afornerot
/
nuosso
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first commit

This commit is contained in:
afornerot 2023-07-20 11:56:10 +02:00
parent 08c221d3d5
commit f624b15207
341 changed files with 64075 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
.env
View File

@ -1,41 +1,83 @@
# In all environments, the following files are loaded if they exist,
# the latter taking precedence over the former:
#
# * .env contains default values for the environment variables needed by the app
# * .env.local uncommitted file with local overrides
# * .env.$APP_ENV committed environment-specific defaults
# * .env.$APP_ENV.local uncommitted environment-specific overrides
#
# Real environment variables win over .env files.
#
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
# https://symfony.com/doc/current/configuration/secrets.html
#
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=8340a690dd03a4c60eeee779e007fc5b
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
#
# DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=15&charset=utf8"
###< doctrine/doctrine-bundle ###
###> symfony/messenger ###
# Choose one of the transports below
# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
APP_ENV=PROD
APP_SECRET=changeme
DATABASE_URL="postgresql://symfony:changeme@postgres:5432/app?serverVersion=13&charset=utf8"
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
###< symfony/messenger ###
###> symfony/mailer ###
# MAILER_DSN=null://null
###< symfony/mailer ###
APP_AUTH=OPENID # SQL | CAS | LDAP | OPENID
APP_MASTERIDENTITY=SSO # SQL | SSO | LDAP
APP_SYNCHRO= # Synchronisation null | LDAP2NINE | NINE2LDAP | NINE2NINE
# Redis Sentiel Session
REDIS_HOST='redis-sentinel'
REDIS_PORT=26379 # 6379 | 26379
REDIS_SERVICE=redismaster # master sentinel name
# LDAP
LDAP_HOST=openldap # host du serveur ldap
LDAP_PORT=389 # port du serveur ldap
LDAP_USETLS=0 # connection TLS 0/1
LDAP_USERWRITER=0 # LDAP_USER compte writer ? 0/1
LDAP_USER="cn=admin,dc=nuo,dc=fr" # DN compte access ldap
LDAP_PASSWORD=changeme # Password compte access ldap
LDAP_BASEDN="dc=nuo,dc=fr" # Base DN ex:dc=nine,dc=fr
LDAP_BASEORGANISATION= # Base Organisation ex:ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU01= # Base Niveau01 ex:ou=niveau01,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU02= # Base Niveau02 ex:ou=niveau02,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU03= # Base Niveau03 ex:ou=niveau03,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU04= # Base Niveau04 ex:ou=niveau04,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASEGROUP= # Base Group ex:ou=groups,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASEUSER= # Base User ex:ou=users,ou=nineskeletor,dc=nine,dc=fr
LDAP_USERNAME=uid # Attribut id d'un user
LDAP_FIRSTNAME=givenname # Attribut firstname d'un user
LDAP_LASTNAME=sn # Attribut lastname d'un user
LDAP_EMAIL=mail # Attribut email d'un user
LDAP_AVATAR=jpegPhoto # Attribut avatar d'un user
LDAP_MEMBEROF=memberof # Attribut memberof d'un user
LDAP_GROUPGID=gidnumber # Attribut gid d'un groupe
LDAP_GROUPNAME=cn # Attribut name d'un groupe
LDAP_GROUPMEMBER=memberuid # Attribut stockant les membres d'un groupe
LDAP_GROUPMEMBERISDN=0 # LDAP_GROUPMEMBER stocke un uid ou un dn ? 0/1
LDAP_FILTERGROUP=(cn=*) # requete ldap pour rechercher les groupes
LDAP_FILTERUSER=(uid=*) # requete ldap pour rechercher les users
LDAP_AUTOSUBMIT=1 # if APP_AUTH = LDAP autocréer les users non existant
LDAP_AUTOUPDATE=1 # if APP_AUTH = LDAP automodifier les users existant
# If APP_AUTH = CAS
CAS_HOST=
CAS_PORT=
CAS_PATH=
CAS_USERNAME=username
CAS_EMAIL=email
CAS_LASTNAME=lastname
CAS_FIRSTNAME=firstname
CAS_AVATAR=
CAS_NIVEAU01=
CAS_GROUP=
CAS_AUTOSUBMIT=1 # if APP_AUTH = CAS autocréer les users non existant
CAS_AUTOUPDATE=1 # if APP_AUTH = CAS automodifier les users existant
# If APP_AUTH = OPENID
OAUTH_CLIENTID=nuosso
OAUTH_CLIENTSECRET="changeme"
OAUTH_LOGINURL=http://127.0.0.1:7080/oauth2/auth
OAUTH_LOGOUTURL=http://127.0.0.1:7080/oauth2/sessions/logout
OAUTH_TOKENURL=http://hydra:4444/oauth2/token
OAUTH_USERINFO=http://hydra:4444/userinfo
OAUTH_USERNAME=username
OAUTH_EMAIL=email
OAUTH_LASTNAME=lastname
OAUTH_FIRSTNAME=firstname
OAUTH_AVATAR=
OAUTH_AUTOSUBMIT=1 # if APP_AUTH = OPENID autocréer les users non existant
OAUTH_AUTOUPDATE=1 # if APP_AUTH = OPENID automodifier les users existant
# Proxy
PROXY_USE=0
PROXY_HOST=
PROXY_PORT=
# Hydra apps
HYDRA_LOGINCHALLENGE="http://hydra:4445/oauth2/auth/requests/login?login_challenge="
HYDRA_LOGINCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/login/accept?login_challenge="
HYDRA_CONSENTCHALLENGE="http://hydra:4445/oauth2/auth/requests/consent?consent_challenge="
HYDRA_CONSENTCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/consent/accept?consent_challenge="

