diff --git a/docs/advanced/plugins.md b/docs/advanced/plugins.md
index 3cfa45ddd5..2812c30753 100644
--- a/docs/advanced/plugins.md
+++ b/docs/advanced/plugins.md
@@ -388,12 +388,6 @@ Official plugins are here [plugins/contrib/](https://github.com/socialgouv/konti
- [charts/maildev](https://github.com/socialgouv/kontinuous/blob/master/plugins/fabrique/charts/maildev)
deploy an instance of [maildev](https://github.com/maildev/maildev)
- - [charts/metabase](https://github.com/socialgouv/kontinuous/blob/master/plugins/fabrique/charts/metabase)
- deploy an instance of [metabase](https://www.metabase.com/)
-
- - [charts/oauth2-proxy](https://github.com/socialgouv/kontinuous/blob/master/plugins/fabrique/charts/oauth2-proxy)
- deploy an instance of [oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy)
-
- [charts/redis](https://github.com/socialgouv/kontinuous/blob/master/plugins/fabrique/charts/redis)
deploy an instance of [redis](https://redis.io/)
- [patches/cert-letsencrypt-issuer](https://github.com/socialgouv/kontinuous/blob/master/plugins/fabrique/patches/cert-letsencrypt-issuer.js)
diff --git a/docs/faq.md b/docs/faq.md
index b3028384fc..f5292f8531 100644
--- a/docs/faq.md
+++ b/docs/faq.md
@@ -194,54 +194,6 @@ jobs:
context: packages/api
```
-## Add an oauth2 proxy to protect some application
-
-You can delegate application authentication to [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy) that can connect to multiple identity providers like GitHub, Azure, AD, KeyCloak...
-
-This has many security advantages :
-
-- hides all your application from external users
-- delegates all security processes to state-of-the-art providers
-- application can receive verifiable user identity
-
-You'll have to disable the default application ingress and replace it with `oauth2-proxy` one then register your application, see [compatible providers](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider).
-
-```mermaid
-graph LR
-Internet["🌍" Internet]-->Proxy["🔒" Proxy]
-subgraph Cluster
-Proxy-->WebApp["🧑💼" WebApp]
-Proxy<-->IDP["🔑" Identity providers]
-end
-```
-
-In `.kontinuous/values.yaml` :
-
-```yaml
-# Application to protect
-metabase:
- ingress:
- enabled: false # disable ingress (internet exposition)
- # metabase secrets and settings
- envFrom:
- - secretRef:
- name: metabase
-
-oauth2-proxy:
- # public URL that will show metabase once loggedin
- host: "metabase.myapp.somewhere.fr"
- # internal protected service URL
- upstream: http://metabase
- # oauth2-proxy secrets and settings
- envFrom:
- - secretRef:
- name: oauth2-proxy
- env:
- - name: OAUTH2_PROXY_PROVIDER
- value: github
- - name: OAUTH2_PROXY_GITHUB_ORG
- value: some-org
-```
**NOTE** in this example, only users from `some-org` GitHub organisation can access the metabase, but they also have to login on the metabase separately.
diff --git a/docs/values.schema.json b/docs/values.schema.json
index 88700d139e..7b76e9d9bb 100644
--- a/docs/values.schema.json
+++ b/docs/values.schema.json
@@ -5,8 +5,7 @@
"type": "object",
"patternProperties": {
"^pg-.*": {
- "allOf": [
- {
+ "allOf": [{
"$ref": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/fabrique/charts/pg/kontinuous.values.schema.json"
},
{
@@ -20,8 +19,7 @@
]
},
"^app-.*": {
- "allOf": [
- {
+ "allOf": [{
"$ref": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/contrib/charts/app/kontinuous.values.schema.json"
},
{
@@ -38,8 +36,7 @@
"additionalProperties": {
"type": "object",
"title": "Additional helm chart",
- "allOf": [
- {
+ "allOf": [{
"if": {
"required": ["~chart"],
"properties": {
@@ -78,19 +75,6 @@
"$ref": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/contrib/charts/jobs/kontinuous.values.schema.json"
}
},
- {
- "if": {
- "required": ["~chart"],
- "properties": {
- "~chart": {
- "const": "oauth2-proxy"
- }
- }
- },
- "then": {
- "$ref": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/contrib/charts/oauth2-proxy/values.schema.json"
- }
- },
{
"if": {
"required": ["~chart"]
@@ -188,7 +172,10 @@
}
},
- "project": { "type": "object", "additionalProperties": true },
+ "project": {
+ "type": "object",
+ "additionalProperties": true
+ },
"jobs": {
"$ref": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/contrib/charts/jobs/kontinuous.values.schema.json"
@@ -203,8 +190,7 @@
"description": "Kontinuous chart to use",
"type": "string",
"default": "app",
- "anyOf": [
- {
+ "anyOf": [{
"type": "string",
"markdownDescription": "Bring your own helm chart. \n\nYou should have an entry with the same name in your `./Chart.yaml`.\n\nSee https://socialgouv.github.io/kontinuous/#/./faq?id=add-a-custom-helm-chart"
},
@@ -220,10 +206,6 @@
"const": "hasura",
"markdownDescription": "The [hasura chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/contrib/charts/hasura) deploys an [hasura](https://hasura.io) instance"
},
- {
- "const": "metabase",
- "markdownDescription": "The [metabase chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/contrib/charts/metabase) deploys a [metabase](https://metabase.com) instance"
- },
{
"const": "pgweb",
"markdownDescription": "The [pgweb chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/fabrique/charts/pgweb) deploys a [pgweb](https://github.com/sosedoff/pgweb) instance"
@@ -232,10 +214,6 @@
"const": "maildev",
"markdownDescription": "The [maildev chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/fabrique/charts/maildev) deploys a [maildev](https://github.com/maildev/maildev) instance"
},
- {
- "const": "oauth2-proxy",
- "markdownDescription": "The [oauth2-proxy chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/contrib/charts/oauth2-proxy) deploys an [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) instance"
