diff --git a/unleash/Pluralfile b/unleash/Pluralfile new file mode 100644 index 000000000..5e7ccfbb6 --- /dev/null +++ b/unleash/Pluralfile @@ -0,0 +1,7 @@ +REPO unleash +ATTRIBUTES Plural repository.yaml + +TF terraform/* +HELM helm/* +RECIPE plural/recipes/* +TAG plural/tags/**/* diff --git a/unleash/helm/unleash/.helmignore b/unleash/helm/unleash/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/unleash/helm/unleash/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/unleash/helm/unleash/Chart.lock b/unleash/helm/unleash/Chart.lock new file mode 100644 index 000000000..f0a335fb7 --- /dev/null +++ b/unleash/helm/unleash/Chart.lock @@ -0,0 +1,12 @@ +dependencies: +- name: postgres + repository: https://pluralsh.github.io/module-library + version: 0.1.16 +- name: unleash + repository: https://docs.getunleash.io/helm-charts + version: 2.8.0 +- name: oidc-config + repository: https://pluralsh.github.io/module-library + version: 0.1.6 +digest: sha256:e72b181785ed4af17a09f15eb96d8ed5eb97de0017d026e0847f2fc521317e01 +generated: "2023-04-15T13:09:41.222634+02:00" diff --git a/unleash/helm/unleash/Chart.yaml b/unleash/helm/unleash/Chart.yaml new file mode 100644 index 000000000..1c47b01d9 --- /dev/null +++ b/unleash/helm/unleash/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +name: unleash +description: helm chart for unleash +type: application +version: 0.1.0 +appVersion: 4.22.5 +dependencies: +- name: postgres + version: 0.1.16 + repository: https://pluralsh.github.io/module-library +- name: unleash + version: 2.8.0 + repository: https://docs.getunleash.io/helm-charts +- name: oidc-config + version: 0.1.6 + repository: https://pluralsh.github.io/module-library + condition: oidc-config.enabled \ No newline at end of file diff --git a/unleash/helm/unleash/README.md b/unleash/helm/unleash/README.md new file mode 100644 index 000000000..17fffd405 --- /dev/null +++ b/unleash/helm/unleash/README.md @@ -0,0 +1 @@ +A helm chart for unleash \ No newline at end of file diff --git a/unleash/helm/unleash/charts/oidc-config-0.1.6.tgz b/unleash/helm/unleash/charts/oidc-config-0.1.6.tgz new file mode 100644 index 000000000..6369d78af Binary files /dev/null and b/unleash/helm/unleash/charts/oidc-config-0.1.6.tgz differ diff --git a/unleash/helm/unleash/charts/postgres-0.1.16.tgz b/unleash/helm/unleash/charts/postgres-0.1.16.tgz new file mode 100644 index 000000000..f115c448e Binary files /dev/null and b/unleash/helm/unleash/charts/postgres-0.1.16.tgz differ diff --git a/unleash/helm/unleash/charts/unleash-2.8.0.tgz b/unleash/helm/unleash/charts/unleash-2.8.0.tgz new file mode 100644 index 000000000..e431f86a0 Binary files /dev/null and b/unleash/helm/unleash/charts/unleash-2.8.0.tgz differ diff --git a/unleash/helm/unleash/deps.yaml b/unleash/helm/unleash/deps.yaml new file mode 100644 index 000000000..ad83d8c23 --- /dev/null +++ b/unleash/helm/unleash/deps.yaml @@ -0,0 +1,34 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + application: true + description: Deploys unleash crafted for the target cloud +spec: + dependencies: + - type: helm + name: bootstrap + repo: bootstrap + version: '>= 0.5.1' + - type: helm + name: ingress-nginx + repo: ingress-nginx + version: ">= 0.1.2" + - type: helm + name: postgres + repo: postgres + version: ">= 0.1.6" + - type: terraform + name: aws + repo: unleash + version: '>= 0.1.0' + optional: true + - type: terraform + name: azure + repo: unleash + version: '>= 0.1.0' + optional: true + - type: terraform + name: gcp + repo: unleash + version: '>= 0.1.0' + optional: true \ No newline at end of file diff --git a/unleash/helm/unleash/templates/_helpers.tpl b/unleash/helm/unleash/templates/_helpers.tpl new file mode 100644 index 000000000..d7f6e53c9 --- /dev/null +++ b/unleash/helm/unleash/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "unleash-plural.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "unleash-plural.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "unleash-plural.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "unleash-plural.labels" -}} +helm.sh/chart: {{ include "unleash-plural.chart" . }} +{{ include "unleash-plural.