vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-25 14:21:14 +02:00
parent 57954c4192
commit f2dd6e76b9
13 changed files with 2098 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
apps/sonar/sonar_Job.tf Normal file
View File

@@ -0,0 +1,49 @@
resource "kubectl_manifest" "post_install_job" {
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: "${var.instance}-${var.component}-post-config"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: wait-for-svc
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
imagePullPolicy: ${var.images.sonar.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
containers:
- name: post-config
image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
imagePullPolicy: ${var.images.sonar.pull_policy}
command: ["/bin/bash", "-cx"]
args:
- >-
curl -v -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
EOF
}

5
apps/sonar/sonar_Secret.tf
View File

@@ -2,6 +2,10 @@ resource "random_password" "system" {
length = 16
special = false
}
resource "random_password" "admin" {
length = 16
special = false
}
resource "kubectl_manifest" "secret" {
yaml_body = <<-EOF
@@ -14,5 +18,6 @@ resource "kubectl_manifest" "secret" {
type: Opaque
stringData:
SONAR_WEB_SYSTEMPASSCODE: "${random_password.system.result}"
ADMIN_PASSWORD: "${random_password.admin.result}"
EOF
}

13
apps/taiga/check.rhai Normal file
View File

@@ -0,0 +1,13 @@
const DOMAIN = config.domain;
fn check_domain() {
assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
}
fn check_authentik() {
assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`);
assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`);
assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`);
}
fn pre_check() {
check_domain();
check_authentik();
}

55
apps/taiga/common.tf Normal file
View File

@@ -0,0 +1,55 @@
data "kubernetes_secret_v1" "authentik" {
metadata {
name = "authentik"
namespace = "${var.domain}-auth"
}
}
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
core_labels = {
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
common_labels = merge({
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
},local.core_labels)
back_labels = merge({
"app.kubernetes.io/componant" = "back"
},local.core_labels)
back_all_labels = merge({
"app.kubernetes.io/componant" = "back"
},local.common_labels)
front_labels = merge({
"app.kubernetes.io/componant" = "front"
},local.core_labels)
front_all_labels = merge({
"app.kubernetes.io/componant" = "front"
},local.common_labels)
event_labels = merge({
"app.kubernetes.io/componant" = "event"
},local.core_labels)
event_all_labels = merge({
"app.kubernetes.io/componant" = "event"
},local.common_labels)
protected_labels = merge({
"app.kubernetes.io/componant" = "protected"
},local.core_labels)
protected_all_labels = merge({
"app.kubernetes.io/componant" = "protected"
},local.common_labels)
pg_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
async_rabbitmq_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "async-rabbitmq"
})
events_rabbitmq_labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "events-rabbitmq"
})
}

