netflux-kubernetes/deploy/dev/kustomization.yaml

121 lines
3.2 KiB
YAML

---
namePrefix: dev-
resources:
- ../base
- svc-db.yaml
- cm-ingress-nginx-tcp-services.yaml
helmCharts:
- name: postgresql
version: "11.1.28"
repo: https://charts.bitnami.com/bitnami
releaseName: postgresql
valuesInline:
metrics:
enabled: true
auth:
postgresPassword: postgres
database: default
configMapGenerator:
- name: prometheus-server
behavior: merge
files:
- prometheus.yml=prometheus.yaml
- name: grafana
behavior: merge
files:
- grafana.ini
- datasources.yaml=grafana-datasources.yaml
- name: invidious-config
files:
- config.yml=invidious-config.yaml
- name: element-config
files:
- config.json=element-config.json
- name: drone-config
literals:
# For Gitea/drone integration to work in dev, Gitea must be served from the
# external hostname `dev-gitea` so it matches with the internal DNS.
- gitea-server=http://dev-gitea
- server-host=dev-drone
- server-proto=http
- rpc-host=dev-drone
- rpc-proto=http
- logs-debug=false
secretGenerator:
- name: grafana-credentials
literals:
- admin-user=rob
- admin-password=testme
- name: invidious-credentials
literals:
- database-url=postgresql://kemal:kemal@dev-db:5432/invidious
# Individual keys required by init-invidious-db:
- database-host=dev-db
- database-port=5432
- database-name=invidious
- database-user=kemal
- database-password=kemal
- name: gitea-config
literals:
- admin-username=rob
- admin-password=testme
- admin-email=mail@localhost
files:
- config.ini=gitea-config.ini
- name: drone-credentials
literals:
- database-url=postgres://postgres:postgres@dev-db:5432/drone?sslmode=disable
- gitea-client-id=55847c4a-c80e-4e77-ab36-c6d102273115
- gitea-client-secret=IU4cb59RNNLuI9PRkUbldcEQ5wYPEZMBK5s6p7vTdVfe
- rpc-secret=f5ec349109bb9bbdf00e4394afd28754
- name: elon-staging-credentials
literals:
- session-key=secret
- twitter-client-id=foo
- twitter-client-secret=bar
- twitter-callback-url=http://localhost:8000/callback
- twitter-bearer-token=secret
- database-url=postgres://postgres:postgres@dev-db:5432/elon_staging?sslmode=disable
patches:
# Patch the metrics-server to not require TLS in dev cluster.
- target:
kind: Deployment
name: metrics-server
path: deploy-metrics-server.yaml
# Patch the ingress-nginx deployment to allow it to use a service with a
# namePrefix. See https://github.com/kubernetes/ingress-nginx/issues/2599#issuecomment-601170289.
- target:
kind: Deployment
name: ingress-nginx-controller
path: deploy-ingress-nginx.yaml
# Patch the ingress-nginx-admission-create job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-create
path: job-ingress-nginx-admission-create.yaml
# Patch the ingress-nginx-admission-patch job to reference its webhook with a
# namePrefix.
- target:
kind: Job
name: ingress-nginx-admission-patch
path: job-ingress-nginx-admission-patch.yaml
# Patch the ingress resource with stage-specific hostnames:
- target:
kind: Ingress
name: ingress
path: ingress.yaml
# Patch Grafana deployment to inject PostgreSQL credentials:
- target:
kind: Deployment
name: grafana
path: deploy-grafana.yaml