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "unleash-plural.selectorLabels" -}} +app.kubernetes.io/name: {{ include "unleash-plural.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "unleash-plural.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "unleash-plural.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/unleash/helm/unleash/templates/ingress.yaml b/unleash/helm/unleash/templates/ingress.yaml new file mode 100644 index 000000000..8a13fb344 --- /dev/null +++ b/unleash/helm/unleash/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := index .Values "oidc-config" "service" "name" -}} +{{- $svcPort := index .Values "oidc-config" "service" "webPort" -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "unleash-plural.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/unleash/helm/unleash/templates/postgres-secrets.yaml b/unleash/helm/unleash/templates/postgres-secrets.yaml new file mode 100644 index 000000000..4910a798b --- /dev/null +++ b/unleash/helm/unleash/templates/postgres-secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: unleash.plural-postgres-unleash.credentials.postgresql.acid.zalan.do + labels: +{{ include "unleash-plural.labels" . | indent 4 }} +stringData: + username: {{ .Values.postgres.user }} + password: {{ .Values.postgres.password }} diff --git a/unleash/helm/unleash/values.yaml b/unleash/helm/unleash/values.yaml new file mode 100644 index 000000000..3978eb6fb --- /dev/null +++ b/unleash/helm/unleash/values.yaml @@ -0,0 +1,42 @@ +# Default values for unleash. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +postgres: + team: plural + user: unleash + dbName: unleash + ownerChart: unleash + infix: '-postgres' + password: REPLACE_ME + +unleash: + image: + repository: dkr.plural.sh/unleash/unleashorg/unleash-server + pullPolicy: IfNotPresent + tag: 4.22.5 + postgresql: + enabled: false + dbConfig: + host: plural-postgres-unleash + database: unleash + user: unleash + useExistingSecret: + name: unleash.plural-postgres-unleash.credentials.postgresql.acid.zalan.do + key: password + ssl: '{\"rejectUnauthorized\": false}' + +oidc-config: + enabled: false + service: + name: unleash-oauth2-proxy + selector: + app.kubernetes.io/instance: unleash + app.kubernetes.io/name: unleash + secret: + upstream: http://localhost:4242 + env: + OAUTH2_PROXY_UPSTREAM_TIMEOUT: '120s' + +ingress: + enabled: false \ No newline at end of file diff --git a/unleash/helm/unleash/values.yaml.tpl b/unleash/helm/unleash/values.yaml.tpl new file mode 100644 index 000000000..3650d910f --- /dev/null +++ b/unleash/helm/unleash/values.yaml.tpl @@ -0,0 +1,80 @@ +{{ $unleashPgPwd := dedupe . "unleash.postgres.password" (randAlphaNum 20) }} + +postgres: + password: {{ $unleashPgPwd }} + +unleash: + {{- if .OIDC }} + ingress: + enabled: false + {{ else }} + ingress: + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: {{ .Values.hostname }} + paths: + - path: '/' + pathType: ImplementationSpecific + tls: + - secretName: unleash-tls + hosts: + - {{ .Values.hostname }} + {{ end }} + env: + - name: UNLEASH_URL + value: {{ .Values.hostname }} + {{ if .SMTP }} + - name: EMAIL_SERVER_HOST + value: {{ .SMTP.Server }} + - name: EMAIL_SERVER_USER + value: {{ .SMTP.User }} + - name: EMAIL_SERVER_PASSWORD + value: {{ .SMTP.Password }} + - name: EMAIL_SERVER_PORT + value: {{ .SMTP.Port }} + - name: EMAIL_FROM + value: {{ .SMTP.Sender }} + {{ end }} +{{ if .OIDC }} + - name: AUTH_TYPE + value: none + podLabels: + security.plural.sh/inject-oauth-sidecar: "true" + podAnnotations: + security.plural.sh/oauth-env-secret: "unleash-proxy-config" + {{ if .Values.users }} + security.plural.sh/htpasswd-secret: httpaswd-users + {{ end }} +{{ $prevSecret := dedupe . "unleash.oidc-config.cookieSecret" (randAlphaNum 32) }} +oidc-config: + enabled: true + secret: + name: unleash-proxy-config + issuer: {{ .OIDC.Configuration.Issuer }} + clientID: {{ .OIDC.ClientId }} + clientSecret: {{ .OIDC.ClientSecret }} + cookieSecret: {{ dedupe . "unleash.oidc-config.secret.cookieSecret" $prevSecret }} + {{ if .Values.users }} + users: + {{ toYaml .Values.users | nindent 4 }} + {{ end }} +ingress: + enabled: true + className: "nginx" + annotations: + kubernetes.io/tls-acme: "true" + cert-manager.io/cluster-issuer: letsencrypt-prod + hosts: + - host: {{ .Values.hostname }} + paths: + - path: '/' + pathType: ImplementationSpecific + tls: + - secretName: unleash-tls + hosts: + - {{ .Values.hostname }} +{{ end }} \ No newline at end of file diff --git a/unleash/plural/icons/unleash.png b/unleash/plural/icons/unleash.png new file mode 100644 index 000000000..6ca67a49d Binary files /dev/null and b/unleash/plural/icons/unleash.png differ diff --git a/unleash/plural/notes.tpl b/unleash/plural/notes.tpl new file mode 100644 index 000000000..68fd6dcc9 --- /dev/null +++ b/unleash/plural/notes.tpl @@ -0,0 +1,8 @@ +Your unleash installation is available at https://{{ .Values.hostname }} +{{ if .OIDC }} +Your unleash installation has been configured with OAuth against your plural account! +{{ else }} +You are using standard username/password authentication, so user management will be manual. +The default login is admin/unleash4all. We recommend to change it at https://{{ .Values.hostname }}/profile/change-password +We strongly recommend that you consider installing with OIDC enabled. +{{ end }} diff --git a/unleash/plural/recipes/unleash-aws.yaml b/unleash/plural/recipes/unleash-aws.yaml new file mode 100644 index 000000000..204e5ffce --- /dev/null +++ b/unleash/plural/recipes/unleash-aws.yaml @@ -0,0 +1,23 @@ +name: unleash-aws +description: Installs unleash on an aws eks cluster +provider: AWS +oidcSettings: + uriFormat: https://{domain}/oauth2/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: aws-k8s +- repo: ingress-nginx + name: ingress-nginx-aws +sections: +- name: unleash + configuration: + - name: hostname + documentation: FQDN to use for your unleash installation + type: DOMAIN + items: + - type: TERRAFORM + name: aws + - type: HELM + name: unleash diff --git a/unleash/plural/recipes/unleash-azure.yaml b/unleash/plural/recipes/unleash-azure.yaml new file mode 100644 index 000000000..7a5bc36f0 --- /dev/null +++ b/unleash/plural/recipes/unleash-azure.yaml @@ -0,0 +1,23 @@ +name: unleash-azure +description: Installs unleash on an azure aks cluster +provider: AZURE +oidcSettings: + uriFormat: https://{domain}/oauth2/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: azure-k8s +- repo: ingress-nginx + name: ingress-nginx-azure +sections: +- name: unleash + configuration: + - name: hostname + documentation: FQDN to use for your unleash installation + type: DOMAIN + items: + - type: TERRAFORM + name: azure + - type: HELM + name: unleash diff --git a/unleash/plural/recipes/unleash-gcp.yaml b/unleash/plural/recipes/unleash-gcp.yaml new file mode 100644 index 000000000..0d892630e --- /dev/null +++ b/unleash/plural/recipes/unleash-gcp.yaml @@ -0,0 +1,23 @@ +name: unleash-gcp +description: Installs unleash on an gcp gke cluster +provider: GCP +oidcSettings: + uriFormat: https://{domain}/oauth2/callback + authMethod: POST + domainKey: hostname +dependencies: +- repo: bootstrap + name: gcp-k8s +- repo: ingress-nginx + name: ingress-nginx-gcp +sections: +- name: unleash + configuration: + - name: hostname + documentation: FQDN to use for your unleash installation + type: DOMAIN + items: + - type: TERRAFORM + name: gcp + - type: HELM + name: unleash diff --git a/unleash/repository.yaml b/unleash/repository.yaml new file mode 100644 index 000000000..c1b9cdf16 --- /dev/null +++ b/unleash/repository.yaml @@ -0,0 +1,14 @@ +name: unleash +description: Simplify your code production through the world’s largest open-source feature management platform. +category: PRODUCTIVITY +private: true +releaseStatus: ALPHA +icon: plural/icons/unleash.png +notes: plural/notes.tpl +homepage: https://www.getunleash.io/ +gitUrl: https://github.com/Unleash/unleash +oauthSettings: + uriFormat: https://{domain}/oauth2/callback + authMethod: POST +contributors: +- walkoss@pm.me diff --git a/unleash/terraform/aws/deps.yaml b/unleash/terraform/aws/deps.yaml new file mode 100644 index 000000000..cb91f065c --- /dev/null +++ b/unleash/terraform/aws/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: unleash aws setup + version: 0.1.0 +spec: + dependencies: + - name: aws-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - aws \ No newline at end of file diff --git a/unleash/terraform/aws/main.tf b/unleash/terraform/aws/main.tf new file mode 100644 index 000000000..c85c76396 --- /dev/null +++ b/unleash/terraform/aws/main.tf @@ -0,0 +1,30 @@ +resource "kubernetes_namespace" "unleash" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "unleash" + "platform.plural.sh/sync-target" = "pg" + } + } +} + + +data "aws_iam_role" "postgres" { + name = "${var.cluster_name}-postgres" +} + +resource "kubernetes_service_account" "postgres" { + metadata { + name = "postgres-pod" + namespace = var.namespace + + annotations = { + "eks.amazonaws.com/role-arn" = data.aws_iam_role.postgres.arn + } + } + + depends_on = [ + kubernetes_namespace.unleash + ] +} diff --git a/unleash/terraform/aws/terraform.tfvars b/unleash/terraform/aws/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/unleash/terraform/aws/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/unleash/terraform/aws/variables.tf b/unleash/terraform/aws/variables.tf new file mode 100644 index 000000000..811491ab1 --- /dev/null +++ b/unleash/terraform/aws/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "unleash" +} + +variable "cluster_name" { + type = string +} diff --git a/unleash/terraform/azure/deps.yaml b/unleash/terraform/azure/deps.yaml new file mode 100644 index 000000000..a8402a861 --- /dev/null +++ b/unleash/terraform/azure/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: unleash azure setup + version: 0.1.0 +spec: + dependencies: + - name: azure-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - azure \ No newline at end of file diff --git a/unleash/terraform/azure/main.tf b/unleash/terraform/azure/main.tf new file mode 100644 index 000000000..75893355d --- /dev/null +++ b/unleash/terraform/azure/main.tf @@ -0,0 +1,11 @@ +resource "kubernetes_namespace" "unleash" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "unleash" + "platform.plural.sh/sync-target" = "pg" + } + } +} + diff --git a/unleash/terraform/azure/terraform.tfvars b/unleash/terraform/azure/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/unleash/terraform/azure/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/unleash/terraform/azure/variables.tf b/unleash/terraform/azure/variables.tf new file mode 100644 index 000000000..811491ab1 --- /dev/null +++ b/unleash/terraform/azure/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "unleash" +} + +variable "cluster_name" { + type = string +} diff --git a/unleash/terraform/gcp/deps.yaml b/unleash/terraform/gcp/deps.yaml new file mode 100644 index 000000000..346eebf54 --- /dev/null +++ b/unleash/terraform/gcp/deps.yaml @@ -0,0 +1,13 @@ +apiVersion: plural.sh/v1alpha1 +kind: Dependencies +metadata: + description: unleash gcp setup + version: 0.1.0 +spec: + dependencies: + - name: gcp-bootstrap + repo: bootstrap + type: terraform + version: '>= 0.1.1' + providers: + - gcp \ No newline at end of file diff --git a/unleash/terraform/gcp/main.tf b/unleash/terraform/gcp/main.tf new file mode 100644 index 000000000..75893355d --- /dev/null +++ b/unleash/terraform/gcp/main.tf @@ -0,0 +1,11 @@ +resource "kubernetes_namespace" "unleash" { + metadata { + name = var.namespace + labels = { + "app.kubernetes.io/managed-by" = "plural" + "app.plural.sh/name" = "unleash" + "platform.plural.sh/sync-target" = "pg" + } + } +} + diff --git a/unleash/terraform/gcp/terraform.tfvars b/unleash/terraform/gcp/terraform.tfvars new file mode 100644 index 000000000..961103ecf --- /dev/null +++ b/unleash/terraform/gcp/terraform.tfvars @@ -0,0 +1,2 @@ +namespace = {{ .Namespace | quote }} +cluster_name = {{ .Cluster | quote }} \ No newline at end of file diff --git a/unleash/terraform/gcp/variables.tf b/unleash/terraform/gcp/variables.tf new file mode 100644 index 000000000..811491ab1 --- /dev/null +++ b/unleash/terraform/gcp/variables.tf @@ -0,0 +1,8 @@ +variable "namespace" { + type = string + default = "unleash" +} + +variable "cluster_name" { + type = string +} diff --git a/unleash/vendor_images.yaml b/unleash/vendor_images.yaml new file mode 100644 index 000000000..51937e71f --- /dev/null +++ b/unleash/vendor_images.yaml @@ -0,0 +1,4 @@ +docker.io: + images: + unleashorg/unleash-server: + - "4.22.5"