430
apps/taiga/index.yaml Normal file
View File

@@ -0,0 +1,430 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: apps
metadata:
name: taiga
description: A flexible project management web application.
options:
app_group:
default: apps
examples:
- apps
type: string
backups:
default:
enable: false
endpoint: ''
key_id_key: s3-id
restic_key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 10 3 * * *
check: 10 5 * * 1
db: 10 3 * * *
prune: 10 1 * * 0
secret_key: s3-secret
secret_name: backup-settings
use_barman: false
examples:
- enable: false
endpoint: ''
key_id_key: s3-id
restic_key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 10 3 * * *
check: 10 5 * * 1
db: 10 3 * * *
prune: 10 1 * * 0
secret_key: s3-secret
secret_name: backup-settings
use_barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key_id_key:
default: s3-id
type: string
restic_key:
default: bck-password
type: string
retention:
default:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties:
db:
default: 30d
type: string
keepDaily:
default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 10 3 * * *
check: 10 5 * * 1
db: 10 3 * * *
prune: 10 1 * * 0
properties:
backup:
default: 10 3 * * *
type: string
check:
default: 10 5 * * 1
type: string
db:
default: 10 3 * * *
type: string
prune:
default: 10 1 * * 0
type: string
type: object
secret_key:
default: s3-secret
type: string
secret_name:
default: backup-settings
type: string
use_barman:
default: false
type: boolean
type: object
domain:
default: your-company
examples:
- your-company
type: string
domain_name:
default: your-company.com
examples:
- your-company.com
type: string
hpa:
default:
avg-cpu: 50
max-replicas: 5
min-replicas: 1
examples:
- avg-cpu: 50
max-replicas: 5
min-replicas: 1
properties:
avg-cpu:
default: 50
type: integer
max-replicas:
default: 5
type: integer
min-replicas:
default: 1
type: integer
type: object
images:
default:
app:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
rabbit:
pull_policy: IfNotPresent
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
examples:
- app:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
postgresql:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
rabbit:
pull_policy: IfNotPresent
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
properties:
app:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: to-be/defined
tag: v1.0.0
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: to-be/defined
type: string
tag:
default: v1.0.0
type: string
type: object
postgresql:
default:
registry: ghcr.io
repository: cloudnative-pg/postgresql
tag: 15.3
properties:
registry:
default: ghcr.io
type: string
repository:
default: cloudnative-pg/postgresql
type: string
tag:
default: 15.3
type: number
type: object
rabbit:
default:
pull_policy: IfNotPresent
registry: docker.io
repository: rabbitmq
tag: 3.10.2-management
properties:
pull_policy:
default: IfNotPresent
enum:
- Always
- Never
- IfNotPresent
type: string
registry:
default: docker.io
type: string
repository:
default: rabbitmq
type: string
tag:
default: 3.10.2-management
type: string
type: object
type: object
ingress_class:
default: traefik
examples:
- traefik
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
language:
default: fr_FR
examples:
- fr_FR
type: string
postgres:
default:
replicas: 1
examples:
- replicas: 1
properties:
replicas:
default: 1
type: integer
type: object
rabbitmq:
default:
limits:
cpu: '2'
memory: 2Gi
replicas: 1
requests:
cpu: 250m
memory: 500Mi
examples:
- limits:
cpu: '2'
memory: 2Gi
replicas: 1
requests:
cpu: 250m
memory: 500Mi
properties:
limits:
default:
cpu: '2'
memory: 2Gi
properties:
cpu:
default: '2'
type: string
memory:
default: 2Gi
type: string
type: object
replicas:
default: 1
type: integer
requests:
default:
cpu: 250m
memory: 500Mi
properties:
cpu:
default: 250m
type: string
memory:
default: 500Mi
type: string
type: object
type: object
replicas:
default: 1
examples:
- 1
type: integer
sso_vynil:
default: true
examples:
- true
type: boolean
storage:
default:
postgres:
size: 10Gi
rabbitmq_async:
size: 2Gi
rabbitmq_events:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
type: Filesystem
description: Configure this app storage
examples:
- postgres:
size: 10Gi
rabbitmq_async:
size: 2Gi
rabbitmq_events:
size: 2Gi
volume:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
type: Filesystem
properties:
postgres:
default:
size: 10Gi
properties:
size:
default: 10Gi
type: string
type: object
rabbitmq_async:
default:
size: 2Gi
properties:
size:
default: 2Gi
type: string
type: object
rabbitmq_events:
default:
size: 2Gi
properties:
size:
default: 2Gi
type: string
type: object
volume:
default:
accessMode: ReadWriteOnce
class: ''
size: 1Gi
type: Filesystem
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
class:
default: ''
type: string
size:
default: 1Gi
type: string
type:
default: Filesystem
enum:
- Filesystem
- Block
type: string
type: object
type: object
sub_domain:
default: to-be-set
examples:
- to-be-set
type: string
timezone:
default: Europe/Paris
examples:
- Europe/Paris
type: string
dependencies:
- dist: null
category: dbo
component: pg
providers:
kubernetes: true
authentik: true
kubectl: true
postgresql: null
mysql: null
restapi: null
http: null
gitea: null
tfaddtype: null

