vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-26 15:34:05 +02:00
parent a9bb67b046
commit 52df000331
9 changed files with 450 additions and 1202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
apps/taiga/common.tf
View File

@@ -45,11 +45,11 @@ locals {
pg_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
async_rabbitmq_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "async-rabbitmq"
})
events_rabbitmq_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "events-rabbitmq"
rabbitmq_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "rabbitmq"
})
postcfg_all_labels = merge({
"app.kubernetes.io/componant" = "postconfig"
},local.common_labels)
}

233
apps/taiga/index.yaml
View File

@@ -127,64 +127,82 @@ options:
examples:
- your-company.com
type: string
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
images:
default:
app:
back:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
repository: taigaio/taiga-back
tag: 6.7.3
events:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-events
tag: 6.7.0
front:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-front
tag: 6.7.7
nginx:
pull_policy: IfNotPresent
registry: docker.io
repository: nginx
tag: 1.26.0-alpine3.19
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
rabbit:
protected:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-protected
tag: 6.7.0
rabbit:
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
examples:
- app:
- back:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
repository: taigaio/taiga-back
tag: 6.7.3
events:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-events
tag: 6.7.0
front:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-front
tag: 6.7.7
nginx:
pull_policy: IfNotPresent
registry: docker.io
repository: nginx
tag: 1.26.0-alpine3.19
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
rabbit:
protected:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-protected
tag: 6.7.0
rabbit:
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
properties:
app:
back:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
repository: taigaio/taiga-back
tag: 6.7.3
properties:
pull_policy:
default: IfNotPresent
@@ -197,10 +215,82 @@ options:
default: docker.io
type: string
repository:
default: to-be/defined
default: taigaio/taiga-back
type: string
tag:
default: v1.0.0
default: 6.7.3
type: string
type: object
events:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-events
tag: 6.7.0
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: taigaio/taiga-events
type: string
tag:
default: 6.7.0
type: string
type: object
front:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: taigaio/taiga-front
tag: 6.7.7
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: taigaio/taiga-front
type: string
tag:
default: 6.7.7
type: string
type: object
nginx:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: nginx
tag: 1.26.0-alpine3.19
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: nginx
type: string
tag:
default: 1.26.0-alpine3.19
type: string
type: object
postgresql:
@@ -219,12 +309,12 @@ options:
default: 15.3
type: number
type: object
rabbit:
protected:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
repository: taigaio/taiga-protected
tag: 6.7.0
properties:
pull_policy:
default: IfNotPresent
@@ -233,6 +323,22 @@ options:
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: taigaio/taiga-protected
type: string
tag:
default: 6.7.0
type: string
type: object
rabbit:
default:
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
properties:
registry:
default: docker.io
type: string
@@ -254,11 +360,6 @@ options:
examples:
- letsencrypt-prod
type: string
language:
default: fr_FR
examples:
- fr_FR
type: string
postgres:
default:
replicas: 1
@@ -315,41 +416,29 @@ options:
type: string
type: object
type: object
replicas:
default: 1
examples:
- 1
type: integer
sso_vynil:
default: true
examples:
- true
type: boolean
storage:
default:
postgres:
size: 10Gi
rabbitmq_async:
size: 2Gi
rabbitmq_events:
rabbitmq:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
maxSize: 100Gi
size: 10Gi
type: Filesystem
description: Configure this app storage
examples:
- postgres:
size: 10Gi
rabbitmq_async:
size: 2Gi
rabbitmq_events:
rabbitmq:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
maxSize: 100Gi
size: 10Gi
type: Filesystem
properties:
postgres:
@@ -360,15 +449,7 @@ options:
default: 10Gi
type: string
type: object
rabbitmq_async:
default:
size: 2Gi
properties:
size:
default: 2Gi
type: string
type: object
rabbitmq_events:
rabbitmq:
default:
size: 2Gi
properties:
@@ -380,7 +461,8 @@ options:
default:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
maxSize: 100Gi
size: 10Gi
type: Filesystem
properties:
accessMode:
@@ -393,8 +475,11 @@ options:
class:
default: ''
type: string
maxSize:
default: 100Gi
type: string
size:
default: 1Gi
default: 10Gi
type: string
type:
default: Filesystem
@@ -409,15 +494,13 @@ options:
examples:
- to-be-set
type: string
timezone:
default: Europe/Paris
examples:
- Europe/Paris
type: string
dependencies:
- dist: null
category: dbo
component: pg
- dist: null
category: dbo
component: rabbitmq
providers:
kubernetes: true
authentik: true

