From f2dd6e76b9a16825a856abe7f5d7f7950b4c85f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Sat, 25 May 2024 14:21:14 +0200 Subject: [PATCH] fix --- apps/sonar/sonar_Job.tf | 49 ++ apps/sonar/sonar_Secret.tf | 5 + apps/taiga/check.rhai | 13 + apps/taiga/common.tf | 55 ++ apps/taiga/index.yaml | 430 +++++++++++ apps/taiga/postgresql.tf | 57 ++ apps/taiga/rabbits.tf | 45 ++ apps/taiga/taiga_ConfigMap.tf | 189 +++++ apps/taiga/taiga_Job.tf | 82 +++ apps/taiga/taiga_PersistentVolumeClaim.tf | 34 + apps/taiga/taiga_Secret.tf | 18 + apps/taiga/taiga_Service.tf | 278 +++++++ apps/taiga/taiga_workload.tf | 843 ++++++++++++++++++++++ 13 files changed, 2098 insertions(+) create mode 100644 apps/sonar/sonar_Job.tf create mode 100644 apps/taiga/check.rhai create mode 100644 apps/taiga/common.tf create mode 100644 apps/taiga/index.yaml create mode 100644 apps/taiga/postgresql.tf create mode 100644 apps/taiga/rabbits.tf create mode 100644 apps/taiga/taiga_ConfigMap.tf create mode 100644 apps/taiga/taiga_Job.tf create mode 100644 apps/taiga/taiga_PersistentVolumeClaim.tf create mode 100644 apps/taiga/taiga_Secret.tf create mode 100644 apps/taiga/taiga_Service.tf create mode 100644 apps/taiga/taiga_workload.tf diff --git a/apps/sonar/sonar_Job.tf b/apps/sonar/sonar_Job.tf new file mode 100644 index 0000000..caa2a00 --- /dev/null +++ b/apps/sonar/sonar_Job.tf @@ -0,0 +1,49 @@ +resource "kubectl_manifest" "post_install_job" { + yaml_body = <<-EOF + apiVersion: batch/v1 + kind: Job + metadata: + name: "${var.instance}-${var.component}-post-config" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + template: + spec: + restartPolicy: OnFailure + initContainers: + - name: wait-for-svc + image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" + imagePullPolicy: ${var.images.sonar.pull_policy} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + command: ["/bin/bash", "-c"] + args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"] + containers: + - name: post-config + image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" + imagePullPolicy: ${var.images.sonar.pull_policy} + command: ["/bin/bash", "-cx"] + args: + - >- + curl -v -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD" + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + EOF +} diff --git a/apps/sonar/sonar_Secret.tf b/apps/sonar/sonar_Secret.tf index 7ccc241..8380c20 100644 --- a/apps/sonar/sonar_Secret.tf +++ b/apps/sonar/sonar_Secret.tf @@ -2,6 +2,10 @@ resource "random_password" "system" { length = 16 special = false } +resource "random_password" "admin" { + length = 16 + special = false +} resource "kubectl_manifest" "secret" { yaml_body = <<-EOF @@ -14,5 +18,6 @@ resource "kubectl_manifest" "secret" { type: Opaque stringData: SONAR_WEB_SYSTEMPASSCODE: "${random_password.system.result}" + ADMIN_PASSWORD: "${random_password.admin.result}" EOF } diff --git a/apps/taiga/check.rhai b/apps/taiga/check.rhai new file mode 100644 index 0000000..1d67ecd --- /dev/null +++ b/apps/taiga/check.rhai @@ -0,0 +1,13 @@ +const DOMAIN = config.domain; +fn check_domain() { + assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`); +} +fn check_authentik() { + assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`); + assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`); + assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`); +} +fn pre_check() { + check_domain(); + check_authentik(); +} diff --git a/apps/taiga/common.tf b/apps/taiga/common.tf new file mode 100644 index 0000000..2c40dd7 --- /dev/null +++ b/apps/taiga/common.tf @@ -0,0 +1,55 @@ +data "kubernetes_secret_v1" "authentik" { + metadata { + name = "authentik" + namespace = "${var.domain}-auth" + } +} +locals { + authentik_url = "http://authentik.${var.domain}-auth.svc" + authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"] + core_labels = { + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } + common_labels = merge({ + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + },local.core_labels) + back_labels = merge({ + "app.kubernetes.io/componant" = "back" + },local.core_labels) + back_all_labels = merge({ + "app.kubernetes.io/componant" = "back" + },local.common_labels) + front_labels = merge({ + "app.kubernetes.io/componant" = "front" + },local.core_labels) + front_all_labels = merge({ + "app.kubernetes.io/componant" = "front" + },local.common_labels) + event_labels = merge({ + "app.kubernetes.io/componant" = "event" + },local.core_labels) + event_all_labels = merge({ + "app.kubernetes.io/componant" = "event" + },local.common_labels) + protected_labels = merge({ + "app.kubernetes.io/componant" = "protected" + },local.core_labels) + protected_all_labels = merge({ + "app.kubernetes.io/componant" = "protected" + },local.common_labels) + pg_labels = merge(local.common_labels, { + "app.kubernetes.io/component" = "pg" + }) + async_rabbitmq_labels = merge(local.common_labels, { + "app.kubernetes.io/component" = "async-rabbitmq" + }) + events_rabbitmq_labels = merge(local.common_labels, { + "app.kubernetes.io/component" = "events-rabbitmq" + }) +} + diff --git a/apps/taiga/index.yaml b/apps/taiga/index.yaml new file mode 100644 index 0000000..8046709 --- /dev/null +++ b/apps/taiga/index.yaml @@ -0,0 +1,430 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: apps +metadata: + name: taiga + description: A flexible project management web application. +options: + app_group: + default: apps + examples: + - apps + type: string + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + examples: + - enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + restic_key: + default: bck-password + type: string + retention: + default: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + properties: + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + properties: + backup: + default: 10 3 * * * + type: string + check: + default: 10 5 * * 1 + type: string + db: + default: 10 3 * * * + type: string + prune: + default: 10 1 * * 0 + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + use_barman: + default: false + type: boolean + type: object + domain: + default: your-company + examples: + - your-company + type: string + domain_name: + default: your-company.com + examples: + - your-company.com + type: string + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + images: + default: + app: + pull_policy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + postgresql: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + rabbit: + pull_policy: IfNotPresent + registry: docker.io + repository: rabbitmq + tag: 3.10.2-management + examples: + - app: + pull_policy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + postgresql: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + rabbit: + pull_policy: IfNotPresent + registry: docker.io + repository: rabbitmq + tag: 3.10.2-management + properties: + app: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: to-be/defined + tag: v1.0.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: to-be/defined + type: string + tag: + default: v1.0.0 + type: string + type: object + postgresql: + default: + registry: ghcr.io + repository: cloudnative-pg/postgresql + tag: 15.3 + properties: + registry: + default: ghcr.io + type: string + repository: + default: cloudnative-pg/postgresql + type: string + tag: + default: 15.3 + type: number + type: object + rabbit: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: rabbitmq + tag: 3.10.2-management + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: rabbitmq + type: string + tag: + default: 3.10.2-management + type: string + type: object + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + language: + default: fr_FR + examples: + - fr_FR + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + rabbitmq: + default: + limits: + cpu: '2' + memory: 2Gi + replicas: 1 + requests: + cpu: 250m + memory: 500Mi + examples: + - limits: + cpu: '2' + memory: 2Gi + replicas: 1 + requests: + cpu: 250m + memory: 500Mi + properties: + limits: + default: + cpu: '2' + memory: 2Gi + properties: + cpu: + default: '2' + type: string + memory: + default: 2Gi + type: string + type: object + replicas: + default: 1 + type: integer + requests: + default: + cpu: 250m + memory: 500Mi + properties: + cpu: + default: 250m + type: string + memory: + default: 500Mi + type: string + type: object + type: object + replicas: + default: 1 + examples: + - 1 + type: integer + sso_vynil: + default: true + examples: + - true + type: boolean + storage: + default: + postgres: + size: 10Gi + rabbitmq_async: + size: 2Gi + rabbitmq_events: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 1Gi + type: Filesystem + description: Configure this app storage + examples: + - postgres: + size: 10Gi + rabbitmq_async: + size: 2Gi + rabbitmq_events: + size: 2Gi + volume: + accessMode: ReadWriteOnce + class: '' + size: 1Gi + type: Filesystem + properties: + postgres: + default: + size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + rabbitmq_async: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + rabbitmq_events: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + class: '' + size: 1Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + class: + default: '' + type: string + size: + default: 1Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + type: object + sub_domain: + default: to-be-set + examples: + - to-be-set + type: string + timezone: + default: Europe/Paris + examples: + - Europe/Paris + type: string +dependencies: +- dist: null + category: dbo + component: pg +providers: + kubernetes: true + authentik: true + kubectl: true + postgresql: null + mysql: null + restapi: null + http: null + gitea: null +tfaddtype: null diff --git a/apps/taiga/postgresql.tf b/apps/taiga/postgresql.tf new file mode 100644 index 0000000..2407605 --- /dev/null +++ b/apps/taiga/postgresql.tf @@ -0,0 +1,57 @@ +resource "kubectl_manifest" "prj_pg" { + yaml_body = join("", concat([<<-EOF + apiVersion: postgresql.cnpg.io/v1 + kind: Cluster + metadata: + name: "${var.instance}-${var.component}-pg" + namespace: "${var.namespace}" + labels: ${jsonencode(local.pg_labels)} + spec: + instances: ${var.postgres.replicas} + imageName: "${var.images.postgresql.registry}/${var.images.postgresql.repository}:${var.images.postgresql.tag}" + storage: + size: "${var.storage.postgres.size}" + bootstrap: + initdb: + database: "${var.component}" + owner: "${var.component}" + monitoring: + enablePodMonitor: true + inheritedMetadata: + annotations: + "k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean" + "k8up.io/file-extension": ".sql" + "k8up.io/backup": "true" + EOF + ], var.backups.enable&&var.backups.use_barman?