2
.gitignore vendored
View File

@ -7,6 +7,8 @@
/public/bundles/
/var/
/vendor/
/.data
###< symfony/framework-bundle ###
###> phpunit/phpunit ###

59
Makefile Executable file
View File

@ -0,0 +1,59 @@
SHELL := /bin/bash
ENGINE=kind
HARBOR_USER_NAME=afornerot
CLUSTER_NAME=nuosso
NAMESPACE=app-dev
POD=$(shell kubectl get pods --namespace=${NAMESPACE} --no-headers -o custom-columns=":metadata.name" | grep ^${CLUSTER_NAME}-${PODNAME})
dockercomposebuild:
docker-compose build --no-cache
dockercomposeup:
docker-compose up -d
docker-compose exec app bin/console d:s:u --force --complete
docker-compose exec app bin/console app:Init
dockercomposedown:
docker-compose stop
dockercomposesh:
docker-compose exec app /bin/sh
deletecluster:
${ENGINE} delete cluster --name=${CLUSTER_NAME}
createcluster:
${ENGINE} delete cluster --name=${CLUSTER_NAME}
${ENGINE} create cluster --config misc/k8s/${ENGINE}/${ENGINE}-cluster.yaml
atachcluster:
docker login reg.cadoles.com
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
applycluster:
kubectl apply -k misc/k8s/${ENGINE}/cluster --server-side
docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r
echo modifier ipaddresspoool.yaml si nécessaire
applylbcluster:
kubectl apply -k misc/k8s/${ENGINE}/cluster/lb --server-side
watchcluster:
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
sh:
kubectl exec --namespace=${NAMESPACE} ${POD} -it -- sh
deletenamespace:
kubectl delete all --all --namespace ${NAMESPACE}
getpods:
kubectl get pods --namespace ${NAMESPACE}
getservices:
kubectl get services --namespace ${NAMESPACE}

71
README.md Normal file
View File

@ -0,0 +1,71 @@
# DOCKER-COMPOSE
Build
```
make dockercomposebuild
```
Up
```
make dockercomposeup
```
Stop
```
make dockercomposestop
```
# KUBERNETES
Suppression Cluster
```
make deletecluster
```
Création Cluster
```
make createcluster
```
Rattachement du cluster aux secrets
```
make atachcluster
```
Deployer le cluster
**Attention** en fin de job l'ip du cluster est indiqué
Il est nécessaire d'ajuster le reseau dans ipaddresspoool.yaml si besoin
```
make applycluster
```
Déployer le stockage
**Attention** attendre une dizaine de seconde après le déploiement du cluster
```
make applylbcluster
```
Lancer le déployement en mode watch
```
make watchcluster:
```
Ouvrir un terminal sur la premiere instance de l'apps
```
make sh:
```
Suppression de l'ensemble du namespace
```
make deletenamespace
```
Lister les pods
```
make getpods
```
Lister les services
```
make getservices
```

10
composer.json
View File

@ -7,11 +7,15 @@
"php": ">=8.1",
"ext-ctype": "*",
"ext-iconv": "*",
"doctrine/annotations": "^2.0",
"doctrine/doctrine-bundle": "^2.10",
"doctrine/doctrine-migrations-bundle": "^3.2",
"doctrine/orm": "^2.15",
"mashape/unirest-php": "^3.0",
"phpdocumentor/reflection-docblock": "^5.3",
"phpstan/phpdoc-parser": "^1.22",
"predis/predis": "^2.2",
"ramsey/uuid": "^4.7",
"symfony/asset": "6.3.*",
"symfony/console": "6.3.*",
"symfony/doctrine-messenger": "6.3.*",
@ -41,6 +45,12 @@
"twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0"
},
"repositories": [
{
"type": "vcs",
"url": "https://github.com/loverg-c/unirest-php"
}
],
"config": {
"allow-plugins": {
"php-http/discovery": true,

