feat(all): global cleanning adding dev overlay

2023-09-04 12:40:18 +02:00
parent dbece5cad2
commit e616ec1900
55 changed files with 364 additions and 1594 deletions
--- a/overlays/dev/resources/cert-manager/kustomization.yaml
+++ b/overlays/dev/resources/cert-manager/kustomization.yaml
@ -4,4 +4,5 @@ kind: Kustomization
 resources:
 - ./resources/cluster-issuer.yaml
 - ./resources/ca.yaml
- ./resources/issuer.yaml
+- ./resources/issuer.yaml
+
--- a/overlays/dev/resources/cert-manager/resources/ca.yaml
+++ b/overlays/dev/resources/cert-manager/resources/ca.yaml
@ -9,7 +9,7 @@ spec:
  isCA: true
  commonName: cadoles-selfsigned-ca
 #  secretName: root-secret
-  secretName: cadoles-selfsigned-ca
+  secretName: cadoles-selfsigned-ca-secret
  privateKey:
    algorithm: ECDSA
    size: 256
--- a/overlays/dev/resources/cert-manager/resources/issuer.yaml
+++ b/overlays/dev/resources/cert-manager/resources/issuer.yaml
@ -6,4 +6,4 @@ metadata:
 #  namespace: ingress-nginx
 spec:
  ca:
-    secretName: cadoles-selfsigned-ca
+    secretName: cadoles-selfsigned-ca-secret
--- a/overlays/dev/resources/files/minio/config.env
+++ b/overlays/dev/resources/files/minio/config.env
@ -1,4 +1,4 @@
-export MINIO_ROOT_USER="cadoles"
-export MINIO_ROOT_PASSWORD="cadoles;21"
+export MINIO_ROOT_USER="minio_root"
+export MINIO_ROOT_PASSWORD="MinioRootNotSoSecret"
 export MINIO_STORAGE_CLASS_STANDARD="EC:2"
 export MINIO_BROWSER="on"
--- a/overlays/dev/resources/files/minio/configurations/tenants.minio.min.io.yaml
+++ b/overlays/dev/resources/files/minio/configurations/tenants.minio.min.io.yaml
@ -0,0 +1,14 @@
+---
+nameReference:
+- kind: Secret
+  fieldSpecs:
+  - path: spec/credsSecret/name
+    kind: Tenant
+- kind: Secret
+  fieldSpecs:
+  - path: spec/configuration/name
+    kind: Tenant
+- kind: Secret
+  fieldSpecs:
+  - path: spec/users/name
+    kind: Tenant
--- a/overlays/dev/resources/nextcloud/cm-ldap-script.yaml
+++ b/overlays/dev/resources/nextcloud/cm-ldap-script.yaml
@ -0,0 +1,46 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: script-config-ldap
+data:
+  poststart-ldap.sh: |
+    #!/bin/sh
+
+    /bin/sh -c "/var/www/html/occ app:install user_ldap"
+    /bin/sh -c "/var/www/html/occ app:update user_ldap"
+    /bin/sh -c "/var/www/html/occ app:enable user_ldap"
+
+    /bin/sh -c "/var/www/html/occ ldap:show-config s01 > /tmp/nxt-ldap.txt"
+    if grep -q "Invalid configID" /tmp/nxt-ldap.txt; then
+      /bin/sh -c "/var/www/html/occ ldap:create-empty-config"
+    fi
+
+    # Configurez LDAP (configuration minimale)
+
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_host '${NEXTCLOUD_LDAP_HOST}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_base '${NEXTCLOUD_LDAP_BASE}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_dn '${NEXTCLOUD_LDAP_DN}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldap_agent_password '${NEXTCLOUD_LDAP_PASSWD}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseGroups '${NEXTCLOUD_LDAP_BASE_GROUPS}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapBaseUsers '${NEXTCLOUD_LDAP_BASE_USERS}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapConfigurationActive '${NEXTCLOUD_LDAP_ACTIVE_CONF}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExperiencedAdmin '${NEXTCLOUD_LDAP_ADMIN_EXP}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapExpertUUIDUserAttr '${NEXTCLOUD_LDAP_EXP_UUID}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilter '${NEXTCLOUD_LDAP_LOGIN_FILTER}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapLoginFilterAttributes '${NEXTCLOUD_LDAP_LOGIN_FILTER_ATTR}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapPort '${NEXTCLOUD_LDAP_PORT}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilter '${NEXTCLOUD_LDAP_USR_FILTR}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass '${NEXTCLOUD_LDAP_OBJ_FILTR}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapEmailAttribute '${NEXTCLOUD_LDAP_MAIL_ATTR}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapUserDisplayName '${NEXTCLOUD_LDAP_USER_DISP}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilter '${NEXTCLOUD_LDAP_GROUP_FILTR}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupFilterObjectclass '${NEXTCLOUD_LDAP_GROUP_FILTR_OBJCLASS}'"
+    /bin/sh -c "/var/www/html/occ ldap:set-config s01 ldapGroupMemberAssocAttr '${NEXTCLOUD_LDAP_GROUP_MEMBR_ASSO}'"
+    
+    # Lancez le processus principal de Nextcloud normalement ça ne marche pas ça ! donc plutot poststart.
