From ee33d17ca756696910f0e77283fc45a77b98118e Mon Sep 17 00:00:00 2001
From: outductor <inductor.kela+seichi@gmail.com>
Date: Sat, 13 Jan 2024 20:24:38 +0900
Subject: [PATCH] Modify config

---
 .../apps/growi-system/growi/deployment.yaml   | 35 +++++++++++++++++--
 .../apps/growi-system/hackmd/statefulset.yaml | 24 +++++++++++++
 terraform/main.tf                             | 14 ++++++++
 terraform/onp_cluster_namespaces.tf           |  2 +-
 terraform/onp_cluster_secrets.tf              | 16 +++++++++
 5 files changed, 88 insertions(+), 3 deletions(-)

diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/growi/deployment.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/growi/deployment.yaml
index 7e9aeeb96..b344d7a3b 100644
--- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/growi/deployment.yaml
+++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/growi/deployment.yaml
@@ -15,9 +15,16 @@ spec:
       containers:
         - name: growi
           image: weseek/growi:6
-          ports:
-            - containerPort: 3000
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 1
+              memory: 1Gi
           env:
+            - name: APP_SITE_URL
+              value: "https://wiki.onp-k8s.admin.seichi.click"
             - name: MONGO_URI
               value: "mongodb://mongodb:27017/growi"
             - name: ELASTICSEARCH_URI
@@ -35,3 +42,27 @@ spec:
                 secretKeyRef:
                   name: growi-secrets
                   key: passwordSeed
+            - name: OAUTH_GITHUB_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: growi-github-sso
+                  key: OAUTH_GITHUB_CLIENT_ID
+            - name: OAUTH_GITHUB_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: growi-github-sso
+                  key: OAUTH_GITHUB_CLIENT_SECRET
+          ports:
+            - containerPort: 3000
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml
index 19618988a..45333a7e3 100644
--- a/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml
+++ b/seichi-onp-k8s/manifests/seichi-kubernetes/apps/growi-system/hackmd/statefulset.yaml
@@ -17,11 +17,35 @@ spec:
       containers:
         - name: hackmd
           image: ghcr.io/giganticminecraft/growi-hackmd:sha-a6d1213
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 1
+              memory: 1Gi
           env:
             - name: CMD_CSP_ENABLE
               value: "false"
             - name: GROWI_URI
               value: https://wiki.onp-k8s.admin.seichi.click
+            # - name: CMD_DB_URL
+            #   valueFrom:
+            #     secretKeyRef:
+            #       name: hackmd-mariadb-url
+            #       key: db-url
           ports:
             - name: http
               containerPort: 3000
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
diff --git a/terraform/main.tf b/terraform/main.tf
index 2e4d0f6ee..a359f8f95 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -315,3 +315,17 @@ variable "cloudflare_pages__seichi_portal__next_public_ms_app_client_id" {
 }
 
 #endregion
+
+#region env variables for Growi
+
+variable "growi_github_sso_client_id" {
+  description = "GitHub SSO client id for Growi"
+  type        = string
+  sensitive   = true
+}
+
+variable "growi_github_sso_client_secret" {
+  description = "GitHub SSO client id for Growi"
+  type        = string
+  sensitive   = true
+}
diff --git a/terraform/onp_cluster_namespaces.tf b/terraform/onp_cluster_namespaces.tf
index c043f5dd2..ecfddd8d9 100644
--- a/terraform/onp_cluster_namespaces.tf
+++ b/terraform/onp_cluster_namespaces.tf
@@ -64,7 +64,7 @@ resource "kubernetes_namespace" "minio" {
   }
 }
 
-resource "kubernetes_namespace" "growi-system" {
+resource "kubernetes_namespace" "growi_system" {
   metadata {
     name = "growi-system"
   }
diff --git a/terraform/onp_cluster_secrets.tf b/terraform/onp_cluster_secrets.tf
index a81a9859b..2c4bc7098 100644
--- a/terraform/onp_cluster_secrets.tf
+++ b/terraform/onp_cluster_secrets.tf
@@ -279,3 +279,19 @@ resource "kubernetes_secret" "idea_reaction_discord_token" {
     IDEA_REACTION_DISCORD_TOKEN = var.minecraft__idea_reaction_discord_token
   }
 }
+
+resource "kubernetes_secret" "growi_github_sso" {
+  depends_on = [kubernetes_namespace.growi_system]
+
+  metadata {
+    name      = "growi-github-sso"
+    namespace = "growi-system"
+  }
+
+  data = {
+    "OAUTH_GITHUB_CLIENT_ID"    = var.growi_github_sso_client_id
+    "OAUTH_GITHUB_CLIENT_SECRET" = var.growi_github_sso_client_secret
+  }
+
+  type = "Opaque"
+}