22
apps/taiga/rabbitmq.tf Normal file
View File

@@ -0,0 +1,22 @@
resource "kubectl_manifest" "rabbit" {
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${var.instance}-${var.component}-rabbitmq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.rabbitmq_labels)}
spec:
image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}"
persistence:
storage: "${var.storage.rabbitmq}"
replicas: ${var.rabbitmq.replicas}
resources:
limits:
cpu: "${var.rabbitmq.limits.cpu}"
memory: "${var.rabbitmq.limits.memory}"
requests:
cpu: "${var.rabbitmq.requests.cpu}"
memory: "${var.rabbitmq.requests.memory}"
EOF
}

45
apps/taiga/rabbits.tf
View File

@@ -1,45 +0,0 @@
resource "kubectl_manifest" "async_rabbit" {
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${var.component}-async-rabbitmq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.async_rabbitmq_labels)}
spec:
image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}"
persistence:
storage: "${var.storage.rabbitmq_async}"
replicas: ${var.rabbitmq.replicas}
resources:
limits:
cpu: "${var.rabbitmq.limits.cpu}"
memory: "${var.rabbitmq.limits.memory}"
requests:
cpu: "${var.rabbitmq.requests.cpu}"
memory: "${var.rabbitmq.requests.memory}"
EOF
}
resource "kubectl_manifest" "events_rabbit" {
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${var.component}-events-rabbitmq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.events_rabbitmq_labels)}
spec:
image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}"
persistence:
storage: "${var.storage.rabbitmq_events}"
replicas: ${var.rabbitmq.replicas}
resources:
limits:
cpu: "${var.rabbitmq.limits.cpu}"
memory: "${var.rabbitmq.limits.memory}"
requests:
cpu: "${var.rabbitmq.requests.cpu}"
memory: "${var.rabbitmq.requests.memory}"
EOF
}

