chart: Phase C of multi-env evolution — template literals, add sandbox overlay #11
@@ -22,7 +22,7 @@ concurrency:
|
|||||||
url: https://vault.arcodange.lab
|
url: https://vault.arcodange.lab
|
||||||
caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
|
caCertificate: ${{ secrets.HOMELAB_CA_CERT }}
|
||||||
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
|
jwtGiteaOIDC: ${{ needs.gitea_vault_auth.outputs.gitea_vault_jwt }}
|
||||||
role: gitea_cicd_webapp
|
role: gitea_cicd_erp
|
||||||
method: jwt
|
method: jwt
|
||||||
path: gitea_jwt
|
path: gitea_jwt
|
||||||
secrets: |
|
secrets: |
|
||||||
|
|||||||
@@ -10,8 +10,8 @@ data:
|
|||||||
DOLI_DB_HOST_PORT: !!str 5432
|
DOLI_DB_HOST_PORT: !!str 5432
|
||||||
# DOLI_DB_USER: root
|
# DOLI_DB_USER: root
|
||||||
# DOLI_DB_PASSWORD: root
|
# DOLI_DB_PASSWORD: root
|
||||||
DOLI_DB_NAME: erp
|
DOLI_DB_NAME: {{ .Values.db.name }}
|
||||||
DOLI_URL_ROOT: 'https://erp.arcodange.lab'
|
DOLI_URL_ROOT: 'https://{{ .Values.host }}'
|
||||||
# DOLI_ADMIN_LOGIN: 'admin'
|
# DOLI_ADMIN_LOGIN: 'admin'
|
||||||
# DOLI_ADMIN_PASSWORD: 'admininitialpassword'
|
# DOLI_ADMIN_PASSWORD: 'admininitialpassword'
|
||||||
DOLI_ENABLE_MODULES: Societe,Facture
|
DOLI_ENABLE_MODULES: Societe,Facture
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ spec:
|
|||||||
method: kubernetes
|
method: kubernetes
|
||||||
mount: kubernetes
|
mount: kubernetes
|
||||||
kubernetes:
|
kubernetes:
|
||||||
role: erp
|
role: {{ .Values.vault.k8sRole }}
|
||||||
serviceAccount: {{ include "erp.serviceAccountName" . }}
|
serviceAccount: {{ include "erp.serviceAccountName" . }}
|
||||||
audiences:
|
audiences:
|
||||||
- vault
|
- vault
|
||||||
@@ -9,7 +9,7 @@ spec:
|
|||||||
mount: postgres
|
mount: postgres
|
||||||
|
|
||||||
# Path to the secret
|
# Path to the secret
|
||||||
path: creds/erp
|
path: {{ .Values.vault.dynamicPath }}
|
||||||
|
|
||||||
# Where to store the secrets, VSO will create the secret
|
# Where to store the secrets, VSO will create the secret
|
||||||
destination:
|
destination:
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ spec:
|
|||||||
mount: kvv2
|
mount: kvv2
|
||||||
|
|
||||||
# path of the secret
|
# path of the secret
|
||||||
path: erp/config
|
path: {{ .Values.vault.staticPath }}
|
||||||
|
|
||||||
# dest k8s secret
|
# dest k8s secret
|
||||||
destination:
|
destination:
|
||||||
|
|||||||
39
chart/values-sandbox.yaml
Normal file
39
chart/values-sandbox.yaml
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
# Sandbox overlay — to be combined with values.yaml:
|
||||||
|
# helm install erp-sandbox chart/ -f chart/values.yaml -f chart/values-sandbox.yaml \
|
||||||
|
# --namespace erp-sandbox --create-namespace
|
||||||
|
#
|
||||||
|
# Activates Phase D of the multi-env evolution (cf. PR thread). Prerequisites:
|
||||||
|
# - factory/postgres/iac/terraform.tfvars: erp has envs = ["prod", "sandbox"]
|
||||||
|
# - tools/hashicorp-vault/iac/modules/app_roles: env parameter applied
|
||||||
|
# - arcodange-org/erp/iac/main.tf: for_each over local.envs (Phase D commit)
|
||||||
|
# - ArgoCD: Application "erp-sandbox" registered (Phase E)
|
||||||
|
#
|
||||||
|
# Derived names follow the elision rule: env=sandbox → suffix "-sandbox".
|
||||||
|
|
||||||
|
env: sandbox
|
||||||
|
instance: erp-sandbox
|
||||||
|
host: erp-sandbox.arcodange.lab
|
||||||
|
|
||||||
|
db:
|
||||||
|
name: erp-sandbox
|
||||||
|
|
||||||
|
vault:
|
||||||
|
k8sRole: erp-sandbox
|
||||||
|
dynamicPath: creds/erp-sandbox
|
||||||
|
staticPath: erp-sandbox/config
|
||||||
|
|
||||||
|
# Ingress annotations + hosts — override to point at the sandbox FQDN
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
|
||||||
|
traefik.ingress.kubernetes.io/router.tls.domains.0.main: arcodange.lab
|
||||||
|
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: erp-sandbox.arcodange.lab
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: localIp@file
|
||||||
|
hosts:
|
||||||
|
- host: erp-sandbox.arcodange.lab
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
@@ -2,6 +2,26 @@
|
|||||||
# This is a YAML-formatted file.
|
# This is a YAML-formatted file.
|
||||||
# Declare variables to be passed into your templates.
|
# Declare variables to be passed into your templates.
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------------
|
||||||
|
# Multi-environment coordinates (default = prod, elision rule applies).
|
||||||
|
# Override in values-<env>.yaml for any non-prod instance — see SKILL.md
|
||||||
|
# of the factory runbook (doc/runbooks/new-web-app/conventions.md).
|
||||||
|
# By the elision rule, env=prod produces names identical to single-env apps;
|
||||||
|
# env=sandbox produces "<app>-sandbox" everywhere except the Postgres owner
|
||||||
|
# role which uses snake-case "<app>_sandbox_role".
|
||||||
|
# ----------------------------------------------------------------------------
|
||||||
|
env: prod
|
||||||
|
instance: erp # derived id: env=prod → erp, else <app>-<env>
|
||||||
|
host: erp.arcodange.lab # internal hostname for this instance
|
||||||
|
|
||||||
|
db:
|
||||||
|
name: erp # PostgreSQL database name (matches factory tfvars)
|
||||||
|
|
||||||
|
vault:
|
||||||
|
k8sRole: erp # VaultAuth role (postgres/iac issues this per instance)
|
||||||
|
dynamicPath: creds/erp # path under postgres/ mount for short-lived DB creds
|
||||||
|
staticPath: erp/config # path under kvv2/ mount for the static admin config
|
||||||
|
|
||||||
replicaCount: 1
|
replicaCount: 1
|
||||||
|
|
||||||
image:
|
image:
|
||||||
|
|||||||
Reference in New Issue
Block a user