[<<-EOF + backup: + barmanObjectStore: + destinationPath: "s3://${var.instance}-${var.namespace}/" + endpointURL: "${var.backups.endpoint}/barman" + s3Credentials: + accessKeyId: + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" + secretAccessKey: + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" + EOF + ]:[""])) +} + +resource "kubectl_manifest" "prj_pg_backup" { + count = var.backups.enable ? 1:0 + yaml_body = <<-EOF + apiVersion: postgresql.cnpg.io/v1 + kind: ScheduledBackup + metadata: + name: "${var.instance}-${var.component}-pg" + namespace: "${var.namespace}" + labels: ${jsonencode(local.pg_labels)} + spec: + schedule: "${var.backups.schedule.db}" + backupOwnerReference: self + cluster: + name: "${var.instance}-${var.component}-pg" + EOF +} diff --git a/apps/taiga/rabbits.tf b/apps/taiga/rabbits.tf new file mode 100644 index 0000000..d22212b --- /dev/null +++ b/apps/taiga/rabbits.tf @@ -0,0 +1,45 @@ +resource "kubectl_manifest" "async_rabbit" { + yaml_body = <<-EOF + apiVersion: rabbitmq.com/v1beta1 + kind: RabbitmqCluster + metadata: + name: "${var.component}-async-rabbitmq" + namespace: "${var.namespace}" + labels: ${jsonencode(local.async_rabbitmq_labels)} + spec: + image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}" + persistence: + storage: "${var.storage.rabbitmq_async}" + replicas: ${var.rabbitmq.replicas} + resources: + limits: + cpu: "${var.rabbitmq.limits.cpu}" + memory: "${var.rabbitmq.limits.memory}" + requests: + cpu: "${var.rabbitmq.requests.cpu}" + memory: "${var.rabbitmq.requests.memory}" + EOF +} + +resource "kubectl_manifest" "events_rabbit" { + yaml_body = <<-EOF + apiVersion: rabbitmq.com/v1beta1 + kind: RabbitmqCluster + metadata: + name: "${var.component}-events-rabbitmq" + namespace: "${var.namespace}" + labels: ${jsonencode(local.events_rabbitmq_labels)} + spec: + image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}" + persistence: + storage: "${var.storage.rabbitmq_events}" + replicas: ${var.rabbitmq.replicas} + resources: + limits: + cpu: "${var.rabbitmq.limits.cpu}" + memory: "${var.rabbitmq.limits.memory}" + requests: + cpu: "${var.rabbitmq.requests.cpu}" + memory: "${var.rabbitmq.requests.memory}" + EOF +} diff --git a/apps/taiga/taiga_ConfigMap.tf b/apps/taiga/taiga_ConfigMap.tf new file mode 100644 index 0000000..f6d5eb8 --- /dev/null +++ b/apps/taiga/taiga_ConfigMap.tf @@ -0,0 +1,189 @@ +resource "kubectl_manifest" "cm_env" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: "${var.instance}-${var.component}-envs" + labels: ${jsonencode(local.common_labels)} + namespace: ${var.namespace} + data: + POSTGRES_DB: ${var.component} + POSTGRES_USER: ${var.component} + POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc + TAIGA_SITES_DOMAIN: localhost:9000 + TAIGA_SITES_SCHEME: http + SESSION_COOKIE_SECURE: 'False' + CSRF_COOKIE_SECURE: 'False' + ENABLE_TELEMETRY: 'False' + PUBLIC_REGISTER_ENABLED: 'False' + ENABLE_GITHUB_AUTH: 'False' + ENABLE_GITLAB_AUTH: 'True' + GITLAB_CLIENT_ID: + GITLAB_API_CLIENT_ID: gitlab-api-client-id + GITLAB_API_CLIENT_SECRET: gitlab-api-client-secret + GITLAB_URL: gitlab-url + ENABLE_SLACK: 'False' + ENABLE_GITHUB_IMPORTER: 'False' + ENABLE_JIRA_IMPORTER: 'False' + ENABLE_TRELLO_IMPORTER: 'False' + TRELLO_IMPORTER_API_KEY: api-key-from-trello + TRELLO_IMPORTER_SECRET_KEY: secret-key-from-trello + + - name: TAIGA_URL + value: http://localhost:9000 + - name: PUBLIC_REGISTER_ENABLED + value: 'false' + - name: ENABLE_GITHUB_AUTH + value: 'false' + - name: ENABLE_GITLAB_AUTH + value: 'true' + - name: GITLAB_CLIENT_ID + value: gitlab-api-client-id + - name: GITLAB_URL + value: gitlab-url + - name: ENABLE_SLACK + value: 'false' + - name: ENABLE_GITHUB_IMPORTER + value: 'false' + - name: ENABLE_JIRA_IMPORTER + value: 'false' + - name: ENABLE_TRELLO_IMPORTER + value: 'false' + +EOF +} + +resource "kubectl_manifest" "cm_scripts" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: taiga-createinitialtemplates + labels: ${jsonencode(local.common_labels)} + namespace: ${var.namespace} + data: + createinitialtemplates.sh: |- + #!/bin/sh + echo """ + import time + import requests + import subprocess + + print('Waiting for backend ...') + while requests.get('http://taiga-back/api/v1/').status_code != 200: + print('...') + time.sleep(2) + + if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5: + print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates'])) + """ > /tmp/create_initial_project_templates.py + python /tmp/create_initial_project_templates.py + createinitialuser.sh: |- + #!/bin/sh + echo """ + import time + import requests + import subprocess + + print('Waiting for backend ...') + while requests.get('http://taiga-back/api/v1/').status_code != 200: + print('...') + time.sleep(2) + + if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1: + print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back')) + else: + print('Admin user yet created.') + """ > /tmp/create_superuser.py + python /tmp/create_superuser.py +EOF +} + +resource "kubectl_manifest" "ConfigMap_taiga-gateway" { + yaml_body = <<-EOF + apiVersion: v1 + kind: ConfigMap + metadata: + name: taiga-gateway + namespace: ${var.namespace} + labels: ${jsonencode(local.common_labels)} + data: + default.conf: |- + server { + listen 80 default_server; + + client_max_body_size 100M; + charset utf-8; + + # Frontend + location / { + proxy_pass http://taiga-front/; + proxy_pass_header Server; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + } + + # Api + location /api { + proxy_pass http://taiga-back:8000/api; + proxy_pass_header Server; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + } + + # Admin + location /admin { + proxy_pass http://taiga-back:8000/admin; + proxy_pass_header Server; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + } + + # Static + location /static { + root /taiga; + } + + # Media + location /_protected { + internal; + alias /taiga/media/; + add_header Content-disposition "attachment"; + } + + # Unprotected section + location /media/exports { + alias /taiga/media/exports/; + add_header Content-disposition "attachment"; + } + + location /media { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://taiga-protected:8003/; + proxy_redirect off; + } + + # Events + location /events { + proxy_pass http://taiga-events:8888/events; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + } + } +EOF +} + diff --git a/apps/taiga/taiga_Job.tf b/apps/taiga/taiga_Job.tf new file mode 100644 index 0000000..8990e2b --- /dev/null +++ b/apps/taiga/taiga_Job.tf @@ -0,0 +1,82 @@ +resource "kubectl_manifest" "Job_taiga-createinitialtemplates" { + yaml_body = <<-EOF + apiVersion: batch/v1 + kind: Job + metadata: + name: taiga-createinitialtemplates + namespace: ${var.namespace} + labels: ${jsonencode(local.common_labels)} + spec: + template: + spec: + containers: + - name: createinitialtemplates + image: docker.io/taigaio/taiga-back:latest + command: + - sh + - /scripts/createinitialtemplates.sh + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: ${var.instance}-${var.component}-pg-app + key: password + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + - configMapRef: + name: ${kubectl_manifest.cm_env.name} + volumeMounts: + - name: createinitialtemplates + mountPath: /scripts + restartPolicy: Never + volumes: + - name: createinitialtemplates + configMap: + name: taiga-createinitialtemplates + defaultMode: '0744' + backoffLimit: 4 +EOF +} + +resource "kubectl_manifest" "Job_taiga-createinitialuser" { + yaml_body = <<-EOF + apiVersion: batch/v1 + kind: Job + metadata: + name: taiga-createinitialuser + namespace: ${var.namespace} + labels: ${jsonencode(local.common_labels)} + spec: + template: + spec: + containers: + - name: createinitialuser + image: docker.io/taigaio/taiga-back:latest + command: + - sh + - /scripts/createinitialuser.sh + volumeMounts: + - name: createinitialuser + mountPath: /scripts + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: ${var.instance}-${var.component}-pg-app + key: password + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + - configMapRef: + name: ${kubectl_manifest.cm_env.name} + restartPolicy: Never + volumes: + - name: createinitialuser + configMap: + name: taiga-createinitialuser + defaultMode: '0744' + backoffLimit: 4 +EOF +} + diff --git a/apps/taiga/taiga_PersistentVolumeClaim.tf b/apps/taiga/taiga_PersistentVolumeClaim.tf new file mode 100644 index 0000000..05c2c9f --- /dev/null +++ b/apps/taiga/taiga_PersistentVolumeClaim.tf @@ -0,0 +1,34 @@ +resource "kubectl_manifest" "PersistentVolumeClaim_taiga-media" { + yaml_body = <<-EOF + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: taiga-media + labels: ${jsonencode(local.common_labels)} + namespace: ${var.namespace} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +EOF +} + +resource "kubectl_manifest" "PersistentVolumeClaim_taiga-static" { + yaml_body = <<-EOF + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: taiga-static + labels: ${jsonencode(local.common_labels)} + namespace: ${var.namespace} + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +EOF +} + diff --git a/apps/taiga/taiga_Secret.tf b/apps/taiga/taiga_Secret.tf new file mode 100644 index 0000000..6750503 --- /dev/null +++ b/apps/taiga/taiga_Secret.tf @@ -0,0 +1,18 @@ +resource "random_password" "system" { + length = 32 + special = false +} + +resource "kubectl_manifest" "secret" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Secret + metadata: + name: "${var.instance}-${var.component}" + labels: ${jsonencode(local.sonar_all_labels)} + namespace: ${var.namespace} + type: Opaque + stringData: + TAIGA_SECRET_KEY: "${random_password.system.result}" +EOF +} diff --git a/apps/taiga/taiga_Service.tf b/apps/taiga/taiga_Service.tf new file mode 100644 index 0000000..7009f5d --- /dev/null +++ b/apps/taiga/taiga_Service.tf @@ -0,0 +1,278 @@ +resource "kubectl_manifest" "Service_taiga-back" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-back + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-back + port: 8000 + targetPort: taiga-back + - name: taiga-gateway + port: 80 + targetPort: taiga-gateway + selector: + app.kubernetes.io/name: taiga-back + app.kubernetes.io/instance: taiga +EOF +} + +resource "kubectl_manifest" "Service_taiga-async-rabbitmq-headless" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-async-rabbitmq-headless + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + spec: + clusterIP: None + ports: + - name: epmd + port: 4369 + targetPort: epmd + - name: amqp + port: 5672 + targetPort: amqp + - name: dist + port: 25672 + targetPort: dist + - name: http-stats + port: 15672 + targetPort: stats + selector: + app.kubernetes.io/name: async-rabbitmq + app.kubernetes.io/instance: taiga + publishNotReadyAddresses: true +EOF +} + +resource "kubectl_manifest" "Service_taiga-postgresql" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-postgresql + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + annotations: null + spec: + type: ClusterIP + sessionAffinity: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + nodePort: null + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: taiga + app.kubernetes.io/component: primary +EOF +} + +resource "kubectl_manifest" "Service_taiga-events" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-events + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-events + port: 8888 + targetPort: taiga-events + selector: + app.kubernetes.io/name: taiga-events + app.kubernetes.io/instance: taiga +EOF +} + +resource "kubectl_manifest" "Service_taiga-protected" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-protected + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-protected + port: 8003 + targetPort: taiga-protected + selector: + app.kubernetes.io/name: taiga-protected + app.kubernetes.io/instance: taiga +EOF +} + +resource "kubectl_manifest" "Service_taiga-events-rabbitmq-headless" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-events-rabbitmq-headless + namespace: ${var.namespace} + labels: ${jsonencode(local.common-labels)} + spec: + clusterIP: None + ports: + - name: epmd + port: 4369 + targetPort: epmd + - name: amqp + port: 5672 + targetPort: amqp + - name: dist + port: 25672 + targetPort: dist + - name: http-stats + port: 15672 + targetPort: stats + selector: + app.kubernetes.io/name: events-rabbitmq + app.kubernetes.io/instance: taiga + publishNotReadyAddresses: true +EOF +} + +resource "kubectl_manifest" "Service_taiga-front" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-front + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-front + port: 80 + targetPort: taiga-front + selector: + app.kubernetes.io/name: taiga-front + app.kubernetes.io/instance: taiga +EOF +} + +resource "kubectl_manifest" "Service_taiga-gateway" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: taiga-gateway + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-gateway + port: 80 + targetPort: taiga-gateway + selector: + app.kubernetes.io/name: taiga-back + app.kubernetes.io/instance: taiga +EOF +} + + +# resource "kubectl_manifest" "Service_taiga-events-rabbitmq" { +# yaml_body = <<-EOF +# apiVersion: v1 +# kind: Service +# metadata: +# name: taiga-events-rabbitmq +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# spec: +# type: ClusterIP +# sessionAffinity: None +# ports: +# - name: amqp +# port: 5672 +# targetPort: amqp +# nodePort: null +# - name: epmd +# port: 4369 +# targetPort: epmd +# nodePort: null +# - name: dist +# port: 25672 +# targetPort: dist +# nodePort: null +# - name: http-stats +# port: 15672 +# targetPort: stats +# nodePort: null +# selector: +# app.kubernetes.io/name: events-rabbitmq +# app.kubernetes.io/instance: taiga +# EOF +# } + +# resource "kubectl_manifest" "Service_taiga-postgresql-hl" { +# yaml_body = <<-EOF +# apiVersion: v1 +# kind: Service +# metadata: +# name: taiga-postgresql-hl +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# spec: +# type: ClusterIP +# clusterIP: None +# publishNotReadyAddresses: true +# ports: +# - name: tcp-postgresql +# port: 5432 +# targetPort: tcp-postgresql +# selector: +# app.kubernetes.io/name: postgresql +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/component: primary +# EOF +# } + +# resource "kubectl_manifest" "Service_taiga-async-rabbitmq" { +# yaml_body = <<-EOF +# apiVersion: v1 +# kind: Service +# metadata: +# name: taiga-async-rabbitmq +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# spec: +# type: ClusterIP +# sessionAffinity: None +# ports: +# - name: amqp +# port: 5672 +# targetPort: amqp +# nodePort: null +# - name: epmd +# port: 4369 +# targetPort: epmd +# nodePort: null +# - name: dist +# port: 25672 +# targetPort: dist +# nodePort: null +# - name: http-stats +# port: 15672 +# targetPort: stats +# nodePort: null +# selector: +# app.kubernetes.io/name: async-rabbitmq +# app.kubernetes.io/instance: taiga +# EOF +# } diff --git a/apps/taiga/taiga_workload.tf b/apps/taiga/taiga_workload.tf new file mode 100644 index 0000000..72b13a7 --- /dev/null +++ b/apps/taiga/taiga_workload.tf @@ -0,0 +1,843 @@ +resource "kubectl_manifest" "Deployment_taiga-events" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: taiga-events + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + selector: + matchLabels: + app.kubernetes.io/name: taiga-events + app.kubernetes.io/instance: taiga + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: taiga-events + helm.sh/chart: taiga-0.0.11 + app.kubernetes.io/instance: taiga + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: taiga-events + spec: + serviceAccountName: default + containers: + - name: taiga-events + image: docker.io/taigaio/taiga-events:latest + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + env: + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + value: taiga + ports: + - name: taiga-events + containerPort: 8888 + livenessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +EOF +} + +resource "kubectl_manifest" "Deployment_taiga-front" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: taiga-front + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + selector: + matchLabels: + app.kubernetes.io/name: taiga-front + app.kubernetes.io/instance: taiga + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: taiga-front + helm.sh/chart: taiga-0.0.11 + app.kubernetes.io/instance: taiga + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: taiga-front + spec: + serviceAccountName: default + containers: + - name: taiga-front + image: docker.io/taigaio/taiga-front:latest + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + envFrom: + - configMapRef: + name: ${kubectl_manifest.cm_env.name} + ports: + - name: taiga-front + containerPort: 80 + livenessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +EOF +} + +resource "kubectl_manifest" "Deployment_taiga-protected" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: taiga-protected + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + selector: + matchLabels: + app.kubernetes.io/name: taiga-protected + app.kubernetes.io/instance: taiga + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: taiga-protected + helm.sh/chart: taiga-0.0.11 + app.kubernetes.io/instance: taiga + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: taiga-protected + spec: + serviceAccountName: default + containers: + - name: taiga-protected + image: docker.io/taigaio/taiga-protected:latest + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + env: + - name: SECRET_KEY + value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1 + - name: MAX_AGE + value: '360' + ports: + - name: taiga-protected + containerPort: 8003 + livenessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 +EOF +} + +resource "kubectl_manifest" "Deployment_taiga-back" { + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: taiga-back + labels: ${jsonencode(local.common-labels)} + namespace: ${var.namespace} + spec: + selector: + matchLabels: + app.kubernetes.io/name: taiga-back + app.kubernetes.io/instance: taiga + replicas: 1 + template: + metadata: + labels: + app.kubernetes.io/name: taiga-back + helm.sh/chart: taiga-0.0.11 + app.kubernetes.io/instance: taiga + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: taiga-back + spec: + serviceAccountName: default + containers: + - name: taiga-back + image: docker.io/taigaio/taiga-back:latest + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + env: + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + value: taiga + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: ${var.instance}-${var.component}-pg-app + key: password + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + - configMapRef: + name: ${kubectl_manifest.cm_env.name} + ports: + - name: taiga-back + containerPort: 8000 + livenessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /admin/login/ + port: 8000 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: taiga-static + mountPath: /taiga-back/static + - name: taiga-media + mountPath: /taiga-back/media + - name: taiga-async + image: docker.io/taigaio/taiga-back:latest + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + command: + - /taiga-back/docker/async_entrypoint.sh + env: + - name: RABBITMQ_USER + value: taiga + - name: RABBITMQ_PASS + value: taiga + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: ${var.instance}-${var.component}-pg-app + key: password + envFrom: + - secretRef: + name: ${kubectl_manifest.secret.name} + - configMapRef: + name: ${kubectl_manifest.cm_env.name} + volumeMounts: + - name: taiga-static + mountPath: /taiga-back/static + - name: taiga-media + mountPath: /taiga-back/media + - name: taiga-gateway + image: docker.io/nginx:1.19-alpine + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + ports: + - name: taiga-gateway + containerPort: 80 + livenessProbe: + httpGet: + path: /admin/login/ + port: 80 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /admin/login/ + port: 80 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 10 + volumeMounts: + - name: taiga-static + mountPath: /taiga/static + - name: taiga-media + mountPath: /taiga/media + - name: taiga-conf + mountPath: /etc/nginx/conf.d/ + volumes: + - name: taiga-static + persistentVolumeClaim: + claimName: taiga-static + - name: taiga-media + persistentVolumeClaim: + claimName: taiga-media + - name: taiga-conf + configMap: + name: taiga-gateway +EOF +} + +# resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" { +# yaml_body = <<-EOF +# apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: taiga-async-rabbitmq +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# spec: +# serviceName: taiga-async-rabbitmq-headless +# podManagementPolicy: OrderedReady +# replicas: 1 +# updateStrategy: +# type: RollingUpdate +# selector: +# matchLabels: +# app.kubernetes.io/name: async-rabbitmq +# app.kubernetes.io/instance: taiga +# template: +# metadata: +# labels: +# app.kubernetes.io/name: async-rabbitmq +# helm.sh/chart: async-rabbitmq-11.9.3 +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/managed-by: Helm +# annotations: +# checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0 +# checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329 +# spec: +# serviceAccountName: taiga-async-rabbitmq +# affinity: +# podAffinity: null +# podAntiAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - podAffinityTerm: +# labelSelector: +# matchLabels: +# app.kubernetes.io/name: async-rabbitmq +# app.kubernetes.io/instance: taiga +# topologyKey: kubernetes.io/hostname +# weight: 1 +# nodeAffinity: null +# securityContext: +# fsGroup: 1001 +# terminationGracePeriodSeconds: 120 +# initContainers: null +# containers: +# - name: rabbitmq +# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 +# imagePullPolicy: IfNotPresent +# securityContext: +# runAsNonRoot: true +# runAsUser: 1001 +# lifecycle: +# preStop: +# exec: +# command: +# - /bin/bash +# - -ec +# - | +# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then +# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" +# else +# rabbitmqctl stop_app +# fi +# env: +# - name: BITNAMI_DEBUG +# value: 'false' +# - name: MY_POD_IP +# valueFrom: +# fieldRef: +# fieldPath: status.podIP +# - name: MY_POD_NAME +# valueFrom: +# fieldRef: +# fieldPath: metadata.name +# - name: MY_POD_NAMESPACE +# valueFrom: +# fieldRef: +# fieldPath: metadata.namespace +# - name: K8S_SERVICE_NAME +# value: taiga-async-rabbitmq-headless +# - name: K8S_ADDRESS_TYPE +# value: hostname +# - name: RABBITMQ_FEATURE_FLAGS +# value: null +# - name: RABBITMQ_FORCE_BOOT +# value: no +# - name: RABBITMQ_NODE_NAME +# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local +# - name: K8S_HOSTNAME_SUFFIX +# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local +# - name: RABBITMQ_MNESIA_DIR +# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) +# - name: RABBITMQ_LDAP_ENABLE +# value: no +# - name: RABBITMQ_LOGS +# value: '-' +# - name: RABBITMQ_ULIMIT_NOFILES +# value: '65536' +# - name: RABBITMQ_USE_LONGNAME +# value: 'true' +# - name: RABBITMQ_ERL_COOKIE +# valueFrom: +# secretKeyRef: +# name: taiga-async-rabbitmq +# key: rabbitmq-erlang-cookie +# - name: RABBITMQ_LOAD_DEFINITIONS +# value: no +# - name: RABBITMQ_DEFINITIONS_FILE +# value: /app/load_definition.json +# - name: RABBITMQ_SECURE_PASSWORD +# value: yes +# - name: RABBITMQ_USERNAME +# value: taiga +# - name: RABBITMQ_PASSWORD +# valueFrom: +# secretKeyRef: +# name: taiga-async-rabbitmq +# key: rabbitmq-password +# - name: RABBITMQ_PLUGINS +# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap +# envFrom: null +# ports: +# - name: amqp +# containerPort: 5672 +# - name: dist +# containerPort: 25672 +# - name: stats +# containerPort: 15672 +# - name: epmd +# containerPort: 4369 +# livenessProbe: +# failureThreshold: 6 +# initialDelaySeconds: 120 +# periodSeconds: 30 +# successThreshold: 1 +# timeoutSeconds: 20 +# exec: +# command: +# - /bin/bash +# - -ec +# - rabbitmq-diagnostics -q ping +# readinessProbe: +# failureThreshold: 3 +# initialDelaySeconds: 10 +# periodSeconds: 30 +# successThreshold: 1 +# timeoutSeconds: 20 +# exec: +# command: +# - /bin/bash +# - -ec +# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms +# resources: +# limits: {} +# requests: {} +# volumeMounts: +# - name: configuration +# mountPath: /bitnami/rabbitmq/conf +# - name: data +# mountPath: /bitnami/rabbitmq/mnesia +# volumes: +# - name: configuration +# projected: +# sources: +# - secret: +# name: taiga-async-rabbitmq-config +# volumeClaimTemplates: +# - metadata: +# name: data +# labels: +# app.kubernetes.io/name: async-rabbitmq +# app.kubernetes.io/instance: taiga +# spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 8Gi +# EOF +# } + +# resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" { +# yaml_body = <<-EOF +# apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: taiga-events-rabbitmq +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# spec: +# serviceName: taiga-events-rabbitmq-headless +# podManagementPolicy: OrderedReady +# replicas: 1 +# updateStrategy: +# type: RollingUpdate +# selector: +# matchLabels: +# app.kubernetes.io/name: events-rabbitmq +# app.kubernetes.io/instance: taiga +# template: +# metadata: +# labels: +# app.kubernetes.io/name: events-rabbitmq +# helm.sh/chart: events-rabbitmq-11.9.3 +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/managed-by: Helm +# annotations: +# checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485 +# checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8 +# spec: +# serviceAccountName: taiga-events-rabbitmq +# affinity: +# podAffinity: null +# podAntiAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - podAffinityTerm: +# labelSelector: +# matchLabels: +# app.kubernetes.io/name: events-rabbitmq +# app.kubernetes.io/instance: taiga +# topologyKey: kubernetes.io/hostname +# weight: 1 +# nodeAffinity: null +# securityContext: +# fsGroup: 1001 +# terminationGracePeriodSeconds: 120 +# initContainers: null +# containers: +# - name: rabbitmq +# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 +# imagePullPolicy: IfNotPresent +# securityContext: +# runAsNonRoot: true +# runAsUser: 1001 +# lifecycle: +# preStop: +# exec: +# command: +# - /bin/bash +# - -ec +# - | +# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then +# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" +# else +# rabbitmqctl stop_app +# fi +# env: +# - name: BITNAMI_DEBUG +# value: 'false' +# - name: MY_POD_IP +# valueFrom: +# fieldRef: +# fieldPath: status.podIP +# - name: MY_POD_NAME +# valueFrom: +# fieldRef: +# fieldPath: metadata.name +# - name: MY_POD_NAMESPACE +# valueFrom: +# fieldRef: +# fieldPath: metadata.namespace +# - name: K8S_SERVICE_NAME +# value: taiga-events-rabbitmq-headless +# - name: K8S_ADDRESS_TYPE +# value: hostname +# - name: RABBITMQ_FEATURE_FLAGS +# value: null +# - name: RABBITMQ_FORCE_BOOT +# value: no +# - name: RABBITMQ_NODE_NAME +# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local +# - name: K8S_HOSTNAME_SUFFIX +# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local +# - name: RABBITMQ_MNESIA_DIR +# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) +# - name: RABBITMQ_LDAP_ENABLE +# value: no +# - name: RABBITMQ_LOGS +# value: '-' +# - name: RABBITMQ_ULIMIT_NOFILES +# value: '65536' +# - name: RABBITMQ_USE_LONGNAME +# value: 'true' +# - name: RABBITMQ_ERL_COOKIE +# valueFrom: +# secretKeyRef: +# name: taiga-events-rabbitmq +# key: rabbitmq-erlang-cookie +# - name: RABBITMQ_LOAD_DEFINITIONS +# value: no +# - name: RABBITMQ_DEFINITIONS_FILE +# value: /app/load_definition.json +# - name: RABBITMQ_SECURE_PASSWORD +# value: yes +# - name: RABBITMQ_USERNAME +# value: taiga +# - name: RABBITMQ_PASSWORD +# valueFrom: +# secretKeyRef: +# name: taiga-events-rabbitmq +# key: rabbitmq-password +# - name: RABBITMQ_PLUGINS +# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap +# envFrom: null +# ports: +# - name: amqp +# containerPort: 5672 +# - name: dist +# containerPort: 25672 +# - name: stats +# containerPort: 15672 +# - name: epmd +# containerPort: 4369 +# livenessProbe: +# failureThreshold: 6 +# initialDelaySeconds: 120 +# periodSeconds: 30 +# successThreshold: 1 +# timeoutSeconds: 20 +# exec: +# command: +# - /bin/bash +# - -ec +# - rabbitmq-diagnostics -q ping +# readinessProbe: +# failureThreshold: 3 +# initialDelaySeconds: 10 +# periodSeconds: 30 +# successThreshold: 1 +# timeoutSeconds: 20 +# exec: +# command: +# - /bin/bash +# - -ec +# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms +# resources: +# limits: {} +# requests: {} +# volumeMounts: +# - name: configuration +# mountPath: /bitnami/rabbitmq/conf +# - name: data +# mountPath: /bitnami/rabbitmq/mnesia +# volumes: +# - name: configuration +# projected: +# sources: +# - secret: +# name: taiga-events-rabbitmq-config +# volumeClaimTemplates: +# - metadata: +# name: data +# labels: +# app.kubernetes.io/name: events-rabbitmq +# app.kubernetes.io/instance: taiga +# spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 8Gi +# EOF +# } + +# resource "kubectl_manifest" "StatefulSet_taiga-postgresql" { +# yaml_body = <<-EOF +# apiVersion: apps/v1 +# kind: StatefulSet +# metadata: +# name: taiga-postgresql +# namespace: ${var.namespace} +# labels: ${jsonencode(local.common-labels)} +# annotations: null +# spec: +# replicas: 1 +# serviceName: taiga-postgresql-hl +# updateStrategy: +# rollingUpdate: {} +# type: RollingUpdate +# selector: +# matchLabels: +# app.kubernetes.io/name: postgresql +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/component: primary +# template: +# metadata: +# name: taiga-postgresql +# labels: +# app.kubernetes.io/name: postgresql +# helm.sh/chart: postgresql-11.6.26 +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/managed-by: Helm +# app.kubernetes.io/component: primary +# annotations: null +# spec: +# serviceAccountName: default +# affinity: +# podAffinity: null +# podAntiAffinity: +# preferredDuringSchedulingIgnoredDuringExecution: +# - podAffinityTerm: +# labelSelector: +# matchLabels: +# app.kubernetes.io/name: postgresql +# app.kubernetes.io/instance: taiga +# app.kubernetes.io/component: primary +# topologyKey: kubernetes.io/hostname +# weight: 1 +# nodeAffinity: null +# securityContext: +# fsGroup: 1001 +# hostNetwork: false +# hostIPC: false +# initContainers: null +# containers: +# - name: postgresql +# image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2 +# imagePullPolicy: IfNotPresent +# securityContext: +# runAsUser: 1001 +# env: +# - name: BITNAMI_DEBUG +# value: 'false' +# - name: POSTGRESQL_PORT_NUMBER +# value: '5432' +# - name: POSTGRESQL_VOLUME_DIR +# value: /bitnami/postgresql +# - name: PGDATA +# value: /bitnami/postgresql/data +# - name: POSTGRES_USER +# value: taiga +# - name: POSTGRES_POSTGRES_PASSWORD +# valueFrom: +# secretKeyRef: +# name: taiga-postgresql +# key: postgres-password +# - name: POSTGRES_PASSWORD +# valueFrom: +# secretKeyRef: +# name: taiga-postgresql +# key: password +# - name: POSTGRES_DB +# value: taiga +# - name: POSTGRESQL_ENABLE_LDAP +# value: no +# - name: POSTGRESQL_ENABLE_TLS +# value: no +# - name: POSTGRESQL_LOG_HOSTNAME +# value: 'false' +# - name: POSTGRESQL_LOG_CONNECTIONS +# value: 'false' +# - name: POSTGRESQL_LOG_DISCONNECTIONS +# value: 'false' +# - name: POSTGRESQL_PGAUDIT_LOG_CATALOG +# value: off +# - name: POSTGRESQL_CLIENT_MIN_MESSAGES +# value: error +# - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES +# value: pgaudit +# ports: +# - name: tcp-postgresql +# containerPort: 5432 +# livenessProbe: +# failureThreshold: 6 +# initialDelaySeconds: 30 +# periodSeconds: 10 +# successThreshold: 1 +# timeoutSeconds: 5 +# exec: +# command: +# - /bin/sh +# - -c +# - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 +# readinessProbe: +# failureThreshold: 6 +# initialDelaySeconds: 5 +# periodSeconds: 10 +# successThreshold: 1 +# timeoutSeconds: 5 +# exec: +# command: +# - /bin/sh +# - -c +# - -e +# - | +# exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 +# [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +# resources: +# limits: {} +# requests: +# cpu: 250m +# memory: 256Mi +# volumeMounts: +# - name: dshm +# mountPath: /dev/shm +# - name: data +# mountPath: /bitnami/postgresql +# volumes: +# - name: dshm +# emptyDir: +# medium: Memory +# volumeClaimTemplates: +# - metadata: +# name: data +# spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 8Gi +# EOF +# } +