vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-17 09:59:53 +02:00
parent 4af203a991
commit 3c3d2885a8
4 changed files with 203 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/wordpress/database.tf
View File

@@ -59,8 +59,6 @@ resource "mysql_database" "component" {
resource "mysql_user" "component" { resource "mysql_user" "component" {
depends_on = [ kubectl_manifest.ndb ] depends_on = [ kubectl_manifest.ndb ]
user = var.component user = var.component
# plante parfois :'(
#host = "%.${module.service.default_definition.name}.${var.namespace}.svc.cluster.%"
host = "%" host = "%"
plaintext_password = random_password.mysql_comp_pass.result plaintext_password = random_password.mysql_comp_pass.result
} }

2
apps/wordpress/wordpress_ConfigMap.tf
View File

@@ -1,5 +1,4 @@
resource "kubectl_manifest" "wordpress_cfg" { resource "kubectl_manifest" "wordpress_cfg" {
count = 0
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
@@ -34,7 +33,6 @@ EOF
} }
resource "kubectl_manifest" "wordpress_files" { resource "kubectl_manifest" "wordpress_files" {
count = 0
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap

1
apps/wordpress/wordpress_Secret.tf
View File

@@ -61,7 +61,6 @@ resource "kubectl_manifest" "secret" {
WORDPRESS_LOGGED_IN_SALT: "${random_password.LOGGED_IN_SALT.result}" WORDPRESS_LOGGED_IN_SALT: "${random_password.LOGGED_IN_SALT.result}"
WORDPRESS_NONCE_SALT: "${random_password.NONCE_SALT.result}" WORDPRESS_NONCE_SALT: "${random_password.NONCE_SALT.result}"
WORDPRESS_DB_PASSWORD: "${random_password.mysql_comp_pass.result}" WORDPRESS_DB_PASSWORD: "${random_password.mysql_comp_pass.result}"
WORDPRESS_ADMIN_NAME: "${var.config.admin_name}"
WORDPRESS_ADMIN_PASSWORD: "${random_password.ADM_PASS.result}" WORDPRESS_ADMIN_PASSWORD: "${random_password.ADM_PASS.result}"
EOF EOF
} }

203
apps/wordpress/wordpress_workload.tf Normal file
View File

@@ -0,0 +1,203 @@
resource "kubectl_manifest" "Deployment_wordpress" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: "${var.instance}-${var.component}"
labels: ${jsonencode(local.wp_all_labels)}
namespace: ${var.namespace}
annotations:
configmap.reloader.stakater.com/reload: "${kubectl_manifest.wordpress_cfg.name},${kubectl_manifest.wordpress_files.name}"
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}"
spec:
replicas: 1
selector:
matchLabels: ${jsonencode(local.wp_labels)}
template:
metadata:
labels: ${jsonencode(local.wp_labels)}
spec:
serviceAccountName: default
securityContext:
fsGroup: 12000
runAsGroup: 12000
runAsNonRoot: true
runAsUser: 12000
initContainers:
- name: copy-wordpress-app
image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag}
imagePullPolicy: ${var.images.wordpress.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
command: [sh, -cx]
args:
- >-
echo Copying Wordpress source ...;
ls -l /usr/src/wordpress/;
cp -r /usr/src/wordpress/. /wordpress-app/;
if [ -z "$(ls -A /wordpress-data/wp-content/)" ]; then echo "Copying initial files to wp-content ..."; cp -r /usr/src/wordpress/wp-content/* /wordpress-data/wp-content/; fi;
volumeMounts:
- mountPath: /wordpress-app/
name: wordpress-app
- mountPath: /wordpress-data/wp-content/
name: wordpress-data
subPath: wp-content
- name: wordpress-config
image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag}
imagePullPolicy: ${var.images.wordpress.pull_policy}
command: [/usr/local/bin/vynil-configurator]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
envFrom:
- configMapRef:
name: "${kubectl_manifest.wordpress_cfg.name}"
- secretRef:
name: "${kubectl_manifest.secret.name}"
volumeMounts:
- mountPath: /var/www/html/
name: wordpress-app
- name: wordpress-data
mountPath: /var/www/html/wp-content/
subPath: wp-content
- name: wordpress-scripts
mountPath: /usr/local/bin/wp
subPath: wp-cli
- name: wordpress-scripts
mountPath: /usr/local/bin/vynil-configurator
subPath: "vynil-configurator.sh"
containers:
- name: wordpress
image: ${var.images.wordpress.registry}/${var.images.wordpress.repository}:${var.images.wordpress.tag}
imagePullPolicy: ${var.images.wordpress.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
envFrom:
- configMapRef:
name: "${kubectl_manifest.wordpress_cfg.name}"
- secretRef:
name: "${kubectl_manifest.secret.name}"
resources: {}
ports:
- name: php-fpm
containerPort: 9000
protocol: TCP
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
tcpSocket:
port: php-fpm
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
tcpSocket:
port: php-fpm
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "test -f /var/www/html/wp-config.php && chmod 444 /var/www/html/wp-config.php"]
volumeMounts:
- mountPath: /var/www/html/
name: wordpress-app
- name: wordpress-data
mountPath: /var/www/html/wp-content/
subPath: wp-content
- name: wordpress-config
mountPath: /usr/local/etc/php-fpm.d/zz-docker.conf
subPath: php-fpm-zz-docker.conf
- name: wordpress-config
mountPath: /usr/local/etc/php/conf.d/uploads.ini
subPath: php-uploads.ini
- name: wordpress-config
mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
subPath: php-opcache-recommended.ini
# - name: wordpress-config
# mountPath: /usr/local/etc/php/conf.d/docker-php-ext-redis.ini
# subPath: docker-php-ext-redis.ini
- name: wordpress-scripts
mountPath: /usr/local/bin/wp
subPath: wp-cli
- name: nginx
image: ${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}
imagePullPolicy: ${var.images.nginx.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
ports:
- name: http
containerPort: 8080
livenessProbe:
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
httpGet:
path: /wp-admin/install.php
port: http
scheme: HTTP
httpHeaders:
- name: X-Forwarded-Proto
value: https
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
tcpSocket:
port: http
volumeMounts:
- mountPath: /var/www/html/
name: wordpress-app
- mountPath: /var/www/html/wp-content/
name: wordpress-data
subPath: wp-content
- mountPath: /etc/nginx/nginx.conf
name: wordpress-config
subPath: nginx.conf
- mountPath: /tmp/
name: nginx-tmp
volumes:
- name: wordpress-app
emptyDir: {}
- name: wordpress-scripts
configMap:
defaultMode: 0755
name: ${kubectl_manifest.wordpress_files.name}
items:
- key: "vynil-configurator.sh"
path: "vynil-configurator.sh"
- key: "wp-cli"
path: "wp-cli"
- name: wordpress-config
configMap:
name: ${kubectl_manifest.wordpress_files.name}
- name: wordpress-data
persistentVolumeClaim:
claimName: "${var.instance}-${var.component}"
- name: nginx-tmp
emptyDir:
medium: Memory
EOF
}