merge devel

ecamp · May 18, 2024 · fd99973 · fd99973
2 parents 3f604db + b6714b3
commit fd99973
Show file tree

Hide file tree

Showing 29 changed files with 5,918 additions and 1,200 deletions.
diff --git a/.ops/aws-setup/package-lock.json b/.ops/aws-setup/package-lock.json
diff --git a/.ops/aws-setup/package.json b/.ops/aws-setup/package.json
@@ -11,7 +11,7 @@
     },
     "dependencies": {
         "@pulumi/pulumi": "3.116.1",
-        "@pulumi/aws": "6.35.0",
+        "@pulumi/aws": "6.36.0",
         "@pulumi/awsx": "2.10.0"
     },
     "devDependencies": {

diff --git a/.ops/ops-dashboard/.gitignore b/.ops/ops-dashboard/.gitignore
@@ -0,0 +1,2 @@
+/charts
+/values.access.yaml
diff --git a/.ops/ops-dashboard/.helmignore b/.ops/ops-dashboard/.helmignore
@@ -0,0 +1,2 @@
+/deploy.sh
+/values.access.yaml
diff --git a/.ops/ops-dashboard/Chart.lock b/.ops/ops-dashboard/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: oauth2-proxy
+  repository: https://oauth2-proxy.github.io/manifests
+  version: 7.5.4
+- name: kubernetes-dashboard
+  repository: https://kubernetes.github.io/dashboard/
+  version: 7.4.0
+- name: oauth2-proxy
+  repository: https://oauth2-proxy.github.io/manifests
+  version: 7.5.4
+digest: sha256:37a86e8b0854b6090b21099d03ab45bdb2d850025d9c3ef9183987ff62ca6ba9
+generated: "2024-05-16T20:32:46.083755883Z"
diff --git a/.ops/ops-dashboard/Chart.yaml b/.ops/ops-dashboard/Chart.yaml
@@ -0,0 +1,37 @@
+apiVersion: v2
+name: ecamp3-logging
+description: Helm chart for deploying ops-dashboard cluster
+home: https://github.com/ecamp/ecamp3
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 0.1.0
+
+dependencies:
+  - name: oauth2-proxy
+    alias: grafana-proxy
+    version: 7.5.4
+    repository: https://oauth2-proxy.github.io/manifests
+  - name: kubernetes-dashboard
+    version: 7.4.0
+    repository: https://kubernetes.github.io/dashboard/
+  - name: oauth2-proxy
+    alias: kubernetes-dashboard-proxy
+    version: 7.5.4
+    repository: https://oauth2-proxy.github.io/manifests
diff --git a/.ops/ops-dashboard/README.md b/.ops/ops-dashboard/README.md
@@ -0,0 +1,35 @@
+# ops-dashboard
+
+This is a helm chart to deploy an oauth2-proxy and a homer dashboard.
+Then the ecamp3-developers can use their github login
+to see our applications like graphana, kibana, kubernetes-dashboard...
+
+## Prerequisites
+
+You need the oauth2-proxy helm chart:
+
+```shell
+helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
+helm repo update
+```
+
+You also need the kubernetes-dashboard helm chart:
+
+```shell
+helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
+helm repo update
+```
+
+## Deployment
+
+First, make sure you don't overwrite the configuration currently applied:
+
+```shell
+helm get values ops-dashboard
+```
+
+Fill in the values for values.access.yaml according to demo.values.access.yaml
+
+```shell
+cp demo.values.access.yaml values.access.yaml 
+```
diff --git a/.ops/ops-dashboard/demo.values.access.yaml b/.ops/ops-dashboard/demo.values.access.yaml
@@ -0,0 +1,31 @@
+grafana-proxy:
+  ingress: 
+    hosts:
+      # dev, stage or prod grafana url
+      - dev-grafana.ecamp3.ch
+  extraArgs:
+    # dev, stage or prod grafana url
+    whitelist-domain: dev-grafana.ecamp3.ch
+  config:
+    # OAuth client ID
+    clientID: ""
+    # OAuth client secret
+    clientSecret: ""
+    # Create a new secret with the following command
+    # openssl rand -base64 32 | head -c 32 | base64
+    cookieSecret: ""
+kubernetes-dashboard-proxy:
+  ingress:
+    hosts:
+      # dev, stage or prod kubernetes-dashboard url
+      - dev-kubernetes-dashboard.ecamp3.ch
+  extraArgs:
+    # dev, stage or prod kubernetes-dashboard url
+    whitelist-domain: dev-kubernetes-dashboard.ecamp3.ch
+  config:
+    # OAuth client ID
+    clientID: ""
+    # OAuth client secret
+    clientSecret: ""
+    # use the same cookieSecret as above
+    cookieSecret: ""
diff --git a/.ops/ops-dashboard/deploy.sh b/.ops/ops-dashboard/deploy.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+SCRIPT_DIR=$(realpath "$(dirname "$0")")
+cd $SCRIPT_DIR
+
+# to debug: --dry-run --debug
+helm dep build && helm upgrade --install ops-dashboard --namespace=ops-dashboard --create-namespace $SCRIPT_DIR --values $SCRIPT_DIR/values.yaml --values $SCRIPT_DIR/values.access.yaml
diff --git a/.ops/ops-dashboard/templates/kubernetes_dashboard_cluster_admin_cluster_role_binding.yaml b/.ops/ops-dashboard/templates/kubernetes_dashboard_cluster_admin_cluster_role_binding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard-admin-user
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: kubernetes-dashboard-admin-user
+    namespace: {{ .Release.Namespace }}
diff --git a/.ops/ops-dashboard/templates/kubernetes_dashboard_cluster_admin_user.yaml b/.ops/ops-dashboard/templates/kubernetes_dashboard_cluster_admin_user.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubernetes-dashboard-admin-user
+  namespace: {{ .Release.Namespace }}
diff --git a/.ops/ops-dashboard/values.yaml b/.ops/ops-dashboard/values.yaml
@@ -0,0 +1,17 @@
+grafana-proxy:
+  ingress:
+    enabled: true
+    className: nginx
+  extraArgs: 
+    provider: github
+    github-org: ecamp
+    upstream: http://kube-prometheus-stack-grafana.kube-prometheus-stack.svc.cluster.local:80
+kubernetes-dashboard-proxy: 
+  ingress:
+    enabled: true
+    className: nginx
+  extraArgs:
+    provider: github
+    github-org: ecamp
+    upstream: https://ops-dashboard-kong-proxy.ops-dashboard.svc.cluster.local
+    ssl-upstream-insecure-skip-verify: true
diff --git a/api/composer.json b/api/composer.json
@@ -51,7 +51,7 @@
         "webonyx/graphql-php": "15.11.1"
     },
     "require-dev": {
-        "friendsofphp/php-cs-fixer": "3.56.1",
+        "friendsofphp/php-cs-fixer": "3.57.1",
         "hautelook/alice-bundle": "2.13.0",
         "justinrainbow/json-schema": "5.2.13",
         "php-coveralls/php-coveralls": "2.7.0",