95
apps/taiga/taiga_ConfigMap.tf
View File

@@ -10,45 +10,20 @@ resource "kubectl_manifest" "cm_env" {
POSTGRES_DB: ${var.component}
POSTGRES_USER: ${var.component}
POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc
TAIGA_URL: https://localhost:9000
TAIGA_SITES_DOMAIN: localhost:9000
TAIGA_SITES_SCHEME: http
SESSION_COOKIE_SECURE: 'False'
CSRF_COOKIE_SECURE: 'False'
ENABLE_TELEMETRY: 'False'
PUBLIC_REGISTER_ENABLED: 'False'
ENABLE_GITHUB_AUTH: 'False'
ENABLE_GITLAB_AUTH: 'True'
GITLAB_CLIENT_ID:
GITLAB_API_CLIENT_ID: gitlab-api-client-id
GITLAB_API_CLIENT_SECRET: gitlab-api-client-secret
GITLAB_URL: gitlab-url
ENABLE_SLACK: 'False'
ENABLE_GITHUB_IMPORTER: 'False'
ENABLE_JIRA_IMPORTER: 'False'
ENABLE_TRELLO_IMPORTER: 'False'
TRELLO_IMPORTER_API_KEY: api-key-from-trello
TRELLO_IMPORTER_SECRET_KEY: secret-key-from-trello
- name: TAIGA_URL
value: http://localhost:9000
- name: PUBLIC_REGISTER_ENABLED
value: 'false'
- name: ENABLE_GITHUB_AUTH
value: 'false'
- name: ENABLE_GITLAB_AUTH
value: 'true'
- name: GITLAB_CLIENT_ID
value: gitlab-api-client-id
- name: GITLAB_URL
value: gitlab-url
- name: ENABLE_SLACK
value: 'false'
- name: ENABLE_GITHUB_IMPORTER
value: 'false'
- name: ENABLE_JIRA_IMPORTER
value: 'false'
- name: ENABLE_TRELLO_IMPORTER
value: 'false'
TAIGA_SITES_SCHEME: https
SESSION_COOKIE_SECURE: "False"
CSRF_COOKIE_SECURE: "False"
ENABLE_TELEMETRY: "False"
PUBLIC_REGISTER_ENABLED: "False"
ENABLE_GITHUB_AUTH: "False"
ENABLE_GITLAB_AUTH: "True"
ENABLE_SLACK: "False"
ENABLE_GITHUB_IMPORTER: "False"
ENABLE_JIRA_IMPORTER: "False"
ENABLE_TRELLO_IMPORTER: "False"
OPENID_CONNECT_SCOPES: "openid email profile"
EOF
}
@@ -58,66 +33,48 @@ resource "kubectl_manifest" "cm_scripts" {
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-createinitialtemplates
labels: ${jsonencode(local.common_labels)}
name: "${var.instance}-${var.component}-scripts"
labels: ${jsonencode(local.postcfg_all_labels)}
namespace: ${var.namespace}
data:
createinitialtemplates.sh: |-
#!/bin/sh
echo """
postconfig.py: |-
#!/usr/bin/env python
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://taiga-back/api/v1/').status_code != 200:
while requests.get('http://${kubectl_manifest.svc_back.name}/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates']))
""" > /tmp/create_initial_project_templates.py
python /tmp/create_initial_project_templates.py
createinitialuser.sh: |-
#!/bin/sh
echo """
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://taiga-back/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
else:
print('Admin user yet created.')
""" > /tmp/create_superuser.py
python /tmp/create_superuser.py
EOF
}
resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
resource "kubectl_manifest" "cm_nginx" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-gateway
name: "${var.instance}-${var.component}-nginx"
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
data:
default.conf: |-
server {
listen 80 default_server;
listen 8080 default_server;
client_max_body_size 100M;
charset utf-8;
# Frontend
location / {
proxy_pass http://taiga-front/;
proxy_pass http://${kubectl_manifest.svc_front.name}/;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
@@ -127,7 +84,7 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
# Api
location /api {
proxy_pass http://taiga-back:8000/api;
proxy_pass http://${kubectl_manifest.svc_back.name}:8000/api;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
@@ -137,7 +94,7 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
# Admin
location /admin {
proxy_pass http://taiga-back:8000/admin;
proxy_pass http://${kubectl_manifest.svc_back.name}:8000/admin;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
@@ -169,13 +126,13 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://taiga-protected:8003/;
proxy_pass http://${kubectl_manifest.svc_protected.name}:8003/;
proxy_redirect off;
}
# Events
location /events {
proxy_pass http://taiga-events:8888/events;
proxy_pass http://${kubectl_manifest.svc_events.name}:8888/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

