Merge pull request #2104 from GiganticMinecraft/add_backstage

add backstage

seichi-onp-k8s/manifests/seichi-kubernetes/apps/cloudflared-tunnel-exits/http-exits.yaml

@@ -100,6 +100,11 @@ spec:
             external-hostname: argo-wf-webhook.onp-k8s.admin.seichi.click
             internal-authority: "argo-wf-proxy.argo:80"
 
+          # k8s 上の Backstage
+          - name: backstage
+            external-hostname: backstage.onp-k8s.admin.seichi.click
+            internal-authority: "backstage.backstage:7007"
+
   template:
     metadata:
       name: "cloudflared-tunnel-http-exit--{{name}}"

seichi-onp-k8s/manifests/seichi-kubernetes/apps/cluster-wide-apps/app-of-other-apps/backstage.yaml

@@ -0,0 +1,46 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: backstage
+  namespace: argocd
+spec:
+  project: backstage
+  source:
+    chart: backstage
+    repoURL: https://backstage.github.io/charts
+    targetRevision: 1.9.5
+    helm:
+      releaseName: backstage
+      values: |
+        backstage:
+          replicas: 1
+          image:
+            # Backstageのバージョン自体はHelmで管理されてないので自分で更新する必要がある
+            tag: 1.29.2
+            pullPolicy: IfNotPresent
+        # -- PostgreSQL [chart configuration](https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml)
+        # @default -- See below
+        postgresql:
+          enabled: true
+          existingSecret: postgres-password
+          auth:
+            username: bn_backstage
+            secretKeys:
+              adminPasswordKey: admin-password
+              userPasswordKey: user-password
+              replicationPasswordKey: replication-password
+          architecture: replication
+        metrics:
+          serviceMonitor:
+            enabled: true
+            labels:
+              release: prometheus
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: backstage
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - ServerSideApply=true

seichi-onp-k8s/manifests/seichi-kubernetes/apps/root/projects.yaml

@@ -178,3 +178,24 @@ spec:
   clusterResourceWhitelist:
     - group: "*"
       kind: "*"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: backstage
+  namespace: argocd
+spec:
+  description: The project of production minecraft system for the seichi-network
+  sourceRepos:
+    - "*"
+  destinations:
+    - namespace: backstage
+      server: https://kubernetes.default.svc
+    # Application 及び ApplicationSet リソースは
+    # argocd namespace に置かないとArgoCDに認識されないため、
+    # argocd namespace へのデプロイも許可する。
+    - namespace: argocd
+      server: https://kubernetes.default.svc
+  clusterResourceWhitelist:
+    - group: "*"
+      kind: "*"

terraform/onp_cluster_minecraft_secrets.tf

@@ -131,6 +131,41 @@ resource "kubernetes_secret" "onp_minecraft_debug_mariadb_root_password" {
   type = "Opaque"
 }
 
+resource "random_password" "backstage_admin_password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+resource "random_password" "backstage_user_password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+resource "random_password" "backstage_replication_password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
+resource "kubernetes_secret" "backstage_postgres_password" {
+  depends_on = [kubernetes_namespace.backstage]
+
+  metadata {
+    name      = "postgres-password"
+    namespace = "backstage"
+  }
+
+  data = {
+    "admin-password"     = random_password.backstage_admin_password.result
+    "user-password" = random_password.backstage_user_password.result
+    "replication-password" = random_password.backstage_replication_password.result
+  }
+
+  type = "Opaque"
+}
+
 resource "helm_release" "onp_minecraft_debug_minio_secrets" {
   depends_on = [kubernetes_namespace.onp_seichi_debug_minecraft]
 

terraform/onp_cluster_namespaces.tf

@@ -63,3 +63,9 @@ resource "kubernetes_namespace" "minio" {
     name = "minio"
   }
 }
+
+resource "kubernetes_namespace" "backstage" {
+  metadata {
+    name = "backstage"
+  }
+}