210377B6A71DFD775644EAAC77B,
      BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5,
      9F08DA9D42379AFE6610E9E615CCEC6801DBA02E,
      17B8FDF68AC123EB666934B17D0DF6EC048A5D77,
      73C2C9954D1BC94DC6682525D2FA233B52AEC75C
--- a/Chart.yaml
+++ b/Chart.yaml
@ -22,3 +22,8 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "0.1.0"
 dependencies:
 - name: tenant
  version: 4.5.4
  repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure
--- a/README.md
+++ b/README.md
@ -1 +0,0 @@
 # prodwork01-mobene-deployment
--- a/mobene-apps/kustomization.yaml
+++ b/mobene-apps/kustomization.yaml
@ -1,2 +0,0 @@
 resources:
 - mobene-minio-nsodev.yaml
--- a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/Chart.yaml
+++ b/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/Chart.yaml
@ -1,13 +0,0 @@
 apiVersion: v2
 name: mobene-minio-nsodev
 description: Minio Tenant for mobene-nsodev
 type: application
 version: 0.0.1
 appVersion: latest
 dependencies:
 - name: tenant
  version: 4.5.4
  repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure
--- a/mobene-apps/mobene-minio-nsodev.yaml
+++ b/mobene-apps/mobene-minio-nsodev.yaml
@ -1,23 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
  name: mobene-minio-nsodev
  namespace: argo-cd
  finalizers:
  - resources-finalizer.argocd.argoproj.io
 spec:
  project: mobene
  source:
    repoURL: https://prodnso-gitea-01.smardigo.digital/argocd/prodwork01-mobene-deployment.git
    path: mobene-apps/minio-apps/tenants/mobene-minio-nsodev
    targetRevision: main
  destination:
    server: https://kubernetes.default.svc
    namespace: mobene-nsodev
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
--- a/secrets_cusprod.yaml
+++ b/secrets_cusprod.yaml
--- a/secrets_cusqa.yaml
+++ b/secrets_cusqa.yaml
--- a/secrets_nsodev.yaml
+++ b/secrets_nsodev.yaml
@ -0,0 +1,131 @@
 minio_tenant_users:
    - name: ENC[AES256_GCM,data:FcDv3B0=,iv:Qko14QGJ00Vz8qLCMraWP+enD8dI/4gTmYOyhff7LJo=,tag:EFlC2QG2PR0H/LE1mpUX1w==,type:str]
      password: ENC[AES256_GCM,data:rcLYIqc+iQ1hXdya27+WYZ9f8Dor0HGeQw==,iv:8jlOC3yphgs+tNH18gTQFinjaLRPI38rKkdDa/S12hE=,tag:58P+soF2DkQyYA5Ysnx6rA==,type:str]
    - name: ENC[AES256_GCM,data:0gvhV+c=,iv:aHv/GEH0MqDKSFBdWHLwals4YGSc/LEeS0AptvIqbXE=,tag:uoex6gxSAJ5xYJHBoHjlJg==,type:str]
      password: ENC[AES256_GCM,data:YupFLbGXghBHHMvQ+2a06y/ZsaZT2rpJ9w==,iv:/7XVh0nMb+z4CPuO1y3eIUdWiWeR2lmb/VSPjgfBGSM=,tag:XX33bBCbQC9+WXssCsCGsg==,type:str]