424
composer.lock generated
View File

@ -4,8 +4,139 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "5625360c4bf0ca4c404a3a47e7b43354",
"content-hash": "6d4e45e1137c02bf343b5855dbbc822c",
"packages": [
{
"name": "brick/math",
"version": "0.11.0",
"source": {
"type": "git",
"url": "https://github.com/brick/math.git",
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/brick/math/zipball/0ad82ce168c82ba30d1c01ec86116ab52f589478",
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478",
"shasum": ""
},
"require": {
"php": "^8.0"
},
"require-dev": {
"php-coveralls/php-coveralls": "^2.2",
"phpunit/phpunit": "^9.0",
"vimeo/psalm": "5.0.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Brick\\Math\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Arbitrary-precision arithmetic library",
"keywords": [
"Arbitrary-precision",
"BigInteger",
"BigRational",
"arithmetic",
"bigdecimal",
"bignum",
"brick",
"math"
],
"support": {
"issues": "https://github.com/brick/math/issues",
"source": "https://github.com/brick/math/tree/0.11.0"
},
"funding": [
{
"url": "https://github.com/BenMorel",
"type": "github"
}
],
"time": "2023-01-15T23:15:59+00:00"
},
{
"name": "doctrine/annotations",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/doctrine/annotations.git",
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/doctrine/annotations/zipball/e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
"shasum": ""
},
"require": {
"doctrine/lexer": "^2 || ^3",
"ext-tokenizer": "*",
"php": "^7.2 || ^8.0",
"psr/cache": "^1 || ^2 || ^3"
},
"require-dev": {
"doctrine/cache": "^2.0",
"doctrine/coding-standard": "^10",
"phpstan/phpstan": "^1.8.0",
"phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
"symfony/cache": "^5.4 || ^6",
"vimeo/psalm": "^4.10"
},
"suggest": {
"php": "PHP 8.0 or higher comes with attributes, a native replacement for annotations"
},
"type": "library",
"autoload": {
"psr-4": {
"Doctrine\\Common\\Annotations\\": "lib/Doctrine/Common/Annotations"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Guilherme Blanco",
"email": "guilhermeblanco@gmail.com"
},
{
"name": "Roman Borschel",
"email": "roman@code-factory.org"
},
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de"
},
{
"name": "Jonathan Wage",
"email": "jonwage@gmail.com"
},
{
"name": "Johannes Schmitt",
"email": "schmittjoh@gmail.com"
}
],
"description": "Docblock Annotations Parser",
"homepage": "https://www.doctrine-project.org/projects/annotations.html",
"keywords": [
"annotations",
"docblock",
"parser"
],
"support": {
"issues": "https://github.com/doctrine/annotations/issues",
"source": "https://github.com/doctrine/annotations/tree/2.0.1"
},
"time": "2023-02-02T22:02:53+00:00"
},
{
"name": "doctrine/cache",
"version": "2.2.0",
@ -1386,6 +1517,55 @@
],
"time": "2023-01-14T14:17:03+00:00"
},
{
"name": "mashape/unirest-php",
"version": "v3.0.5",
"source": {
"type": "git",
"url": "https://github.com/loverg-c/unirest-php.git",
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/loverg-c/unirest-php/zipball/45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
"shasum": ""
},
"require": {
"ext-curl": "*",
"php": ">=5.4.0"
},
"require-dev": {
"codeclimate/php-test-reporter": "0.1.*",
"phpunit/phpunit": "~4.4"
},
"suggest": {
"ext-json": "Allows using JSON Bodies for sending and parsing requests"
},
"type": "library",
"autoload": {
"psr-0": {
"Unirest\\": "src/"
}
},
"license": [
"MIT"
],
"description": "Unirest PHP",
"homepage": "https://github.com/Mashape/unirest-php",
"keywords": [
"client",
"curl",
"http",
"https",
"rest"
],
"support": {
"email": "opensource@mashape.com",
"source": "https://github.com/loverg-c/unirest-php/tree/v3.0.5"
},
"time": "2020-02-25T11:14:07+00:00"
},
{
"name": "monolog/monolog",
"version": "3.4.0",
@ -1702,6 +1882,67 @@
},
"time": "2023-06-29T20:46:06+00:00"
},
{
"name": "predis/predis",
"version": "v2.2.0",
"source": {
"type": "git",
"url": "https://github.com/predis/predis.git",
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/predis/predis/zipball/33b70b971a32b0d28b4f748b0547593dce316e0d",
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.3",
"phpstan/phpstan": "^1.9",
"phpunit/phpunit": "^8.0 || ~9.4.4"
},
"suggest": {
"ext-relay": "Faster connection with in-memory caching (>=0.6.2)"
},
"type": "library",
"autoload": {
"psr-4": {
"Predis\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Till Krüss",
"homepage": "https://till.im",
"role": "Maintainer"
}
],
"description": "A flexible and feature-complete Redis client for PHP.",
"homepage": "http://github.com/predis/predis",
"keywords": [
"nosql",
"predis",
"redis"
],
"support": {
"issues": "https://github.com/predis/predis/issues",
"source": "https://github.com/predis/predis/tree/v2.2.0"
},
"funding": [
{
"url": "https://github.com/sponsors/tillkruss",
"type": "github"
}
],
"time": "2023-06-14T10:37:31+00:00"
},
{
"name": "psr/cache",
"version": "3.0.0",
@ -2008,6 +2249,187 @@
},
"time": "2021-07-14T16:46:02+00:00"
},
{
"name": "ramsey/collection",
"version": "2.0.0",
"source": {
"type": "git",
"url": "https://github.com/ramsey/collection.git",
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ramsey/collection/zipball/a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
"shasum": ""
},
"require": {
"php": "^8.1"
},
"require-dev": {
"captainhook/plugin-composer": "^5.3",
"ergebnis/composer-normalize": "^2.28.3",
"fakerphp/faker": "^1.21",
"hamcrest/hamcrest-php": "^2.0",
"jangregor/phpstan-prophecy": "^1.0",
"mockery/mockery": "^1.5",
"php-parallel-lint/php-console-highlighter": "^1.0",
"php-parallel-lint/php-parallel-lint": "^1.3",
"phpcsstandards/phpcsutils": "^1.0.0-rc1",
"phpspec/prophecy-phpunit": "^2.0",
"phpstan/extension-installer": "^1.2",
"phpstan/phpstan": "^1.9",
"phpstan/phpstan-mockery": "^1.1",
"phpstan/phpstan-phpunit": "^1.3",
"phpunit/phpunit": "^9.5",
"psalm/plugin-mockery": "^1.1",
"psalm/plugin-phpunit": "^0.18.4",
"ramsey/coding-standard": "^2.0.3",
"ramsey/conventional-commits": "^1.3",
"vimeo/psalm": "^5.4"
},
"type": "library",
"extra": {
"captainhook": {
"force-install": true
},
"ramsey/conventional-commits": {
"configFile": "conventional-commits.json"
}
},
"autoload": {
"psr-4": {
"Ramsey\\Collection\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Ben Ramsey",
"email": "ben@benramsey.com",
"homepage": "https://benramsey.com"
}
],
"description": "A PHP library for representing and manipulating collections.",
"keywords": [
"array",
"collection",
"hash",
"map",
"queue",
"set"
],
"support": {
"issues": "https://github.com/ramsey/collection/issues",
"source": "https://github.com/ramsey/collection/tree/2.0.0"
},
"funding": [
{
"url": "https://github.com/ramsey",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/ramsey/collection",
"type": "tidelift"
}
],
"time": "2022-12-31T21:50:55+00:00"
},
{
"name": "ramsey/uuid",
"version": "4.7.4",
"source": {
"type": "git",
"url": "https://github.com/ramsey/uuid.git",
"reference": "60a4c63ab724854332900504274f6150ff26d286"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ramsey/uuid/zipball/60a4c63ab724854332900504274f6150ff26d286",
"reference": "60a4c63ab724854332900504274f6150ff26d286",
"shasum": ""
},
"require": {
"brick/math": "^0.8.8 || ^0.9 || ^0.10 || ^0.11",
"ext-json": "*",
"php": "^8.0",
"ramsey/collection": "^1.2 || ^2.0"
},
"replace": {
"rhumsaa/uuid": "self.version"
},
"require-dev": {
"captainhook/captainhook": "^5.10",
"captainhook/plugin-composer": "^5.3",
"dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
"doctrine/annotations": "^1.8",
"ergebnis/composer-normalize": "^2.15",
"mockery/mockery": "^1.3",
"paragonie/random-lib": "^2",
"php-mock/php-mock": "^2.2",
"php-mock/php-mock-mockery": "^1.3",
"php-parallel-lint/php-parallel-lint": "^1.1",
"phpbench/phpbench": "^1.0",
"phpstan/extension-installer": "^1.1",
"phpstan/phpstan": "^1.8",
"phpstan/phpstan-mockery": "^1.1",
"phpstan/phpstan-phpunit": "^1.1",
"phpunit/phpunit": "^8.5 || ^9",
"ramsey/composer-repl": "^1.4",
"slevomat/coding-standard": "^8.4",
"squizlabs/php_codesniffer": "^3.5",
"vimeo/psalm": "^4.9"
},
"suggest": {
"ext-bcmath": "Enables faster math with arbitrary-precision integers using BCMath.",
"ext-gmp": "Enables faster math with arbitrary-precision integers using GMP.",
"ext-uuid": "Enables the use of PeclUuidTimeGenerator and PeclUuidRandomGenerator.",
"paragonie/random-lib": "Provides RandomLib for use with the RandomLibAdapter",
"ramsey/uuid-doctrine": "Allows the use of Ramsey\\Uuid\\Uuid as Doctrine field type."
},
"type": "library",
"extra": {
"captainhook": {
"force-install": true
}
},
"autoload": {
"files": [
"src/functions.php"
],
"psr-4": {
"Ramsey\\Uuid\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "A PHP library for generating and working with universally unique identifiers (UUIDs).",
"keywords": [
"guid",
"identifier",
"uuid"
],
"support": {
"issues": "https://github.com/ramsey/uuid/issues",
"source": "https://github.com/ramsey/uuid/tree/4.7.4"
},
"funding": [
{
"url": "https://github.com/ramsey",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/ramsey/uuid",
"type": "tidelift"
}
],
"time": "2023-04-15T23:01:58+00:00"
},
{
"name": "symfony/asset",
"version": "v6.3.0",

