feat: outline dev instance (#1665)

Author: bo0tzz

kubernetes/apps/tools/kustomization.yaml

@@ -7,4 +7,5 @@ resources:
   - ./discord-bot/ks.yaml
   - ./containerssh/ks.yaml
   - ./outline/ks.yaml
+  - ./outline-dev/ks.yaml
   - ./outline-role-sync/ks.yaml

kubernetes/apps/tools/outline-dev/app/database.yaml

@@ -0,0 +1,27 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: outline-dev-db
+  namespace: outline-dev
+spec:
+  storage:
+    size: 10Gi
+    storageClass: zfs
+  bootstrap:
+    recovery:
+      source: outline-db
+  externalClusters:
+    - name: outline-db
+      barmanObjectStore:
+        serverName: outline-db
+        destinationPath: s3://${bucket_name}
+        endpointURL: ${api_endpoint}
+        wal:
+          compression: bzip2
+        s3Credentials:
+          accessKeyId:
+            name: outline-database-backup-secret
+            key: id
+          secretAccessKey:
+            name: outline-database-backup-secret
+            key: secret

kubernetes/apps/tools/outline-dev/app/helmrelease.yaml

@@ -0,0 +1,101 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: outline-dev
+  namespace: outline-dev
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 2
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    controllers:
+      outline:
+        containers:
+          app:
+            image:
+              repository: docker.io/outlinewiki/outline
+              tag: 1.7.1@sha256:361df7040e6f0d7abac768b99f40122197921626a7e69501aabb5fcb496fc1b4
+            env:
+              #ref https://github.com/outline/outline/blob/d3c8224839f09fbff601e4a3e7fd8ff1a6b2ba08/.env.sample
+              URL: "https://outline-dev.immich.cloud"
+              REDIS_URL: "redis://outline-dev-valkey:6379"
+              ENABLE_UPDATES: false
+              FILE_STORAGE: local
+              FILE_STORAGE_LOCAL_ROOT_DIR: /data
+              FILE_STORAGE_UPLOAD_MAX_SIZE: &upload-limit "26214400"
+              FILE_STORAGE_IMPORT_MAX_SIZE: *upload-limit
+              OIDC_SCOPES: "openid profile email"
+              OIDC_AUTH_URI: "https://auth.internal.futo.org/oauth/v2/authorize"
+              OIDC_TOKEN_URI: "https://auth.internal.futo.org/oauth/v2/token"
+              OIDC_USERINFO_URI: "https://auth.internal.futo.org/oidc/v1/userinfo"
+              WEB_CONCURRENCY: 10
+              DATABASE_URL:
+                valueFrom:
+                  secretKeyRef:
+                    name: outline-dev-db-app
+                    key: uri
+            envFrom:
+              - secretRef:
+                  name: outline-secret-keys
+              - secretRef:
+                  name: outline-oauth-client
+            securityContext:
+              fsGroup: 1001
+      valkey:
+        containers:
+          app:
+            image:
+              repository: valkey/valkey
+              tag: 9.1.0@sha256:4963247afc4cd33c7d3b2d2816b9f7f8eeebab148d29056c2ca4d7cbc966f2d9
+    persistence:
+      data:
+        enabled: true
+        existingClaim: outline-dev
+        advancedMounts:
+          outline:
+            app:
+              - path: /data
+    service:
+      app:
+        controller: outline
+        ports:
+          http:
+            port: 3000
+      valkey:
+        controller: valkey
+        ports:
+          main:
+            port: 6379
+    ingress:
+      app:
+        className: nginx
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          nginx.ingress.kubernetes.io/proxy-body-size: *upload-limit
+        hosts:
+          - host: &host "outline-dev.immich.cloud"
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+            secretName: outline-dev-tls

kubernetes/apps/tools/outline-dev/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./database.yaml
+  - ./volsync.yaml
+  - ./helmrelease.yaml

kubernetes/apps/tools/outline-dev/app/volsync.yaml

@@ -0,0 +1,76 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-dev-volsync-repo
+  namespace: outline-dev
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: 1p-tf
+  refreshInterval: "20s"
+  target:
+    template:
+      engineVersion: v2
+      data:
+        RESTIC_PASSWORD: "{{ .restic_password }}"
+        RESTIC_REPOSITORY: "s3:{{ .endpoint }}/{{ .bucket_name }}"
+        AWS_ACCESS_KEY_ID: "{{ .access_key_id }}"
+        AWS_SECRET_ACCESS_KEY: "{{ .secret_access_key }}"
+  data:
+    - secretKey: restic_password
+      remoteRef:
+        key: OUTLINE_VOLSYNC_BACKUPS_RESTIC_SECRET
+    - secretKey: access_key_id
+      remoteRef:
+        key: OUTLINE_VOLSYNC_BACKUPS_BUCKET
+        property: access_key_id
+    - secretKey: secret_access_key
+      remoteRef:
+        key: OUTLINE_VOLSYNC_BACKUPS_BUCKET
+        property: secret_access_key
+    - secretKey: bucket_name
+      remoteRef:
+        key: OUTLINE_VOLSYNC_BACKUPS_BUCKET
+        property: bucket_name
+    - secretKey: endpoint
+      remoteRef:
+        key: OUTLINE_VOLSYNC_BACKUPS_BUCKET
+        property: endpoint
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/volsync.backube/replicationdestination_v1alpha1.json
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationDestination
+metadata:
+  name: outline-dev-bootstrap
+  namespace: outline-dev
+spec:
+  trigger:
+    manual: restore-once
+  restic:
+    copyMethod: Snapshot
+    repository: outline-dev-volsync-repo
+    cacheStorageClassName: zfs
+    cacheCapacity: 1Gi
+    storageClassName: zfs
+    volumeSnapshotClassName: zfs
+    accessModes:
+      - ReadWriteOnce
+    capacity: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: outline-dev
+  namespace: outline-dev
+spec:
+  accessModes:
+    - ReadWriteOnce
+  dataSourceRef:
+    kind: ReplicationDestination
+    apiGroup: volsync.backube
+    name: outline-dev-bootstrap
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: zfs

kubernetes/apps/tools/outline-dev/ks.yaml

@@ -0,0 +1,46 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app outline-dev-secrets
+  namespace: flux-system
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: external-secrets-stores
+  path: ./kubernetes/apps/tools/outline-dev/secrets
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: immich-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app outline-dev
+  namespace: flux-system
+spec:
+  targetNamespace: outline-dev
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: outline-dev-secrets
+  path: ./kubernetes/apps/tools/outline-dev/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: immich-kubernetes
+  wait: true
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: outline-dev-database-backup-bucket

kubernetes/apps/tools/outline-dev/secrets/db-restore-bucket.yaml

@@ -0,0 +1,7 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: outline-dev-database-backup-bucket
+  namespace: flux-system
+spec:
+  itemPath: "vaults/Kubernetes/items/mich-cloudflare-r2-outline-database-backup-bucket"

kubernetes/apps/tools/outline-dev/secrets/db-restore-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: outline-database-backup-secret
+  namespace: outline-dev
+  labels:
+    cnpg.io/reload: true
+spec:
+  itemPath: "vaults/Kubernetes/items/mich-cloudflare-r2-token"

kubernetes/apps/tools/outline-dev/secrets/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./namespace.yaml
+  - ./secret.yaml
+  - ./oauth.yaml
+  - ./db-restore-secret.yaml
+  - ./db-restore-bucket.yaml

kubernetes/apps/tools/outline-dev/secrets/namespace.yaml

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: outline-dev