67
apps/taiga/taiga_Job.tf
View File

@@ -3,18 +3,18 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
apiVersion: batch/v1
kind: Job
metadata:
name: taiga-createinitialtemplates
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
name: "${var.instance}-${var.component}-post-config"
namespace: "${var.namespace}"
labels: ${jsonencode(local.postcfg_all_labels)}
spec:
template:
spec:
restartPolicy: OnFailure
containers:
- name: createinitialtemplates
image: docker.io/taigaio/taiga-back:latest
command:
- sh
- /scripts/createinitialtemplates.sh
- name: postconfig
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
command: ["/scripts/postconfig.py"]
env:
- name: POSTGRES_PASSWORD
valueFrom:
@@ -27,56 +27,13 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
volumeMounts:
- name: createinitialtemplates
- name: scripts
mountPath: /scripts
restartPolicy: Never
volumes:
- name: createinitialtemplates
- name: scripts
configMap:
name: taiga-createinitialtemplates
defaultMode: '0744'
name: ${kubectl_manifest.cm_scripts.name}
defaultMode: '0755'
backoffLimit: 4
EOF
}
resource "kubectl_manifest" "Job_taiga-createinitialuser" {
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: taiga-createinitialuser
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
spec:
template:
spec:
containers:
- name: createinitialuser
image: docker.io/taigaio/taiga-back:latest
command:
- sh
- /scripts/createinitialuser.sh
volumeMounts:
- name: createinitialuser
mountPath: /scripts
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
restartPolicy: Never
volumes:
- name: createinitialuser
configMap:
name: taiga-createinitialuser
defaultMode: '0744'
backoffLimit: 4
EOF
}

48
apps/taiga/taiga_PersistentVolumeClaim.tf
View File

@@ -1,34 +1,28 @@
resource "kubectl_manifest" "PersistentVolumeClaim_taiga-media" {
yaml_body = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: taiga-media
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
EOF
locals {
pvc_spec = merge({
"accessModes" = [var.storage.volume.accessMode]
"volumeMode" = var.storage.volume.type
"resources" = {
"requests" = {
"storage" = "${var.storage.volume.size}"
}
}
}, var.storage.volume.class != "" ?{
"storageClassName" = var.storage.volume.class
}:{})
}
resource "kubectl_manifest" "PersistentVolumeClaim_taiga-static" {
resource "kubectl_manifest" "pvc" {
ignore_fields = ["spec.resources.requests.storage"]
yaml_body = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: taiga-static
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
EOF
annotations:
resize.kubesphere.io/storage_limit: "${var.storage.volume.maxSize}"
spec: ${jsonencode(local.pvc_spec)}
EOF
}

