first commit

This commit is contained in:
afornerot 2023-07-20 11:56:10 +02:00
parent 08c221d3d5
commit f624b15207
341 changed files with 64075 additions and 103 deletions

120
.env
View File

@ -1,41 +1,83 @@
# In all environments, the following files are loaded if they exist, APP_ENV=PROD
# the latter taking precedence over the former: APP_SECRET=changeme
# DATABASE_URL="postgresql://symfony:changeme@postgres:5432/app?serverVersion=13&charset=utf8"
# * .env contains default values for the environment variables needed by the app
# * .env.local uncommitted file with local overrides
# * .env.$APP_ENV committed environment-specific defaults
# * .env.$APP_ENV.local uncommitted environment-specific overrides
#
# Real environment variables win over .env files.
#
# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
# https://symfony.com/doc/current/configuration/secrets.html
#
# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
# https://symfony.com/doc/current/best_practices.html#use-environment-variables-for-infrastructure-configuration
###> symfony/framework-bundle ###
APP_ENV=dev
APP_SECRET=8340a690dd03a4c60eeee779e007fc5b
###< symfony/framework-bundle ###
###> doctrine/doctrine-bundle ###
# Format described at https://www.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
#
# DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=8.0.32&charset=utf8mb4"
# DATABASE_URL="mysql://app:!ChangeMe!@127.0.0.1:3306/app?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
DATABASE_URL="postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=15&charset=utf8"
###< doctrine/doctrine-bundle ###
###> symfony/messenger ###
# Choose one of the transports below
# MESSENGER_TRANSPORT_DSN=amqp://guest:guest@localhost:5672/%2f/messages
# MESSENGER_TRANSPORT_DSN=redis://localhost:6379/messages
MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0 MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
###< symfony/messenger ###
###> symfony/mailer ### APP_AUTH=OPENID # SQL | CAS | LDAP | OPENID
# MAILER_DSN=null://null APP_MASTERIDENTITY=SSO # SQL | SSO | LDAP
###< symfony/mailer ### APP_SYNCHRO= # Synchronisation null | LDAP2NINE | NINE2LDAP | NINE2NINE
# Redis Sentiel Session
REDIS_HOST='redis-sentinel'
REDIS_PORT=26379 # 6379 | 26379
REDIS_SERVICE=redismaster # master sentinel name
# LDAP
LDAP_HOST=openldap # host du serveur ldap
LDAP_PORT=389 # port du serveur ldap
LDAP_USETLS=0 # connection TLS 0/1
LDAP_USERWRITER=0 # LDAP_USER compte writer ? 0/1
LDAP_USER="cn=admin,dc=nuo,dc=fr" # DN compte access ldap
LDAP_PASSWORD=changeme # Password compte access ldap
LDAP_BASEDN="dc=nuo,dc=fr" # Base DN ex:dc=nine,dc=fr
LDAP_BASEORGANISATION= # Base Organisation ex:ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU01= # Base Niveau01 ex:ou=niveau01,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU02= # Base Niveau02 ex:ou=niveau02,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU03= # Base Niveau03 ex:ou=niveau03,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASENIVEAU04= # Base Niveau04 ex:ou=niveau04,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASEGROUP= # Base Group ex:ou=groups,ou=nineskeletor,dc=nine,dc=fr
LDAP_BASEUSER= # Base User ex:ou=users,ou=nineskeletor,dc=nine,dc=fr
LDAP_USERNAME=uid # Attribut id d'un user
LDAP_FIRSTNAME=givenname # Attribut firstname d'un user
LDAP_LASTNAME=sn # Attribut lastname d'un user
LDAP_EMAIL=mail # Attribut email d'un user
LDAP_AVATAR=jpegPhoto # Attribut avatar d'un user
LDAP_MEMBEROF=memberof # Attribut memberof d'un user
LDAP_GROUPGID=gidnumber # Attribut gid d'un groupe
LDAP_GROUPNAME=cn # Attribut name d'un groupe
LDAP_GROUPMEMBER=memberuid # Attribut stockant les membres d'un groupe
LDAP_GROUPMEMBERISDN=0 # LDAP_GROUPMEMBER stocke un uid ou un dn ? 0/1
LDAP_FILTERGROUP=(cn=*) # requete ldap pour rechercher les groupes
LDAP_FILTERUSER=(uid=*) # requete ldap pour rechercher les users
LDAP_AUTOSUBMIT=1 # if APP_AUTH = LDAP autocréer les users non existant
LDAP_AUTOUPDATE=1 # if APP_AUTH = LDAP automodifier les users existant
# If APP_AUTH = CAS
CAS_HOST=
CAS_PORT=
CAS_PATH=
CAS_USERNAME=username
CAS_EMAIL=email
CAS_LASTNAME=lastname
CAS_FIRSTNAME=firstname
CAS_AVATAR=
CAS_NIVEAU01=
CAS_GROUP=
CAS_AUTOSUBMIT=1 # if APP_AUTH = CAS autocréer les users non existant
CAS_AUTOUPDATE=1 # if APP_AUTH = CAS automodifier les users existant
# If APP_AUTH = OPENID
OAUTH_CLIENTID=nuosso
OAUTH_CLIENTSECRET="changeme"
OAUTH_LOGINURL=http://127.0.0.1:7080/oauth2/auth
OAUTH_LOGOUTURL=http://127.0.0.1:7080/oauth2/sessions/logout
OAUTH_TOKENURL=http://hydra:4444/oauth2/token
OAUTH_USERINFO=http://hydra:4444/userinfo
OAUTH_USERNAME=username
OAUTH_EMAIL=email
OAUTH_LASTNAME=lastname
OAUTH_FIRSTNAME=firstname
OAUTH_AVATAR=
OAUTH_AUTOSUBMIT=1 # if APP_AUTH = OPENID autocréer les users non existant
OAUTH_AUTOUPDATE=1 # if APP_AUTH = OPENID automodifier les users existant
# Proxy
PROXY_USE=0
PROXY_HOST=
PROXY_PORT=
# Hydra apps
HYDRA_LOGINCHALLENGE="http://hydra:4445/oauth2/auth/requests/login?login_challenge="
HYDRA_LOGINCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/login/accept?login_challenge="
HYDRA_CONSENTCHALLENGE="http://hydra:4445/oauth2/auth/requests/consent?consent_challenge="
HYDRA_CONSENTCHALLENGEACCEPT="http://hydra:4445/oauth2/auth/requests/consent/accept?consent_challenge="