4
config/packages/framework.yaml
View File

@ -8,7 +8,9 @@ framework:
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:
handler_id: null
handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
save_path: '@Redis'
gc_probability: null
cookie_secure: auto
cookie_samesite: lax
storage_factory_id: session.storage.factory.native

45
config/packages/security.yaml
View File

@ -1,29 +1,44 @@
security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface:
id: 'App\Service\PasswordEncoder'
providers:
users_in_memory: { memory: null }
main:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: users_in_memory
pattern: ^/
provider: main
context: maincontext
user_checker: App\Service\UserChecker
form_login:
login_path: app_login
check_path: app_login
default_target_path: app_home
use_referer: true
csrf_parameter: _csrf_security_token
csrf_token_id: a_private_string
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#the-firewall
logout:
invalidate_session: true
path: app_kill
target: app_home
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
- { path: ^/all, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_MASTER, ROLE_MANAGER, ROLE_USER] }
- { path: ^/user, roles: [ROLE_USER] }
- { path: ^/manager, roles: [ROLE_MANAGER] }
- { path: ^/master, roles: [ROLE_MASTER] }
- { path: ^/modo, roles: [ROLE_MODO] }
- { path: ^/admin, roles: [ROLE_ADMIN] }
when@test:
security:

4
config/packages/twig.yaml
View File

@ -1,5 +1,9 @@
twig:
default_path: '%kernel.project_dir%/templates'
form_themes:
- 'Form/fields.html.twig'
globals:
appMasteridentity: '%appMasteridentity%'
when@test:
twig:

49
config/routes.yaml
View File

@ -1,5 +1,44 @@
controllers:
resource:
path: ../src/Controller/
namespace: App\Controller
type: attribute
#== Home ========================================================================================================
app_home:
path: /
controller: App\Controller\HomeController::home
#== Security ====================================================================================================
#-- Access public
app_login:
path: /login
controller: App\Controller\SecurityController::login
app_loginldapcheck:
path: /loginldapcheck
controller: App\Controller\SecurityController::loginldapcheck
app_loginopenidcallback:
path: /oauth2/callback
controller: App\Controller\SecurityController::loginopenidcallback
app_logout:
path: /logout
controller: App\Controller\SecurityController::logout
#== Hydra =======================================================================================================
#-- Access public
app_hydra_loginsql:
path: /hydra/loginsql
controller: App\Controller\HydraController::loginsql
app_hydra_checkloginsql:
path: /hydra/checkloginsql
controller: App\Controller\HydraController::checkloginsql
app_hydra_loginldap:
path: /hydra/loginldap
controller: App\Controller\HydraController::loginldap
app_hydra_checkloginldap:
path: /hydra/checkloginldap
controller: App\Controller\HydraController::checkloginldap
app_hydra_consent:
path: /hydra/consent
controller: App\Controller\HydraController::consent

