locals { common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-category" = var.category "vynil.solidite.fr/owner-component" = var.component "app.kubernetes.io/managed-by" = "vynil" "app.kubernetes.io/name" = var.component "app.kubernetes.io/instance" = var.instance } rb_patch = <<-EOF - op: replace path: /subjects/0/namespace value: "${var.namespace}" EOF pull_policy_patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/imagePullPolicy value: "${var.images.bundle.pull_policy}" EOF } data "kustomization_overlay" "data" { common_labels = local.common-labels namespace = var.namespace resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("WebhookConfiguration",file))<1] images { name = "ghcr.io/fission/fission-bundle" new_name = "${var.images.bundle.registry}/${var.images.bundle.repository}" new_tag = "${var.images.bundle.tag}" } patches { target { kind = "Deployment" name = "router" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/args/3 value: "http://executor.${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/15/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/16/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "storagesvc" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/env/6/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/7/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "kubewatcher" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/args/2 value: "http://router.${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/4/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/5/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "timer" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/args/2 value: "http://router.${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/4/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/5/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "buildermgr" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/args/2 value: "http://storagesvc.${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/0/value value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}" - op: replace path: /spec/template/spec/containers/0/env/13/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/14/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "executor" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/env/0/value value: "${var.images.fetcher.registry}/${var.images.fetcher.repository}:${var.images.fetcher.tag}" - op: replace path: /spec/template/spec/containers/0/env/17/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/18/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "mqtrigger-keda" } patch = <<-EOF - op: replace path: /spec/template/spec/containers/0/args/2 value: "http://router.${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/2/value value: "${var.images.keda-kafka.registry}/${var.images.keda-kafka.repository}:${var.images.keda-kafka.tag}" - op: replace path: /spec/template/spec/containers/0/env/3/value value: "${var.images.keda-rabbitmq.registry}/${var.images.keda-rabbitmq.repository}:${var.images.keda-rabbitmq.tag}" - op: replace path: /spec/template/spec/containers/0/env/4/value value: "${var.images.keda-aws-kinesis.registry}/${var.images.keda-aws-kinesis.repository}:${var.images.keda-aws-kinesis.tag}" - op: replace path: /spec/template/spec/containers/0/env/5/value value: "${var.images.keda-aws-sqs.registry}/${var.images.keda-aws-sqs.repository}:${var.images.keda-aws-sqs.tag}" - op: replace path: /spec/template/spec/containers/0/env/6/value value: "${var.images.keda-nats-streaming.registry}/${var.images.keda-nats-streaming.repository}:${var.images.keda-nats-streaming.tag}" - op: replace path: /spec/template/spec/containers/0/env/7/value value: "${var.images.keda-nats-jetstream.registry}/${var.images.keda-nats-jetstream.repository}:${var.images.keda-nats-jetstream.tag}" - op: replace path: /spec/template/spec/containers/0/env/8/value value: "${var.images.keda-gcp-pubsub.registry}/${var.images.keda-gcp-pubsub.repository}:${var.images.keda-gcp-pubsub.tag}" - op: replace path: /spec/template/spec/containers/0/env/9/value value: "${var.images.keda-redis.registry}/${var.images.keda-redis.repository}:${var.images.keda-redis.tag}" - op: replace path: /spec/template/spec/containers/0/env/12/value value: "${var.namespace}" - op: replace path: /spec/template/spec/containers/0/env/13/value value: "${var.additionnal_namespaces}" EOF } patches { target { kind = "Deployment" name = "buildermgr" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "executor" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "mqtrigger-keda" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "kubewatcher" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "webhook" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "timer" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "storagesvc" } patch = local.pull_policy_patch } patches { target { kind = "Deployment" name = "router" } patch = local.pull_policy_patch } patches { target { kind = "PersistentVolumeClaim" name = "fission-storage-pvc" } patch = <<-EOF kind: PersistentVolumeClaim apiVersion: v1 metadata: name: fission-storage-pvc spec: accessModes: - "${var.storage.volume.access_mode}" resources: requests: storage: "${var.storage.volume.size}" EOF } } data "kustomization_overlay" "data_no_ns" { common_labels = local.common-labels resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("WebhookConfiguration",file))>0)] patches { target { kind = "ClusterRoleBinding" name = "buildermgr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "buildermgr-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "executor" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "executor-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "fission-builder" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "fission-fetcher" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "fission-fetcher-websocket" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "fluentbit" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "keda" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "keda-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "kubewatcher" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "kubewatcher-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "kubewatcher-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "router" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "router-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "storagesvc-fission-cr" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "timer" } patch = local.rb_patch } patches { target { kind = "ClusterRoleBinding" name = "timer-fission-cr" } patch = local.rb_patch } patches { target { kind = "MutatingWebhookConfiguration" name = "mutating-webhook-configuration" } patch = <<-EOF - op: replace path: /webhooks/0/clientConfig/service/namespace value: "${var.namespace}" EOF } patches { target { kind = "ValidatingWebhookConfiguration" name = "validating-webhook-configuration" } patch = <<-EOF - op: replace path: /webhooks/0/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/1/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/2/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/3/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/4/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/5/clientConfig/service/namespace value: "${var.namespace}" - op: replace path: /webhooks/6/clientConfig/service/namespace value: "${var.namespace}" EOF } patches { target { kind = "MutatingWebhookConfiguration" name = "mutating-webhook-configuration" } patch = <<-EOF apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs" name: mutating-webhook-configuration EOF } patches { target { kind = "ValidatingWebhookConfiguration" name = "validating-webhook-configuration" } patch = <<-EOF apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: "${var.namespace}/fission-webhook-certs" name: validating-webhook-configuration EOF } }