- },
{
"const": "redis",
"markdownDescription": "The [redis chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/contrib/charts/redis) deploys an [redis](https://oauth2-proxy.github.io/redis/) instance"
@@ -259,4 +237,4 @@
"required": ["~chart"]
}
}
-}
+}
\ No newline at end of file
diff --git a/packages/kontinuous/tests/__snapshots__/ingress-external-domain.prod.yaml b/packages/kontinuous/tests/__snapshots__/ingress-external-domain.prod.yaml
index 2e783c7008..f73ccc8e39 100644
--- a/packages/kontinuous/tests/__snapshots__/ingress-external-domain.prod.yaml
+++ b/packages/kontinuous/tests/__snapshots__/ingress-external-domain.prod.yaml
@@ -78,117 +78,90 @@ metadata:
namespace: test-ingress-external-domain
automountServiceAccountToken: false
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- component: metabase
- application: test-ingress-external-domain
- kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
- kontinuous/deployment.env: test-ingress-external-domain-prod
- kontinuous/ref: feature-branch-1
- kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: configmap-metabase-1tfah3wb
- app.kubernetes.io/manifest-managed-by: kontinuous
- app.kubernetes.io/manifest-created-by: kontinuous
- name: metabase
- namespace: test-ingress-external-domain
- annotations:
- kontinuous/chartPath: project.fabrique.contrib.metabase
- kontinuous/source: project/charts/fabrique/charts/contrib/charts/metabase/templates/configmap.yaml
- kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
-data:
- MB_APPLICATION_NAME: metabase
- MB_DB_TYPE: postgres
- MB_ADMIN_EMAIL: admin@fabrique.social.gouv.fr
- MB_ANON_TRACKING_ENABLED: \\"false\\"
- MB_APPLICATION_LOGO_URL: https://socialgouv.github.io/support/_media/marianne.jpeg
- MB_EMAIL_FROM_ADDRESS: contact@fabrique.social.gouv.fr
- MB_EMAIL_FROM_NAME: Fabrique numérique des ministères sociaux
- MB_ENABLE_EMBEDDING: \\"true\\"
- MB_ENABLE_PUBLIC_SHARING: \\"true\\"
- MB_SITE_LOCALE: fr
- MB_START_OF_WEEK: monday
- MB_SITE_NAME: Fabrique numérique des ministères sociaux
- MB_SITE_URL: https://some.external.host
- MB_PASSWORD_COMPLEXITY: strong
----
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
- component: metabase
+ component: app
application: test-ingress-external-domain
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
kontinuous/deployment.env: test-ingress-external-domain-prod
kontinuous/ref: feature-branch-1
kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: deployment-metabase-5wn3odrk
+ kontinuous/resourceName: deployment-app-55fzcjih
app.kubernetes.io/manifest-managed-by: kontinuous
app.kubernetes.io/manifest-created-by: kontinuous
- name: metabase
+ name: app
namespace: test-ingress-external-domain
annotations:
- kontinuous/chartPath: project.fabrique.contrib.metabase
- kontinuous/source: project/charts/fabrique/charts/contrib/charts/metabase/templates/deployment.yaml
+ kontinuous/chartPath: project.fabrique.contrib.app
+ kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/deployment.yaml
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
- kontinuous/depname.full: project.fabrique.contrib.metabase.deployment.metabase
- kontinuous/depname.chartResource: metabase.deployment.metabase
- kontinuous/depname.chartName: metabase
- kontinuous/depname.chartPath: project.fabrique.contrib.metabase
- kontinuous/depname.resourcePath: deployment.metabase
- kontinuous/depname.resourceName: metabase
- kontinuous/depname.chartNameTopFull: metabase
- kontinuous/depname.chartNameTop: metabase
+ kontinuous/depname.full: project.fabrique.contrib.app.deployment.app
+ kontinuous/depname.chartResource: app.deployment.app
+ kontinuous/depname.chartName: app
+ kontinuous/depname.chartPath: project.fabrique.contrib.app
+ kontinuous/depname.resourcePath: deployment.app
+ kontinuous/depname.resourceName: app
+ kontinuous/depname.chartNameTopFull: app
+ kontinuous/depname.chartNameTop: app
kontinuous/plugin.log: \\"false\\"
reloader.stakater.com/auto: \\"true\\"
spec:
- replicas: 1
+ replicas: 2
selector:
matchLabels:
- component: metabase
+ component: app
+ strategy:
+ type: RollingUpdate
template:
metadata:
labels:
- component: metabase
+ component: app
+ application: test-ingress-external-domain
+ namespace: test-ingress-external-domain
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
kontinuous/deployment.env: test-ingress-external-domain-prod
kontinuous/ref: feature-branch-1
kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: deployment-metabase-5wn3odrk
+ kontinuous/resourceName: deployment-app-55fzcjih
app.kubernetes.io/manifest-managed-by: kontinuous
app.kubernetes.io/manifest-created-by: kontinuous
annotations:
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- runAsNonRoot: true
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: namespace
+ operator: In
+ values:
+ - test-ingress-external-domain
+ - key: component
+ operator: In
+ values:
+ - app
+ topologyKey: kubernetes.io/hostname
containers:
- - image: metabase/metabase:v0.47.0
- name: metabase
- securityContext:
- allowPrivilegeEscalation: false
- envFrom:
- - configMapRef:
- name: metabase
+ - image: harbor.fabrique.social.gouv.fr/test-ingress-external-domain/app:prod
+ name: app
ports:
- containerPort: 3000
name: http
- startupProbe:
- failureThreshold: 30
+ livenessProbe:
+ failureThreshold: 15
httpGet:
- path: /api/health
+ path: /index.html
port: http
- periodSeconds: 10
- initialDelaySeconds: 60
- successThreshold: 1
- timeoutSeconds: 10
+ initialDelaySeconds: 30
+ periodSeconds: 5
+ timeoutSeconds: 5
readinessProbe:
exec:
command:
@@ -196,21 +169,19 @@ spec:
- /var/run/readiness-check/readiness-file
initialDelaySeconds: 5
periodSeconds: 5
- livenessProbe:
- failureThreshold: 6
+ startupProbe:
+ failureThreshold: 12
httpGet:
- path: /api/health
+ path: /index.html
port: http
- initialDelaySeconds: 30
periodSeconds: 5
- timeoutSeconds: 5
resources:
limits:
- cpu: 1000m
- memory: 2048Mi
+ cpu: 1
+ memory: 1Gi
requests:
- cpu: 500m
- memory: 512Mi
+ cpu: 81m
+ memory: 262Mi
lifecycle:
postStart:
exec:
@@ -235,21 +206,21 @@ apiVersion: v1
kind: Service
metadata:
labels:
- component: metabase
+ component: app
application: test-ingress-external-domain
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
kontinuous/deployment.env: test-ingress-external-domain-prod
kontinuous/ref: feature-branch-1
kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: service-metabase-5idimw41
+ kontinuous/resourceName: service-app-46z2o1vv
app.kubernetes.io/manifest-managed-by: kontinuous
app.kubernetes.io/manifest-created-by: kontinuous
- name: metabase
+ name: app
namespace: test-ingress-external-domain
annotations:
- kontinuous/chartPath: project.fabrique.contrib.metabase
- kontinuous/source: project/charts/fabrique/charts/contrib/charts/metabase/templates/service.yaml
+ kontinuous/chartPath: project.fabrique.contrib.app
+ kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/service.yaml
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
spec:
ports:
@@ -257,7 +228,7 @@ spec:
port: 80
targetPort: 3000
selector:
- component: metabase
+ component: app
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
@@ -265,21 +236,21 @@ kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
- kontinuous/chartPath: project.fabrique.contrib.metabase
- kontinuous/source: project/charts/fabrique/charts/contrib/charts/metabase/templates/ingress.yaml
+ kontinuous/chartPath: project.fabrique.contrib.app
+ kontinuous/source: project/charts/fabrique/charts/contrib/charts/app/templates/ingress.yaml
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
labels:
- component: metabase
+ component: app
application: test-ingress-external-domain
kontinuous/deployment: test-ingress-external-domain-feature-branch-1-ffac537-4dx6300n
kontinuous/deployment.env: test-ingress-external-domain-prod
kontinuous/ref: feature-branch-1
kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: ingress-metabase-5ybj4te8
+ kontinuous/resourceName: ingress-app-b4kcj2bx
app.kubernetes.io/manifest-managed-by: kontinuous
app.kubernetes.io/manifest-created-by: kontinuous
- name: metabase
+ name: app
namespace: test-ingress-external-domain
spec:
rules:
@@ -288,7 +259,7 @@ spec:
paths:
- backend:
service:
- name: metabase
+ name: app
port:
name: http
path: /
@@ -296,6 +267,6 @@ spec:
tls:
- hosts:
- some.external.host
- secretName: metabase-crt
+ secretName: app-crt
"
`;
diff --git a/packages/kontinuous/tests/__snapshots__/repo.domifa.prod.yaml b/packages/kontinuous/tests/__snapshots__/repo.domifa.prod.yaml
index 97e8f2776a..d0a5221c67 100644
--- a/packages/kontinuous/tests/__snapshots__/repo.domifa.prod.yaml
+++ b/packages/kontinuous/tests/__snapshots__/repo.domifa.prod.yaml
@@ -112,63 +112,6 @@ data:
DOMIFA_LOG_HTTP_REQUESTS: \\"true\\"
DOMIFA_LOG_SQL_REQUESTS: \\"true\\"
---
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: metabase-configmap
- annotations:
- kontinuous/chartPath: project
- kontinuous/source: project/templates/metabase.configmap.yaml
- kontinuous/deployment: test-repo-domifa-feature-branch-1-ffac537e6cbbf934b08-2xrjelak
- labels:
- kontinuous/deployment: test-repo-domifa-feature-branch-1-ffac537e6cbbf934b08-2xrjelak
- kontinuous/deployment.env: test-repo-domifa-prod-26ul0o86
- kontinuous/ref: feature-branch-1
- kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: configmap-metabase-configmap-5ikgrlqv
- app.kubernetes.io/manifest-managed-by: kontinuous
- app.kubernetes.io/manifest-created-by: kontinuous
- namespace: test-repo.domifa
-data:
- MB_DB_TYPE: postgres
- MB_ADMIN_EMAIL: contact@fabrique.social.gouv.fr
- MB_ANON_TRACKING_ENABLED: \\"false\\"
- MB_APPLICATION_LOGO_URL: https://socialgouv.github.io/support/_media/marianne.jpeg
- MB_APPLICATION_NAME: metabase-domifa
- MB_EMAIL_FROM_ADDRESS: contact@fabrique.social.gouv.fr
- MB_ENABLE_EMBEDDING: \\"true\\"
- MB_ENABLE_PUBLIC_SHARING: \\"true\\"
- MB_SITE_LOCALE: fr
- MB_SITE_NAME: Fabrique des ministères sociaux
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: oauth2-proxy-configmap
- namespace: domifa
- annotations:
- kontinuous/chartPath: project
- kontinuous/source: project/templates/oauth2-proxy.configmap.yml
- kontinuous/deployment: test-repo-domifa-feature-branch-1-ffac537e6cbbf934b08-2xrjelak
- labels:
- kontinuous/deployment: test-repo-domifa-feature-branch-1-ffac537e6cbbf934b08-2xrjelak
- kontinuous/deployment.env: test-repo-domifa-prod-26ul0o86
- kontinuous/ref: feature-branch-1
- kontinuous/gitSha: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/appVersion: ffac537e6cbbf934b08745a378932722df287a53
- kontinuous/resourceName: configmap-oauth2-proxy-configmap-3dmrzk31
- app.kubernetes.io/manifest-managed-by: kontinuous
- app.kubernetes.io/manifest-created-by: kontinuous
-data:
- OAUTH2_PROXY_PROVIDER: github
- OAUTH2_PROXY_GITHUB_ORG: SocialGouv
- OAUTH2_PROXY_BANNER: Domifa private access
- OAUTH2_PROXY_FOOTER: SocialGouv auth
- OAUTH2_PROXY_EMAIL_DOMAINS: \\"*\\"
- OAUTH2_PROXY_COOKIE_SECURE: \\"false\\"
- OAUTH2_PROXY_CUSTOM_SIGN_IN_LOGO: https://socialgouv.github.io/support/_media/marianne.jpeg
----
apiVersion: batch/v1
kind: Job
metadata:
diff --git a/packages/kontinuous/tests/samples/ingress-external-domain/env/prod/values.yaml b/packages/kontinuous/tests/samples/ingress-external-domain/env/prod/values.yaml
index 10a6fddbda..3e270c6f4c 100644
--- a/packages/kontinuous/tests/samples/ingress-external-domain/env/prod/values.yaml