2
.gitignore vendored
View File

@ -7,6 +7,8 @@
/public/bundles/ /public/bundles/
/var/ /var/
/vendor/ /vendor/
/.data
###< symfony/framework-bundle ### ###< symfony/framework-bundle ###
###> phpunit/phpunit ### ###> phpunit/phpunit ###

59
Makefile Executable file
View File

@ -0,0 +1,59 @@
SHELL := /bin/bash
ENGINE=kind
HARBOR_USER_NAME=afornerot
CLUSTER_NAME=nuosso
NAMESPACE=app-dev
POD=$(shell kubectl get pods --namespace=${NAMESPACE} --no-headers -o custom-columns=":metadata.name" | grep ^${CLUSTER_NAME}-${PODNAME})
dockercomposebuild:
docker-compose build --no-cache
dockercomposeup:
docker-compose up -d
docker-compose exec app bin/console d:s:u --force --complete
docker-compose exec app bin/console app:Init
dockercomposedown:
docker-compose stop
dockercomposesh:
docker-compose exec app /bin/sh
deletecluster:
${ENGINE} delete cluster --name=${CLUSTER_NAME}
createcluster:
${ENGINE} delete cluster --name=${CLUSTER_NAME}
${ENGINE} create cluster --config misc/k8s/${ENGINE}/${ENGINE}-cluster.yaml
atachcluster:
docker login reg.cadoles.com
mkdir -p misc/k8s/kustomization/base/secrets/dockerconfig
docker --config misc/k8s/kustomization/base/secrets/dockerconfig login reg.cadoles.com
mv misc/k8s/kustomization/base/secrets/dockerconfig/config.json misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson
mkdir -p misc/k8s/kustomization/overlays/dev/secrets/dockerconfig
cp misc/k8s/kustomization/base/secrets/dockerconfig/.dockerconfigjson misc/k8s/kustomization/overlays/dev/secrets/dockerconfig/.dockerconfigjson
applycluster:
kubectl apply -k misc/k8s/${ENGINE}/cluster --server-side
docker network inspect kind | jq '.[0].IPAM.Config[0].Subnet' -r
echo modifier ipaddresspoool.yaml si nécessaire
applylbcluster:
kubectl apply -k misc/k8s/${ENGINE}/cluster/lb --server-side
watchcluster:
skaffold dev -p dev --cleanup=false --default-repo reg.cadoles.com/${HARBOR_USER_NAME}
sh:
kubectl exec --namespace=${NAMESPACE} ${POD} -it -- sh
deletenamespace:
kubectl delete all --all --namespace ${NAMESPACE}
getpods:
kubectl get pods --namespace ${NAMESPACE}
getservices:
kubectl get services --namespace ${NAMESPACE}

71
README.md Normal file
View File

@ -0,0 +1,71 @@
# DOCKER-COMPOSE
Build
```
make dockercomposebuild
```
Up
```
make dockercomposeup
```
Stop
```
make dockercomposestop
```
# KUBERNETES
Suppression Cluster
```
make deletecluster
```
Création Cluster
```
make createcluster
```
Rattachement du cluster aux secrets
```
make atachcluster
```
Deployer le cluster
**Attention** en fin de job l'ip du cluster est indiqué
Il est nécessaire d'ajuster le reseau dans ipaddresspoool.yaml si besoin
```
make applycluster
```
Déployer le stockage
**Attention** attendre une dizaine de seconde après le déploiement du cluster
```
make applylbcluster
```
Lancer le déployement en mode watch
```
make watchcluster:
```
Ouvrir un terminal sur la premiere instance de l'apps
```
make sh:
```
Suppression de l'ensemble du namespace
```
make deletenamespace
```
Lister les pods
```
make getpods
```
Lister les services
```
make getservices
```

View File

@ -7,11 +7,15 @@
"php": ">=8.1", "php": ">=8.1",
"ext-ctype": "*", "ext-ctype": "*",
"ext-iconv": "*", "ext-iconv": "*",
"doctrine/annotations": "^2.0",
"doctrine/doctrine-bundle": "^2.10", "doctrine/doctrine-bundle": "^2.10",
"doctrine/doctrine-migrations-bundle": "^3.2", "doctrine/doctrine-migrations-bundle": "^3.2",
"doctrine/orm": "^2.15", "doctrine/orm": "^2.15",
"mashape/unirest-php": "^3.0",
"phpdocumentor/reflection-docblock": "^5.3", "phpdocumentor/reflection-docblock": "^5.3",
"phpstan/phpdoc-parser": "^1.22", "phpstan/phpdoc-parser": "^1.22",
"predis/predis": "^2.2",
"ramsey/uuid": "^4.7",
"symfony/asset": "6.3.*", "symfony/asset": "6.3.*",
"symfony/console": "6.3.*", "symfony/console": "6.3.*",
"symfony/doctrine-messenger": "6.3.*", "symfony/doctrine-messenger": "6.3.*",
@ -41,6 +45,12 @@
"twig/extra-bundle": "^2.12|^3.0", "twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0" "twig/twig": "^2.12|^3.0"
}, },
"repositories": [
{
"type": "vcs",
"url": "https://github.com/loverg-c/unirest-php"
}
],
"config": { "config": {
"allow-plugins": { "allow-plugins": {
"php-http/discovery": true, "php-http/discovery": true,