115
config/services.yaml
View File

@ -1,18 +1,82 @@
# This file is the entry point to configure your own services.
# Files in the packages/ subdirectory configure your dependencies.
# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters:
app_env: '%env(resolve:APP_ENV)%'
appSecret: '%env(resolve:APP_SECRET)%'
appAuth: '%env(resolve:APP_AUTH)%'
appMasteridentity: '%env(resolve:APP_MASTERIDENTITY)%'
appSynchro: '%env(resolve:APP_SYNCHRO)%'
ldapHost: '%env(resolve:LDAP_HOST)%'
ldapPort: '%env(resolve:LDAP_PORT)%'
ldapUsetls: '%env(resolve:LDAP_USETLS)%'
ldapUserwriter: '%env(resolve:LDAP_USERWRITER)%'
ldapUser: '%env(resolve:LDAP_USER)%'
ldapPassword: '%env(resolve:LDAP_PASSWORD)%'
ldapBasedn: '%env(resolve:LDAP_BASEDN)%'
ldapBaseorganisation: '%env(resolve:LDAP_BASEORGANISATION)%'
ldapBaseniveau01: '%env(resolve:LDAP_BASENIVEAU01)%'
ldapBaseniveau02: '%env(resolve:LDAP_BASENIVEAU02)%'
ldapBaseniveau03: '%env(resolve:LDAP_BASENIVEAU03)%'
ldapBaseniveau04: '%env(resolve:LDAP_BASENIVEAU04)%'
ldapBasegroup: '%env(resolve:LDAP_BASEGROUP)%'
ldapBaseuser: '%env(resolve:LDAP_BASEUSER)%'
ldapUsername: '%env(resolve:LDAP_USERNAME)%'
ldapFirstname: '%env(resolve:LDAP_FIRSTNAME)%'
ldapLastname: '%env(resolve:LDAP_LASTNAME)%'
ldapEmail: '%env(resolve:LDAP_EMAIL)%'
ldapAvatar: '%env(resolve:LDAP_AVATAR)%'
ldapMemberof: '%env(resolve:LDAP_MEMBEROF)%'
ldapGroupgid: '%env(resolve:LDAP_GROUPGID)%'
ldapGroupname: '%env(resolve:LDAP_GROUPNAME)%'
ldapGroupmember: '%env(resolve:LDAP_GROUPMEMBER)%'
ldapGroupmemberisdn: '%env(resolve:LDAP_GROUPMEMBERISDN)%'
ldapFiltergroup: '%env(resolve:LDAP_FILTERGROUP)%'
ldapFilteruser: '%env(resolve:LDAP_FILTERUSER)%'
ldapAutosubmit: '%env(resolve:LDAP_AUTOSUBMIT)%'
ldapAutoupdate: '%env(resolve:LDAP_AUTOUPDATE)%'
casHost: '%env(resolve:CAS_HOST)%'
casPort: '%env(resolve:CAS_PORT)%'
casPath: '%env(resolve:CAS_PATH)%'
casUsername: '%env(resolve:CAS_USERNAME)%'
casEmail: '%env(resolve:CAS_EMAIL)%'
casLastname: '%env(resolve:CAS_LASTNAME)%'
casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
casAvatar: '%env(resolve:CAS_AVATAR)%'
casNiveau01: '%env(resolve:CAS_NIVEAU01)%'
casGroup: '%env(resolve:CAS_GROUP)%'
casAutosubmit: '%env(resolve:CAS_AUTOSUBMIT)%'
casAutoupdate: '%env(resolve:CAS_AUTOUPDATE)%'
oauthClientid: '%env(resolve:OAUTH_CLIENTID)%'
oauthClientsecret: '%env(resolve:OAUTH_CLIENTSECRET)%'
oauthLoginurl: '%env(resolve:OAUTH_LOGINURL)%'
oauthLogouturl: '%env(resolve:OAUTH_LOGOUTURL)%'
oauthTokenurl: '%env(resolve:OAUTH_TOKENURL)%'
oauthUserinfo: '%env(resolve:OAUTH_USERINFO)%'
oauthUsername: '%env(resolve:OAUTH_USERNAME)%'
oauthEmail: '%env(resolve:OAUTH_EMAIL)%'
oauthLastname: '%env(resolve:OAUTH_LASTNAME)%'
oauthFirstname: '%env(resolve:OAUTH_FIRSTNAME)%'
oauthAvatar: '%env(resolve:OAUTH_AVATAR)%'
oauthNiveau01: '%env(resolve:OAUTH_NIVEAU01)%'
oauthGroup: '%env(resolve:OAUTH_GROUP)%'
oauthAutosubmit: '%env(resolve:OAUTH_AUTOSUBMIT)%'
oauthAutoupdate: '%env(resolve:OAUTH_AUTOUPDATE)%'
proxyUse: '%env(resolve:PROXY_USE)%'
proxyHost: '%env(resolve:PROXY_HOST)%'
proxyPort: '%env(resolve:PROXY_PORT)%'
hydraLoginchallenge: '%env(resolve:HYDRA_LOGINCHALLENGE)%'
hydraLoginchallengeaccept: '%env(resolve:HYDRA_LOGINCHALLENGEACCEPT)%'
hydraConsentchallenge: '%env(resolve:HYDRA_CONSENTCHALLENGE)%'
hydraConsentchallengeaccept: '%env(resolve:HYDRA_CONSENTCHALLENGEACCEPT)%'
services:
# default configuration for services in *this* file
_defaults:
autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\:
resource: '../src/'
exclude:
@ -20,5 +84,36 @@ services:
- '../src/Entity/'
- '../src/Kernel.php'
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones
Redis:
class: Predis\Client
arguments:
-
-
scheme: 'tcp'
host: '%env(resolve:REDIS_HOST)%'
port: '%env(resolve:REDIS_PORT)%'
-
replication: 'sentinel'
service: '%env(resolve:REDIS_SERVICE)%'
connection_timeout: 100
read_write_timeout: 300
Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
arguments:
- '@Redis'
App\Entity\User:
public: true
arguments: ['@security.password_hasher']
App\Command\InitCommand:
public: true
arguments: ['@service_container','@doctrine.orm.entity_manager']
App\Service\ApiService:
public: true
App\Service\LdapService:
public: true
arguments: ["@service_container"]