57
apps/taiga/postgresql.tf Normal file
View File

@@ -0,0 +1,57 @@
resource "kubectl_manifest" "prj_pg" {
yaml_body = join("", concat([<<-EOF
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: "${var.instance}-${var.component}-pg"
namespace: "${var.namespace}"
labels: ${jsonencode(local.pg_labels)}
spec:
instances: ${var.postgres.replicas}
imageName: "${var.images.postgresql.registry}/${var.images.postgresql.repository}:${var.images.postgresql.tag}"
storage:
size: "${var.storage.postgres.size}"
bootstrap:
initdb:
database: "${var.component}"
owner: "${var.component}"
monitoring:
enablePodMonitor: true
inheritedMetadata:
annotations:
"k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean"
"k8up.io/file-extension": ".sql"
"k8up.io/backup": "true"
EOF
], var.backups.enable&&var.backups.use_barman?[<<-EOF
backup:
barmanObjectStore:
destinationPath: "s3://${var.instance}-${var.namespace}/"
endpointURL: "${var.backups.endpoint}/barman"
s3Credentials:
accessKeyId:
name: "${var.backups.secret_name}"
key: "${var.backups.key_id_key}"
secretAccessKey:
name: "${var.backups.secret_name}"
key: "${var.backups.secret_key}"
EOF
]:[""]))
}
resource "kubectl_manifest" "prj_pg_backup" {
count = var.backups.enable ? 1:0
yaml_body = <<-EOF
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: "${var.instance}-${var.component}-pg"
namespace: "${var.namespace}"
labels: ${jsonencode(local.pg_labels)}
spec:
schedule: "${var.backups.schedule.db}"
backupOwnerReference: self
cluster:
name: "${var.instance}-${var.component}-pg"
EOF
}

45
apps/taiga/rabbits.tf Normal file
View File

@@ -0,0 +1,45 @@
resource "kubectl_manifest" "async_rabbit" {
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${var.component}-async-rabbitmq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.async_rabbitmq_labels)}
spec:
image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}"
persistence:
storage: "${var.storage.rabbitmq_async}"
replicas: ${var.rabbitmq.replicas}
resources:
limits:
cpu: "${var.rabbitmq.limits.cpu}"
memory: "${var.rabbitmq.limits.memory}"
requests:
cpu: "${var.rabbitmq.requests.cpu}"
memory: "${var.rabbitmq.requests.memory}"
EOF
}
resource "kubectl_manifest" "events_rabbit" {
yaml_body = <<-EOF
apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
name: "${var.component}-events-rabbitmq"
namespace: "${var.namespace}"
labels: ${jsonencode(local.events_rabbitmq_labels)}
spec:
image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}"
persistence:
storage: "${var.storage.rabbitmq_events}"
replicas: ${var.rabbitmq.replicas}
resources:
limits:
cpu: "${var.rabbitmq.limits.cpu}"
memory: "${var.rabbitmq.limits.memory}"
requests:
cpu: "${var.rabbitmq.requests.cpu}"
memory: "${var.rabbitmq.requests.memory}"
EOF
}