+++ b/packages/kontinuous/tests/samples/ingress-external-domain/env/prod/values.yaml
@@ -1,3 +1,3 @@
-metabase:
+app:
enabled: true
host: some.external.host
diff --git a/packages/kontinuous/tests/samples/metabase/config.yaml b/packages/kontinuous/tests/samples/metabase/config.yaml
deleted file mode 100644
index 9845f82e1b..0000000000
--- a/packages/kontinuous/tests/samples/metabase/config.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-dependencies:
- fabrique:
- import: socialgouv/kontinuous/plugins/fabrique
- dependencies:
- contrib:
- validators:
- sealedSecrets:
- enabled: false
\ No newline at end of file
diff --git a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.configmap.yaml b/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.configmap.yaml
deleted file mode 100644
index 109dde2cf7..0000000000
--- a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.configmap.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: metabase1-configmap
-data:
- METABASE_ENV: "production"
diff --git a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.sealed-secret.yaml b/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.sealed-secret.yaml
deleted file mode 100644
index aa6d781e2e..0000000000
--- a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase1.sealed-secret.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: metabase1-sealed-secret
-spec:
- encryptedData:
- METABASE_SECRET: AgBc+UqJhU2ZBfuplyiI3pPekRjm36i62WYR1lVpM9PIwK636R78mpfckIeGU09qKAxWGYBqtYtvNP3lTG8OwEUqKLnUxZPZKbtwc78GwzEzaPpnWmM+j78uBDxqHDiW+jKwnD/6XiWxsfyd1ZU/qS0LDEJBnVRoDyUI0NxzFWLxG8ylr6oK3q+oD3338D588TimklZGOvRm/hI95d5uwKsYPz0zYOj28pgHzNMVycreOXi9l562agyg2hdb8AkFD41utLEURxJOomJUl2xZIjv6FX++R9OJQzRsX6WsCAkLZPO7VEi1cvG6QzPf/uchwystfQfW5c+5ofVJer5mLJJjFcO8OfNbsg/JYlndv4F90cjH2dojSHv/qH/ddpObPgkDpVzCljdTvrir5bl3z3KeqLb20ja1hLJlwOue4zHDCQ6Fwza8VN6BjbHZLYhOO5qlYfWezjwt+B6RdFVzD8wu2JbuWsJo5w2HhMl2Nckar1B8CPxzgRXnFwc/QsFTDXOXX+rtxnC4FJfffZ/2frV745c642AhOArDxk8OGDFkrexr5OMv0iJcY15cl6K9dfZWOKfFd5mxfWFhDWUSAoUZJsz4uVxpTCCoSJBe8Nf1aKk7PkZ+bXtV5bpuktySoPh0hG1M1dUg0WsSC2i6zp75AUxVW6c4GG7d9FMsTHIwyD7fEbV3TMRanSRFYNPOmft/oI7Q3oNGOGg26KCtX414FG02EnpmrttHQguY7cnHGG7i7s8mnyGv
- template:
- metadata:
- creationTimestamp: null
- name: metabase1-sealed-secret
- type: Opaque
diff --git a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.configmap.yaml b/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.configmap.yaml
deleted file mode 100644
index 7d368be0a2..0000000000
--- a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.configmap.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: metabase2-configmap
-data:
- METABASE_ENV: "production"
diff --git a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.sealed-secret.yaml b/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.sealed-secret.yaml
deleted file mode 100644
index 3c1fc8df9e..0000000000
--- a/packages/kontinuous/tests/samples/metabase/env/prod/templates/metabase2.sealed-secret.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
- creationTimestamp: null
- name: metabase2-sealed-secret
-spec:
- encryptedData:
- METABASE_SECRET: AgBc+UqJhU2ZBfuplyiI3pPekRjm36i62WYR1lVpM9PIwK636R78mpfckIeGU09qKAxWGYBqtYtvNP3lTG8OwEUqKLnUxZPZKbtwc78GwzEzaPpnWmM+j78uBDxqHDiW+jKwnD/6XiWxsfyd1ZU/qS0LDEJBnVRoDyUI0NxzFWLxG8ylr6oK3q+oD3338D588TimklZGOvRm/hI95d5uwKsYPz0zYOj28pgHzNMVycreOXi9l562agyg2hdb8AkFD41utLEURxJOomJUl2xZIjv6FX++R9OJQzRsX6WsCAkLZPO7VEi1cvG6QzPf/uchwystfQfW5c+5ofVJer5mLJJjFcO8OfNbsg/JYlndv4F90cjH2dojSHv/qH/ddpObPgkDpVzCljdTvrir5bl3z3KeqLb20ja1hLJlwOue4zHDCQ6Fwza8VN6BjbHZLYhOO5qlYfWezjwt+B6RdFVzD8wu2JbuWsJo5w2HhMl2Nckar1B8CPxzgRXnFwc/QsFTDXOXX+rtxnC4FJfffZ/2frV745c642AhOArDxk8OGDFkrexr5OMv0iJcY15cl6K9dfZWOKfFd5mxfWFhDWUSAoUZJsz4uVxpTCCoSJBe8Nf1aKk7PkZ+bXtV5bpuktySoPh0hG1M1dUg0WsSC2i6zp75AUxVW6c4GG7d9FMsTHIwyD7fEbV3TMRanSRFYNPOmft/oI7Q3oNGOGg26KCtX414FG02EnpmrttHQguY7cnHGG7i7s8mnyGv
- template:
- metadata:
- creationTimestamp: null
- name: metabase2-sealed-secret
- type: Opaque
diff --git a/packages/kontinuous/tests/samples/metabase/env/prod/values.yaml b/packages/kontinuous/tests/samples/metabase/env/prod/values.yaml
deleted file mode 100644
index 861304d925..0000000000
--- a/packages/kontinuous/tests/samples/metabase/env/prod/values.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-metabase-app1:
- enabled: true
- envFrom:
- - secretRef:
- name: metabase1-sealed-secret
- - configMapRef:
- name: metabase1-configmap
-
-metabase-app2:
- enabled: true
- envFrom:
- - secretRef:
- name: metabase2-sealed-secret
- - configMapRef:
- name: metabase2-configmap
diff --git a/packages/kontinuous/tests/samples/metabase/values.yaml b/packages/kontinuous/tests/samples/metabase/values.yaml
deleted file mode 100644
index 8dc5e6427f..0000000000
--- a/packages/kontinuous/tests/samples/metabase/values.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-metabase-app1:
- ~chart: metabase
- enabled: false
-
-metabase-app2:
- ~chart: metabase
- enabled: false
- matomo:
- cronjob:
- enabled: true
- command:
- - sh
- - "-c"
- - "cowsay hello"
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy-metabase/config.yaml b/packages/kontinuous/tests/samples/oauth2-proxy-metabase/config.yaml
deleted file mode 100644
index ff779aad47..0000000000
--- a/packages/kontinuous/tests/samples/oauth2-proxy-metabase/config.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies:
- fabrique:
- import: socialgouv/kontinuous/plugins/fabrique
\ No newline at end of file
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy-metabase/env/prod/.gitkeep b/packages/kontinuous/tests/samples/oauth2-proxy-metabase/env/prod/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy-metabase/values.yaml b/packages/kontinuous/tests/samples/oauth2-proxy-metabase/values.yaml
deleted file mode 100644
index ea4ab68ef7..0000000000
--- a/packages/kontinuous/tests/samples/oauth2-proxy-metabase/values.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-oauth2-proxy:
- enabled: true
- upstream: http://metabase
- envFrom:
- - secretRef:
- name: "some-secret"
- env:
- - name: SOME_ENV
- value: "some value"
-
-metabase:
- enabled: true
- ingress:
- enabled: false
\ No newline at end of file
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy/config.yaml b/packages/kontinuous/tests/samples/oauth2-proxy/config.yaml
deleted file mode 100644
index ff779aad47..0000000000
--- a/packages/kontinuous/tests/samples/oauth2-proxy/config.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-dependencies:
- fabrique:
- import: socialgouv/kontinuous/plugins/fabrique
\ No newline at end of file
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy/env/prod/.gitkeep b/packages/kontinuous/tests/samples/oauth2-proxy/env/prod/.gitkeep
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/packages/kontinuous/tests/samples/oauth2-proxy/values.yaml b/packages/kontinuous/tests/samples/oauth2-proxy/values.yaml
deleted file mode 100644
index a9c6d44ec8..0000000000
--- a/packages/kontinuous/tests/samples/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-oauth2-proxy:
- enabled: true
- upstream: http://some.service:1234
- envFrom:
- - secretRef:
- name: "some-secret"
- env:
- - name: SOME_ENV
- value: "some value"
-
diff --git a/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/metabase.configmap.yaml b/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/metabase.configmap.yaml
deleted file mode 100644
index e0ea0ef28b..0000000000
--- a/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/metabase.configmap.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: metabase-configmap
-data:
- MB_DB_TYPE: postgres
- MB_ADMIN_EMAIL: contact@fabrique.social.gouv.fr
- MB_ANON_TRACKING_ENABLED: "false"
- MB_APPLICATION_LOGO_URL: https://socialgouv.github.io/support/_media/marianne.jpeg
- MB_APPLICATION_NAME: metabase-domifa
- MB_EMAIL_FROM_ADDRESS: contact@fabrique.social.gouv.fr
- MB_ENABLE_EMBEDDING: "true"
- MB_ENABLE_PUBLIC_SHARING: "true"
- MB_SITE_LOCALE: fr
- MB_SITE_NAME: Fabrique des ministères sociaux
diff --git a/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/oauth2-proxy.configmap.yml b/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/oauth2-proxy.configmap.yml
deleted file mode 100644
index a55f534bcd..0000000000
--- a/packages/kontinuous/tests/samples/repo.domifa/env/prod/templates/oauth2-proxy.configmap.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: oauth2-proxy-configmap
- namespace: domifa
-data:
- OAUTH2_PROXY_PROVIDER: github
- OAUTH2_PROXY_GITHUB_ORG: SocialGouv
- OAUTH2_PROXY_BANNER: Domifa private access
- OAUTH2_PROXY_FOOTER: SocialGouv auth
- OAUTH2_PROXY_EMAIL_DOMAINS: "*"
- OAUTH2_PROXY_COOKIE_SECURE: "false"
- OAUTH2_PROXY_CUSTOM_SIGN_IN_LOGO: "https://socialgouv.github.io/support/_media/marianne.jpeg"
diff --git a/packages/kontinuous/tests/samples/repo.domifa/env/prod/values.yaml b/packages/kontinuous/tests/samples/repo.domifa/env/prod/values.yaml
index ee09504f14..86b31f4815 100644
--- a/packages/kontinuous/tests/samples/repo.domifa/env/prod/values.yaml
+++ b/packages/kontinuous/tests/samples/repo.domifa/env/prod/values.yaml
@@ -2,50 +2,28 @@ jobs:
runs:
build-backend:
with:
- buildArgs:
+ buildArgs:
DOMIFA_BACKEND_URL: "https://domifa-api.{{ .Values.global.domain }}/"
DOMIFA_PORTAIL_ADMINS_URL: "https://admin-{{ .Values.global.host }}/"
DOMIFA_PORTAIL_USAGERS_URL: "https://mon-{{ .Values.global.host }}/"
build-frontend:
with:
- buildArgs:
+ buildArgs:
DOMIFA_BACKEND_URL: "https://domifa-api.{{ .Values.global.domain }}/"
build-portail-admins:
with:
- buildArgs:
+ buildArgs:
DOMIFA_BACKEND_URL: "https://domifa-api.{{ .Values.global.domain }}/"
PRODUCTION: "true"
build-portail-usagers:
with:
- buildArgs:
+ buildArgs:
DOMIFA_BACKEND_URL: "https://domifa-api.{{ .Values.global.domain }}/"
PRODUCTION: "true"
-#metabase:
-# enabled: true
-# ingress:
-# enabled: false
-# envFrom:
-# - secretRef:
-# name: metabase-pg-user
-# - configMapRef:
-# name: metabase-configmap
-
-#oauth2-proxy:
-# host: "metabase-{{ .Values.global.host }}"
-# certSecretName: oauth2-proxy-crt
-# upstream: http://metabase
-# enabled: true
-# envFrom:
-# - secretRef:
-# name: "oauth2-proxy-sealed-secret"
-# - configMapRef:
-# name: oauth2-proxy-configmap
-
-
backend-cron:
addVolumes:
- files
@@ -131,4 +109,4 @@ portail-admins:
portail-usagers:
host: "mon-{{ .Values.global.host }}"
- certSecretName: portail-usagers-crt
\ No newline at end of file
+ certSecretName: portail-usagers-crt
diff --git a/packages/kontinuous/tests/samples/repo.domifa/values.yaml b/packages/kontinuous/tests/samples/repo.domifa/values.yaml
index aa3abdf5da..dedcca47f8 100644
--- a/packages/kontinuous/tests/samples/repo.domifa/values.yaml
+++ b/packages/kontinuous/tests/samples/repo.domifa/values.yaml
@@ -156,9 +156,3 @@ jobs:
DOMIFA_ENV_ID: "{{ .Values.global.env }}"
DOMIFA_BACKEND_URL: "https://api-{{ .Values.global.host }}/"
DOMIFA_SENTRY_DSN_PORTAIL: "https://***@sentry.fabrique.social.gouv.fr/58"
-
-metabase:
- enabled: false
-
-oauth2-proxy:
- enabled: false
diff --git a/plugins/contrib/charts/contrib-helpers/templates/init-containers/_wait-for-postgres.yaml b/plugins/contrib/charts/contrib-helpers/templates/init-containers/_wait-for-postgres.yaml
deleted file mode 100644
index 4ca11e372d..0000000000
--- a/plugins/contrib/charts/contrib-helpers/templates/init-containers/_wait-for-postgres.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-{{- define "contrib-helpers.init-containers.wait-for-postgres" -}}
-- name: wait-for-postgres
- image: ghcr.io/socialgouv/docker/wait-for-postgres:6.56.1
- imagePullPolicy: Always
- env:
- - name: WAIT_FOR_RETRIES
- value: '24'
- envFrom:
- - secretRef:
- name: {{ or .Values.pgSecretName .Values.global.pgSecretName }}
- resources:
- limits:
- cpu: 20m
- memory: 32Mi
- requests:
- cpu: 5m
- memory: 16Mi
-{{- end -}}
diff --git a/plugins/contrib/charts/metabase/Chart.yaml b/plugins/contrib/charts/metabase/Chart.yaml
deleted file mode 100644
index 87d2f9fd22..0000000000
--- a/plugins/contrib/charts/metabase/Chart.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-apiVersion: v2
-name: metabase
-version: 1.176.5
diff --git a/plugins/contrib/charts/metabase/templates/configmap.yaml b/plugins/contrib/charts/metabase/templates/configmap.yaml
deleted file mode 100644
index eeb2481d68..0000000000
--- a/plugins/contrib/charts/metabase/templates/configmap.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ .Values.global.repositoryName }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ or .Values.namespace .Values.global.namespace }}
-data:
- MB_APPLICATION_NAME: {{ (or .Values.component .Chart.Name) | lower }}
- MB_DB_TYPE: "postgres"
- MB_ADMIN_EMAIL: "admin@fabrique.social.gouv.fr"
- MB_ANON_TRACKING_ENABLED: "false"
- MB_APPLICATION_LOGO_URL: "https://socialgouv.github.io/support/_media/marianne.jpeg"
- MB_EMAIL_FROM_ADDRESS: "contact@fabrique.social.gouv.fr"
- MB_EMAIL_FROM_NAME: "Fabrique numérique des ministères sociaux"
- MB_ENABLE_EMBEDDING: "true"
- MB_ENABLE_PUBLIC_SHARING: "true"
- MB_SITE_LOCALE: "fr"
- MB_START_OF_WEEK: "monday"
- MB_SITE_NAME: "Fabrique numérique des ministères sociaux"
- MB_SITE_URL: "https://{{ include "contrib-helpers.ingress-host" . }}"
- MB_PASSWORD_COMPLEXITY: strong
-
diff --git a/plugins/contrib/charts/metabase/templates/deployment.yaml b/plugins/contrib/charts/metabase/templates/deployment.yaml
deleted file mode 100644
index 76bdf8de2d..0000000000
--- a/plugins/contrib/charts/metabase/templates/deployment.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ .Values.global.repositoryName }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ or .Values.namespace .Values.global.namespace }}
- annotations:
- {{ if .Values.annotations }}
- {{ range $key, $val := .Values.annotations }}
- "{{ $key }}": {{ $val | quote }}
- {{ end }}
- {{ end }}
-spec:
- replicas: 1
- selector:
- matchLabels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- template:
- metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- runAsNonRoot: true
- containers:
- - image: {{ .Values.image.name }}:{{ .Values.image.tag }}
- name: metabase
- securityContext:
- allowPrivilegeEscalation: false
- env:
- {{- if gt (len .Values.env) 0 }}
- {{- tpl (.Values.env | toYaml) . | nindent 12 }}
- {{- end }}
- envFrom:
- - configMapRef:
- name: {{ (or .Values.component .Chart.Name) | lower }}
- {{- if gt (len .Values.envFrom) 0 }}
- {{- tpl (.Values.envFrom | toYaml) . | nindent 12 }}
- {{- end }}
- ports:
- - containerPort: 3000
- name: http
- startupProbe:
- failureThreshold: 30
- httpGet:
- path: /api/health
- port: http
- periodSeconds: 10
- initialDelaySeconds: 60
- successThreshold: 1
- timeoutSeconds: 10
- readinessProbe:
- failureThreshold: 15
- httpGet:
- path: /api/health
- port: http
- initialDelaySeconds: 1
- periodSeconds: 5
- successThreshold: 1
- timeoutSeconds: 1
- livenessProbe:
- failureThreshold: 6
- httpGet:
- path: /api/health
- port: http
- initialDelaySeconds: 30
- periodSeconds: 5
- timeoutSeconds: 5
- resources:
- limits:
- cpu: 1000m
- memory: 2048Mi
- requests:
- cpu: 500m
- memory: 512Mi
diff --git a/plugins/contrib/charts/metabase/templates/ingress.yaml b/plugins/contrib/charts/metabase/templates/ingress.yaml
deleted file mode 100644
index be5afb93c3..0000000000
--- a/plugins/contrib/charts/metabase/templates/ingress.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{ if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- annotations:
- kubernetes.io/ingress.class: nginx
- {{ if .Values.global.ingress.annotations }}
- {{ range $key, $val := (merge dict .Values.global.ingress.annotations) }}
- "{{ $key }}": {{ $val | quote }}
- {{ end }}
- {{ end }}
- {{ if .Values.ingress.annotations }}
- {{ range $key, $val := (merge dict .Values.ingress.annotations) }}
- "{{ $key }}": {{ $val | quote }}
- {{ end }}
- {{ end }}
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ .Values.global.repositoryName }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ or .Values.namespace .Values.global.namespace }}
-spec:
- rules:
- - host: >-
- {{- include "contrib-helpers.ingress-host" . | nindent 8 }}
- http:
- paths:
- - backend:
- service:
- name: {{ (or .Values.component .Chart.Name) | lower }}
- port:
- name: http
- path: /
- pathType: Prefix
- tls:
- - hosts:
- - >-
- {{- include "contrib-helpers.ingress-host" . | nindent 10 }}
- {{ include "contrib-helpers.ingress-secret" . | nindent 6 }}
-{{- end }}
\ No newline at end of file
diff --git a/plugins/contrib/charts/metabase/templates/matomo/cronjob.sealed-secret.yaml b/plugins/contrib/charts/metabase/templates/matomo/cronjob.sealed-secret.yaml
deleted file mode 100644
index a7d3bae877..0000000000
--- a/plugins/contrib/charts/metabase/templates/matomo/cronjob.sealed-secret.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-{{ if and .Values.matomo.cronjob.enabled .Values.matomo.cronjob.inlineSealedSecret }}
-{{ .Values.matomo.cronjob.inlineSealedSecret }}
-{{ end }}
\ No newline at end of file
diff --git a/plugins/contrib/charts/metabase/templates/matomo/cronjob.yaml b/plugins/contrib/charts/metabase/templates/matomo/cronjob.yaml
deleted file mode 100644
index d22a3926cc..0000000000
--- a/plugins/contrib/charts/metabase/templates/matomo/cronjob.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-{{ if .Values.matomo.cronjob.enabled }}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ (or .Values.component .Chart.Name) | lower }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ .Values.namespace }}
-spec:
- schedule: 0 * * * *
- concurrencyPolicy: Forbid
- jobTemplate:
- spec:
- template:
- metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ (or .Values.component .Chart.Name) | lower }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ .Values.namespace }}
- spec:
- securityContext:
- runAsUser: 1000
- runAsGroup: 1000
- fsGroup: 1000
- runAsNonRoot: true
- restartPolicy: OnFailure
- containers:
- - name: {{ (or .Values.component .Chart.Name) | lower }}-container
- image: node:14-alpine
- securityContext:
- allowPrivilegeEscalation: false
- {{- if .Values.matomo.cronjob.command }}
- command:
- {{- .Values.matomo.cronjob.command | toYaml | nindent 16 }}
- {{- end }}
- envFrom:
- - secretRef:
- name: {{ (or .Values.component .Chart.Name) | lower }}-cronjob
- env:
- - name: STARTDATE
- value: "2019-01-01"
- - name: DEBUG
- value: "*"
-{{ end }}
\ No newline at end of file
diff --git a/plugins/contrib/charts/metabase/templates/matomo/metabase.sealed-secret.yaml b/plugins/contrib/charts/metabase/templates/matomo/metabase.sealed-secret.yaml
deleted file mode 100644
index e18049ccf5..0000000000
--- a/plugins/contrib/charts/metabase/templates/matomo/metabase.sealed-secret.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-{{ if .Values.inlineMetabaseSealedSecret }}
-{{ .Values.inlineMetabaseSealedSecret }}
-{{ end }}
\ No newline at end of file
diff --git a/plugins/contrib/charts/metabase/templates/service.yaml b/plugins/contrib/charts/metabase/templates/service.yaml
deleted file mode 100644
index 1fbc499357..0000000000
--- a/plugins/contrib/charts/metabase/templates/service.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- application: {{ .Values.global.repositoryName }}
- name: {{ (or .Values.component .Chart.Name) | lower }}
- namespace: {{ or .Values.namespace .Values.global.namespace }}
- annotations: {}
-spec:
- ports:
- - name: http
- port: 80
- targetPort: 3000
- selector:
- component: {{ (or .Values.component .Chart.Name) | lower }}
- type: ClusterIP
-
\ No newline at end of file
diff --git a/plugins/contrib/charts/metabase/values.yaml b/plugins/contrib/charts/metabase/values.yaml
deleted file mode 100644
index 4c96018895..0000000000
--- a/plugins/contrib/charts/metabase/values.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-enabled:
-namespace:
-host:
-certSecretName:
-env: []
-envFrom: []
-ingress:
- enabled: true
- annotations: {}
-annotations: {}
-image:
- name: metabase/metabase
- # renovate: datasource=docker depName=metabase/metabase versioning=v0.47.0
- tag: v0.47.0
-matomo:
- cronjob:
- enabled: false
- command:
- - sh
- - "-c"
- - npx @socialgouv/matomo-postgres
- inlineSealedSecret:
-inlineMetabaseSealedSecret:
diff --git a/plugins/contrib/charts/oauth2-proxy/Chart.yaml b/plugins/contrib/charts/oauth2-proxy/Chart.yaml
deleted file mode 100644
index ea8afbf6ee..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/Chart.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-apiVersion: v2
-name: oauth2-proxy
-version: 1.176.5
diff --git a/plugins/contrib/charts/oauth2-proxy/templates/deployment.yaml b/plugins/contrib/charts/oauth2-proxy/templates/deployment.yaml
deleted file mode 100644
index 344d55df6e..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/templates/deployment.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- component: oauth2-proxy
- application: {{ .Values.global.repositoryName }}
- name: oauth2-proxy
- namespace: {{ or .Values.namespace .Values.global.namespace }}
- annotations: {}
-spec:
- replicas: 1
- selector:
- matchLabels:
- component: oauth2-proxy
- template:
- metadata:
- labels:
- component: oauth2-proxy
- application: {{ .Values.global.repositoryName }}
- spec:
- containers:
- # renovate: datasource=docker depName=quay.io/oauth2-proxy/oauth2-proxy versioning=v7.4.0
- - image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
- args:
- - --upstream
- - {{ .Values.upstream }}
- {{- if gt (len .Values.additionalArgs) 0 }}
- {{- tpl (.Values.additionalArgs | toYaml) . | nindent 12 }}
- {{- end }}
- name: app
- ports:
- - containerPort: 4180
- name: http
- resources:
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 0.2
- memory: 128Mi
- livenessProbe:
- failureThreshold: 15
- httpGet:
- path: "/ping"
- port: http
- periodSeconds: 5
- timeoutSeconds: 5
- readinessProbe:
- failureThreshold: 15
- httpGet:
- path: "/ping"
- port: http
- initialDelaySeconds: 1
- periodSeconds: 5
- successThreshold: 1
- timeoutSeconds: 1
- startupProbe:
- failureThreshold: 12
- httpGet:
- path: "/ping"
- port: http
- periodSeconds: 5
- initialDelaySeconds: 30
- env:
- - name: "OAUTH2_PROXY_REDIRECT_URL"
- value: https://{{ or .Values.host .Values.global.host }}/oauth2/callback
- {{- if gt (len .Values.env) 0 }}
- {{- tpl (.Values.env | toYaml) . | nindent 12 }}
- {{- end }}
- envFrom:
- {{- if gt (len .Values.envFrom) 0 }}
- {{- tpl (.Values.envFrom | toYaml) . | nindent 12 }}
- {{- end }}
-
diff --git a/plugins/contrib/charts/oauth2-proxy/templates/ingress.yaml b/plugins/contrib/charts/oauth2-proxy/templates/ingress.yaml
deleted file mode 100644
index de9d028e20..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/templates/ingress.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-{{ if .Values.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- annotations:
- kubernetes.io/ingress.class: nginx
- {{ range $key, $val := (merge dict .Values.global.ingress.annotations .Values.ingress.annotations) }}
- "{{ $key }}": {{ $val | quote }}
- {{ end }}
- labels:
- component: oauth2-proxy
- application: {{ .Values.global.repositoryName }}
- name: oauth2-proxy
- namespace: {{ or .Values.namespace .Values.global.namespace }}
-spec:
- rules:
- - host: >-
- {{- include "contrib-helpers.ingress-host" . | nindent 8 }}
- http:
- paths:
- - backend:
- service:
- name: {{ (or .Values.component .Chart.Name) | lower }}
- port:
- name: http
- path: /
- pathType: Prefix
- tls:
- - hosts:
- - >-
- {{- include "contrib-helpers.ingress-host" . | nindent 10 }}
- {{ include "contrib-helpers.ingress-secret" . | nindent 6 }}
-{{ end }}
\ No newline at end of file
diff --git a/plugins/contrib/charts/oauth2-proxy/templates/service.yaml b/plugins/contrib/charts/oauth2-proxy/templates/service.yaml
deleted file mode 100644
index d3f8baaf79..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/templates/service.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- labels:
- component: oauth2-proxy
- application: {{ .Values.global.repositoryName }}
- name: oauth2-proxy
- namespace: {{ or .Values.namespace .Values.global.namespace }}
- annotations: {}
-spec:
- ports:
- - name: http
- port: 80
- targetPort: 4180
- selector:
- component: oauth2-proxy
- type: ClusterIP
\ No newline at end of file
diff --git a/plugins/contrib/charts/oauth2-proxy/values.schema.json b/plugins/contrib/charts/oauth2-proxy/values.schema.json
deleted file mode 100644
index afb2048a69..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/values.schema.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "type": "object",
- "$schema": "http://json-schema.org/draft-07/schema#",
- "$id": "https://raw.githubusercontent.com/socialgouv/kontinuous/v1/plugins/contrib/charts/oauth2-proxy/values.schema.json",
- "title": "Kontinuous oauth2-proxy helm chart",
- "markdownDescription": "The [oauth2-proxy chart](https://github.com/SocialGouv/kontinuous/blob/master/plugins/contrib/charts/oauth2-proxy) provide a configured proxy to protect your application using the awesome [oauth2-proxy](https://oauth2-proxy.github.io/)\n\n💡 You can use the [meta `~tpl~` prefix](https://socialgouv.github.io/kontinuous/#/./advanced/build?id=meta-values-plugin-tpl) to make any property a [go template](https://docs.gofiber.io/template/html/TEMPLATES_CHEATSHEET/#template-variables)",
- "required": ["upstream"],
- "properties": {
- "namespace": {
- "type": ["string", "null"],
- "title": "resources namespace"
- },
- "host": {
- "type": ["string", "null"],
- "title": "ingress host"
- },
- "env": {
- "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.24.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/env"
- },
- "envFrom": {
- "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.24.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/envFrom"
- },
- "ingress": {
- "type": "object",
- "title": "The great NGINX ingress controller : https://kubernetes.github.io/ingress-nginx/user-guide",
- "required": [],
- "properties": {
- "enabled": {
- "type": ["boolean"],
- "title": "enable ingress",
- "default": "true"
- },
- "annotations": {
- "title": "ingress annotations see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations",
- "$ref": "https://raw.githubusercontent.com/SocialGouv/json-schemas/main/nginx/annotations.schema.json"
- }
- }
- },
- "upstream": {
- "type": ["string"],
- "title": "Upstream service to protect, example: http://my-app"
- },
- "additionalArgs": {
- "type": ["array"],
- "title": "Additionnal oauth2-proxy arguments, see https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options"
- }
- }
-}
diff --git a/plugins/contrib/charts/oauth2-proxy/values.yaml b/plugins/contrib/charts/oauth2-proxy/values.yaml
deleted file mode 100644
index 888a6b9891..0000000000
--- a/plugins/contrib/charts/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-# yaml-language-server: $schema=./values.schema.json
-
-# @param {string,null} [namespace] resources namespace
-namespace:
-# @param {string,null} [host] ingress host
-host:
-# @param {https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.24.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/env} [env]
-env: []
-# @param {https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.24.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container/properties/envFrom} [envFrom]
-envFrom: []
-
-# @param {object,null} [ingress] The greet NGINX ingress consoller : https://kubernetes.github.io/ingress-nginx/user-guide
-ingress:
- # @param {boolean} [enabled] enable ingress
- enabled: true
- # @param {https://raw.githubusercontent.com/SocialGouv/json-schemas/main/nginx/annotations.schema.json} [annotations] ingress annotations see https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations
- annotations: {}
-
-# @param {string} upstream Upstream service to protect, example: http://my-app
-upstream:
-
-# @param {array} [additionalArgs] Additionnal oauth2-proxy arguments, see https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options
-additionalArgs: []
diff --git a/plugins/contrib/values.yaml b/plugins/contrib/values.yaml
index 32bb651033..a46be710b3 100644
--- a/plugins/contrib/values.yaml
+++ b/plugins/contrib/values.yaml
@@ -10,12 +10,8 @@ job:
enabled: false
jobs:
enabled: false
-metabase:
- enabled: false
namespace:
enabled: false
-oauth2-proxy:
- enabled: false
output-volume:
enabled: false
rancher-namespace:
@@ -25,4 +21,4 @@ redis:
security-policies:
enabled: false
pgadmin:
- enabled: false
\ No newline at end of file
+ enabled: false