14
docker-compose.override.yml
View File

@ -1,14 +0,0 @@
version: '3'
services:
###> doctrine/doctrine-bundle ###
database:
ports:
- "5432"
###< doctrine/doctrine-bundle ###
###> symfony/mailer ###
mailer:
image: schickling/mailcatcher
ports: ["1025", "1080"]
###< symfony/mailer ###

143
docker-compose.yml
View File

@ -1,21 +1,132 @@
version: '3'
services:
###> doctrine/doctrine-bundle ###
database:
image: postgres:${POSTGRES_VERSION:-15}-alpine
environment:
POSTGRES_DB: ${POSTGRES_DB:-app}
# You should definitely change the password in production
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!}
POSTGRES_USER: ${POSTGRES_USER:-app}
volumes:
- database_data:/var/lib/postgresql/data:rw
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
# - ./docker/db/data:/var/lib/postgresql/data:rw
###< doctrine/doctrine-bundle ###
# Service redis
redis-master:
image: redis:6-alpine
volumes:
- "./.data:/data"
ports:
- "6379:6379"
redis-slave:
image: redis:6-alpine
command: redis-server --slaveof redis-master 6379
links:
- redis-master
volumes:
- "./.data:/data"
redis-sentinel:
build:
context: ./misc/images/redis-sentinel
links:
- redis-master
# Service postgres
postgres:
image: postgres:13-alpine
hostname: postgres
environment:
POSTGRES_MULTIPLE_DATABASES: app,hydra
POSTGRES_PASSWORD: changeme
POSTGRES_USER: symfony
ports:
- 5432:5432
volumes:
- db-data:/var/lib/postgresql/data:rw
- ./misc/images/postgres:/docker-entrypoint-initdb.d
# Service app
app:
build:
context: .
dockerfile: ./misc/images/app/app-docker/Dockerfile
ports:
- ${APP_HTTP_PORT:-8080}:8080
links:
- postgres
- hydra
- redis-sentinel
depends_on:
- postgres
- hydra
volumes:
- ./src:/app/src:delegated
- ./public:/app/public:delegated
- ./templates:/app/templates:delegated
- ./translations:/app/translations:delegated
- ./tests:/app/tests:delegated
- ./config:/app/config:delegated
- ./.env:/app/.env:delegated
environment:
PHP_FPM_MEMORY_LIMIT: 128m
APP_ENV: PROD
# Service hydra
hydra:
image: cadoles/hydra-v1
hostname: hydra
volumes:
- ./misc/images/hydra/clients.d:/etc/hydra/clients.d
ports:
- 7080:4444
- 4445:4445
links:
- postgres
depends_on:
- postgres
restart: on-failure
environment:
LOG_LEAK_SENSITIVE_VALUES: "true"
HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080
HYDRA_URLS_CONSENT: http://127.0.0.1:8080/hydra/consent
HYDRA_URLS_LOGIN: http://127.0.0.1:8080/hydra/loginsql
HYDRA_URLS_LOGOUT: http://127.0.0.1:8080/hydra/logoutsql
HYDRA_URLS_ERROR: https://127.0.0.1:8080
HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra
HYDRA_ALLOW_INSECURE: "yes"
HYDRA_LEVEL: debug
# Service Openldap
openldap:
image: osixia/openldap:1.5.0
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "nuo"
LDAP_DOMAIN: "nuo.fr"
LDAP_ADMIN_PASSWORD: "changeme"
LDAP_CONFIG_PASSWORD: "changeme"
LDAP_READONLY_USER: "true"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_TLS: "false"
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
# Service phpldapadmin
phpldapadmin:
image: osixia/phpldapadmin:latest
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "6080:80"
depends_on:
- openldap
# Service adminer
adminer:
image: adminer
restart: always
ports:
- 6081:8080
volumes:
###> doctrine/doctrine-bundle ###
database_data:
###< doctrine/doctrine-bundle ###
db-data:

6
misc/images/app/app-docker/Dockerfile Normal file
View File

@ -0,0 +1,6 @@
ARG PHP_PKG_VERSION="8.1.20-r0"
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION} \
php81-ldap=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

5
misc/images/app/app-kube/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
ARG PHP_PKG_VERSION="8.1.20-r0"
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-base

19
misc/images/hydra/clients.d/authtest.json Normal file
View File

@ -0,0 +1,19 @@
{
"client_id": "nuosso",
"client_name": "NuoSSO",
"client_secret": "changeme",
"grant_types": [
"authorization_code",
"refresh_token"
],
"jwks": {},
"metadata": {},
"token_endpoint_auth_method": "client_secret_post",
"post_logout_redirect_uris": ["http://127.0.0.1:8080"],
"redirect_uris": ["http://127.0.0.1:8080/oauth2/callback"],
"response_types": [
"code"
],
"logo_uri": "http://127.0.0.1:8080/images/logo.png",
"scope": "openid"
}

22
misc/images/postgres/init-user-db.sh Executable file
View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
set -u
function create_user_and_database() {
local database=$1
echo " Creating user and database '$database'"
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $database;
CREATE DATABASE $database;
GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
EOSQL
}
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
create_user_and_database $db
done
echo "Multiple databases created"
fi

