vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding missng tf files

Browse Source
This commit is contained in:
Sébastien Huss
2023-07-17 21:23:16 +02:00
parent f296b819fb
commit 568210e097
5 changed files with 349 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
apps/nextcloud/datas.tf Normal file
View File

@@ -0,0 +1,189 @@
locals {
common-labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.common-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "nextcloud"
new_name = "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}"
new_tag = "${var.images.nextcloud.tag}"
}
patches {
target {
kind = "Deployment"
name = "nextcloud"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
spec:
template:
spec:
containers:
- name: nextcloud
image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}"
imagePullPolicy: "${var.images.nextcloud.pullPolicy}"
env:
- name: POSTGRES_HOST
value: "${var.instance}-${var.component}"
- name: POSTGRES_DB
value: "${var.component}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do"
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.kube.home
- name: REDIS_HOST
value: "${var.instance}-${var.component}-redis.${var.namespace}.svc"
- name: REDIS_HOST_PASSWORD
value: ""
resources:
{}
- name: nextcloud-cron
image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}"
imagePullPolicy: "${var.images.nextcloud.pullPolicy}"
command:
- /cron.sh
env:
- name: POSTGRES_HOST
value: "${var.instance}-${var.component}"
- name: POSTGRES_DB
value: "${var.component}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do"
- name: NEXTCLOUD_ADMIN_USER
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.kube.home
- name: REDIS_HOST
value: "${var.instance}-${var.component}-redis.${var.namespace}.svc"
- name: REDIS_HOST_PASSWORD
value: ""
resources:
{}
- name: nextcloud-nginx
image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}"
imagePullPolicy: "${var.images.nginx.pullPolicy}"
resources:
{}
EOF
}
patches {
target {
kind = "Deployment"
name = "authentik-worker"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-metrics
spec:
template:
spec:
containers:
- name: metrics-exporter
image: "${var.images.exporter.registry}/${var.images.exporter.repository}:${var.images.exporter.tag}"
imagePullPolicy: "${var.images.exporter.pullPolicy}"
env:
- name: NEXTCLOUD_USERNAME
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-username
- name: NEXTCLOUD_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud
key: nextcloud-password
- name: NEXTCLOUD_SERVER
value: "https://${local.dns-name}"
- name: NEXTCLOUD_TIMEOUT
value: 5s
- name: NEXTCLOUD_TLS_SKIP_VERIFY
value: "false"
ports:
- name: metrics
containerPort: 9205
securityContext:
runAsUser: 1000
runAsNonRoot: true
EOF
}
patches {
target {
kind = "PersistentVolumeClaim"
name = "nextcloud-nextcloud"
}
patch = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nextcloud-nextcloud
spec:
accessModes:
- "${var.storage.accessMode}"
resources:
requests:
storage: "${var.storage.size}"
EOF
}
patches {
target {
kind = "HorizontalPodAutoscaler"
name = "nextcloud"
}
patch = <<-EOF
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nextcloud
spec:
minReplicas: ${var.hpa.min-replicas}
maxReplicas: ${var.hpa.max-replicas}
targetCPUUtilizationPercentage: ${var.hpa.avg-cpu}
EOF
}
}

76
apps/nextcloud/ingress.tf Normal file
View File

@@ -0,0 +1,76 @@
locals {
dns-name = "${var.sub-domain}.${var.domain-name}"
dns-names = [local.dns-name]
middlewares = ["${var.instance}-https"]
service = {
"name" = "${var.component}"
"port" = {
"number" = 80
}
}
rules = [ for v in local.dns-names : {
"host" = "${v}"
"http" = {
"paths" = [{
"backend" = {
"service" = local.service
}
"path" = "/"
"pathType" = "Prefix"
}]
}
}]
}
resource "kubectl_manifest" "prj_certificate" {
yaml_body = <<-EOF
apiVersion: "cert-manager.io/v1"
kind: "Certificate"
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
secretName: "${var.instance}-cert"
dnsNames: ${jsonencode(local.dns-names)}
issuerRef:
name: "${var.issuer}"
kind: "ClusterIssuer"
group: "cert-manager.io"
EOF
}
resource "kubectl_manifest" "prj_https_redirect" {
yaml_body = <<-EOF
apiVersion: "traefik.containo.us/v1alpha1"
kind: "Middleware"
metadata:
name: "${var.instance}-https"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
redirectScheme:
scheme: "https"
permanent: true
EOF
}
resource "kubectl_manifest" "prj_ingress" {
force_conflicts = true
yaml_body = <<-EOF
apiVersion: "networking.k8s.io/v1"
kind: "Ingress"
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
annotations:
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
spec:
ingressClassName: "${var.ingress-class}"
rules: ${jsonencode(local.rules)}
tls:
- hosts: ${jsonencode(local.dns-names)}
secretName: "${var.instance}-cert"
EOF
}

31
apps/nextcloud/postgresql.tf Normal file
View File

@@ -0,0 +1,31 @@
locals {
pg-labels = merge(local.common-labels, {
"app.kubernetes.io/component" = "postgresql"
})
}
resource "kubectl_manifest" "dolibarr_postgresql" {
yaml_body = <<-EOF
apiVersion: "acid.zalan.do/v1"
kind: "postgresql"
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
labels: ${jsonencode(local.pg-labels)}
spec:
databases:
${var.component}: "${var.component}"
numberOfInstances: ${var.postgres.replicas}
podAnnotations:
"k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean"
"k8up.io/file-extension": ".sql"
postgresql:
version: "${var.postgres.version}"
teamId: "${var.instance}"
users:
${var.component}:
- "superuser"
- "createdb"
volume:
size: "${var.postgres.storage}"
EOF
}

32
apps/nextcloud/redis.tf Normal file
View File

@@ -0,0 +1,32 @@
locals {
redis-labels = merge(local.common-labels, {
"app.kubernetes.io/component" = "redis"
})
}
resource "kubectl_manifest" "dolibarr_redis" {
yaml_body = <<-EOF
apiVersion: "redis.redis.opstreelabs.in/v1beta1"
kind: "Redis"
metadata:
name: "${var.instance}-${var.component}-redis"
namespace: "${var.namespace}"
labels: ${jsonencode(local.redis-labels)}
spec:
kubernetesConfig:
image: "${var.redis.image}"
imagePullPolicy: "IfNotPresent"
storage:
volumeClaimTemplate:
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: "${var.redis.storage}"
redisExporter:
enabled: ${var.redis.exporter.enabled}
image: "${var.redis.exporter.image}"
securityContext:
runAsUser: 1000
fsGroup: 1000
EOF
}

21
apps/nextcloud/secret.tf Normal file
View File

@@ -0,0 +1,21 @@
resource "kubectl_manifest" "gitea_secret" {
ignore_fields = ["metadata.annotations"]
yaml_body = <<-EOF
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: "StringSecret"
metadata:
name: "nextcloud"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
forceRegenerate: false
data:
nextcloud-username: "${var.admin.name}"
fields:
- fieldName: "nextcloud-password"
length: "32"
- fieldName: "nextcloud-token"
length: "32"
EOF
}