+    #exec /entrypoint.sh "$@"
+
+    # /bin/sh -c "/var/www/html/occ app:enable user_ldap" 
+    # est fonctionnel dans le pods nextcloud ! 
+
+    #liste config : /bin/sh -c "/var/www/html/occ config:list"
--- a/overlays/dev/resources/nextcloud/host-config.yaml
+++ b/overlays/dev/resources/nextcloud/host-config.yaml
--- a/overlays/dev/resources/nextcloud/job-minio.yaml
+++ b/overlays/dev/resources/nextcloud/job-minio.yaml
@ -0,0 +1,41 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: create-minio-bucket
+spec:
+  template:
+    spec:
+      initContainers:
+      - name: wait-for-minio
+        image: reg.cadoles.com/proxy_cache/groundnuty/k8s-wait-for:v1.3
+        args:
+        - service
+        - minio
+      containers:
+      - name: create-bucket
+        image: minio/mc
+        envFrom:
+        - configMapRef:
+            name: nextcloud-env
+        env:
+        - name: CONSOLE_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-minio-user
+              key: CONSOLE_ACCESS_KEY
+        - name: CONSOLE_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-minio-user
+              key: CONSOLE_SECRET_KEY
+        command: ["sh", "-c"]
+        args:
+        - |
+          echo "création de l'alias my-minio"
+          mc alias set --insecure my-minio https://${MINIO_SERVICE_HOST}:${MINIO_SERVICE_PORT} ${CONSOLE_ACCESS_KEY} ${CONSOLE_SECRET_KEY}
+          echo "création du bucket..."
+          mc mb --insecure my-minio/nextcloud-minio
+          echo "Bucket créé. normalement"
+      restartPolicy: OnFailure
+      serviceAccountName: nextcloud-sa # declare user for initcontainer
+
--- a/overlays/dev/resources/nextcloud/minio-tenant.yaml
+++ b/overlays/dev/resources/nextcloud/minio-tenant.yaml
@ -0,0 +1,29 @@
+apiVersion: minio.min.io/v2
+kind: Tenant
+metadata:
+  name: nextcloud-minio
+spec:
+  certConfig:
+    dnsNames:
+    - "minio"
+  pools:
+  - servers: 2
+    name: pool-0
+    volumesPerServer: 3
+    volumeClaimTemplate:
+      metadata:
+        name: nextcloud-minio-data
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 3Gi
+    containerSecurityContext:
+      runAsUser: 1000
+      runAsGroup: 1000
+      runAsNonRoot: true
+  configuration:
+    name: nextcloud-minio-configuration
+  users:
+  - name: nextcloud-minio-user
--- a/overlays/dev/resources/nextcloud/namespace.yaml
+++ b/overlays/dev/resources/nextcloud/namespace.yaml
--- a/overlays/dev/resources/nextcloud/ssl.yaml
+++ b/overlays/dev/resources/nextcloud/ssl.yaml
@ -15,7 +15,7 @@ spec:
    - cadoles
  # The use of the common name field has been deprecated since 2000 and is
  # discouraged from being used.
-  commonName: cadoles.fr
+  commonName: cadoles.lan
  isCA: false
  privateKey:
    algorithm: RSA
@ -27,8 +27,8 @@ spec:
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
  - nextcloud
-  - nextcloud.cadoles.fr
-  - nxt.cadoles.fr
+  - nextcloud.cadoles.lan
+  - nxt.cadoles.lan
  # Issuer references are always required.
  issuerRef:
    name: cadoles-ca-issuer
@ -37,4 +37,4 @@ spec:
    kind: Issuer
    # This is optional since cert-manager will default to this value however
    # if you are using an external issuer, change this to that issuer group.
-    group: cert-manager.io
+    group: cert-manager.io