diff --git a/apps/gitea/datas.tf b/apps/gitea/datas.tf index 2b7dad6..b3f10c9 100644 --- a/apps/gitea/datas.tf +++ b/apps/gitea/datas.tf @@ -19,9 +19,9 @@ locals { } data "kubernetes_secret_v1" "postgresql_password" { - depends_on = [kubectl_manifest.gitea_postgresql] + depends_on = [kubectl_manifest.prj_pg] metadata { - name = "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + name = "${var.instance}-${var.component}-pg-app" namespace = var.namespace } } diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 9b4c283..cce2449 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,61 +9,21 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - load-balancer: - default: - ip: '' + timezone: + default: Europe/Paris examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object - postgres: - default: - replicas: 1 - storage: 10Gi - version: '14' - examples: - - replicas: 1 - storage: 10Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 10Gi - type: string - version: - default: '14' - type: string - type: object - release: - default: 8.3.0 - examples: - - 8.3.0 + - Europe/Paris type: string - theme: - default: gitea-modern + sub-domain: + default: git examples: - - gitea-modern + - git type: string + ssh-port: + default: 2222 + examples: + - 2222 + type: integer webhook: default: allowed-hosts: private @@ -79,46 +39,11 @@ options: default: false type: boolean type: object - volume: - default: - size: 10Gi + release: + default: 8.3.0 examples: - - size: 10Gi - properties: - size: - default: 10Gi - type: string - type: object - timezone: - default: Europe/Paris - examples: - - Europe/Paris + - 8.3.0 type: string - default-branch: - default: main - examples: - - main - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ssh-port: - default: 2222 - examples: - - 2222 - type: integer - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - replicas: - default: 1 - examples: - - 1 - type: integer images: default: gitea: @@ -182,6 +107,66 @@ options: type: string type: object type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + replicas: + default: 1 + examples: + - 1 + type: integer + domain: + default: your-company + examples: + - your-company + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + volume: + default: + size: 10Gi + examples: + - size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + load-balancer: + default: + ip: '' + examples: + - ip: '' + properties: + ip: + default: '' + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + theme: + default: gitea-modern + examples: + - gitea-modern + type: string + default-branch: + default: main + examples: + - main + type: string + disable-registration: + default: true + examples: + - true + type: boolean push-create: default: org: 'true' @@ -202,26 +187,41 @@ options: default: 'true' type: string type: object - domain: - default: your-company + admin: + default: + email: git-admin@git.your_company.com + name: gitea_admin examples: - - your-company - type: string - ingress-class: - default: traefik + - email: git-admin@git.your_company.com + name: gitea_admin + properties: + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin + type: string + type: object + postgres: + default: + replicas: 1 + storage: 10Gi + version: '14' examples: - - traefik - type: string - sub-domain: - default: git - examples: - - git - type: string - disable-registration: - default: true - examples: - - true - type: boolean + - replicas: 1 + storage: 10Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 10Gi + type: string + version: + default: '14' + type: string + type: object dependencies: - dist: null category: share @@ -231,7 +231,7 @@ dependencies: component: secret-generator - dist: null category: dbo - component: postgresql + component: pg providers: kubernetes: true authentik: true diff --git a/apps/gitea/inline-config.tf b/apps/gitea/inline-config.tf index 5788e26..c159f0f 100644 --- a/apps/gitea/inline-config.tf +++ b/apps/gitea/inline-config.tf @@ -17,11 +17,10 @@ HOST=gitea-memcached.${var.namespace}.svc:11211 EOF database = <<-EOF DB_TYPE=postgres -HOST=${var.instance}-${var.component}.${var.namespace}.svc:5432 +HOST=${var.instance}-${var.component}-pg-rw.