19
misc/images/redis-sentinel/Dockerfile Normal file
View File

@ -0,0 +1,19 @@
FROM redis:6-alpine
ENV SENTINEL_QUORUM 2
ENV SENTINEL_DOWN_AFTER 1000
ENV SENTINEL_FAILOVER 1000
RUN mkdir -p /redis
WORKDIR /redis
COPY sentinel.conf .
COPY sentinel-entrypoint.sh /usr/local/bin/
RUN chown redis:redis /redis/* && \
chmod +x /usr/local/bin/sentinel-entrypoint.sh
EXPOSE 26379
ENTRYPOINT ["sentinel-entrypoint.sh"]

7
misc/images/redis-sentinel/sentinel-entrypoint.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
sed -i "s/\$SENTINEL_QUORUM/$SENTINEL_QUORUM/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_DOWN_AFTER/$SENTINEL_DOWN_AFTER/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_FAILOVER/$SENTINEL_FAILOVER/g" /redis/sentinel.conf
redis-server /redis/sentinel.conf --sentinel

9
misc/images/redis-sentinel/sentinel.conf Normal file
View File

@ -0,0 +1,9 @@
port 26379
dir /tmp
sentinel resolve-hostnames yes
sentinel monitor redismaster redis-master 6379 $SENTINEL_QUORUM
sentinel down-after-milliseconds redismaster $SENTINEL_DOWN_AFTER
sentinel parallel-syncs redismaster 1
sentinel failover-timeout redismaster $SENTINEL_FAILOVER

2
misc/images/redis/redis-master.conf Normal file
View File

@ -0,0 +1,2 @@
port 6379
requirepass changeme

3
misc/images/redis/redis-slave.conf Normal file
View File

@ -0,0 +1,3 @@
port 6380
slaveof redis-master 6379
masterauth changeme

4
misc/images/redis/sentinel.conf Normal file
View File

@ -0,0 +1,4 @@
port 26379
sentinel monitor mymaster redis-master 6379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 10000

11
misc/k8s/kind/cluster/kustomization.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metrics?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop

7
misc/k8s/kind/cluster/lb/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- ./resources/ipaddresspoool.yaml
- ./resources/advertise.yaml

9
misc/k8s/kind/cluster/lb/resources/advertise.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: l2-ip-pool-ad
namespace: metallb-system
spec:
ipAddressPools:
- main-pool

8
misc/k8s/kind/cluster/lb/resources/ipaddresspoool.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: main-pool
namespace: metallb-system
spec:
addresses:
- 172.19.10.100-172.19.10.200

48
misc/k8s/kind/kind-cluster.yaml Normal file
View File

@ -0,0 +1,48 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: nuosso
networking:
podSubnet: "10.110.0.0/16"
serviceSubnet: "10.115.0.0/16"
nodes:
- role: control-plane
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 31000
hostPort: 31000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
- containerPort: 80
hostPort: 8080
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
labels:
ingress-ready: true
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi

8
misc/k8s/kustomization/base/components/app-cnpg/configurations/cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,8 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/superuserSecret/name
kind: Cluster
- path: spec/bootstrap/initdb/secret/name
kind: Cluster

32
misc/k8s/kustomization/base/components/app-cnpg/kustomization.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
generatorOptions:
disableNameSuffixHash: true
configurations:
- ./configurations/cnpg-cluster.yaml
resources:
- ./resources/app-cnpg-cluster.yaml
secretgenerator:
- name: postgres-admin
type: secret
literals:
- username=postgres
- password=notsosecret
- name: postgres-user
type: Secret
literals:
- username=app
- password=NotSoSecretButThisIsBad
vars:
- name: POSTGRES_DATABASE_SERVICE_NAME
objref:
name: postgres
kind: Cluster
apiVersion: postgresql.cnpg.io/v1
fieldref:
fieldpath: metadata.name

17
misc/k8s/kustomization/base/components/app-cnpg/resources/app-cnpg-cluster.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
spec:
instances: 3
primaryUpdateStrategy: unsupervised
superuserSecret:
name: postgres-admin
bootstrap:
initdb:
database: app
owner: app
secret:
name: postgres-user
storage:
size: 20Gi

9
misc/k8s/kustomization/base/kustomization.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
components:
- components/app-cnpg
resources:
- resources/app
- resources/redis

26
misc/k8s/kustomization/base/resources/adminer/adminer-deployment.yaml Normal file
View File

@ -0,0 +1,26 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
selector:
matchLabels:
io.kompose.service: adminer
replicas: 1
template:
metadata:
labels:
io.kompose.service: adminer
spec:
containers:
- name: adminer
image: reg.cadoles.com/afornerot/adminer
imagePullPolicy: "Always"
env:
- name: ADMINER_DESIGN
value: "pappu687"
ports:
- containerPort: 80
resources: {}

14
misc/k8s/kustomization/base/resources/adminer/adminer-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
type: ClusterIP
ports:
- name: adminer
port: 8080
targetPort: 80
selector:
io.kompose.service: adminer

6
misc/k8s/kustomization/base/resources/adminer/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- adminer-deployment.yaml
- adminer-service.yaml

86
misc/k8s/kustomization/base/resources/app/app-deployment.yaml Normal file
View File

@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: app
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: app
spec:
restartPolicy: Always
containers:
- image: reg.cadoles.com/afornerot/nuosso
imagePullPolicy: Always
name: app-php-fpm
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
resources: {}
env:
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
- name: POSTGRES_DATABASE_SERVICE_NAME
value: $(POSTGRES_DATABASE_SERVICE_NAME)-rw
- name: POSTGRES_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: postgres-user
key: username
- name: POSTGRES_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-user
key: password
- name: APP_AUTH
value: "SQL"
- name: APP_MASTERIDENTITY
value: "SQL"
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_DATABASE_USERNAME):$(POSTGRES_DATABASE_PASSWORD)@$(POSTGRES_DATABASE_SERVICE_NAME)-rw:5432/app"
- name: REDIS_HOST
value: rfs-$(REDIS_SERVICE_NAME)
- name: REDIS_PORT
value: "26379"
- name: REDIS_SERVICE
value: "mymaster"
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "/app/bin/console d:s:u --force --complete && /app/bin/console app:Init"]
- image: reg.cadoles.com/afornerot/nuosso
imagePullPolicy: Always
name: app-nginx
args: ["/usr/sbin/nginx"]
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
resources: {}

14
misc/k8s/kustomization/base/resources/app/app-service.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: app
name: app
spec:
type: ClusterIP
ports:
- name: app
port: 8080
targetPort: 8080
selector:
io.kompose.service: app

6
misc/k8s/kustomization/base/resources/app/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- app-service.yaml
- app-deployment.yaml

14
misc/k8s/kustomization/base/resources/redis/kustomization.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- redis-redisfailover.yaml
vars:
- name: REDIS_SERVICE_NAME
objref:
name: redis
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
fieldref:
fieldpath: metadata.name

21
misc/k8s/kustomization/base/resources/redis/redis-redisfailover.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
metadata:
name: redis
spec:
sentinel:
replicas: 3
resources:
requests:
cpu: 100m
limits:
memory: 100Mi
redis:
replicas: 3
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 400m
memory: 500Mi

3
misc/k8s/kustomization/base/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/base/secrets/.gitkeep Normal file
View File

24
misc/k8s/kustomization/overlays/dev/kustomization.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: app-dev
namePrefix: nuosso-
resources:
- ../../base
- ../../base/resources/adminer
- resources/namespace.yaml
- resources/ingress.yaml
patches:
- path: patches/app-deployment.yaml
- path: patches/add-registry-pull-secret.yaml
target:
kind: Deployment
version: v1
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson

4
misc/k8s/kustomization/overlays/dev/patches/add-registry-pull-secret.yaml Normal file
View File

@ -0,0 +1,4 @@
- op: add
path: "/spec/template/spec/imagePullSecrets"
value:
- name: regcred-dev

15
misc/k8s/kustomization/overlays/dev/patches/app-deployment.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
template:
spec:
restartPolicy: Always
containers:
- name: app-php-fpm
env:
- name: APP_ENV
value: dev

28
misc/k8s/kustomization/overlays/dev/resources/ingress.yaml Normal file
View File

@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
spec:
ingressClassName: nginx
rules:
- host: app.dev.local
http:
paths:
- path: /adminer
pathType: Prefix
backend:
service:
name: adminer
port:
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: app
port:
number: 8080

4
misc/k8s/kustomization/overlays/dev/resources/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: app-dev

3
misc/k8s/kustomization/overlays/dev/secrets/.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

0
misc/k8s/kustomization/overlays/dev/secrets/.gitkeep Normal file
View File

BIN
public/images/admin.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

0
public/images/icons/.gitkeep Normal file
View File

BIN
public/images/icons/icon_adminer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.9 KiB

BIN
public/images/icons/icon_anchor.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 KiB

BIN
public/images/icons/icon_aperture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
public/images/icons/icon_arrow-down.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.5 KiB

BIN
public/images/icons/icon_arrow-up.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
public/images/icons/icon_art.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
public/images/icons/icon_balado.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
public/images/icons/icon_bar-chart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
public/images/icons/icon_batteryfull.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
public/images/icons/icon_batterylow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 KiB

BIN
public/images/icons/icon_bdd.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
public/images/icons/icon_bike.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.1 KiB

BIN
public/images/icons/icon_biker.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.2 KiB

BIN
public/images/icons/icon_bikewheel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.4 KiB

BIN
public/images/icons/icon_blimp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

BIN
public/images/icons/icon_bolt.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
public/images/icons/icon_bomb.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.1 KiB

BIN
public/images/icons/icon_booklet.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.6 KiB

BIN
public/images/icons/icon_bookshelf.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB

BIN
public/images/icons/icon_briefcase.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
public/images/icons/icon_brightness.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

BIN
public/images/icons/icon_browser.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
public/images/icons/icon_brush-pencil.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.8 KiB

BIN
public/images/icons/icon_cadoles.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
public/images/icons/icon_calculator.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
public/images/icons/icon_calendar.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
public/images/icons/icon_camera.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
public/images/icons/icon_car.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
public/images/icons/icon_cart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
public/images/icons/icon_carwheel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.7 KiB

BIN
public/images/icons/icon_caution.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

BIN
public/images/icons/icon_chart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.3 KiB

BIN
public/images/icons/icon_chartpie.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

BIN
public/images/icons/icon_chat.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
public/images/icons/icon_check.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
public/images/icons/icon_circlecompass.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.4 KiB

BIN
public/images/icons/icon_clapboard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
public/images/icons/icon_clipboard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB

BIN
public/images/icons/icon_clock.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.0 KiB

BIN
public/images/icons/icon_cloud.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
public/images/icons/icon_cmyk.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.8 KiB

BIN
public/images/icons/icon_colorwheel.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.8 KiB

BIN
public/images/icons/icon_compass.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.6 KiB

BIN
public/images/icons/icon_compose.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB

BIN
public/images/icons/icon_computer.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.2 KiB

BIN
public/images/icons/icon_cone.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.9 KiB

BIN
public/images/icons/icon_contacts.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
public/images/icons/icon_contrast.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
public/images/icons/icon_countdown.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

Some files were not shown because too many files have changed in this diff Show More