424
composer.lock generated
View File

@ -4,8 +4,139 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "5625360c4bf0ca4c404a3a47e7b43354", "content-hash": "6d4e45e1137c02bf343b5855dbbc822c",
"packages": [ "packages": [
{
"name": "brick/math",
"version": "0.11.0",
"source": {
"type": "git",
"url": "https://github.com/brick/math.git",
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/brick/math/zipball/0ad82ce168c82ba30d1c01ec86116ab52f589478",
"reference": "0ad82ce168c82ba30d1c01ec86116ab52f589478",
"shasum": ""
},
"require": {
"php": "^8.0"
},
"require-dev": {
"php-coveralls/php-coveralls": "^2.2",
"phpunit/phpunit": "^9.0",
"vimeo/psalm": "5.0.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Brick\\Math\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Arbitrary-precision arithmetic library",
"keywords": [
"Arbitrary-precision",
"BigInteger",
"BigRational",
"arithmetic",
"bigdecimal",
"bignum",
"brick",
"math"
],
"support": {
"issues": "https://github.com/brick/math/issues",
"source": "https://github.com/brick/math/tree/0.11.0"
},
"funding": [
{
"url": "https://github.com/BenMorel",
"type": "github"
}
],
"time": "2023-01-15T23:15:59+00:00"
},
{
"name": "doctrine/annotations",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/doctrine/annotations.git",
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/doctrine/annotations/zipball/e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
"reference": "e157ef3f3124bbf6fe7ce0ffd109e8a8ef284e7f",
"shasum": ""
},
"require": {
"doctrine/lexer": "^2 || ^3",
"ext-tokenizer": "*",
"php": "^7.2 || ^8.0",
"psr/cache": "^1 || ^2 || ^3"
},
"require-dev": {
"doctrine/cache": "^2.0",
"doctrine/coding-standard": "^10",
"phpstan/phpstan": "^1.8.0",
"phpunit/phpunit": "^7.5 || ^8.5 || ^9.5",
"symfony/cache": "^5.4 || ^6",
"vimeo/psalm": "^4.10"
},
"suggest": {
"php": "PHP 8.0 or higher comes with attributes, a native replacement for annotations"
},
"type": "library",
"autoload": {
"psr-4": {
"Doctrine\\Common\\Annotations\\": "lib/Doctrine/Common/Annotations"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Guilherme Blanco",
"email": "guilhermeblanco@gmail.com"
},
{
"name": "Roman Borschel",
"email": "roman@code-factory.org"
},
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de"
},
{
"name": "Jonathan Wage",
"email": "jonwage@gmail.com"
},
{
"name": "Johannes Schmitt",
"email": "schmittjoh@gmail.com"
}
],
"description": "Docblock Annotations Parser",
"homepage": "https://www.doctrine-project.org/projects/annotations.html",
"keywords": [
"annotations",
"docblock",
"parser"
],
"support": {
"issues": "https://github.com/doctrine/annotations/issues",
"source": "https://github.com/doctrine/annotations/tree/2.0.1"
},
"time": "2023-02-02T22:02:53+00:00"
},
{ {
"name": "doctrine/cache", "name": "doctrine/cache",
"version": "2.2.0", "version": "2.2.0",
@ -1386,6 +1517,55 @@
], ],
"time": "2023-01-14T14:17:03+00:00" "time": "2023-01-14T14:17:03+00:00"
}, },
{
"name": "mashape/unirest-php",
"version": "v3.0.5",
"source": {
"type": "git",
"url": "https://github.com/loverg-c/unirest-php.git",
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/loverg-c/unirest-php/zipball/45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
"reference": "45e63d680c4d7258b2cf45bfa28d42ee024b7fee",
"shasum": ""
},
"require": {
"ext-curl": "*",
"php": ">=5.4.0"
},
"require-dev": {
"codeclimate/php-test-reporter": "0.1.*",
"phpunit/phpunit": "~4.4"
},
"suggest": {
"ext-json": "Allows using JSON Bodies for sending and parsing requests"
},
"type": "library",
"autoload": {
"psr-0": {
"Unirest\\": "src/"
}
},
"license": [
"MIT"
],
"description": "Unirest PHP",
"homepage": "https://github.com/Mashape/unirest-php",
"keywords": [
"client",
"curl",
"http",
"https",
"rest"
],
"support": {
"email": "opensource@mashape.com",
"source": "https://github.com/loverg-c/unirest-php/tree/v3.0.5"
},
"time": "2020-02-25T11:14:07+00:00"
},
{ {
"name": "monolog/monolog", "name": "monolog/monolog",
"version": "3.4.0", "version": "3.4.0",
@ -1702,6 +1882,67 @@
}, },
"time": "2023-06-29T20:46:06+00:00" "time": "2023-06-29T20:46:06+00:00"
}, },
{
"name": "predis/predis",
"version": "v2.2.0",
"source": {
"type": "git",
"url": "https://github.com/predis/predis.git",
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/predis/predis/zipball/33b70b971a32b0d28b4f748b0547593dce316e0d",
"reference": "33b70b971a32b0d28b4f748b0547593dce316e0d",
"shasum": ""
},
"require": {
"php": "^7.2 || ^8.0"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^3.3",
"phpstan/phpstan": "^1.9",
"phpunit/phpunit": "^8.0 || ~9.4.4"
},
"suggest": {
"ext-relay": "Faster connection with in-memory caching (>=0.6.2)"
},
"type": "library",
"autoload": {
"psr-4": {
"Predis\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Till Krüss",
"homepage": "https://till.im",
"role": "Maintainer"
}
],
"description": "A flexible and feature-complete Redis client for PHP.",