 #ENC[AES256_GCM,data:MoH0qxwtAzM8hdf4eRggu9Gtfy6+1acOy5OhONNrH2YxtPS+gw==,iv:76ab4fFTVsWH5Q6rPjURmqrDOkfj2GtBv0ausg9NUaY=,tag:v3AgGxXNT4k0zSzvUzrQ0A==,type:comment]
 tenant:
    secrets:
        name: ENC[AES256_GCM,data:rir4IB0EcHx40ryiPHXPNjvOX+f4cZo=,iv:1uXS0WL9iyHPS4f9i3sQ0lV6sNfNf2WZusTkupTpnLI=,tag:5+dL9YKkAlNOZuv26YtoaA==,type:str]
        accessKey: ENC[AES256_GCM,data:Vapnnw==,iv:+SYqQBDpvpd498CSsAAeo/LQg48QGDm5UEHksrYuFeg=,tag:DWN7Gqt6AzXJvbD5oi8XRw==,type:str]
        secretKey: ENC[AES256_GCM,data:JKcMO1/4XeQRaBJ9JIJvwcimNxj3oSid1Q==,iv:16US5xnfuZ4twV1QiI3CKQGIXaRLeLwaB0rsOE91H84=,tag:j4b8Q6/6BapY0rUI6eN0jg==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2022-11-16T20:52:14Z"
    mac: ENC[AES256_GCM,data:xF6u/oXAGliCIC53i8NipsJ8+ptLVuRmEaMOLCPVhZz4Tspw2jqnnzdt0oJmE1F+9CFqfHID5J6kZZPN0vMnEk4Doa0zVI9HR2KA3ksYlFCbD3aCgPatsctJ+NBP2tCSO4MUSbS8+YrgJ7vaxWmMHWWFu/ateujoq115ip3WSNE=,iv:l7tODfq0IDx6zjFxy1PAqFbagKPHUBDRBQu4qknN2L4=,tag:WrNJYCtZb2z7lVCGfoHpKw==,type:str]
    pgp:
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA911WKxzIy2nAQ/+LiihBBPGUdu/uHlVc4RJJB6mP+MvAdObFbdyjVi1BLSd
            ycaMJSYAKfN/seaOYfXdpdIb66giMokenWkMAWAZIDOfvFpq2JvHhuWTCqzliMhN
            663FMEBMdkWrce/4OAlp7hq384gzQ19dSDar3fCGsw39JPmE4L+AqtQw/WrBMGdq
            /ewYOTwQERip7LILHL67RfTzwfabCPuZDlC0tD4oD4EBhAaYLuuef14udiLqcOiI
            URGYCUnNrGn24RZBfQg/mYmxfj34DOAYVvFO4mjeT1vYSNl+Z+yoSGhQsY2zEOR/
            aYUmPVimCa0slB0E3MQ/lQ/t8ot6914MZJwVmRtnybDQOUfEgibol7Bg2lsxUM8M
            i1x/cS8B2thrArwBJ9mjEqozpc2iHC0V56WPWY6NVrqPByNUJV92/g8w/qNdvf/r
            prSFXGhqZ2Tk11upte37V7AhYtstNRDXsDFwKXXc+b5Aavqa2IJhNoR5/KExmkN7
            z3v9EvIIhmJMPzqYgACv6PEEfgGBT5ZYdjWBCDnTxPU7AJYkdySIXCjdjvO16641
            QyUjYnTLsQ/zIk7zPrvMXfiz0tdWwXKqhfnCJwpmO6JPE8PQUT3fzx9yKsEwqVxt
            AyQDTLl9ySzSgj15u2Acq+Z417zdMJy4fYXpzDjweT7Mikb9mTLQ0uV2hirZi3nS
            XgHlDbHmFEKsrflKQYTb0pyGOqpr5rBnt9RnsoeLZ4Xt3LNpiB8LvEhimbxv1gXA
            3KT/3CQ8Lm/AChTqjv4PU2qakIgxDeWdfbZuqRLb160iuREy2fBj2+IRy8esN3U=
            =n/of
            -----END PGP MESSAGE-----
          fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA4Npij8bx0m7AQ/+OLmtIxrmqao8Wnt/igRC7eVpD5pqcm6ywruxktLkqsGp
            7fuxLwUlIN/eCSgThvwANSGDvq/B9caWkRoAR+ZjWQu1C/QMDYGlIn4D23xpjPl4
            gJGT80HLQw6Ldy14VO0Ov9JzUyXVrET5r37sGKalqp6/0V/RGH2FiRHV51TBGMjy
