feat(gotify): install gotify to cluster

registry/clusters/dev/components/40-gotify.yaml

@@ -0,0 +1,53 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify-components
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "40"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/mrsimonemms/infrastructure
+    path: registry/components/gotify
+    targetRevision: HEAD
+    kustomize:
+      patches:
+        - target:
+            group: argoproj.io
+            version: v1alpha1
+            kind: Application
+            name: gotify
+          patch: |-
+            - op: replace
+              path: /spec/source/helm/valuesObject/ingress/main/hosts/0/host
+              value: gotify.dev.simonemms.com
+        - target:
+            group: argoproj.io
+            version: v1alpha1
+            kind: Application
+            name: gotify
+          patch: |-
+            - op: replace
+              path: /spec/source/helm/valuesObject/ingress/main/tls/0/hosts/0
+              value: gotify.dev.simonemms.com
+        - target:
+            group: argoproj.io
+            version: v1alpha1
+            kind: Application
+            name: gotify
+          patch: |-
+            - op: replace
+              path: /spec/source/helm/valuesObject/ingress/main/annotations/cert-manager.io~1cluster-issuer
+              value: letsencrypt-staging
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gotify
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/clusters/prod/components/40-gotify.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify-components
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "40"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/mrsimonemms/infrastructure
+    path: registry/components/gotify
+    targetRevision: HEAD
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gotify
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/components/gotify/application.yaml

@@ -0,0 +1,104 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gotify
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    chart: app-template
+    repoURL: https://bjw-s.github.io/helm-charts
+    targetRevision: 3.5.1
+    helm:
+      valuesObject:
+        controllers:
+          main:
+            annotations:
+              secret.reloader.stakater.com/reload: credentials
+            defaultContainerOptions:
+              resources:
+                requests:
+                  memory: 1Gi
+                  cpu: 150m
+            containers:
+              main:
+                image:
+                  repository: ghcr.io/gotify/server
+                  pullPolicy: IfNotPresent
+                  tag: 2.6.1
+                probes:
+                  liveness:
+                    enabled: true
+                    custom: true
+                    spec:
+                      httpGet:
+                        path: /health
+                        port: 8080
+                  readiness:
+                    enabled: true
+                    custom: true
+                    spec:
+                      httpGet:
+                        path: /health
+                        port: 8080
+                env:
+                  - name: TZ
+                    value: UTC
+                  - name: GOTIFY_DATABASE_DIALECT
+                    value: sqlite3
+                  - name: GOTIFY_SERVER_PORT
+                    value: "8080"
+                  - name: GOTIFY_UPLOADEDIMAGESDIR
+                    value: data/images
+                  - name: GOTIFY_PLUGINSDIR
+                    value: data/plugins
+                  - name: GOTIFY_REGISTRATION
+                    value: "false"
+                  - name: GOTIFY_DEFAULTUSER_NAME
+                    valueFrom:
+                      secretKeyRef:
+                        name: credentials
+                        key: username
+                  - name: GOTIFY_DEFAULTUSER_PASS
+                    valueFrom:
+                      secretKeyRef:
+                        name: credentials
+                        key: password
+        service:
+          main:
+            controller: main
+            ports:
+              http:
+                port: 8080
+        ingress:
+          main:
+            enabled: true
+            annotations:
+              kubernetes.io/tls-acme: "true"
+              cert-manager.io/cluster-issuer: letsencrypt
+            className: nginx
+            hosts:
+              - host: gotify.simonemms.com
+                paths:
+                  - path: /
+                    pathType: Prefix
+                    service:
+                      identifier: main
+                      port: http
+            tls:
+              - hosts:
+                  - gotify.simonemms.com
+                secretName: gotify-tls
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gotify
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/components/gotify/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml
+  - namespace.yaml
+  - secret.yaml
+  - setup.yaml

registry/components/gotify/namespace.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gotify
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"

registry/components/gotify/secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: credentials
+  namespace: gotify
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  refreshInterval: 10s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: infisical
+  target:
+    name: credentials
+    template:
+      engineVersion: v2
+      data:
+        username: "{{ .username }}"
+        password: "{{ .password }}"
+        token: Basic {{ print .username ":" .password | b64enc }}
+  data:
+    - secretKey: username
+      remoteRef:
+        key: GOTIFY_USERNAME
+    - secretKey: password
+      remoteRef:
+        key: GOTIFY_PASSWORD

registry/components/gotify/setup.yaml

@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: setup
+  namespace: gotify
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: HookSucceeded
+spec:
+  ttlSecondsAfterFinished: 30
+  backoffLimit: 3
+  template:
+    spec:
+      containers:
+        - name: apps
+          image: alpine/curl:8.10.0
+          command:
+            - sh
+            - -c
+          args:
+            - 'curl -s ${APP_URL}/application -H "Authorization: ${AUTH}" | grep -q "Share" || curl -X POST -s ${APP_URL}/application -H "Authorization: ${AUTH}" -H "Content-Type: application/json" -d "${APPLICATION_DATA}"'
+          env:
+            - name: APPLICATION_DATA
+              value: |
+                { "defaultPriority": 1, "description": "Share", "name": "Share" }
+            - name: APP_URL
+              value: http://gotify:8080
+            - name: AUTH
+              valueFrom:
+                secretKeyRef:
+                  name: credentials
+                  key: token
+      restartPolicy: Never