commit 29de0493c9d5c1b9a399f2e02b4ec3c12aaaae61 Author: Tanguy Herbron Date: Sun Dec 22 11:54:52 2024 +0100 WIP: Manifest update diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/manifests/configmap.yaml b/manifests/configmap.yaml new file mode 100644 index 0000000..f38ec8d --- /dev/null +++ b/manifests/configmap.yaml @@ -0,0 +1,104 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: zitadel-config + namespace: zitadel +data: + # Replace StoreConfig.Engine with "postgres" + management.json: | + { + "Stuns": [ + { + "Proto": "udp", + "URI": "stun:$TURN_DOMAIN:3478", + "Username": "", + "Password": null + } + ], + "TURNConfig": { + "Turns": [ + { + "Proto": "udp", + "URI": "turn:$TURN_DOMAIN:3478", + "Username": "$TURN_USER", + "Password": "$TURN_PASSWORD" + } + ], + "CredentialsTTL": "12h", + "Secret": "secret", + "TimeBasedCredentials": false + }, + "Signal": { + "Proto": "$NETBIRD_SIGNAL_PROTOCOL", + "URI": "netbird.beta.halia.dev:$NETBIRD_SIGNAL_PORT", + "Username": "", + "Password": null + }, + "ReverseProxy": { + "TrustedHTTPProxies": [], + "TrustedHTTPProxiesCount": 0, + "TrustedPeers": [ + "0.0.0.0/0" + ] + }, + "Datadir": "", + "DataStoreEncryptionKey": "$NETBIRD_DATASTORE_ENC_KEY", + "StoreConfig": { + "Engine": "sqlite" + }, + "HttpConfig": { + "Address": "0.0.0.0:443", + "AuthIssuer": "$NETBIRD_AUTH_AUTHORITY", + "AuthAudience": "$NETBIRD_AUTH_AUDIENCE", + "AuthKeysLocation": "$NETBIRD_AUTH_JWT_CERTS", + "AuthUserIDClaim": "$NETBIRD_AUTH_USER_ID_CLAIM", + "CertFile":"$NETBIRD_MGMT_API_CERT_FILE", + "CertKey":"$NETBIRD_MGMT_API_CERT_KEY_FILE", + "IdpSignKeyRefreshEnabled": $NETBIRD_MGMT_IDP_SIGNKEY_REFRESH, + "OIDCConfigEndpoint":"$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT" + }, + "IdpManagerConfig": { + "ManagerType": "$NETBIRD_MGMT_IDP", + "ClientConfig": { + "Issuer": "$NETBIRD_AUTH_AUTHORITY", + "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT", + "ClientID": "$NETBIRD_IDP_MGMT_CLIENT_ID", + "ClientSecret": "$NETBIRD_IDP_MGMT_CLIENT_SECRET", + "GrantType": "client_credentials" + }, + "ExtraConfig": $NETBIRD_IDP_MGMT_EXTRA_CONFIG, + "Auth0ClientCredentials": null, + "AzureClientCredentials": null, + "KeycloakClientCredentials": null, + "ZitadelClientCredentials": null + }, + "DeviceAuthorizationFlow": { + "Provider": "$NETBIRD_AUTH_DEVICE_AUTH_PROVIDER", + + "ProviderConfig": { + "Audience": "$NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE", + "AuthorizationEndpoint": "", + "Domain": "$NETBIRD_AUTH0_DOMAIN", + "ClientID": "$NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID", + "ClientSecret": "", + "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT", + "DeviceAuthEndpoint": "$NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT", + "Scope": "$NETBIRD_AUTH_DEVICE_AUTH_SCOPE", + "UseIDToken": $NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN, + "RedirectURLs": null + } + }, + "PKCEAuthorizationFlow": { + "ProviderConfig": { + "Audience": "$NETBIRD_AUTH_PKCE_AUDIENCE", + "ClientID": "$NETBIRD_AUTH_CLIENT_ID", + "ClientSecret": "$NETBIRD_AUTH_CLIENT_SECRET", + "Domain": "", + "AuthorizationEndpoint": "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT", + "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT", + "Scope": "$NETBIRD_AUTH_SUPPORTED_SCOPES", + "RedirectURLs": [$NETBIRD_AUTH_PKCE_REDIRECT_URLS], + "UseIDToken": $NETBIRD_AUTH_PKCE_USE_ID_TOKEN + } + } + } diff --git a/manifests/database.yaml b/manifests/database.yaml new file mode 100644 index 0000000..17f00df --- /dev/null +++ b/manifests/database.yaml @@ -0,0 +1,35 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: zitadel-db + namespace: zitadel + +spec: + instances: 2 + + storage: + size: 1Gi + storageClass: redundant-storage-class + + bootstrap: + initdb: + database: zitadel + owner: zitadel + secret: + name: zitadel-db-user + + enableSuperuserAccess: true + superuserSecret: + name: zitadel-db-superuser + + postgresql: + pg_hba: + - host all all all md5 + + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..671d164 --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,61 @@ +# TODO +# +# Update var envs +# Create necessary secrets +# Explore volume organisation +# Test multiple replicas configuration + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: netbird + namespace: netbird +spec: + replicas: 1 + selector: + matchLabels: + app: netbird + template: + metadata: + labels: + app: netbird + spec: + hostname: netbird + subdomain: netbird + containers: + - name: dashboard + image: netbirdio/dashboard:v2.3.0 + ports: + - containerPort: 80 + env: + - name: NETBIRD_MGMT_API_ENDPOINT + value: "" + - name: NETBIRD_MGMT_GRPC_API_ENDPOINT + value: "" + # OIDC + - name: AUTH_AUDIENCE + value: "" + - name: AUTH_CLIENT_ID + value: "" + - name: AUTH_CLIENT_SECRET + value: "" + - name: AUTH_AUTHORITY + value: "" + - name: USE_AUTH0 + value: "" + - name: AUTH_SUPPORTED_SCOPES + value: "" + - name: AUTH_REDIRECT_URI + value: "" + - name: AUTH_SILENT_REDIRECT_URI + value: "" + - name: NETBIRD_TOKEN_SOURCE + value: "" + - name: management + image: netbirdio/management:0.27.5 + #command: [""] + ports: + - containerPort: 443 + # MISSING + # - coturn + # - signal diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml new file mode 100644 index 0000000..f4b2330 --- /dev/null +++ b/manifests/ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: netbird-ingress + namespace: netbird + annotations: + kubernetes.io/ingress.class: "traefik" +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`netbird.beta.halia.dev`) + services: + - name: netbird-svc + namespace: netbird + port: 80 + passHostHeader: true diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..f9c389a --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: netbird + +resources: + - namespace.yaml + - service.yaml + - ingress.yaml + - deployment.yaml + diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml new file mode 100644 index 0000000..db05a13 --- /dev/null +++ b/manifests/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: netbird diff --git a/manifests/secret.yaml b/manifests/secret.yaml new file mode 100644 index 0000000..e69de29 diff --git a/manifests/service.yaml b/manifests/service.yaml new file mode 100644 index 0000000..577d4c0 --- /dev/null +++ b/manifests/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: netbird-svc + namespace: netbird +spec: + ports: + - name: dashboard + port: 80 + protocol: TCP + targetPort: 8080 + - name: management + port: 443 + protocol: TCP + targetPort: 4443 + selector: + app: netbird