${var.namespace}.svc:5432 NAME=${var.component} PASSWD=${data.kubernetes_secret_v1.postgresql_password.data["password"]} USER=${data.kubernetes_secret_v1.postgresql_password.data["username"]} -SSL_MODE=require EOF repository = <<-EOF DEFAULT_BRANCH=${var.default-branch} diff --git a/apps/gitea/postgresql.tf b/apps/gitea/postgresql.tf index da30ad4..c8e39d5 100644 --- a/apps/gitea/postgresql.tf +++ b/apps/gitea/postgresql.tf @@ -1,5 +1,8 @@ locals { pg-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "pg" + }) + postgres-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "postgresql" }) } @@ -10,7 +13,7 @@ resource "kubectl_manifest" "gitea_postgresql" { metadata: name: "${var.instance}-${var.component}" namespace: "${var.namespace}" - labels: ${jsonencode(local.pg-labels)} + labels: ${jsonencode(local.postgres-labels)} spec: databases: ${var.component}: "${var.component}" @@ -29,3 +32,75 @@ resource "kubectl_manifest" "gitea_postgresql" { size: "${var.postgres.storage}" EOF } + +resource "kubectl_manifest" "prj_pre_migrate_pg" { + yaml_body = <<-EOF +apiVersion: batch/v1 +kind: Job +metadata: + name: "${var.instance}-remove-zalando-extensions" + namespace: "${var.namespace}" +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: clean + image: docker.io/postgres:15.3-bookworm + imagePullPolicy: IfNotPresent + env: + - name: USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgres.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do + - name: PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do + - name: DBURL + value: "${var.instance}-${var.component}" + - name: DBNAME + value: "${var.component}" + command: + - /bin/bash + - "-c" + - "echo -ne 'drop view if exists metric_helpers.pg_stat_statements;\ndrop function if exists metric_helpers.pg_stat_statements;\nDROP EXTENSION IF EXISTS pg_stat_statements;\nDROP EXTENSION IF EXISTS pg_stat_kcache;\nDROP EXTENSION IF EXISTS set_user;\n'| PGPASSWORD=\"$PASSWORD\" psql -U $USERNAME -d $DBNAME -h $DBURL" + EOF +} + +resource "kubectl_manifest" "prj_pg" { + depends_on = [kubectl_manifest.prj_pre_migrate_pg] + yaml_body = <<-EOF + apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + metadata: + name: "${var.instance}-${var.component}-pg" + namespace: "${var.namespace}" + spec: + instances: ${var.postgres.replicas} + storage: + size: "${var.postgres.storage}" + bootstrap: + initdb: + database: ${var.component} + owner: ${var.component} + import: + type: microservice + databases: + - ${var.component} + source: + externalCluster: "${var.instance}-${var.component}" + externalClusters: + - name: "${var.instance}-${var.component}" + connectionParameters: + host: "${var.instance}-${var.component}" + user: postgres + dbname: postgres + sslmode: require + password: + name: "postgres.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + key: password + EOF +} diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 5b1915f..a511683 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,111 +6,100 @@ metadata: name: nextcloud description: null options: + admin: + default: + name: nextcloud_admin + examples: + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin + type: string + type: object domain: default: your-company examples: - your-company type: string + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object ingress-class: default: traefik examples: - traefik type: string - sub-domain: - default: files + openid-name: + default: vynil examples: - - files + - vynil type: string - apps: + postgres: default: - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true + replicas: 1 + storage: 5Gi + version: '14' examples: - - audioplayer: false - bookmarks: false - bpm: false - calendar: false - collabora: false - contacts: false - deck: false - groupfolders: true - mindmap: false - music: false - notes: false - onlyoffice: false - passman: false - spreed: false - tables: false - tasks: false - texteditor: true + - replicas: 1 + storage: 5Gi + version: '14' properties: - audioplayer: - default: false - type: boolean - bookmarks: - default: false - type: boolean - bpm: - default: false - type: boolean - calendar: - default: false - type: boolean - collabora: - default: false - type: boolean - contacts: - default: false - type: boolean - deck: - default: false - type: boolean - groupfolders: - default: true - type: boolean - mindmap: - default: false - type: boolean - music: - default: false - type: boolean - notes: - default: false - type: boolean - onlyoffice: - default: false - type: boolean - passman: - default: false - type: boolean - spreed: - default: false - type: boolean - tables: - default: false - type: boolean - tasks: - default: false - type: boolean - texteditor: - default: true - type: boolean + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string type: object + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string images: default: collabora: @@ -274,26 +263,101 @@ options: type: string type: object type: object - postgres: + apps: default: - replicas: 1 - storage: 5Gi - version: '14' + audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true examples: - - replicas: 1 - storage: 5Gi - version: '14' + - audioplayer: false + bookmarks: false + bpm: false + calendar: false + collabora: false + contacts: false + deck: false + groupfolders: true + mindmap: false + music: false + notes: false + onlyoffice: false + passman: false + spreed: false + tables: false + tasks: false + texteditor: true properties: - replicas: - default: 1 - type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string + audioplayer: + default: false + type: boolean + bookmarks: + default: false + type: boolean + bpm: + default: false + type: boolean + calendar: + default: false + type: boolean + collabora: + default: false + type: boolean + contacts: + default: false + type: boolean + deck: + default: false + type: boolean + groupfolders: + default: true + type: boolean + mindmap: + default: false + type: boolean + music: + default: false + type: boolean + notes: + default: false + type: boolean + onlyoffice: + default: false + type: boolean + passman: + default: false + type: boolean + spreed: + default: false + type: boolean + tables: + default: false + type: boolean + tasks: + default: false + type: boolean + texteditor: + default: true + type: boolean type: object + sub-domain: + default: files + examples: + - files + type: string redis: default: exporter: @@ -327,71 +391,16 @@ options: default: 2Gi type: string type: object - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - admin: - default: - name: nextcloud_admin - examples: - - name: nextcloud_admin - properties: - name: - default: nextcloud_admin - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - storage: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - openid-name: - default: vynil - examples: - - vynil - type: string -dependencies: [] +dependencies: +- dist: null + category: share + component: authentik-ldap +- dist: null + category: core + component: secret-generator +- dist: null + category: dbo + component: pg providers: kubernetes: true authentik: true diff --git a/apps/nextcloud/postgresql.tf b/apps/nextcloud/postgresql.tf index 9930f5b..201ce51 100644 --- a/apps/nextcloud/postgresql.tf +++ b/apps/nextcloud/postgresql.tf @@ -32,7 +32,46 @@ resource "kubectl_manifest" "prj_postgresql" { size: "${var.postgres.storage}" EOF } + +resource "kubectl_manifest" "prj_pre_migrate_pg" { + yaml_body = <<-EOF +apiVersion: batch/v1 +kind: Job +metadata: + name: "${var.instance}-remove-zalando-extensions" + namespace: "${var.namespace}" +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: clean + image: docker.io/postgres:15.3-bookworm + imagePullPolicy: IfNotPresent + env: + - name: USERNAME + valueFrom: + secretKeyRef: + key: username + name: postgres.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do + - name: PASSWORD + valueFrom: + secretKeyRef: + key: password + name: postgres.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do + - name: DBURL + value: "${var.instance}-${var.component}" + - name: DBNAME + value: "${var.component}" + command: + - /bin/bash + - "-c" + - "echo -ne 'drop view if exists metric_helpers.pg_stat_statements;\ndrop function if exists metric_helpers.pg_stat_statements;\nDROP EXTENSION IF EXISTS pg_stat_statements;\nDROP EXTENSION IF EXISTS pg_stat_kcache;\nDROP EXTENSION IF EXISTS set_user;\n'| PGPASSWORD=\"$PASSWORD\" psql -U $USERNAME -d $DBNAME -h $DBURL" + EOF +} + resource "kubectl_manifest" "prj_pg" { + depends_on = [kubectl_manifest.prj_pre_migrate_pg] yaml_body = <<-EOF apiVersion: postgresql.cnpg.io/v1 kind: Cluster