337
apps/taiga/taiga_Service.tf
View File

@@ -1,10 +1,76 @@
resource "kubectl_manifest" "Service_taiga-back" {
locals {
dns_name = "${var.sub_domain}.${var.domain_name}"
dns_names = [local.dns_name]
app_name = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance)
icon = "favicon.ico"
}
module "service" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//service?ref=0.3.0"
component = var.component
instance = var.instance
namespace = var.namespace
labels = local.common_labels
selector = local.back_labels
targets = ["http"]
providers = {
kubectl = kubectl
}
}
module "ingress" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress?ref=0.3.0"
component = ""
instance = var.instance
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
labels = local.common_labels
dns_names = local.dns_names
services = [module.service.default_definition]
providers = {
kubectl = kubectl
}
}
module "application" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application?ref=0.3.0"
component = var.component
instance = var.instance
app_group = var.app_group
dns_name = local.dns_name
icon = local.icon
sub_groups = ["admin"]
protocol_provider = module.oauth2.provider-id
providers = {
authentik = authentik
}
}
module "oauth2" {
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2?ref=0.3.0"
component = var.component
instance = var.instance
namespace = var.namespace
domain = var.domain
labels = local.common_labels
dns_name = "${local.dns_name}/"
redirect_path = ""
providers = {
kubernetes = kubernetes
kubectl = kubectl
authentik = authentik
}
}
resource "kubectl_manifest" "svc_back" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-back
labels: ${jsonencode(local.common-labels)}
name: "${var.instance}-${var.component}-back"
labels: ${jsonencode(local.back_all_labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
@@ -12,146 +78,20 @@ resource "kubectl_manifest" "Service_taiga-back" {
- name: taiga-back
port: 8000
targetPort: taiga-back
- name: taiga-gateway
- name: http
port: 80
targetPort: taiga-gateway
selector:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
targetPort: http
selector: ${jsonencode(local.back_labels)}
EOF
}
resource "kubectl_manifest" "Service_taiga-async-rabbitmq-headless" {
resource "kubectl_manifest" "svc_front" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-async-rabbitmq-headless
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: http-stats
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: async-rabbitmq
app.kubernetes.io/instance: taiga
publishNotReadyAddresses: true
EOF
}
resource "kubectl_manifest" "Service_taiga-postgresql" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-postgresql
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
annotations: null
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
nodePort: null
selector:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: taiga
app.kubernetes.io/component: primary
EOF
}
resource "kubectl_manifest" "Service_taiga-events" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-events
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-events
port: 8888
targetPort: taiga-events
selector:
app.kubernetes.io/name: taiga-events
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-protected" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-protected
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-protected
port: 8003
targetPort: taiga-protected
selector:
app.kubernetes.io/name: taiga-protected
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-events-rabbitmq-headless" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-events-rabbitmq-headless
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: http-stats
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: events-rabbitmq
app.kubernetes.io/instance: taiga
publishNotReadyAddresses: true
EOF
}
resource "kubectl_manifest" "Service_taiga-front" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-front
labels: ${jsonencode(local.common-labels)}
name: "${var.instance}-${var.component}-front"
labels: ${jsonencode(local.front_all_labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
@@ -159,120 +99,43 @@ resource "kubectl_manifest" "Service_taiga-front" {
- name: taiga-front
port: 80
targetPort: taiga-front
selector:
app.kubernetes.io/name: taiga-front
app.kubernetes.io/instance: taiga
selector: ${jsonencode(local.front_labels)}
EOF
}
resource "kubectl_manifest" "Service_taiga-gateway" {
resource "kubectl_manifest" "svc_events" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-gateway
labels: ${jsonencode(local.common-labels)}
name: "${var.instance}-${var.component}-events"
labels: ${jsonencode(local.event_all_labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-gateway
port: 80
targetPort: taiga-gateway
selector:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
- name: taiga-events
port: 8888
targetPort: taiga-events
selector: ${jsonencode(local.event_labels)}
EOF
}
resource "kubectl_manifest" "svc_protected" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: "${var.instance}-${var.component}-protected"
labels: ${jsonencode(local.protected_all_labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-protected
port: 8003
targetPort: taiga-protected
selector: ${jsonencode(local.protected_labels)}
EOF
}
# resource "kubectl_manifest" "Service_taiga-events-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-events-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# sessionAffinity: None
# ports:
# - name: amqp
# port: 5672
# targetPort: amqp
# nodePort: null
# - name: epmd
# port: 4369
# targetPort: epmd
# nodePort: null
# - name: dist
# port: 25672
# targetPort: dist
# nodePort: null
# - name: http-stats
# port: 15672
# targetPort: stats
# nodePort: null
# selector:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# EOF
# }
# resource "kubectl_manifest" "Service_taiga-postgresql-hl" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-postgresql-hl
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# clusterIP: None
# publishNotReadyAddresses: true
# ports:
# - name: tcp-postgresql
# port: 5432
# targetPort: tcp-postgresql
# selector:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# EOF
# }
# resource "kubectl_manifest" "Service_taiga-async-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-async-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# sessionAffinity: None
# ports:
# - name: amqp
# port: 5672
# targetPort: amqp
# nodePort: null
# - name: epmd
# port: 4369
# targetPort: epmd
# nodePort: null
# - name: dist
# port: 25672
# targetPort: dist
# nodePort: null
# - name: http-stats
# port: 15672
# targetPort: stats
# nodePort: null
# selector:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# EOF
# }