189
apps/taiga/taiga_ConfigMap.tf Normal file
View File

@@ -0,0 +1,189 @@
resource "kubectl_manifest" "cm_env" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: "${var.instance}-${var.component}-envs"
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
data:
POSTGRES_DB: ${var.component}
POSTGRES_USER: ${var.component}
POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc
TAIGA_SITES_DOMAIN: localhost:9000
TAIGA_SITES_SCHEME: http
SESSION_COOKIE_SECURE: 'False'
CSRF_COOKIE_SECURE: 'False'
ENABLE_TELEMETRY: 'False'
PUBLIC_REGISTER_ENABLED: 'False'
ENABLE_GITHUB_AUTH: 'False'
ENABLE_GITLAB_AUTH: 'True'
GITLAB_CLIENT_ID:
GITLAB_API_CLIENT_ID: gitlab-api-client-id
GITLAB_API_CLIENT_SECRET: gitlab-api-client-secret
GITLAB_URL: gitlab-url
ENABLE_SLACK: 'False'
ENABLE_GITHUB_IMPORTER: 'False'
ENABLE_JIRA_IMPORTER: 'False'
ENABLE_TRELLO_IMPORTER: 'False'
TRELLO_IMPORTER_API_KEY: api-key-from-trello
TRELLO_IMPORTER_SECRET_KEY: secret-key-from-trello
- name: TAIGA_URL
value: http://localhost:9000
- name: PUBLIC_REGISTER_ENABLED
value: 'false'
- name: ENABLE_GITHUB_AUTH
value: 'false'
- name: ENABLE_GITLAB_AUTH
value: 'true'
- name: GITLAB_CLIENT_ID
value: gitlab-api-client-id
- name: GITLAB_URL
value: gitlab-url
- name: ENABLE_SLACK
value: 'false'
- name: ENABLE_GITHUB_IMPORTER
value: 'false'
- name: ENABLE_JIRA_IMPORTER
value: 'false'
- name: ENABLE_TRELLO_IMPORTER
value: 'false'
EOF
}
resource "kubectl_manifest" "cm_scripts" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-createinitialtemplates
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
data:
createinitialtemplates.sh: |-
#!/bin/sh
echo """
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://taiga-back/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates']))
""" > /tmp/create_initial_project_templates.py
python /tmp/create_initial_project_templates.py
createinitialuser.sh: |-
#!/bin/sh
echo """
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://taiga-back/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
else:
print('Admin user yet created.')
""" > /tmp/create_superuser.py
python /tmp/create_superuser.py
EOF
}
resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
yaml_body = <<-EOF
apiVersion: v1
kind: ConfigMap
metadata:
name: taiga-gateway
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
data:
default.conf: |-
server {
listen 80 default_server;
client_max_body_size 100M;
charset utf-8;
# Frontend
location / {
proxy_pass http://taiga-front/;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
# Api
location /api {
proxy_pass http://taiga-back:8000/api;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
# Admin
location /admin {
proxy_pass http://taiga-back:8000/admin;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
# Static
location /static {
root /taiga;
}
# Media
location /_protected {
internal;
alias /taiga/media/;
add_header Content-disposition "attachment";
}
# Unprotected section
location /media/exports {
alias /taiga/media/exports/;
add_header Content-disposition "attachment";
}
location /media {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://taiga-protected:8003/;
proxy_redirect off;
}
# Events
location /events {
proxy_pass http://taiga-events:8888/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
EOF
}

82
apps/taiga/taiga_Job.tf Normal file
View File

@@ -0,0 +1,82 @@
resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: taiga-createinitialtemplates
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
spec:
template:
spec:
containers:
- name: createinitialtemplates
image: docker.io/taigaio/taiga-back:latest
command:
- sh
- /scripts/createinitialtemplates.sh
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
volumeMounts:
- name: createinitialtemplates
mountPath: /scripts
restartPolicy: Never
volumes:
- name: createinitialtemplates
configMap:
name: taiga-createinitialtemplates
defaultMode: '0744'
backoffLimit: 4
EOF
}
resource "kubectl_manifest" "Job_taiga-createinitialuser" {
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: taiga-createinitialuser
namespace: ${var.namespace}
labels: ${jsonencode(local.common_labels)}
spec:
template:
spec:
containers:
- name: createinitialuser
image: docker.io/taigaio/taiga-back:latest
command:
- sh
- /scripts/createinitialuser.sh
volumeMounts:
- name: createinitialuser
mountPath: /scripts
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
restartPolicy: Never
volumes:
- name: createinitialuser
configMap:
name: taiga-createinitialuser
defaultMode: '0744'
backoffLimit: 4
EOF
}

34
apps/taiga/taiga_PersistentVolumeClaim.tf Normal file
View File

@@ -0,0 +1,34 @@
resource "kubectl_manifest" "PersistentVolumeClaim_taiga-media" {
yaml_body = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: taiga-media
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
EOF
}
resource "kubectl_manifest" "PersistentVolumeClaim_taiga-static" {
yaml_body = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: taiga-static
labels: ${jsonencode(local.common_labels)}
namespace: ${var.namespace}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
EOF
}

