Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adding gitlab server to the gitops catalog #46

Merged
merged 9 commits into from
Jan 18, 2024
159 changes: 159 additions & 0 deletions gitlab/application.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
---
# note to the installing admin:
# this app needs a couple prereq steps
# 1. pull request and atlantis apply a new oidc client named gitlab so the secrets are available in vault
# 2. adjust the helm.values.global.hosts.name name to attach it to your domain

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: gitlab
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
annotations:
argocd.argoproj.io/sync-wave: '10'
johndietz marked this conversation as resolved.
Show resolved Hide resolved
spec:
destination:
server: https://kubernetes.default.svc
namespace: gitlab
project: default
source:
repoURL: 'https://charts.gitlab.io'
targetRevision: 7.7.3
chart: gitlab
helm:
values: |-
global:
registry:
enabled: false
appConfig:
omniauth:
enabled: true
# autoSignInWithProvider: openid_connect
syncProfileFromProvider: true
syncProfileAttributes: [openid, email, profile]
allowSingleSignOn: [openid_connect]
autoLinkUser: true
providers:
- secret: gitlab-vault-oidc
defaultProjectsFeatures:
containerRegistry: false
hosts:
domain: <REPLACE WITH YOUR DOMAIN. FORMAT IS example.com - FORMAT IS NOT gitlab.example.com>
ingress:
configureCertmanager: false
provider: nginx
class: nginx
annotations:
kubernetes.io/tls-acme: true
cert-manager.io/cluster-issuer: "letsencrypt-prod"
tls:
enabled: true
secretName: gitlab-tls
gitlab:
sidekiq:
enabled: false
registry:
enabled: false
unicorn:
registry:
enabled: false
# https://docs.gitlab.com/charts/installation/command-line-options.html#tls-configuration
webservice:
registry:
enabled: false
ingress:
provider: nginx
class: nginx
annotations:
kubernetes.io/tls-acme: true
cert-manager.io/cluster-issuer: "letsencrypt-prod"
tls:
enabled: true
secretName: gitlab-webservice-tls
webservice:
registry:
enabled: false
certmanager-issuer:
email: [email protected]
upgradeCheck:
enabled: false
certmanager:
installCRDs: false
install: false
nginx-ingress:
enabled: false
registry:
enabled: false
# add on later
gitlab-runner:
install: false
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

---
apiVersion: v1
kind: ConfigMap
metadata:
name: gitlab-vault-oidc-template
namespace: gitlab
annotations:
argocd.argoproj.io/sync-wave: "30"
data:
provider: |
name: openid_connect
label: Vault
icon: https://www.pngitem.com/pimgs/m/329-3299659_hashicorp-vault-logo-hd-png-download.png
args:
name: openid_connect
scope:
- openid
- profile
- email
- groups
response_type: code
issuer: https://vault.gitops.biz/v1/identity/oidc/provider/kubefirst
client_auth_method: basic
discovery: true
uid_field: email
client_options:
identifier: "{{ .client_id }}"
secret: "{{ .client_secret }}"
redirect_uri: https://gitlab.gitops.biz/users/auth/openid_connect/callback
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: gitlab-vault-oidc-template
namespace: gitlab
annotations:
argocd.argoproj.io/sync-wave: "31"
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault-kv-secret
target:
name: gitlab-vault-oidc
template:
engineVersion: v2
templateFrom:
- configMap:
# name of the configmap to pull in
name: gitlab-vault-oidc-template
# here you define the keys that should be used as template
items:
- key: provider
data:
- secretKey: client_id
remoteRef:
key: /oidc/gitlab
property: client_id
- secretKey: client_secret
remoteRef:
key: /oidc/gitlab
property: client_secret
8 changes: 8 additions & 0 deletions index.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,14 @@ apps:
categories:
- Observability

- name: gitlab
displayName: GitLab
website: "https://docs.gitlab.com/charts/installation/"
imageUrl: "https://images.ctfassets.net/xz1dnu24egyd/1IRkfXmxo8VP2RAE5jiS1Q/ea2086675d87911b0ce2d34c354b3711/gitlab-logo-500.png"
description: "GitLab Server - a complete devops solution that does it all, from project planning and source code management to CI/CD, monitoring, and security."
categories:
- CI/CD

- name: goldilocks
displayName: Goldilocks
website: "https://github.com/FairwindsOps/goldilocks"
Expand Down