795
apps/taiga/taiga_workload.tf
View File

@@ -4,62 +4,59 @@ resource "kubectl_manifest" "Deployment_taiga-events" {
kind: Deployment
metadata:
name: taiga-events
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.event_all_labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-events
app.kubernetes.io/instance: taiga
matchLabels: ${jsonencode(local.event_labels)}
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-events
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-events
labels: ${jsonencode(local.event_labels)}
spec:
serviceAccountName: default
containers:
- name: taiga-events
image: docker.io/taigaio/taiga-events:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
image: "${var.images.events.registry}/${var.images.events.repository}:${var.images.events.tag}"
imagePullPolicy: ${var.images.events.pull_policy}
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
env:
- name: TAIGA_EVENTS_RABBITMQ_HOST
value: ${kubectl_manifest.rabbit.name}
- name: RABBITMQ_USER
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: username
- name: RABBITMQ_PASS
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: password
ports:
- name: taiga-events
containerPort: 8888
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
# livenessProbe:
# httpGet:
# path: /admin/login/
# port: 8000
# initialDelaySeconds: 20
# periodSeconds: 10
# timeoutSeconds: 5
# successThreshold: 1
# failureThreshold: 3
# readinessProbe:
# httpGet:
# path: /admin/login/
# port: 8000
# initialDelaySeconds: 5
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
# failureThreshold: 3
resource "kubectl_manifest" "Deployment_taiga-front" {
yaml_body = <<-EOF
@@ -67,55 +64,29 @@ resource "kubectl_manifest" "Deployment_taiga-front" {
kind: Deployment
metadata:
name: taiga-front
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.front_all_labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-front
app.kubernetes.io/instance: taiga
matchLabels: ${jsonencode(local.front_labels)}
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-front
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-front
labels: ${jsonencode(local.front_labels)}
spec:
serviceAccountName: default
containers:
- name: taiga-front
image: docker.io/taigaio/taiga-front:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
image: "${var.images.front.registry}/${var.images.front.repository}:${var.images.front.tag}"
imagePullPolicy: ${var.images.front.pull_policy}
env:
- name: GITLAB_CLIENT_ID
value: gitlab-api-client-id
envFrom:
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
ports:
- name: taiga-front
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
@@ -125,57 +96,31 @@ resource "kubectl_manifest" "Deployment_taiga-protected" {
kind: Deployment
metadata:
name: taiga-protected
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.protected_all_labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-protected
app.kubernetes.io/instance: taiga
matchLabels: ${jsonencode(local.protected_labels)}
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-protected
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-protected
labels: ${jsonencode(local.protected_labels)}
spec:
serviceAccountName: default
containers:
- name: taiga-protected
image: docker.io/taigaio/taiga-protected:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
image: "${var.images.protected.registry}/${var.images.protected.repository}:${var.images.protected.tag}"
imagePullPolicy: ${var.images.protected.pull_policy}
env:
- name: SECRET_KEY
value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.secret.name}
key: TAIGA_SECRET_KEY
- name: MAX_AGE
value: '360'
ports:
- name: taiga-protected
containerPort: 8003
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
@@ -185,36 +130,39 @@ resource "kubectl_manifest" "Deployment_taiga-back" {
kind: Deployment
metadata:
name: taiga-back
labels: ${jsonencode(local.common-labels)}
labels: ${jsonencode(local.back_all_labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
matchLabels: ${jsonencode(local.back_labels)}
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-back
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-back
labels: ${jsonencode(local.back_labels)}
spec:
serviceAccountName: default
containers:
- name: taiga-back
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
env:
- name: TAIGA_EVENTS_RABBITMQ_HOST
value: ${kubectl_manifest.rabbit.name}
- name: TAIGA_ASYNC_RABBITMQ_HOST
value: ${kubectl_manifest.rabbit.name}
- name: RABBITMQ_USER
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: username
- name: RABBITMQ_PASS
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: password
- name: GITLAB_API_CLIENT_ID
value: gitlab-api-client-id
- name: GITLAB_API_CLIENT_SECRET
value: gitlab-api-client-secret
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
@@ -228,9 +176,16 @@ resource "kubectl_manifest" "Deployment_taiga-back" {
ports:
- name: taiga-back
containerPort: 8000
volumeMounts:
- name: data
mountPath: /taiga-back/static
subPath: static
- name: data
mountPath: /taiga-back/media
subPath: media
livenessProbe:
httpGet:
path: /admin/login/
path: /api/v1/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
