Merge remote-tracking branch 'origin/main'

team-xquare · Dec 30, 2023 · 7653a5c · 7653a5c
2 parents 47325d9 + b7e74d8
commit 7653a5c
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 32 deletions.
diff --git a/apps/infisical/Chart.yaml b/apps/infisical/Chart.yaml
@@ -1,10 +1,10 @@
 apiVersion: v2
 appVersion: 0.3.0
 description: A Helm chart for Infisical secrets
-name: secrets-operator
+name: infisical
 type: application
 version: 0.2.1
 dependencies:
   - name: secrets-operator
     version: 0.2.1
-    repository: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/
+    repository: https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/
diff --git a/apps/infisical/templates/infisical-secret.yaml b/apps/infisical/templates/infisical-secret.yaml
@@ -1,18 +1,18 @@
 apiVersion: secrets.infisical.com/v1alpha1
 kind: InfisicalSecret
 metadata:
-  name: {{ .Values.infisical.infisicalSecret.name }}
+  name: {{ .Values.infisicalSecret.name }}
 spec:
-  hostAPI: {{ .Values.infisical.infisicalSecret.spec.hostAPI }}
-  resyncInterval: {{ .Values.infisical.infisicalSecret.spec.resyncInterval }}
+  hostAPI: {{ .Values.infisicalSecret.spec.hostAPI }}
+  resyncInterval: {{ .Values.infisicalSecret.spec.resyncInterval }}
   authentication:
     serviceToken:
       serviceTokenSecretReference:
-        secretName: {{ .Values.infisical.infisicalSecret.spec.authentication.serviceToken.serviceTokenSecretReference.secretName }}
-        secretNamespace: {{ .Values.infisical.infisicalSecret.spec.authentication.serviceToken.serviceTokenSecretReference.secretNamespace }}
+        secretName: {{ .Values.infisicalSecret.spec.authentication.serviceToken.serviceTokenSecretReference.secretName }}
+        secretNamespace: {{ .Values.infisicalSecret.spec.authentication.serviceToken.serviceTokenSecretReference.secretNamespace }}
       secretsScope:
-        envSlug: {{ .Values.infisical.infisicalSecret.spec.authentication.serviceToken.secretsScope.envSlug }}
-        secretsPath: {{ .Values.infisical.infisicalSecret.spec.authentication.serviceToken.secretsScope.secretsPath }}
+        envSlug: {{ .Values.infisicalSecret.spec.authentication.serviceToken.secretsScope.envSlug }}
+        secretsPath: {{ .Values.infisicalSecret.spec.authentication.serviceToken.secretsScope.secretsPath }}
   managedSecretReference:
-    secretName: {{ .Values.infisical.infisicalSecret.spec.managedSecretReference.secretName }}
-    secretNamespace: {{ .Values.infisical.infisicalSecret.spec.managedSecretReference.secretNamespace }}
+    secretName: {{ .Values.infisicalSecret.spec.managedSecretReference.secretName }}
+    secretNamespace: {{ .Values.infisicalSecret.spec.managedSecretReference.secretNamespace }}
diff --git a/apps/infisical/values.yaml b/apps/infisical/values.yaml
@@ -1,17 +1,17 @@
-infisical:
-  infisicalSecret:
-    name: xquare-secret
-    spec:
-      hostAPI: https://app.infisical.com/api
-      resyncInterval: 60
-      authentication:
-        serviceToken:
-          serviceTokenSecretReference:
-            secretName: infisical-token-secret
-            secretNamespace: infisical
-          secretsScope:
-            envSlug: prod
-            secretsPath: "/"
-      managedSecretReference:
-        secretName: infisical-managed-secret
-        secretNamespace: infisical
+
+infisicalSecret:
+  name: xquare-secret
+  spec:
+    hostAPI: https://app.infisical.com/api
+    resyncInterval: 60
+    authentication:
+      serviceToken:
+        serviceTokenSecretReference:
+          secretName: infisical-token-secret
+          secretNamespace: infisical
+        secretsScope:
+          envSlug: prod
+          secretsPath: "/"
+    managedSecretReference:
+      secretName: infisical-managed-secret
+      secretNamespace: infisical
diff --git a/apps/istio-resource/values.yaml b/apps/istio-resource/values.yaml
@@ -93,6 +93,16 @@ virtualServices:
     destination:
       host: keycloak-http.keycloak.svc.cluster.local
       port: 80
+  - name: prometeus-server
+    host: prometheus.xquare.app
+    destination:
+      host: kube-prometheus-stack-prometheus.monitoring.svc.cluster.local
+      port: 9090
+  - name: infisical-backend
+    host: infisical.xquare.app
+    destination:
+      host: infisical-backend.infisical.svc.cluster.local
+      port: 8080
 
 addons:
   jeager:
@@ -112,4 +122,4 @@ tolerations:
 - effect: "PreferNoSchedule"
   key: xquare/server
   operator: "Equal"
-  value: "true"
+  value: "true"
diff --git a/apps/kube-prometheus-stack/values.yaml b/apps/kube-prometheus-stack/values.yaml
@@ -487,8 +487,7 @@ kube-prometheus-stack:
         client_secret: wnZOOiLE6rwwDK2
         email_attribute_path: email
       auth.generic_oauth.group_mapping:
-        role_attribute_path: contains(groups[*], 'team-xquare:DevOps') && 'Admin' || contains(groups[*], 'team-xquare:backend') && 'Viewer' || contains(groups[*], 'EntryDSM:DevOps') && 'Viewer' ||  
-contains(groups[*], 'INVINCIBLE-DMS:xquare') && 'Viewer' || contains(groups[*], 'Team-SVAP:xquare') && 'Viewer'
+        role_attribute_path: contains(groups[*], 'team-xquare:DevOps') && 'Admin' || contains(groups[*], 'team-xquare:backend') && 'Viewer' || contains(groups[*], 'EntryDSM:DevOps') && 'Viewer' || contains(groups[*], 'INVINCIBLE-DMS:xquare') && 'Viewer' || contains(groups[*], 'Team-SVAP:xquare') && 'Viewer' || contains(groups[*], 'DSM-Address-Project-Backend:team-b') && 'Viewer' 
         org_id: 1
         team_ids_attribute_path: groups[*].split(':')[0]
         teams_url: https://dex.xquare.app/userinfo

diff --git a/apps/xquare-club/values.yaml b/apps/xquare-club/values.yaml
@@ -47,4 +47,11 @@ clubs:
     users: 
     - HyunSu1768
     projects:
-    - entry-config-server
+    - entry-config-server
+  - name: rma
+    users:
+    - "tedsoftj1123"
+    - "jyk1029"
+    projects:
+    - juso-batch
+    - juso