"homepage": "http://github.com/predis/predis",
"keywords": [
"nosql",
"predis",
"redis"
],
"support": {
"issues": "https://github.com/predis/predis/issues",
"source": "https://github.com/predis/predis/tree/v2.2.0"
},
"funding": [
{
"url": "https://github.com/sponsors/tillkruss",
"type": "github"
}
],
"time": "2023-06-14T10:37:31+00:00"
},
{ {
"name": "psr/cache", "name": "psr/cache",
"version": "3.0.0", "version": "3.0.0",
@ -2008,6 +2249,187 @@
}, },
"time": "2021-07-14T16:46:02+00:00" "time": "2021-07-14T16:46:02+00:00"
}, },
{
"name": "ramsey/collection",
"version": "2.0.0",
"source": {
"type": "git",
"url": "https://github.com/ramsey/collection.git",
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ramsey/collection/zipball/a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
"reference": "a4b48764bfbb8f3a6a4d1aeb1a35bb5e9ecac4a5",
"shasum": ""
},
"require": {
"php": "^8.1"
},
"require-dev": {
"captainhook/plugin-composer": "^5.3",
"ergebnis/composer-normalize": "^2.28.3",
"fakerphp/faker": "^1.21",
"hamcrest/hamcrest-php": "^2.0",
"jangregor/phpstan-prophecy": "^1.0",
"mockery/mockery": "^1.5",
"php-parallel-lint/php-console-highlighter": "^1.0",
"php-parallel-lint/php-parallel-lint": "^1.3",
"phpcsstandards/phpcsutils": "^1.0.0-rc1",
"phpspec/prophecy-phpunit": "^2.0",
"phpstan/extension-installer": "^1.2",
"phpstan/phpstan": "^1.9",
"phpstan/phpstan-mockery": "^1.1",
"phpstan/phpstan-phpunit": "^1.3",
"phpunit/phpunit": "^9.5",
"psalm/plugin-mockery": "^1.1",
"psalm/plugin-phpunit": "^0.18.4",
"ramsey/coding-standard": "^2.0.3",
"ramsey/conventional-commits": "^1.3",
"vimeo/psalm": "^5.4"
},
"type": "library",
"extra": {
"captainhook": {
"force-install": true
},
"ramsey/conventional-commits": {
"configFile": "conventional-commits.json"
}
},
"autoload": {
"psr-4": {
"Ramsey\\Collection\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Ben Ramsey",
"email": "ben@benramsey.com",
"homepage": "https://benramsey.com"
}
],
"description": "A PHP library for representing and manipulating collections.",
"keywords": [
"array",
"collection",
"hash",
"map",
"queue",
"set"
],
"support": {
"issues": "https://github.com/ramsey/collection/issues",
"source": "https://github.com/ramsey/collection/tree/2.0.0"
},
"funding": [
{
"url": "https://github.com/ramsey",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/ramsey/collection",
"type": "tidelift"
}
],
"time": "2022-12-31T21:50:55+00:00"
},
{
"name": "ramsey/uuid",
"version": "4.7.4",
"source": {
"type": "git",
"url": "https://github.com/ramsey/uuid.git",
"reference": "60a4c63ab724854332900504274f6150ff26d286"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ramsey/uuid/zipball/60a4c63ab724854332900504274f6150ff26d286",
"reference": "60a4c63ab724854332900504274f6150ff26d286",
"shasum": ""
},
"require": {
"brick/math": "^0.8.8 || ^0.9 || ^0.10 || ^0.11",
"ext-json": "*",
"php": "^8.0",
"ramsey/collection": "^1.2 || ^2.0"
},
"replace": {
"rhumsaa/uuid": "self.version"
},
"require-dev": {
"captainhook/captainhook": "^5.10",
"captainhook/plugin-composer": "^5.3",
"dealerdirect/phpcodesniffer-composer-installer": "^0.7.0",
"doctrine/annotations": "^1.8",
"ergebnis/composer-normalize": "^2.15",
"mockery/mockery": "^1.3",
"paragonie/random-lib": "^2",
"php-mock/php-mock": "^2.2",
"php-mock/php-mock-mockery": "^1.3",
"php-parallel-lint/php-parallel-lint": "^1.1",
"phpbench/phpbench": "^1.0",
"phpstan/extension-installer": "^1.1",
"phpstan/phpstan": "^1.8",
"phpstan/phpstan-mockery": "^1.1",
"phpstan/phpstan-phpunit": "^1.1",
"phpunit/phpunit": "^8.5 || ^9",
"ramsey/composer-repl": "^1.4",
"slevomat/coding-standard": "^8.4",
"squizlabs/php_codesniffer": "^3.5",
"vimeo/psalm": "^4.9"
},
"suggest": {
"ext-bcmath": "Enables faster math with arbitrary-precision integers using BCMath.",
"ext-gmp": "Enables faster math with arbitrary-precision integers using GMP.",
"ext-uuid": "Enables the use of PeclUuidTimeGenerator and PeclUuidRandomGenerator.",
"paragonie/random-lib": "Provides RandomLib for use with the RandomLibAdapter",
"ramsey/uuid-doctrine": "Allows the use of Ramsey\\Uuid\\Uuid as Doctrine field type."
},
"type": "library",
"extra": {
"captainhook": {
"force-install": true
}
},
"autoload": {
"files": [
"src/functions.php"
],
"psr-4": {
"Ramsey\\Uuid\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "A PHP library for generating and working with universally unique identifiers (UUIDs).",
"keywords": [
"guid",
"identifier",
"uuid"
],
"support": {
"issues": "https://github.com/ramsey/uuid/issues",
"source": "https://github.com/ramsey/uuid/tree/4.7.4"
},
"funding": [
{
"url": "https://github.com/ramsey",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/ramsey/uuid",
"type": "tidelift"
}
],
"time": "2023-04-15T23:01:58+00:00"
},
{ {
"name": "symfony/asset", "name": "symfony/asset",
"version": "v6.3.0", "version": "v6.3.0",

View File

@ -8,7 +8,9 @@ framework:
# Enables session support. Note that the session will ONLY be started if you read or write from it. # Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support. # Remove or comment this section to explicitly disable session support.
session: session:
handler_id: null handler_id: Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler
save_path: '@Redis'
gc_probability: null
cookie_secure: auto cookie_secure: auto
cookie_samesite: lax cookie_samesite: lax
storage_factory_id: session.storage.factory.native storage_factory_id: session.storage.factory.native

View File

@ -1,29 +1,44 @@
security: security:
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
password_hashers: password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' Symfony\Component\Security\Core\User\LegacyPasswordAuthenticatedUserInterface:
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider id: 'App\Service\PasswordEncoder'
providers: providers:
users_in_memory: { memory: null } main:
entity:
class: App\Entity\User
property: username
firewalls: firewalls:
dev: dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/ pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false security: false
main: main:
lazy: true pattern: ^/
provider: users_in_memory provider: main
context: maincontext
user_checker: App\Service\UserChecker
form_login:
login_path: app_login
check_path: app_login
default_target_path: app_home
use_referer: true
csrf_parameter: _csrf_security_token
csrf_token_id: a_private_string
# activate different ways to authenticate logout:
# https://symfony.com/doc/current/security.html#the-firewall invalidate_session: true
path: app_kill
target: app_home
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control: access_control:
# - { path: ^/admin, roles: ROLE_ADMIN } - { path: ^/all, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_MASTER, ROLE_MANAGER, ROLE_USER] }
# - { path: ^/profile, roles: ROLE_USER } - { path: ^/user, roles: [ROLE_USER] }
- { path: ^/manager, roles: [ROLE_MANAGER] }
- { path: ^/master, roles: [ROLE_MASTER] }
- { path: ^/modo, roles: [ROLE_MODO] }
- { path: ^/admin, roles: [ROLE_ADMIN] }
when@test: when@test:
security: security:

View File

@ -1,5 +1,9 @@
twig: twig:
default_path: '%kernel.project_dir%/templates' default_path: '%kernel.project_dir%/templates'
form_themes:
- 'Form/fields.html.twig'
globals:
appMasteridentity: '%appMasteridentity%'
when@test: when@test:
twig: twig:

View File

@ -1,5 +1,44 @@
controllers: #== Home ========================================================================================================
resource: app_home:
path: ../src/Controller/ path: /
namespace: App\Controller controller: App\Controller\HomeController::home
type: attribute
#== Security ====================================================================================================
#-- Access public
app_login:
path: /login
controller: App\Controller\SecurityController::login
app_loginldapcheck:
path: /loginldapcheck
controller: App\Controller\SecurityController::loginldapcheck
app_loginopenidcallback:
path: /oauth2/callback
controller: App\Controller\SecurityController::loginopenidcallback
app_logout:
path: /logout
controller: App\Controller\SecurityController::logout
#== Hydra =======================================================================================================
#-- Access public
app_hydra_loginsql:
path: /hydra/loginsql
controller: App\Controller\HydraController::loginsql
app_hydra_checkloginsql:
path: /hydra/checkloginsql
controller: App\Controller\HydraController::checkloginsql
app_hydra_loginldap:
path: /hydra/loginldap
controller: App\Controller\HydraController::loginldap
app_hydra_checkloginldap:
path: /hydra/checkloginldap
controller: App\Controller\HydraController::checkloginldap
app_hydra_consent:
path: /hydra/consent
controller: App\Controller\HydraController::consent

View File

@ -1,18 +1,82 @@
# This file is the entry point to configure your own services.
# Files in the packages/ subdirectory configure your dependencies.
# Put parameters here that don't need to change on each machine where the app is deployed
# https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
parameters: parameters:
app_env: '%env(resolve:APP_ENV)%'
appSecret: '%env(resolve:APP_SECRET)%'
appAuth: '%env(resolve:APP_AUTH)%'
appMasteridentity: '%env(resolve:APP_MASTERIDENTITY)%'
appSynchro: '%env(resolve:APP_SYNCHRO)%'
ldapHost: '%env(resolve:LDAP_HOST)%'
ldapPort: '%env(resolve:LDAP_PORT)%'
ldapUsetls: '%env(resolve:LDAP_USETLS)%'
ldapUserwriter: '%env(resolve:LDAP_USERWRITER)%'
ldapUser: '%env(resolve:LDAP_USER)%'
ldapPassword: '%env(resolve:LDAP_PASSWORD)%'
ldapBasedn: '%env(resolve:LDAP_BASEDN)%'
ldapBaseorganisation: '%env(resolve:LDAP_BASEORGANISATION)%'
ldapBaseniveau01: '%env(resolve:LDAP_BASENIVEAU01)%'
ldapBaseniveau02: '%env(resolve:LDAP_BASENIVEAU02)%'
ldapBaseniveau03: '%env(resolve:LDAP_BASENIVEAU03)%'
ldapBaseniveau04: '%env(resolve:LDAP_BASENIVEAU04)%'
ldapBasegroup: '%env(resolve:LDAP_BASEGROUP)%'
ldapBaseuser: '%env(resolve:LDAP_BASEUSER)%'
ldapUsername: '%env(resolve:LDAP_USERNAME)%'
ldapFirstname: '%env(resolve:LDAP_FIRSTNAME)%'
ldapLastname: '%env(resolve:LDAP_LASTNAME)%'
ldapEmail: '%env(resolve:LDAP_EMAIL)%'
ldapAvatar: '%env(resolve:LDAP_AVATAR)%'
ldapMemberof: '%env(resolve:LDAP_MEMBEROF)%'
ldapGroupgid: '%env(resolve:LDAP_GROUPGID)%'
ldapGroupname: '%env(resolve:LDAP_GROUPNAME)%'
ldapGroupmember: '%env(resolve:LDAP_GROUPMEMBER)%'
ldapGroupmemberisdn: '%env(resolve:LDAP_GROUPMEMBERISDN)%'
ldapFiltergroup: '%env(resolve:LDAP_FILTERGROUP)%'
ldapFilteruser: '%env(resolve:LDAP_FILTERUSER)%'
ldapAutosubmit: '%env(resolve:LDAP_AUTOSUBMIT)%'
ldapAutoupdate: '%env(resolve:LDAP_AUTOUPDATE)%'
casHost: '%env(resolve:CAS_HOST)%'
casPort: '%env(resolve:CAS_PORT)%'
casPath: '%env(resolve:CAS_PATH)%'
casUsername: '%env(resolve:CAS_USERNAME)%'
casEmail: '%env(resolve:CAS_EMAIL)%'
casLastname: '%env(resolve:CAS_LASTNAME)%'
casFirstname: '%env(resolve:CAS_FIRSTNAME)%'
casAvatar: '%env(resolve:CAS_AVATAR)%'
casNiveau01: '%env(resolve:CAS_NIVEAU01)%'
casGroup: '%env(resolve:CAS_GROUP)%'
casAutosubmit: '%env(resolve:CAS_AUTOSUBMIT)%'
casAutoupdate: '%env(resolve:CAS_AUTOUPDATE)%'
oauthClientid: '%env(resolve:OAUTH_CLIENTID)%'
oauthClientsecret: '%env(resolve:OAUTH_CLIENTSECRET)%'
oauthLoginurl: '%env(resolve:OAUTH_LOGINURL)%'
oauthLogouturl: '%env(resolve:OAUTH_LOGOUTURL)%'
oauthTokenurl: '%env(resolve:OAUTH_TOKENURL)%'
oauthUserinfo: '%env(resolve:OAUTH_USERINFO)%'
oauthUsername: '%env(resolve:OAUTH_USERNAME)%'
oauthEmail: '%env(resolve:OAUTH_EMAIL)%'
oauthLastname: '%env(resolve:OAUTH_LASTNAME)%'
oauthFirstname: '%env(resolve:OAUTH_FIRSTNAME)%'
oauthAvatar: '%env(resolve:OAUTH_AVATAR)%'
oauthNiveau01: '%env(resolve:OAUTH_NIVEAU01)%'
oauthGroup: '%env(resolve:OAUTH_GROUP)%'
oauthAutosubmit: '%env(resolve:OAUTH_AUTOSUBMIT)%'
oauthAutoupdate: '%env(resolve:OAUTH_AUTOUPDATE)%'
proxyUse: '%env(resolve:PROXY_USE)%'
proxyHost: '%env(resolve:PROXY_HOST)%'
proxyPort: '%env(resolve:PROXY_PORT)%'
hydraLoginchallenge: '%env(resolve:HYDRA_LOGINCHALLENGE)%'
hydraLoginchallengeaccept: '%env(resolve:HYDRA_LOGINCHALLENGEACCEPT)%'
hydraConsentchallenge: '%env(resolve:HYDRA_CONSENTCHALLENGE)%'
hydraConsentchallengeaccept: '%env(resolve:HYDRA_CONSENTCHALLENGEACCEPT)%'
services: services:
# default configuration for services in *this* file
_defaults: _defaults:
autowire: true # Automatically injects dependencies in your services. autowire: true # Automatically injects dependencies in your services.
autoconfigure: true # Automatically registers your services as commands, event subscribers, etc. autoconfigure: true # Automatically registers your services as commands, event subscribers, etc.
# makes classes in src/ available to be used as services
# this creates a service per class whose id is the fully-qualified class name
App\: App\:
resource: '../src/' resource: '../src/'
exclude: exclude:
@ -20,5 +84,36 @@ services:
- '../src/Entity/' - '../src/Entity/'
- '../src/Kernel.php' - '../src/Kernel.php'
# add more service definitions when explicit configuration is needed Redis:
# please note that last definitions always *replace* previous ones class: Predis\Client
arguments:
-
-
scheme: 'tcp'
host: '%env(resolve:REDIS_HOST)%'
port: '%env(resolve:REDIS_PORT)%'
-
replication: 'sentinel'
service: '%env(resolve:REDIS_SERVICE)%'
connection_timeout: 100
read_write_timeout: 300
Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler:
arguments:
- '@Redis'
App\Entity\User:
public: true
arguments: ['@security.password_hasher']
App\Command\InitCommand:
public: true
arguments: ['@service_container','@doctrine.orm.entity_manager']
App\Service\ApiService:
public: true
App\Service\LdapService:
public: true
arguments: ["@service_container"]

View File

@ -1,14 +0,0 @@
version: '3'
services:
###> doctrine/doctrine-bundle ###
database:
ports:
- "5432"
###< doctrine/doctrine-bundle ###
###> symfony/mailer ###
mailer:
image: schickling/mailcatcher
ports: ["1025", "1080"]
###< symfony/mailer ###

View File

@ -1,21 +1,132 @@
version: '3' version: '3'
services: services:
###> doctrine/doctrine-bundle ### # Service redis
database: redis-master:
image: postgres:${POSTGRES_VERSION:-15}-alpine image: redis:6-alpine
environment: volumes:
POSTGRES_DB: ${POSTGRES_DB:-app} - "./.data:/data"
# You should definitely change the password in production ports:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-!ChangeMe!} - "6379:6379"
POSTGRES_USER: ${POSTGRES_USER:-app}
volumes: redis-slave:
- database_data:/var/lib/postgresql/data:rw image: redis:6-alpine
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data! command: redis-server --slaveof redis-master 6379
# - ./docker/db/data:/var/lib/postgresql/data:rw links:
###< doctrine/doctrine-bundle ### - redis-master
volumes:
- "./.data:/data"
redis-sentinel:
build:
context: ./misc/images/redis-sentinel
links:
- redis-master
# Service postgres
postgres:
image: postgres:13-alpine
hostname: postgres
environment:
POSTGRES_MULTIPLE_DATABASES: app,hydra
POSTGRES_PASSWORD: changeme
POSTGRES_USER: symfony
ports:
- 5432:5432
volumes:
- db-data:/var/lib/postgresql/data:rw
- ./misc/images/postgres:/docker-entrypoint-initdb.d
# Service app
app:
build:
context: .
dockerfile: ./misc/images/app/app-docker/Dockerfile
ports:
- ${APP_HTTP_PORT:-8080}:8080
links:
- postgres
- hydra
- redis-sentinel
depends_on:
- postgres
- hydra
volumes:
- ./src:/app/src:delegated
- ./public:/app/public:delegated
- ./templates:/app/templates:delegated
- ./translations:/app/translations:delegated
- ./tests:/app/tests:delegated
- ./config:/app/config:delegated
- ./.env:/app/.env:delegated
environment:
PHP_FPM_MEMORY_LIMIT: 128m
APP_ENV: PROD
# Service hydra
hydra:
image: cadoles/hydra-v1
hostname: hydra
volumes:
- ./misc/images/hydra/clients.d:/etc/hydra/clients.d
ports:
- 7080:4444
- 4445:4445
links:
- postgres
depends_on:
- postgres
restart: on-failure
environment:
LOG_LEAK_SENSITIVE_VALUES: "true"
HYDRA_URLS_SELF_ISSUER: http://127.0.0.1:7080
HYDRA_URLS_CONSENT: http://127.0.0.1:8080/hydra/consent
HYDRA_URLS_LOGIN: http://127.0.0.1:8080/hydra/loginsql
HYDRA_URLS_LOGOUT: http://127.0.0.1:8080/hydra/logoutsql
HYDRA_URLS_ERROR: https://127.0.0.1:8080
HYDRA_DSN: postgres://symfony:changeme@postgres:5432/hydra
HYDRA_ALLOW_INSECURE: "yes"
HYDRA_LEVEL: debug
# Service Openldap
openldap:
image: osixia/openldap:1.5.0
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "nuo"
LDAP_DOMAIN: "nuo.fr"
LDAP_ADMIN_PASSWORD: "changeme"
LDAP_CONFIG_PASSWORD: "changeme"
LDAP_READONLY_USER: "true"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_TLS: "false"
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
# Service phpldapadmin
phpldapadmin:
image: osixia/phpldapadmin:latest
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "6080:80"
depends_on:
- openldap
# Service adminer
adminer:
image: adminer
restart: always
ports:
- 6081:8080
volumes: volumes:
###> doctrine/doctrine-bundle ### db-data:
database_data:
###< doctrine/doctrine-bundle ###

View File

@ -0,0 +1,6 @@
ARG PHP_PKG_VERSION="8.1.20-r0"
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION} \
php81-ldap=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone

View File

@ -0,0 +1,5 @@
ARG PHP_PKG_VERSION="8.1.20-r0"
ARG ADDITIONAL_PACKAGES="php81-pdo=${PHP_PKG_VERSION} \
php81-pdo_pgsql=${PHP_PKG_VERSION}"
FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-base

View File

@ -0,0 +1,19 @@
{
"client_id": "nuosso",
"client_name": "NuoSSO",
"client_secret": "changeme",
"grant_types": [
"authorization_code",
"refresh_token"
],
"jwks": {},
"metadata": {},
"token_endpoint_auth_method": "client_secret_post",
"post_logout_redirect_uris": ["http://127.0.0.1:8080"],
"redirect_uris": ["http://127.0.0.1:8080/oauth2/callback"],
"response_types": [
"code"
],
"logo_uri": "http://127.0.0.1:8080/images/logo.png",
"scope": "openid"
}

View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
set -u
function create_user_and_database() {
local database=$1
echo " Creating user and database '$database'"
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
CREATE USER $database;
CREATE DATABASE $database;
GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
EOSQL
}
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
create_user_and_database $db
done
echo "Multiple databases created"
fi

View File

@ -0,0 +1,19 @@
FROM redis:6-alpine
ENV SENTINEL_QUORUM 2
ENV SENTINEL_DOWN_AFTER 1000
ENV SENTINEL_FAILOVER 1000
RUN mkdir -p /redis
WORKDIR /redis
COPY sentinel.conf .
COPY sentinel-entrypoint.sh /usr/local/bin/
RUN chown redis:redis /redis/* && \
chmod +x /usr/local/bin/sentinel-entrypoint.sh
EXPOSE 26379
ENTRYPOINT ["sentinel-entrypoint.sh"]

View File

@ -0,0 +1,7 @@
#!/bin/sh
sed -i "s/\$SENTINEL_QUORUM/$SENTINEL_QUORUM/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_DOWN_AFTER/$SENTINEL_DOWN_AFTER/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_FAILOVER/$SENTINEL_FAILOVER/g" /redis/sentinel.conf
redis-server /redis/sentinel.conf --sentinel

View File

@ -0,0 +1,9 @@
port 26379
dir /tmp
sentinel resolve-hostnames yes
sentinel monitor redismaster redis-master 6379 $SENTINEL_QUORUM
sentinel down-after-milliseconds redismaster $SENTINEL_DOWN_AFTER
sentinel parallel-syncs redismaster 1
sentinel failover-timeout redismaster $SENTINEL_FAILOVER

View File

@ -0,0 +1,2 @@
port 6379
requirepass changeme

View File

@ -0,0 +1,3 @@
port 6380
slaveof redis-master 6379
masterauth changeme

View File

@ -0,0 +1,4 @@
port 26379
sentinel monitor mymaster redis-master 6379 2
sentinel down-after-milliseconds mymaster 5000
sentinel failover-timeout mymaster 10000

View File

@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://raw.githubusercontent.com/ory/k8s/v0.30.0/helm/charts/hydra-maester/crds/crd-oauth2clients.yaml
- https://forge.cadoles.com/CadolesKube/c-kustom//base/cloudnative-pg-operator?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/redis?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/minio?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metallb?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/metrics?ref=develop
- https://forge.cadoles.com/CadolesKube/c-kustom//base/nginx?ref=develop

View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: metallb-system
resources:
- ./resources/ipaddresspoool.yaml
- ./resources/advertise.yaml

View File

@ -0,0 +1,9 @@
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: l2-ip-pool-ad
namespace: metallb-system
spec:
ipAddressPools:
- main-pool

View File

@ -0,0 +1,8 @@
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: main-pool
namespace: metallb-system
spec:
addresses:
- 172.19.10.100-172.19.10.200

View File

@ -0,0 +1,48 @@
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
name: nuosso
networking:
podSubnet: "10.110.0.0/16"
serviceSubnet: "10.115.0.0/16"
nodes:
- role: control-plane
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
node-labels: "ingress-ready=true"
extraPortMappings:
- containerPort: 31000
hostPort: 31000
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
- containerPort: 80
hostPort: 8080
listenAddress: "0.0.0.0" # Optional, defaults to "0.0.0.0"
labels:
ingress-ready: true
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi
- role: worker
image: kindest/node:v1.27.2
kubeadmConfigPatches:
- |
kind: JoinConfiguration
nodeRegistration:
kubeletExtraArgs:
system-reserved: memory=2Gi

View File

@ -0,0 +1,8 @@
---
nameReference:
- kind: Secret
fieldSpecs:
- path: spec/superuserSecret/name
kind: Cluster
- path: spec/bootstrap/initdb/secret/name
kind: Cluster

View File

@ -0,0 +1,32 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
generatorOptions:
disableNameSuffixHash: true
configurations:
- ./configurations/cnpg-cluster.yaml
resources:
- ./resources/app-cnpg-cluster.yaml
secretgenerator:
- name: postgres-admin
type: secret
literals:
- username=postgres
- password=notsosecret
- name: postgres-user
type: Secret
literals:
- username=app
- password=NotSoSecretButThisIsBad
vars:
- name: POSTGRES_DATABASE_SERVICE_NAME
objref:
name: postgres
kind: Cluster
apiVersion: postgresql.cnpg.io/v1
fieldref:
fieldpath: metadata.name

View File

@ -0,0 +1,17 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres
spec:
instances: 3
primaryUpdateStrategy: unsupervised
superuserSecret:
name: postgres-admin
bootstrap:
initdb:
database: app
owner: app
secret:
name: postgres-user
storage:
size: 20Gi

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
components:
- components/app-cnpg
resources:
- resources/app
- resources/redis

View File

@ -0,0 +1,26 @@
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
selector:
matchLabels:
io.kompose.service: adminer
replicas: 1
template:
metadata:
labels:
io.kompose.service: adminer
spec:
containers:
- name: adminer
image: reg.cadoles.com/afornerot/adminer
imagePullPolicy: "Always"
env:
- name: ADMINER_DESIGN
value: "pappu687"
ports:
- containerPort: 80
resources: {}

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: adminer
name: adminer
spec:
type: ClusterIP
ports:
- name: adminer
port: 8080
targetPort: 80
selector:
io.kompose.service: adminer

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- adminer-deployment.yaml
- adminer-service.yaml

View File

@ -0,0 +1,86 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
replicas: 3
selector:
matchLabels:
io.kompose.service: app
strategy:
type: Recreate
template:
metadata:
labels:
io.kompose.service: app
spec:
restartPolicy: Always
containers:
- image: reg.cadoles.com/afornerot/nuosso
imagePullPolicy: Always
name: app-php-fpm
args: ["/usr/sbin/php-fpm81", "-F", "-e"]
resources: {}
env:
- name: PHP_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LISTEN
value: 127.0.0.1:9000
- name: PHP_FPM_MEMORY_LIMIT
value: 128m
- name: PHP_FPM_LOG_LEVEL
value: warning
- name: POSTGRES_DATABASE_SERVICE_NAME
value: $(POSTGRES_DATABASE_SERVICE_NAME)-rw
- name: POSTGRES_DATABASE_USERNAME
valueFrom:
secretKeyRef:
name: postgres-user
key: username
- name: POSTGRES_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-user
key: password
- name: APP_AUTH
value: "SQL"
- name: APP_MASTERIDENTITY
value: "SQL"
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_DATABASE_USERNAME):$(POSTGRES_DATABASE_PASSWORD)@$(POSTGRES_DATABASE_SERVICE_NAME)-rw:5432/app"
- name: REDIS_HOST
value: rfs-$(REDIS_SERVICE_NAME)
- name: REDIS_PORT
value: "26379"
- name: REDIS_SERVICE
value: "mymaster"
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "/app/bin/console d:s:u --force --complete && /app/bin/console app:Init"]
- image: reg.cadoles.com/afornerot/nuosso
imagePullPolicy: Always
name: app-nginx
args: ["/usr/sbin/nginx"]
env:
- name: NGINX_APP_UPSTREAM_BACKEND_SERVER
value: 127.0.0.1:9000
- name: NGINX_APP_ROOT
value: "/public"
- name: NGINX_APP_PHP_INDEX
value: "/index.php"
- name: NGINX_ERROR_LOG_LEVEL
value: "warn"
- name: NGINX_APP_PHP_NON_FILE_PATTERN
value: "^/index\\.php(/|$)"
ports:
- containerPort: 8080
resources: {}

View File

@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: app
name: app
spec:
type: ClusterIP
ports:
- name: app
port: 8080
targetPort: 8080
selector:
io.kompose.service: app

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- app-service.yaml
- app-deployment.yaml

View File

@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- redis-redisfailover.yaml
vars:
- name: REDIS_SERVICE_NAME
objref:
name: redis
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
fieldref:
fieldpath: metadata.name

View File

@ -0,0 +1,21 @@
apiVersion: databases.spotahome.com/v1
kind: RedisFailover
metadata:
name: redis
spec:
sentinel:
replicas: 3
resources:
requests:
cpu: 100m
limits:
memory: 100Mi
redis:
replicas: 3
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 400m
memory: 500Mi

View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

View File

@ -0,0 +1,24 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: app-dev
namePrefix: nuosso-
resources:
- ../../base
- ../../base/resources/adminer
- resources/namespace.yaml
- resources/ingress.yaml
patches:
- path: patches/app-deployment.yaml
- path: patches/add-registry-pull-secret.yaml
target:
kind: Deployment
version: v1
secretGenerator:
- files:
- secrets/dockerconfig/.dockerconfigjson
name: regcred-dev
type: kubernetes.io/dockerconfigjson

View File

@ -0,0 +1,4 @@
- op: add
path: "/spec/template/spec/imagePullSecrets"
value:
- name: regcred-dev

View File

@ -0,0 +1,15 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
io.kompose.service: app
name: app
spec:
template:
spec:
restartPolicy: Always
containers:
- name: app-php-fpm
env:
- name: APP_ENV
value: dev

View File

@ -0,0 +1,28 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "138m"
nginx.ingress.kubernetes.io/enable-cors: "true" #cf 01
nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For" #cf 01
spec:
ingressClassName: nginx
rules:
- host: app.dev.local
http:
paths:
- path: /adminer
pathType: Prefix
backend:
service:
name: adminer
port:
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: app
port:
number: 8080

View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: app-dev

View File

@ -0,0 +1,3 @@
*
!.gitignore
!.gitkeep

BIN
public/images/admin.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

View File

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.3 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.5 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.4 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 8.6 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.8 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.2 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 3.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.5 KiB

Some files were not shown because too many files have changed in this diff Show More