From c9d367808a34154824544bbf10a423ccd9df0ce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= <38255502+matmut7@users.noreply.github.com> Date: Mon, 27 May 2024 12:03:42 +0200 Subject: [PATCH 1/3] chore: pgadmin (#337) * chore: add pgadmin * chore: fix key * chore: missing keys * chore: typo * chore: numeric user * chore: secret * chore: containerPort * chore: auth * chore: probespath * chore: server false * test secretgen * indent * rm needs * wip * wip * chore: add kyverno policy * chore: ignore kyverno CRD * fix: config * chore: test stringData * fix kyverno * chore: multiline json * feat: add pgadmin chart * fix: cleanup * chore: pgadmin conf * fix: superuser values * unused kontinuous config * add oauth2 proxy --------- Co-authored-by: Gary van Woerkens --- .../templates/oauth2-proxy.sealed-secret.yaml | 17 ++++++++++ .kontinuous/env/preprod/values.yaml | 32 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 .kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml diff --git a/.kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml b/.kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml new file mode 100644 index 00000000..68cb7cba --- /dev/null +++ b/.kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: oauth2-proxy +spec: + encryptedData: + OAUTH2_PROXY_CLIENT_ID: AgBBhOOAuwpukp9juIjiEhdnNUDAqZZTcVAEnXVp0G81WZ8EIuCjaaS84FQ0uzgT81NqloJc6rdS0NAlhQnGWttQn6GqHmYUH85mfK0flxvK1DDwxW3BPGiakZBN0+E26v+OHqf0bOFQZE2okwgFNMUc6RjjlaFLyWWxfMFdIffU6LXfgeusHzIgc4ypALQbLJklsy+gYMz+3fmdT17M3OARenwuB/yTspjKJLW/cNHPrgWOhTlIJP4obVB7GEqGxgv5h7emSUyo0+xc57ONtcP/8YufM7qS7xEbUFIE2Zh596mGUUxTlD1OMITvBNAx3HySUDwlUqUhi6V/hica3CAAOLCY0X9G4Ae6f+ADBD+9ZPeAJsKIFp6kQ+Z1zuGM62Qsrw7ynOsmhN/LdUv+a+eadel4O6Iz2Sm8rVaBcdhIdI9AXWR2TYEH0slzidsELt6VFVTiC728VNzwOTa6lMk2RQGhtUaXI9KS+nvbTd90BU5GIDlo7FP/naGMXuWn703OKPQvrX3zywPVj5XqXOvgPHi+ADoO+T6nzZUYo2bSsixrjGPCfc3WK/0yjGr7GfGfyGh6JRm5idUAOKAq/XVwE3mO86l3zKHHU1dJn17qAetpAGfkbxPZrjX2tmtO6m/35/azBUDVi4L+HFPfE5Oq207AiC65XdK2ZR5mYiysEBqqPfnrinNC4GLfjj6HAQ1KgwKGKhqctUgZ695P5OymEpY6VA== + OAUTH2_PROXY_CLIENT_SECRET: AgBS9CZ5AsiYPxc7KclDlvcLACN7e28VtseEdcI0dN8nJEW2SnkjsOexEx3zbrHM9EkA2/ebynM2HsT80aDWvRcLPSmX/z9ZWHE2o8smyikgl1AK8Ab5SrEbM1Wan5jHwPw+BKVDW4A3LAK9RNOG1kqenVgJWMSr6YOBWQiQH4wEfNVA5uwa5jchBfdn7LpYlYUM4aOCneNluhdgu3uqLcCxOd26PfR5KytBBOSvEg6WS2ri+87k/C6Jb7eTupA1Y5Tt6jB2rlcPM0UIJ+5yUPNJuxiamRijvzweh8ZsDLqSY6YfeJII26cGpMVllq2cFhK4CKG+9Q6TQIUjQK1mQU55hRdvPYSVWXJ4R4h57J1GiKQccJomFnQIhSLGHmpsbBHDPn70kI7WZ0Zj1GxPOnHuTHJYGJ6jxoul+nPDPQJohoIGwOFY5yBBBv1QKd6VawEtn/nBgD4kfigxd1xIszxD4iNV4nDh6nemnSe0/cNholLHuDP1L4bAkfJO5jF1kGJC16+/PleJWwuSuU8Lyt5xSquaGK+6QsVBvi6adQfwarifJGYeYwTiQ/f4hBu3IHi+880p1bGerfAN/lVndtrytM4KBwQcssLIPWCHFKy0B6DQvfXQ00OXotU6WiwSmqAs3J5OKpxil3jmGixuVAnzA6u1nO86FezBAcUz6ylNqq+jUvBn9hI4Pu8x2zNjApHh6KC4/iHKDCS9rbMwLIzzW1b8l/wpjKlfztQb42JL5cWYPvMPOEh7 + OAUTH2_PROXY_COOKIE_SECRET: AgCEFJJWDqdGPnlxwTtq8O9VwHcMEyMGcAEwd9zs2eDkEl1z3v+DCe8BW6Id5JG1p0D8v0DYlvNuG/rnLnjDMLlGjJzQfkmAflrCOblhvEz2tCuW8y5fvuJXCMqAO7a1uKV9faHLRR/XdZPpWyzuCAxerXvCO2QaSLxne0+qEI6tpFoj1NH7m9gbMVJhmd4pFSfYkoTWTYKLNMp7N9QcwGByfwkrsrxYDYtQibQSkK4mxituJH5Yx7jQlZ+jHVHxdZMBSXWqg48tXN/TvLSGU4CHPfXxknKa6kQDMN5Vh5R31fH6/uvdYyOxlDPmOachDSTvfYVUSbv5g6iv+nZagO7jTjtyIwqSNO+m9lSPJyr56V7fovPwCpU696pXjGBxIT7yaFsJMvYXxwPAIMKdFWoXrpI0Xat6/vv8VDSvY/d6MR2giafvbFHIHhMi+qcnzZgKnhcHCbL4qg/eUpqqWN8J3rc2y0NiYOjaHMhG/mxNpddpORV3G594VTismRIvJyWufJAqzTAnrVrkNGRcGpFFRqNN1TbprRfqY3VLb1ZIX3ul7jxepKIDDZBWCwzpiKy1WALtMg+9M1gGEx9T+lrKdQkg9XNpQa/QVc0xYeeBgcSBBi2wCEokB4rcQtrroKbg4ngVNP0ce1XUnd3q4y2BYwHvEzNOpr3AOnf3bgjzH6TsK2zE/nQT7RIAhZ0vqdPpyoWnQrM0pln7zX/OzEbilOW6/yNmk/ualc21fSEF4npqzdeC7hc1wG5wuQ== + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: oauth2-proxy + type: Opaque diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml index 6ffd167c..b130317e 100644 --- a/.kontinuous/env/preprod/values.yaml +++ b/.kontinuous/env/preprod/values.yaml @@ -130,3 +130,35 @@ pg-strapi: cnpg-cluster: backup: ~tpl~enabled: "false" + +pgadmin: + ~chart: pgadmin + oauth2-proxy: + host: pgadmin-{{ .Values.global.host }} + config: + OAUTH2_PROXY_GITHUB_ORG: "SocialGouv" + OAUTH2_PROXY_GITHUB_TEAM: "admins-fce,sre" + envFrom: + - secretRef: + name: oauth2-proxy + secrets: + - name: pg-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE + - name: pg-strapi-superuser + keys: + user: user + password: password + host: host + port: port + - name: pg-n8n-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE From 8f13beeee8750309f42dae21b80d252eeabc0ac4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Thu, 11 Jul 2024 18:11:35 +0200 Subject: [PATCH 2/3] chore: move to dev env --- .../templates/oauth2-proxy.sealed-secret.yaml | 0 .kontinuous/env/dev/values.yaml | 32 +++++++++++++++++++ .kontinuous/env/preprod/values.yaml | 32 ------------------- 3 files changed, 32 insertions(+), 32 deletions(-) rename .kontinuous/env/{preprod => dev}/templates/oauth2-proxy.sealed-secret.yaml (100%) diff --git a/.kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml b/.kontinuous/env/dev/templates/oauth2-proxy.sealed-secret.yaml similarity index 100% rename from .kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml rename to .kontinuous/env/dev/templates/oauth2-proxy.sealed-secret.yaml diff --git a/.kontinuous/env/dev/values.yaml b/.kontinuous/env/dev/values.yaml index 753c8463..69c85c96 100644 --- a/.kontinuous/env/dev/values.yaml +++ b/.kontinuous/env/dev/values.yaml @@ -102,3 +102,35 @@ server: name: pg-superuser - name: PG_SSL_SELF_SIGNED value: "true" + +pgadmin: + ~chart: pgadmin + oauth2-proxy: + host: pgadmin-{{ .Values.global.host }} + config: + OAUTH2_PROXY_GITHUB_ORG: "SocialGouv" + OAUTH2_PROXY_GITHUB_TEAM: "admins-fce,sre" + envFrom: + - secretRef: + name: oauth2-proxy + secrets: + - name: pg-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE + - name: pg-strapi-superuser + keys: + user: user + password: password + host: host + port: port + - name: pg-n8n-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml index b130317e..6ffd167c 100644 --- a/.kontinuous/env/preprod/values.yaml +++ b/.kontinuous/env/preprod/values.yaml @@ -130,35 +130,3 @@ pg-strapi: cnpg-cluster: backup: ~tpl~enabled: "false" - -pgadmin: - ~chart: pgadmin - oauth2-proxy: - host: pgadmin-{{ .Values.global.host }} - config: - OAUTH2_PROXY_GITHUB_ORG: "SocialGouv" - OAUTH2_PROXY_GITHUB_TEAM: "admins-fce,sre" - envFrom: - - secretRef: - name: oauth2-proxy - secrets: - - name: pg-app - keys: - user: PGUSER - password: PGPASSWORD - host: PGHOST - port: PGPORT - database: PGDATABASE - - name: pg-strapi-superuser - keys: - user: user - password: password - host: host - port: port - - name: pg-n8n-app - keys: - user: PGUSER - password: PGPASSWORD - host: PGHOST - port: PGPORT - database: PGDATABASE From 4e6bac58ad936480972f4ee08f38af1e28cf1be4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=A9o=20M=C3=A9vollon?= Date: Mon, 15 Jul 2024 12:01:36 +0200 Subject: [PATCH 3/3] fix: move to preprod --- .kontinuous/env/dev/values.yaml | 32 ------------------- .../templates/oauth2-proxy.sealed-secret.yaml | 0 .kontinuous/env/preprod/values.yaml | 32 +++++++++++++++++++ 3 files changed, 32 insertions(+), 32 deletions(-) rename .kontinuous/env/{dev => preprod}/templates/oauth2-proxy.sealed-secret.yaml (100%) diff --git a/.kontinuous/env/dev/values.yaml b/.kontinuous/env/dev/values.yaml index 69c85c96..753c8463 100644 --- a/.kontinuous/env/dev/values.yaml +++ b/.kontinuous/env/dev/values.yaml @@ -102,35 +102,3 @@ server: name: pg-superuser - name: PG_SSL_SELF_SIGNED value: "true" - -pgadmin: - ~chart: pgadmin - oauth2-proxy: - host: pgadmin-{{ .Values.global.host }} - config: - OAUTH2_PROXY_GITHUB_ORG: "SocialGouv" - OAUTH2_PROXY_GITHUB_TEAM: "admins-fce,sre" - envFrom: - - secretRef: - name: oauth2-proxy - secrets: - - name: pg-app - keys: - user: PGUSER - password: PGPASSWORD - host: PGHOST - port: PGPORT - database: PGDATABASE - - name: pg-strapi-superuser - keys: - user: user - password: password - host: host - port: port - - name: pg-n8n-app - keys: - user: PGUSER - password: PGPASSWORD - host: PGHOST - port: PGPORT - database: PGDATABASE diff --git a/.kontinuous/env/dev/templates/oauth2-proxy.sealed-secret.yaml b/.kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml similarity index 100% rename from .kontinuous/env/dev/templates/oauth2-proxy.sealed-secret.yaml rename to .kontinuous/env/preprod/templates/oauth2-proxy.sealed-secret.yaml diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml index 6ffd167c..b130317e 100644 --- a/.kontinuous/env/preprod/values.yaml +++ b/.kontinuous/env/preprod/values.yaml @@ -130,3 +130,35 @@ pg-strapi: cnpg-cluster: backup: ~tpl~enabled: "false" + +pgadmin: + ~chart: pgadmin + oauth2-proxy: + host: pgadmin-{{ .Values.global.host }} + config: + OAUTH2_PROXY_GITHUB_ORG: "SocialGouv" + OAUTH2_PROXY_GITHUB_TEAM: "admins-fce,sre" + envFrom: + - secretRef: + name: oauth2-proxy + secrets: + - name: pg-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE + - name: pg-strapi-superuser + keys: + user: user + password: password + host: host + port: port + - name: pg-n8n-app + keys: + user: PGUSER + password: PGPASSWORD + host: PGHOST + port: PGPORT + database: PGDATABASE