johnride/backstage-demo-janus-showcase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

config

Browse Source
This commit is contained in:
Med Mouine
2024-04-18 10:23:04 -04:00
parent aab6410176
commit 089a1cd890
19385 changed files with 147197 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
manifests/base/certificate.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ssl-certificate
spec:
dnsNames:
- janus-idp.apps.smaug.na.operate-first.cloud
- showcase.janus-idp.io
issuerRef:
name: letsencrypt
secretName: janus-idp-cert

72
manifests/base/deployment.yaml Normal file
View File

@@ -0,0 +1,72 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: backstage
namespace: "janus-idp"
labels:
app.kubernetes.io/component: backstage
backstage.io/kubernetes-id: janus-idp
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/component: backstage
template:
metadata:
labels:
app.kubernetes.io/component: backstage
backstage.io/kubernetes-id: janus-idp
annotations:
checksum/app-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
spec:
serviceAccountName: default
containers:
- resources:
limits:
cpu: 500m
requests:
cpu: 400m
name: backstage-showcase
image: backstage-showcase
imagePullPolicy: "Always"
command:
- node
- packages/backend
args:
- --config
- app-config.yaml
- --config
- app-config.production.yaml
envFrom:
- secretRef:
name: janus-idp
- secretRef:
name: janus-idp-pguser-janus-idp
- configMapRef:
name: backstage-showcase-bucket-claim
- secretRef:
name: backstage-showcase-bucket-claim
volumeMounts:
- name: ca-cert
mountPath: "/mnt/certs"
ports:
- name: backend
containerPort: 7007
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: 7007
scheme: HTTP
initialDelaySeconds: 3
timeoutSeconds: 1
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
volumes:
- name: ca-cert
secret:
secretName: janus-idp-cluster-cert
items:
- key: ca.crt
path: ca.crt

19
manifests/base/externalsecret.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: janus-idp
spec:
dataFrom:
- extract:
conversionStrategy: Default
key: moc/smaug/janus-idp/values-app-config
- extract:
key: moc/smaug/service-catalog/k8s-plugin-tokens
refreshInterval: 60s
secretStoreRef:
kind: SecretStore
name: opf-vault-store
target:
creationPolicy: Owner
deletionPolicy: Retain
name: janus-idp

35
manifests/base/ingress.yaml Normal file
View File

@@ -0,0 +1,35 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: backstage
namespace: "janus-idp"
labels:
app.kubernetes.io/component: backstage
backstage.io/kubernetes-id: janus-idp
spec:
tls:
- hosts:
- janus-idp.apps.smaug.na.operate-first.cloud
- showcase.janus-idp.io
secretName: janus-idp-cert
rules:
- host: janus-idp.apps.smaug.na.operate-first.cloud
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backstage
port:
number: 7007
- host: showcase.janus-idp.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: backstage
port:
number: 7007

14
manifests/base/issuer.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt
spec:
acme:
email: team-backstage@redhat.com
privateKeySecretRef:
name: letsencrypt-key
server: 'https://acme-v02.api.letsencrypt.org/directory'
solvers:
- http01:
ingress:
serviceType: ClusterIP

10
manifests/base/keycloak/certificate.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: keycloak-certificate
spec:
dnsNames:
- keycloak.apps.smaug.na.operate-first.cloud
issuerRef:
name: letsencrypt
secretName: keycloak-cert

51
manifests/base/keycloak/deploymentconfig.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: keycloak
spec:
replicas: 1
selector:
deploymentConfig: keycloak
strategy:
type: Recreate
template:
metadata:
labels:
application: keycloak
deploymentConfig: keycloak
name: keycloak
spec:
containers:
- envFrom:
- secretRef:
name: janus-idp
image: quay.io/keycloak/keycloak:20.0.3
livenessProbe:
failureThreshold: 100
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 60
name: keycloak
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
failureThreshold: 300
httpGet:
path: /
port: 8080
scheme: HTTP
initialDelaySeconds: 30
securityContext:
privileged: false
volumeMounts:
- mountPath: /opt/keycloak/data
name: empty
args: ["start-dev"]
volumes:
- name: empty
emptyDir: {}
triggers:
- type: ConfigChange

20
manifests/base/keycloak/ingress.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
spec:
tls:
- hosts:
- keycloak.apps.smaug.na.operate-first.cloud
secretName: keycloak-cert
rules:
- host: keycloak.apps.smaug.na.operate-first.cloud
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: keycloak
port:
number: 8080

12
manifests/base/keycloak/kustomization.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: janus-idp
resources:
- certificate.yaml
- deploymentconfig.yaml
- ingress.yaml
- service.yaml
labels:
- pairs:
application: keycloak
includeSelectors: false

10
manifests/base/keycloak/service.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: keycloak
spec:
ports:
- port: 8080
targetPort: 8080
selector:
deploymentConfig: keycloak

31
manifests/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: janus-idp
components:
- ../components/postgres-db
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
- externalsecret.yaml
- issuer.yaml
- certificate.yaml
- keycloak
- obc.yaml
- postgres.yaml
commonLabels:
app.kubernetes.io/name: backstage
app.kubernetes.io/instance: backstage
images:
- name: backstage-showcase
newName: quay.io/janus-idp/backstage-showcase
patchesJson6902:
- patch: |-
- op: remove
path: /spec/selector/app.kubernetes.io~1name
- op: remove
path: /spec/selector/app.kubernetes.io~1instance
target:
kind: Service
version: v1
name: keycloak

7
manifests/base/obc.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: backstage-showcase-bucket-claim
spec:
generateBucketName: backstage-showcase-bucket-claim-
storageClassName: openshift-storage.noobaa.io

70
manifests/base/postgres.yaml Normal file
View File

@@ -0,0 +1,70 @@
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: janus-idp
spec:
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.2-1
postgresVersion: 14
instances:
- name: instance1
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 2Gi
resources:
limits:
cpu: 300m
requests:
cpu: 200m
sidecars:
replicaCertCopy:
resources:
limits:
cpu: 300m
requests:
cpu: 200m
backups:
pgbackrest:
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.38-0
global:
# Save backups for 7 days, this means 1 full backups with 6 differential ones in between
repo1-retention-full: "1"
repo1-retention-full-type: count
repoHost:
resources:
limits:
cpu: 300m
requests:
cpu: 200m
repos:
- name: repo1
schedules:
# Every sunday at 01:00 full backup
full: "0 1 * * 0"
# Monday through saturday at 01:00 differential backup
differential: "0 1 * * 1-6"
volume:
volumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: 2Gi
sidecars:
pgbackrest:
resources:
limits:
cpu: 300m
requests:
cpu: 200m
pgbackrestConfig:
resources:
limits:
cpu: 300m
requests:
cpu: 200m
users:
- name: janus-idp
options: "SUPERUSER"

18
manifests/base/service.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
name: backstage
namespace: "janus-idp"
labels:
app.kubernetes.io/component: backstage
backstage.io/kubernetes-id: janus-idp
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: http-backend
port: 7007
targetPort: backend
protocol: TCP
selector:
app.kubernetes.io/component: backstage