            xSWYLT0U+FZvcwbkbll4UBA6sf9wcAnc4QSaHrkIAkUyeOca6fU4mLM5EXTtsF6D
            /d8ORRJCUeWSXqbW8/Wu+rBHRJgxmzDCVb3DaPBonO+eDTrLoky27gf82xQBtEDJ
            gQeff6Db5QWxFKSeAbbwxWdz0QvhWJVNtXiS1QwnO15ppwTZeJTRSPub8Fa1p1Yv
            yP4FfCewZPbWhWS9izEVkepxE69igderwyzAI2cS/E8Yp4I9sM/MInJF3hjgkt/Y
            73U2mHm4y73cizR+P0u2Lo5jNVaL4tuKg53ODg86r42Sf4EZ3FNIfVHz0XFIm48H
            uvqQUHQfsmifjPo/LPDqiZlZnJc9zDKYKVTtF9zLFc2L/Uh4z1GwDkt00RjIPK7W
            8goygbX2KdWcaqKbDMg6EIzU6zB3As9ilQ4Yf3eleoNCWGGUygH2CYBL/ozy6+6t
            IFQknLUSo84KfHm2bhdMiVpl7E3KmRwPqHQ4TjrXaCIM6agNRs0A/f2SRAMJWLbS
            XgEpNnst3NPGlucD12dkhrhHc4nXgctvfA9HDmhvfNrSJCHSDklr6IDMnKvsA7vm
            KgLAj3W0g9GeZreXhRoXA9/wEjyetzqpwsy2W6VX0yrNzR8HNALYhS2JtFWgfwQ=
            =MMEk
            -----END PGP MESSAGE-----
          fp: D65D400040387210377B6A71DFD775644EAAC77B
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA+5f33GLJ89bAQ/+IFURhIhDGZGMUguhAckddATvjBZtTOBSbVUIcqjO4WQJ
            YzqXt9tqey3UxdQQbr2zbRrWGy46rh2VbyemlWFsXKKg5kgioshDUIzsNblXKhYX
            4Mn64T6ldAFajpB2tnB8O4SU08/zjRwp/D+7t/ftmD0D9iaHovd8A3VPZZ+AC5eW
            fuuH3q4KCWwuFxXmOkMfvCRd/8bLtqmmlzxOdWiOluUOO0c0h2slI+Cd+jIb1jP8
            eRD5VgGzHUKa43UZAKIc4OQkL11uohUmNAUFMackgA1hQFIbHoedXrVw7p4GNt7A
            YCocmekPXtWJuJr0K87D9btRNkeJfCjsPUfhoubTftR7zasteZPR/kvH96R0l3C+
            M77k0SAkx/6EArG7EPjWpSXcKlvU6r4QdfYO8ZfritPgNsfs/l7sOG2D4kdANEYl
            hNQONhaZ5Wp1kyFzBsNbghKw9PlnM73jaO/Bo29nCDFznrLn9eawz2Bd9nGVFMb9
            goBCATEccF9EVF1yBB/LhcJsD88+66kf8qs/3Sta0HIb2dkz/lflHU6/L7Hb4/uZ
            kMMgvGMRg+WWXJsbGiuEHpdzH93CIiQBX+icJfbOtrlaD6fToRG6CFz1xcHgyH1w
            nPX+iEXwQgkWJhvoQyV9fJep+6j/br4EX1lFQfC/m4DziP9uE8ZdCRDxKeQqD0PS
            XgGaGtWA2xpZ98g+6e0Jnu1KROWDCF7IhUf6Qlto4qzHnC71gpsWih4NQjPHHfNf
            RPUICYJDptIrxS+R1LZgMzhNmyY3qr3PoF6nyfIHX17rWON+LQaTdFEccRscSRs=
            =9z+V
            -----END PGP MESSAGE-----
          fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQGMA+cOSmNXMUmKAQv+MjYe8FqzSaQMcJr37Cg1jcOLtX30q9ZAdjIvsY23KrHB
            7PZz4XppRih8MuSjNXmljIHUQSAP3ajpq3lli1DB+x6FYK92TltslMccqDHtTTZr
            6nf4I0vfIxYmvQE+AbZ0lUAgOxvpQInFwzJd2GeBIrbG/FnQCi6bb8ZK1eAtiJTr
            3TAmbmMo/+isw/qNZdW1hn/6MZsoQHHPBLWl2x9dYifQ/vkr32W6WA6J4CqrcwgC
            eh1qRlshf15SRQ8ZRP4fHbWt3P0sppGN+xMZ93lqdbcGx6EdIbEt7tQnlL0JXAFe
            3C+dwOkZzEWhrUCl7bq3CvvLN7b9raZ4iebV6Qln5V2jKJyDb5ibOO71hnKerqzE
            TMVUUASgAsfjSE7veo8470j8xmKryRqcMAK3i0NuuOMSG2wTs8fgI7vHz4q92x/F
            /Zfpr9mQv6/BM7M+D34zLKqwbwu1+HrKvBKZ5ObHlakn+mbh7Owm/QU576SfvEcF
            zfMt0sr4+xLVEkDIr6Lk0l4BrAn+Vo+ULZzUvV6LaCb2S3gG8HVv414gy+siKxGV
            +w0cfmmXeG74l9M6o/aUUpdz50R3M8FVAqT/b/f3NRbX6/8tI9HtKK3iVtF/HSyD
            9dA2a+rxPP4FjTomDe+M
            =yj6E
            -----END PGP MESSAGE-----
          fp: 9F08DA9D42379AFE6610E9E615CCEC6801DBA02E
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hQIMA1kDHheI9SLWAQ/+IBOZ1C8EVraszkPhOFNVfvE8jukXrVgfOw+ozsC7NehF
            07QoVz4pkuevrlA/W0IlVHRDJIkze/2gHKFUnW1+7UWi7cbOMBmDwx0IP2wJCWyN
            4QDo4h18jD3ScPxTYj4VQIzfGF7oa9oRj+dr+iu49vu8Ri5HAqUQe7uc5UzAMs1k
            6IXDQTllxDbFcr5vBtJC+YF+Mn8sU/EHzkzKKznvXp6RoTe08ILRQqtzl8sHSgzz
            Rx5E94jv2P+FF+oPGnB7iYM4hGuj2kihzLGRAsQ1oe2KSVOKR4bq2AoA6tIYvgs4
            btvnwxiAYzGeHKc22i6J0gQfSl3+MQzAjnIFc9CDuk0eNKRrgEM8ysHZFzLyMvQ2
            rvYRYI3Wt/ue65C79RsOKeKZSvGf1RwvGc88OMKkBorluYQUQ5G1gUy1mplTcWd0
            xppNmCSiM6qlOkCtZqpzpB5YO+L9C4TCF1dZuO+tdpYxui+2uRsozrnTLq558sPC
            3US7o4cQ9bt7qi8cVNOdvpkFoAJt/yY3zOJMj9Tjmemy1eW3bmWwv8sdX1lOhU85
            vCm9Jy7UDBeKOxNycBeOLd/DxxZDO4SKPLu7FMG+oNYkWwd1gHb4fEzVpK7pGWS3
            oRio5uwN2u4Waoeaqu4bbWP+UtTUE57COIuNFxQ8T5oi4EecBJ/VsHaX1IXk3wrS
            XgFxVgxxtC4kc2j/W7fvHm5RE95AZMRHIyd8xv6E0p/t2qPJzRKWdlCDheN7A+yK
            FQ9pW3VF0bvtKMn3FsxLtIBh6USEqOwYpv392HZSlLvHx97TmIBMtr5p9ssPuBE=
            =HK1h
            -----END PGP MESSAGE-----
          fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77
        - created_at: "2022-11-16T20:12:49Z"
          enc: |
            -----BEGIN PGP MESSAGE-----
            hF4DZmNQj/lmIGsSAQdA+lBNqJWJdzkd3CA+1ZiYrJJwAAZfjc1csaBP+pNE/xMw
            btJiLvTTGD7FktsKXzBrdVCBobUPDxVz5GKGvzLZIPN4uq44pDe6s4YRF6nsG6W6
            0l4BM+BigVopgpSw065ezF7d1U3E/XgVmDAh4Wi66gEIVROWJ/qJSJ/vl/MFKXiF
            jKcnKVJixR9hjicI4KndcIFJu2l7TCRQa2HZe+ettVqe2nomMP/wIFh6Ab+oUpoa
            =CMXT
            -----END PGP MESSAGE-----
          fp: 73C2C9954D1BC94DC6682525D2FA233B52AEC75C
    unencrypted_suffix: _unencrypted
    version: 3.7.1
--- a/templates/secret_minio_user1.yaml
+++ b/templates/secret_minio_user1.yaml
@ -0,0 +1,10 @@
 {{- range $users := .Values.minio_tenant_users }}
 apiVersion: v1
 stringData:
  CONSOLE_ACCESS_KEY: {{ $users.name }}
  CONSOLE_SECRET_KEY: {{ $users.password }}
 kind: Secret
 metadata:
  name: {{ $users.name }}
 type: Opaque
 {{- end }}
--- a/values_cusprod.yaml
+++ b/values_cusprod.yaml
--- a/values_cusqa.yaml
+++ b/values_cusqa.yaml
--- a/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/values.yaml
+++ b/mobene-apps/minio-apps/tenants/mobene-minio-nsodev/values.yaml
@ -1,26 +1,23 @@
 # minio tenant
 tenant:
  secrets:
    name: mobene-nsodev-minio-env-configuration
    accessKey: minio
    secretKey: PknzRZAfgeHEUK9f0jk9xp5Az
  tenant:
-    name: mobene-nsodev-minio-tenant
+    name: s3-prodwork01
    pools:
    - servers: 2
      volumesPerServer: 2
      storageClassName: hcloud-volumes
      size: 10Gi
    buckets:
-    - name: mobene-nsodev-postgres-bkp-bucket
+      - name: mysql
-    log:
+        region: ''
-      db:
+      - name: postgres
-        volumeClaimTemplate:
+        region: ''
-          spec:
+    users:
-            storageClassName: hcloud-volumes
+      - name: user1
-    prometheus:
+      - name: user2
-      diskCapacityGB: 1
+    prometheusOperator: true
      storageClassName: hcloud-volumes
  ingress:
    api:
      enabled: true
@ -31,11 +28,11 @@ tenant:
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
        nginx.ingress.kubernetes.io/proxy-body-size: 32m
-      host: prodwork01-mobene-minio.smardigo.digital
+      host: s3storage-prodwork01.smardigo.digital
      tls:
-      - secretName: prodwork01-mobene-minio-cert
+      - secretName: s3-miniotest-cert
        hosts:
-          - prodwork01-mobene-minio.smardigo.digital
+          - s3-prodwork01.smardigo.digital
    console:
      enabled: true
      ingressClassName: nginx
@ -44,8 +41,8 @@ tenant:
        cert-manager.io/issue-temporary-certificate: 'true'
        nginx.ingress.kubernetes.io/backend-protocol: HTTPS
        nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
-      host: prodwork01-mobene-minio-console.smardigo.digital
+      host: s3-console-prodwork01.smardigo.digital
      tls:
-      - secretName: prodwork01-mobene-minio-console-cert
+      - secretName: s3-console-cert
        hosts:
-          - prodwork01-mobene-minio-console.smardigo.digital
+          - s3-console-prodwork01.smardigo.digital