18
apps/taiga/taiga_Secret.tf Normal file
View File

@@ -0,0 +1,18 @@
resource "random_password" "system" {
length = 32
special = false
}
resource "kubectl_manifest" "secret" {
yaml_body = <<-EOF
apiVersion: v1
kind: Secret
metadata:
name: "${var.instance}-${var.component}"
labels: ${jsonencode(local.sonar_all_labels)}
namespace: ${var.namespace}
type: Opaque
stringData:
TAIGA_SECRET_KEY: "${random_password.system.result}"
EOF
}

278
apps/taiga/taiga_Service.tf Normal file
View File

@@ -0,0 +1,278 @@
resource "kubectl_manifest" "Service_taiga-back" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-back
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-back
port: 8000
targetPort: taiga-back
- name: taiga-gateway
port: 80
targetPort: taiga-gateway
selector:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-async-rabbitmq-headless" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-async-rabbitmq-headless
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: http-stats
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: async-rabbitmq
app.kubernetes.io/instance: taiga
publishNotReadyAddresses: true
EOF
}
resource "kubectl_manifest" "Service_taiga-postgresql" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-postgresql
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
annotations: null
spec:
type: ClusterIP
sessionAffinity: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
nodePort: null
selector:
app.kubernetes.io/name: postgresql
app.kubernetes.io/instance: taiga
app.kubernetes.io/component: primary
EOF
}
resource "kubectl_manifest" "Service_taiga-events" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-events
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-events
port: 8888
targetPort: taiga-events
selector:
app.kubernetes.io/name: taiga-events
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-protected" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-protected
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-protected
port: 8003
targetPort: taiga-protected
selector:
app.kubernetes.io/name: taiga-protected
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-events-rabbitmq-headless" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-events-rabbitmq-headless
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
spec:
clusterIP: None
ports:
- name: epmd
port: 4369
targetPort: epmd
- name: amqp
port: 5672
targetPort: amqp
- name: dist
port: 25672
targetPort: dist
- name: http-stats
port: 15672
targetPort: stats
selector:
app.kubernetes.io/name: events-rabbitmq
app.kubernetes.io/instance: taiga
publishNotReadyAddresses: true
EOF
}
resource "kubectl_manifest" "Service_taiga-front" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-front
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-front
port: 80
targetPort: taiga-front
selector:
app.kubernetes.io/name: taiga-front
app.kubernetes.io/instance: taiga
EOF
}
resource "kubectl_manifest" "Service_taiga-gateway" {
yaml_body = <<-EOF
apiVersion: v1
kind: Service
metadata:
name: taiga-gateway
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
type: ClusterIP
ports:
- name: taiga-gateway
port: 80
targetPort: taiga-gateway
selector:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
EOF
}
# resource "kubectl_manifest" "Service_taiga-events-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-events-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# sessionAffinity: None
# ports:
# - name: amqp
# port: 5672
# targetPort: amqp
# nodePort: null
# - name: epmd
# port: 4369
# targetPort: epmd
# nodePort: null
# - name: dist
# port: 25672
# targetPort: dist
# nodePort: null
# - name: http-stats
# port: 15672
# targetPort: stats
# nodePort: null
# selector:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# EOF
# }
# resource "kubectl_manifest" "Service_taiga-postgresql-hl" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-postgresql-hl
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# clusterIP: None
# publishNotReadyAddresses: true
# ports:
# - name: tcp-postgresql
# port: 5432
# targetPort: tcp-postgresql
# selector:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# EOF
# }
# resource "kubectl_manifest" "Service_taiga-async-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: v1
# kind: Service
# metadata:
# name: taiga-async-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# type: ClusterIP
# sessionAffinity: None
# ports:
# - name: amqp
# port: 5672
# targetPort: amqp
# nodePort: null
# - name: epmd
# port: 4369
# targetPort: epmd
# nodePort: null
# - name: dist
# port: 25672
# targetPort: dist
# nodePort: null
# - name: http-stats
# port: 15672
# targetPort: stats
# nodePort: null
# selector:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# EOF
# }

843
apps/taiga/taiga_workload.tf Normal file
View File

@@ -0,0 +1,843 @@
resource "kubectl_manifest" "Deployment_taiga-events" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-events
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-events
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-events
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-events
spec:
serviceAccountName: default
containers:
- name: taiga-events
image: docker.io/taigaio/taiga-events:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
ports:
- name: taiga-events
containerPort: 8888
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-front" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-front
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-front
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-front
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-front
spec:
serviceAccountName: default
containers:
- name: taiga-front
image: docker.io/taigaio/taiga-front:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
envFrom:
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
ports:
- name: taiga-front
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-protected" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-protected
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-protected
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-protected
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-protected
spec:
serviceAccountName: default
containers:
- name: taiga-protected
image: docker.io/taigaio/taiga-protected:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
env:
- name: SECRET_KEY
value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1
- name: MAX_AGE
value: '360'
ports:
- name: taiga-protected
containerPort: 8003
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-back" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-back
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-back
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-back
spec:
serviceAccountName: default
containers:
- name: taiga-back
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
ports:
- name: taiga-back
containerPort: 8000
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
- name: taiga-async
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
command:
- /taiga-back/docker/async_entrypoint.sh
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
- name: taiga-gateway
image: docker.io/nginx:1.19-alpine
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
ports:
- name: taiga-gateway
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 10
volumeMounts:
- name: taiga-static
mountPath: /taiga/static
- name: taiga-media
mountPath: /taiga/media
- name: taiga-conf
mountPath: /etc/nginx/conf.d/
volumes:
- name: taiga-static
persistentVolumeClaim:
claimName: taiga-static
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
- name: taiga-conf
configMap:
name: taiga-gateway
EOF
}
# resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-async-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-async-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: async-rabbitmq
# helm.sh/chart: async-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0
# checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329
# spec:
# serviceAccountName: taiga-async-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-async-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-async-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-events-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-events-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: events-rabbitmq
# helm.sh/chart: events-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485
# checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8
# spec:
# serviceAccountName: taiga-events-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-events-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-events-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-postgresql" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-postgresql
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# annotations: null
# spec:
# replicas: 1
# serviceName: taiga-postgresql-hl
# updateStrategy:
# rollingUpdate: {}
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# template:
# metadata:
# name: taiga-postgresql
# labels:
# app.kubernetes.io/name: postgresql
# helm.sh/chart: postgresql-11.6.26
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# app.kubernetes.io/component: primary
# annotations: null
# spec:
# serviceAccountName: default
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# hostNetwork: false
# hostIPC: false
# initContainers: null
# containers:
# - name: postgresql
# image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsUser: 1001
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: POSTGRESQL_PORT_NUMBER
# value: '5432'
# - name: POSTGRESQL_VOLUME_DIR
# value: /bitnami/postgresql
# - name: PGDATA
# value: /bitnami/postgresql/data
# - name: POSTGRES_USER
# value: taiga
# - name: POSTGRES_POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: postgres-password
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: password
# - name: POSTGRES_DB
# value: taiga
# - name: POSTGRESQL_ENABLE_LDAP
# value: no
# - name: POSTGRESQL_ENABLE_TLS
# value: no
# - name: POSTGRESQL_LOG_HOSTNAME
# value: 'false'
# - name: POSTGRESQL_LOG_CONNECTIONS
# value: 'false'
# - name: POSTGRESQL_LOG_DISCONNECTIONS
# value: 'false'
# - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
# value: off
# - name: POSTGRESQL_CLIENT_MIN_MESSAGES
# value: error
# - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
# value: pgaudit
# ports:
# - name: tcp-postgresql
# containerPort: 5432
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 30
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# readinessProbe:
# failureThreshold: 6
# initialDelaySeconds: 5
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - -e
# - |
# exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
# resources:
# limits: {}
# requests:
# cpu: 250m
# memory: 256Mi
# volumeMounts:
# - name: dshm
# mountPath: /dev/shm
# - name: data
# mountPath: /bitnami/postgresql
# volumes:
# - name: dshm
# emptyDir:
# medium: Memory
# volumeClaimTemplates:
# - metadata:
# name: data
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }