adding traccar to astrid

mbovo · Aug 28, 2024 · b30c51b · b30c51b
1 parent 4fabdad
commit b30c51b
Show file tree

Hide file tree

Showing 11 changed files with 176 additions and 1 deletion.
diff --git a/high/apps/traccar/helmrelease.yaml b/high/apps/traccar/helmrelease.yaml
@@ -0,0 +1,21 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traccar
+  namespace: flux-system
+spec:
+  interval: 10m
+  releaseName: traccar
+  targetNamespace: traccar
+  chart:
+    spec:
+      chart: traccar
+      sourceRef:
+        kind: HelmRepository
+        name: traccar
+        namespace: flux-system
+      interval: 10m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
diff --git a/high/apps/traccar/helmrepository.yaml b/high/apps/traccar/helmrepository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: traccar
+  namespace: flux-system
+spec:
+  interval: 1m
+  url: https://traccar.github.io/traccar-helm/
diff --git a/high/apps/traccar/kustomization.yaml b/high/apps/traccar/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrepository.yaml
+  - helmrelease.yaml
diff --git a/high/envs/astrid/traccar.yaml b/high/envs/astrid/traccar.yaml
@@ -0,0 +1,21 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: traccar
+  namespace: flux-system
+spec:
+  interval: 10m0s
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-gpg
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./high/overlays/astrid/traccar
+  prune: true
+  dependsOn:
+    - name: cert-manager
+      namespace: flux-system
+    - name: certs
+      namespace: flux-system
diff --git a/high/overlays/astrid/.sops.yaml b/high/overlays/astrid/.sops.yaml
@@ -1,4 +1,4 @@
 creation_rules:
   - path_regex: .*.yaml
-    encrypted_regex: ^(data|stringData|consumerKey|email|groupName|applicationKey|host|hosts|addresses|server|configLogicalBackup|channel|monica|mariadb|redis|config)$
+    encrypted_regex: ^(data|stringData|consumerKey|email|groupName|applicationKey|host|hosts|addresses|server|configLogicalBackup|channel|monica|mariadb|redis|config|mysql|ingress)$
     pgp: 46FAA8106554E4BAC648A9C8DAC3C1A5974CE5A1
diff --git a/high/overlays/astrid/traccar/helmrelease.yaml b/high/overlays/astrid/traccar/helmrelease.yaml
@@ -0,0 +1,11 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: traccar
+  namespace: flux-system
+spec:
+  valuesFrom:
+    - kind: ConfigMap
+      name: traccar-values
+    - kind: Secret
+      name: traccar-secrets
diff --git a/high/overlays/astrid/traccar/kustomization.yaml b/high/overlays/astrid/traccar/kustomization.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../apps/traccar/
+  - ./traefikmiddleware.yaml
+patches:
+  - path: helmrelease.yaml
+configMapGenerator:
+  - name: traccar-values
+    namespace: flux-system
+    files:
+      - values.yaml=values.yaml
+secretGenerator:
+  - name: traccar-secrets
+    namespace: flux-system
+    files:
+      - values.yaml=secrets.yaml
+configurations:
+  - kustomizeconfig.yaml
diff --git a/high/overlays/astrid/traccar/kustomizeconfig.yaml b/high/overlays/astrid/traccar/kustomizeconfig.yaml
@@ -0,0 +1,12 @@
+# Inject Configmap/Secrets generate by Kustomize into HelmRelease object
+nameReference:
+- kind: ConfigMap
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease
+- kind: Secret
+  version: v1
+  fieldSpecs:
+  - path: spec/valuesFrom/name
+    kind: HelmRelease
diff --git a/high/overlays/astrid/traccar/secrets.yaml b/high/overlays/astrid/traccar/secrets.yaml
@@ -0,0 +1,46 @@
+mysql:
+    auth:
+        database: ENC[AES256_GCM,data:z9oLRfNHwkyQ/BR0jZY=,iv:UrHH3O7VBZKvu4gT3bxEulYA+fCvEflCXDAbfIYKifo=,tag:pYCos7DzMYwn4lGZ0F5SEQ==,type:str]
+        username: ENC[AES256_GCM,data:OErVt3lsvphSUjwAjy4=,iv:Xz3OZ1Gzin4T0tsMDMDrkc4lEZBX9vtDmj1fwMpaZV8=,tag:eDuncIMmoq382vK4XChxEQ==,type:str]
+        password: ENC[AES256_GCM,data:kq/+7U+yT1BRfhAP5FE=,iv:TAAx9YLQhdLoN9KjCwMOcYt22tbWIjP3w8n0Qq/YeW0=,tag:1ygFKanBszOwSkgusvRctw==,type:str]
+ingress:
+    hosts:
+        - host: ENC[AES256_GCM,data:kosukCaE8YjL9l60Dn393b0v3g==,iv:0ddB5I5J5sViW0EqzQ25c60zvtVy0AoRhA+Vn4BvQus=,tag:dn01fuNLo9hYZKWKiuf3Pw==,type:str]
+          paths:
+            - ENC[AES256_GCM,data:IA==,iv:fGOMa8GQPG9V+i8FN9s0kO67t6cxEnonkRpw+RYh7gk=,tag:3kQJs6Di3nMhLnUicBxtPg==,type:str]
+    tls:
+        - secretName: ENC[AES256_GCM,data:l2vJztYWVxINx5E=,iv:A/XqD2QNUdvXzb/laSBqedAWHIv8jbX55W35Dj9c8dw=,tag:LsuzqsnMNYO+HT4oF5M/RQ==,type:str]
+          hosts:
+            - ENC[AES256_GCM,data:3fcOmo+/UV7AOn/siUj3nfjbUA==,iv:pwAaAj95bRbK6uZe4bWfd3sKJncd9lc3fVTekJ2o8YY=,tag:cZ5YMldS+ktR38IzGv7Duw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-08-28T21:27:23Z"
+    mac: ENC[AES256_GCM,data:tAfTkZfWvVVGBv4VpWHz3GB5lmZRxdBj5rwoN9Iqixte6L4xkkwnx0KZilWnxn4ScDt4GB4en5X7wmBqaqQmsW21OlrMZrvPjATSHW8LITdAbNJ4loj6xvzCyuCdNDK8X1nMcy3ZLkfxM0VSKmPjhh1esVwf+Rp0G5ZwLdYeWew=,iv:FDIajwEfzqosKonI0Oz4u8y0ytlfFehkEWIAkFgGoo4=,tag:+VJs8rbviNZ+EecIkVArZg==,type:str]
+    pgp:
+        - created_at: "2024-08-28T21:27:23Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAz4Gf+0qjwzrAQ/+KM4jX+CtSpi4gN9XcjX7SVSnYNGNv+O321KncWIUKc3N
+            ZCW/yyeVigPzvne7uUWL3mS+jCOZJee7twcTJ+2aqA95nme/Enm2H4whV/NnwGIs
+            nQMqGRI70v0PYeStH7yEXL1wupEB3YToSPuA2Hn3DKbrKKzHkQ/PQ+xtYjZBL/ER
+            VvDPxa4OgcaqKnriMIXU0X8Dymz8XdyoVCcCD0CyO4Lsl/a7KcH5a8K6UQDSWJLH
+            /CobmgstfUTOO/geKIfsauLQxMerIb0lctcdmboBLgavw9vewcWRUOY/dwAz1gnj
+            KvAZ6cpQG/I+RbizyBMRa5QKCb3d8U2UZkB6EI/lwSurGWQ2RDVV27lgd6V6440N
+            kNyvub9UM8BC1TWmEKVIy2I57Jpp9RRVJkHq/N8ljvrsvTLczrwedzj+2y0YXs+/
+            90+NXeyYhpV26g7Ypg78Sap2/w3M0d/3wTmdjvKPkMuTUELxyKAmleeBXD8xMrRJ
+            IFoftASnhuNC9XLbJjE5Z4YUhhwsXSK5SJCkgFepUGbo/oXlq2+5IXfE+QAwCFqz
+            sfpJoX5k4g11+p47xDBFcrmBaNqeGO7p87dzq8pWp1/xkeUGNZnT0HKmXnpNs46N
+            0Vgd/1yni/OpC8+VKrpsZAdhgtI2m4kSYfzs6E2gY9SBAUFujVTMnnpl64PxE0jU
+            aAEJAhBXgFgXdjHqY4+++U1uYbFLO9tnad/SUYvpgrPlmvStgqcF5hZPk7Mr9+MJ
+            oHlLee86IR5iMh1BSqH3TR72m362Kdf4ZJYBl45WuAXaFNkFwtg0WIxzHPFvk5nO
+            EwlUQ6UZdPq5
+            =Wm0W
+            -----END PGP MESSAGE-----
+          fp: 46FAA8106554E4BAC648A9C8DAC3C1A5974CE5A1
+    encrypted_regex: ^(data|stringData|consumerKey|email|groupName|applicationKey|host|hosts|addresses|server|configLogicalBackup|channel|monica|mariadb|redis|config|mysql|ingress)$
+    version: 3.8.1
diff --git a/high/overlays/astrid/traccar/traefikmiddleware.yaml b/high/overlays/astrid/traccar/traefikmiddleware.yaml
@@ -0,0 +1,14 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: forwardauth
+  namespace: traccar
+spec:
+  forwardAuth:
+    address: 'https://auth.k.zroot.org/oauth2'
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-Access-Token
+      - Authorization
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
diff --git a/high/overlays/astrid/traccar/values.yaml b/high/overlays/astrid/traccar/values.yaml
@@ -0,0 +1,18 @@
+image:
+  flavor: "alpine"
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/tls-acme: "true"
+    traefik.ingress.kubernetes.io/router.middlewares: traccar-forwardauth@kubernetescrd
+
+externalService:
+  type: LoadBalancer
+  enabled: true
+
+mysql:
+  enabled: true
+  primary:
+    persistence:
+      enabled: true