@@ -239,31 +194,29 @@ resource "kubectl_manifest" "Deployment_taiga-back" {
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
path: /api/v1/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
- name: taiga-async
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
command:
- /taiga-back/docker/async_entrypoint.sh
env:
- name: RABBITMQ_USER
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: username
- name: RABBITMQ_PASS
value: taiga
valueFrom:
secretKeyRef:
name: ${kubectl_manifest.rabbit.name}-default-user
key: password
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
@@ -275,569 +228,33 @@ resource "kubectl_manifest" "Deployment_taiga-back" {
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
volumeMounts:
- name: taiga-static
- name: data
mountPath: /taiga-back/static
- name: taiga-media
subPath: static
- name: data
mountPath: /taiga-back/media
- name: taiga-gateway
image: docker.io/nginx:1.19-alpine
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
subPath: media
- name: nginx
image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}"
imagePullPolicy: ${var.images.nginx.pull_policy}
ports:
- name: taiga-gateway
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 10
- name: http
containerPort: 8080
volumeMounts:
- name: taiga-static
- name: data
mountPath: /taiga/static
- name: taiga-media
subPath: static
- name: data
mountPath: /taiga/media
subPath: media
- name: taiga-conf
mountPath: /etc/nginx/conf.d/
volumes:
- name: taiga-static
- name: data
persistentVolumeClaim:
claimName: taiga-static
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
claimName: ${kubectl_manifest.pvc.name}
- name: taiga-conf
configMap:
name: taiga-gateway
name: ${kubectl_manifest.cm_nginx.name}
EOF
}
# resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-async-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-async-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: async-rabbitmq
# helm.sh/chart: async-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0
# checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329
# spec:
# serviceAccountName: taiga-async-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-async-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-async-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-events-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-events-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: events-rabbitmq
# helm.sh/chart: events-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485
# checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8
# spec:
# serviceAccountName: taiga-events-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-events-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-events-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-postgresql" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-postgresql
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# annotations: null
# spec:
# replicas: 1
# serviceName: taiga-postgresql-hl
# updateStrategy:
# rollingUpdate: {}
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# template:
# metadata:
# name: taiga-postgresql
# labels:
# app.kubernetes.io/name: postgresql
# helm.sh/chart: postgresql-11.6.26
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# app.kubernetes.io/component: primary
# annotations: null
# spec:
# serviceAccountName: default
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# hostNetwork: false
# hostIPC: false
# initContainers: null
# containers:
# - name: postgresql
# image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsUser: 1001
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: POSTGRESQL_PORT_NUMBER
# value: '5432'
# - name: POSTGRESQL_VOLUME_DIR
# value: /bitnami/postgresql
# - name: PGDATA
# value: /bitnami/postgresql/data
# - name: POSTGRES_USER
# value: taiga
# - name: POSTGRES_POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: postgres-password
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: password
# - name: POSTGRES_DB
# value: taiga
# - name: POSTGRESQL_ENABLE_LDAP
# value: no
# - name: POSTGRESQL_ENABLE_TLS
# value: no
# - name: POSTGRESQL_LOG_HOSTNAME
# value: 'false'
# - name: POSTGRESQL_LOG_CONNECTIONS
# value: 'false'
# - name: POSTGRESQL_LOG_DISCONNECTIONS
# value: 'false'
# - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
# value: off
# - name: POSTGRESQL_CLIENT_MIN_MESSAGES
# value: error
# - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
# value: pgaudit
# ports:
# - name: tcp-postgresql
# containerPort: 5432
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 30
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# readinessProbe:
# failureThreshold: 6
# initialDelaySeconds: 5
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - -e
# - |
# exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
# resources:
# limits: {}
# requests:
# cpu: 250m
# memory: 256Mi
# volumeMounts:
# - name: dshm
# mountPath: /dev/shm
# - name: data
# mountPath: /bitnami/postgresql
# volumes:
# - name: dshm
# emptyDir:
# medium: Memory
# volumeClaimTemplates:
# - metadata:
# name: data
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }