resource "kubectl_manifest" "Deployment_taiga-events" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: taiga-events labels: ${jsonencode(local.common-labels)} namespace: ${var.namespace} spec: selector: matchLabels: app.kubernetes.io/name: taiga-events app.kubernetes.io/instance: taiga replicas: 1 template: metadata: labels: app.kubernetes.io/name: taiga-events helm.sh/chart: taiga-0.0.11 app.kubernetes.io/instance: taiga app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: taiga-events spec: serviceAccountName: default containers: - name: taiga-events image: docker.io/taigaio/taiga-events:latest imagePullPolicy: IfNotPresent resources: limits: {} requests: {} envFrom: - secretRef: name: ${kubectl_manifest.secret.name} env: - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS value: taiga ports: - name: taiga-events containerPort: 8888 livenessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 EOF } resource "kubectl_manifest" "Deployment_taiga-front" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: taiga-front labels: ${jsonencode(local.common-labels)} namespace: ${var.namespace} spec: selector: matchLabels: app.kubernetes.io/name: taiga-front app.kubernetes.io/instance: taiga replicas: 1 template: metadata: labels: app.kubernetes.io/name: taiga-front helm.sh/chart: taiga-0.0.11 app.kubernetes.io/instance: taiga app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: taiga-front spec: serviceAccountName: default containers: - name: taiga-front image: docker.io/taigaio/taiga-front:latest imagePullPolicy: IfNotPresent resources: limits: {} requests: {} envFrom: - configMapRef: name: ${kubectl_manifest.cm_env.name} ports: - name: taiga-front containerPort: 80 livenessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 EOF } resource "kubectl_manifest" "Deployment_taiga-protected" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: taiga-protected labels: ${jsonencode(local.common-labels)} namespace: ${var.namespace} spec: selector: matchLabels: app.kubernetes.io/name: taiga-protected app.kubernetes.io/instance: taiga replicas: 1 template: metadata: labels: app.kubernetes.io/name: taiga-protected helm.sh/chart: taiga-0.0.11 app.kubernetes.io/instance: taiga app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: taiga-protected spec: serviceAccountName: default containers: - name: taiga-protected image: docker.io/taigaio/taiga-protected:latest imagePullPolicy: IfNotPresent resources: limits: {} requests: {} env: - name: SECRET_KEY value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1 - name: MAX_AGE value: '360' ports: - name: taiga-protected containerPort: 8003 livenessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 EOF } resource "kubectl_manifest" "Deployment_taiga-back" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: taiga-back labels: ${jsonencode(local.common-labels)} namespace: ${var.namespace} spec: selector: matchLabels: app.kubernetes.io/name: taiga-back app.kubernetes.io/instance: taiga replicas: 1 template: metadata: labels: app.kubernetes.io/name: taiga-back helm.sh/chart: taiga-0.0.11 app.kubernetes.io/instance: taiga app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: taiga-back spec: serviceAccountName: default containers: - name: taiga-back image: docker.io/taigaio/taiga-back:latest imagePullPolicy: IfNotPresent resources: limits: {} requests: {} env: - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS value: taiga - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ${var.instance}-${var.component}-pg-app key: password envFrom: - secretRef: name: ${kubectl_manifest.secret.name} - configMapRef: name: ${kubectl_manifest.cm_env.name} ports: - name: taiga-back containerPort: 8000 livenessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /admin/login/ port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 volumeMounts: - name: taiga-static mountPath: /taiga-back/static - name: taiga-media mountPath: /taiga-back/media - name: taiga-async image: docker.io/taigaio/taiga-back:latest imagePullPolicy: IfNotPresent resources: limits: {} requests: {} command: - /taiga-back/docker/async_entrypoint.sh env: - name: RABBITMQ_USER value: taiga - name: RABBITMQ_PASS value: taiga - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: ${var.instance}-${var.component}-pg-app key: password envFrom: - secretRef: name: ${kubectl_manifest.secret.name} - configMapRef: name: ${kubectl_manifest.cm_env.name} volumeMounts: - name: taiga-static mountPath: /taiga-back/static - name: taiga-media mountPath: /taiga-back/media - name: taiga-gateway image: docker.io/nginx:1.19-alpine imagePullPolicy: IfNotPresent resources: limits: {} requests: {} ports: - name: taiga-gateway containerPort: 80 livenessProbe: httpGet: path: /admin/login/ port: 80 initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 10 readinessProbe: httpGet: path: /admin/login/ port: 80 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 10 volumeMounts: - name: taiga-static mountPath: /taiga/static - name: taiga-media mountPath: /taiga/media - name: taiga-conf mountPath: /etc/nginx/conf.d/ volumes: - name: taiga-static persistentVolumeClaim: claimName: taiga-static - name: taiga-media persistentVolumeClaim: claimName: taiga-media - name: taiga-conf configMap: name: taiga-gateway EOF } # resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" { # yaml_body = <<-EOF # apiVersion: apps/v1 # kind: StatefulSet # metadata: # name: taiga-async-rabbitmq # namespace: ${var.namespace} # labels: ${jsonencode(local.common-labels)} # spec: # serviceName: taiga-async-rabbitmq-headless # podManagementPolicy: OrderedReady # replicas: 1 # updateStrategy: # type: RollingUpdate # selector: # matchLabels: # app.kubernetes.io/name: async-rabbitmq # app.kubernetes.io/instance: taiga # template: # metadata: # labels: # app.kubernetes.io/name: async-rabbitmq # helm.sh/chart: async-rabbitmq-11.9.3 # app.kubernetes.io/instance: taiga # app.kubernetes.io/managed-by: Helm # annotations: # checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0 # checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329 # spec: # serviceAccountName: taiga-async-rabbitmq # affinity: # podAffinity: null # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - podAffinityTerm: # labelSelector: # matchLabels: # app.kubernetes.io/name: async-rabbitmq # app.kubernetes.io/instance: taiga # topologyKey: kubernetes.io/hostname # weight: 1 # nodeAffinity: null # securityContext: # fsGroup: 1001 # terminationGracePeriodSeconds: 120 # initContainers: null # containers: # - name: rabbitmq # image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 # imagePullPolicy: IfNotPresent # securityContext: # runAsNonRoot: true # runAsUser: 1001 # lifecycle: # preStop: # exec: # command: # - /bin/bash # - -ec # - | # if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then # /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" # else # rabbitmqctl stop_app # fi # env: # - name: BITNAMI_DEBUG # value: 'false' # - name: MY_POD_IP # valueFrom: # fieldRef: # fieldPath: status.podIP # - name: MY_POD_NAME # valueFrom: # fieldRef: # fieldPath: metadata.name # - name: MY_POD_NAMESPACE # valueFrom: # fieldRef: # fieldPath: metadata.namespace # - name: K8S_SERVICE_NAME # value: taiga-async-rabbitmq-headless # - name: K8S_ADDRESS_TYPE # value: hostname # - name: RABBITMQ_FEATURE_FLAGS # value: null # - name: RABBITMQ_FORCE_BOOT # value: no # - name: RABBITMQ_NODE_NAME # value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local # - name: K8S_HOSTNAME_SUFFIX # value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local # - name: RABBITMQ_MNESIA_DIR # value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) # - name: RABBITMQ_LDAP_ENABLE # value: no # - name: RABBITMQ_LOGS # value: '-' # - name: RABBITMQ_ULIMIT_NOFILES # value: '65536' # - name: RABBITMQ_USE_LONGNAME # value: 'true' # - name: RABBITMQ_ERL_COOKIE # valueFrom: # secretKeyRef: # name: taiga-async-rabbitmq # key: rabbitmq-erlang-cookie # - name: RABBITMQ_LOAD_DEFINITIONS # value: no # - name: RABBITMQ_DEFINITIONS_FILE # value: /app/load_definition.json # - name: RABBITMQ_SECURE_PASSWORD # value: yes # - name: RABBITMQ_USERNAME # value: taiga # - name: RABBITMQ_PASSWORD # valueFrom: # secretKeyRef: # name: taiga-async-rabbitmq # key: rabbitmq-password # - name: RABBITMQ_PLUGINS # value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap # envFrom: null # ports: # - name: amqp # containerPort: 5672 # - name: dist # containerPort: 25672 # - name: stats # containerPort: 15672 # - name: epmd # containerPort: 4369 # livenessProbe: # failureThreshold: 6 # initialDelaySeconds: 120 # periodSeconds: 30 # successThreshold: 1 # timeoutSeconds: 20 # exec: # command: # - /bin/bash # - -ec # - rabbitmq-diagnostics -q ping # readinessProbe: # failureThreshold: 3 # initialDelaySeconds: 10 # periodSeconds: 30 # successThreshold: 1 # timeoutSeconds: 20 # exec: # command: # - /bin/bash # - -ec # - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms # resources: # limits: {} # requests: {} # volumeMounts: # - name: configuration # mountPath: /bitnami/rabbitmq/conf # - name: data # mountPath: /bitnami/rabbitmq/mnesia # volumes: # - name: configuration # projected: # sources: # - secret: # name: taiga-async-rabbitmq-config # volumeClaimTemplates: # - metadata: # name: data # labels: # app.kubernetes.io/name: async-rabbitmq # app.kubernetes.io/instance: taiga # spec: # accessModes: # - ReadWriteOnce # resources: # requests: # storage: 8Gi # EOF # } # resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" { # yaml_body = <<-EOF # apiVersion: apps/v1 # kind: StatefulSet # metadata: # name: taiga-events-rabbitmq # namespace: ${var.namespace} # labels: ${jsonencode(local.common-labels)} # spec: # serviceName: taiga-events-rabbitmq-headless # podManagementPolicy: OrderedReady # replicas: 1 # updateStrategy: # type: RollingUpdate # selector: # matchLabels: # app.kubernetes.io/name: events-rabbitmq # app.kubernetes.io/instance: taiga # template: # metadata: # labels: # app.kubernetes.io/name: events-rabbitmq # helm.sh/chart: events-rabbitmq-11.9.3 # app.kubernetes.io/instance: taiga # app.kubernetes.io/managed-by: Helm # annotations: # checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485 # checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8 # spec: # serviceAccountName: taiga-events-rabbitmq # affinity: # podAffinity: null # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - podAffinityTerm: # labelSelector: # matchLabels: # app.kubernetes.io/name: events-rabbitmq # app.kubernetes.io/instance: taiga # topologyKey: kubernetes.io/hostname # weight: 1 # nodeAffinity: null # securityContext: # fsGroup: 1001 # terminationGracePeriodSeconds: 120 # initContainers: null # containers: # - name: rabbitmq # image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 # imagePullPolicy: IfNotPresent # securityContext: # runAsNonRoot: true # runAsUser: 1001 # lifecycle: # preStop: # exec: # command: # - /bin/bash # - -ec # - | # if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then # /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" # else # rabbitmqctl stop_app # fi # env: # - name: BITNAMI_DEBUG # value: 'false' # - name: MY_POD_IP # valueFrom: # fieldRef: # fieldPath: status.podIP # - name: MY_POD_NAME # valueFrom: # fieldRef: # fieldPath: metadata.name # - name: MY_POD_NAMESPACE # valueFrom: # fieldRef: # fieldPath: metadata.namespace # - name: K8S_SERVICE_NAME # value: taiga-events-rabbitmq-headless # - name: K8S_ADDRESS_TYPE # value: hostname # - name: RABBITMQ_FEATURE_FLAGS # value: null # - name: RABBITMQ_FORCE_BOOT # value: no # - name: RABBITMQ_NODE_NAME # value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local # - name: K8S_HOSTNAME_SUFFIX # value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local # - name: RABBITMQ_MNESIA_DIR # value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) # - name: RABBITMQ_LDAP_ENABLE # value: no # - name: RABBITMQ_LOGS # value: '-' # - name: RABBITMQ_ULIMIT_NOFILES # value: '65536' # - name: RABBITMQ_USE_LONGNAME # value: 'true' # - name: RABBITMQ_ERL_COOKIE # valueFrom: # secretKeyRef: # name: taiga-events-rabbitmq # key: rabbitmq-erlang-cookie # - name: RABBITMQ_LOAD_DEFINITIONS # value: no # - name: RABBITMQ_DEFINITIONS_FILE # value: /app/load_definition.json # - name: RABBITMQ_SECURE_PASSWORD # value: yes # - name: RABBITMQ_USERNAME # value: taiga # - name: RABBITMQ_PASSWORD # valueFrom: # secretKeyRef: # name: taiga-events-rabbitmq # key: rabbitmq-password # - name: RABBITMQ_PLUGINS # value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap # envFrom: null # ports: # - name: amqp # containerPort: 5672 # - name: dist # containerPort: 25672 # - name: stats # containerPort: 15672 # - name: epmd # containerPort: 4369 # livenessProbe: # failureThreshold: 6 # initialDelaySeconds: 120 # periodSeconds: 30 # successThreshold: 1 # timeoutSeconds: 20 # exec: # command: # - /bin/bash # - -ec # - rabbitmq-diagnostics -q ping # readinessProbe: # failureThreshold: 3 # initialDelaySeconds: 10 # periodSeconds: 30 # successThreshold: 1 # timeoutSeconds: 20 # exec: # command: # - /bin/bash # - -ec # - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms # resources: # limits: {} # requests: {} # volumeMounts: # - name: configuration # mountPath: /bitnami/rabbitmq/conf # - name: data # mountPath: /bitnami/rabbitmq/mnesia # volumes: # - name: configuration # projected: # sources: # - secret: # name: taiga-events-rabbitmq-config # volumeClaimTemplates: # - metadata: # name: data # labels: # app.kubernetes.io/name: events-rabbitmq # app.kubernetes.io/instance: taiga # spec: # accessModes: # - ReadWriteOnce # resources: # requests: # storage: 8Gi # EOF # } # resource "kubectl_manifest" "StatefulSet_taiga-postgresql" { # yaml_body = <<-EOF # apiVersion: apps/v1 # kind: StatefulSet # metadata: # name: taiga-postgresql # namespace: ${var.namespace} # labels: ${jsonencode(local.common-labels)} # annotations: null # spec: # replicas: 1 # serviceName: taiga-postgresql-hl # updateStrategy: # rollingUpdate: {} # type: RollingUpdate # selector: # matchLabels: # app.kubernetes.io/name: postgresql # app.kubernetes.io/instance: taiga # app.kubernetes.io/component: primary # template: # metadata: # name: taiga-postgresql # labels: # app.kubernetes.io/name: postgresql # helm.sh/chart: postgresql-11.6.26 # app.kubernetes.io/instance: taiga # app.kubernetes.io/managed-by: Helm # app.kubernetes.io/component: primary # annotations: null # spec: # serviceAccountName: default # affinity: # podAffinity: null # podAntiAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - podAffinityTerm: # labelSelector: # matchLabels: # app.kubernetes.io/name: postgresql # app.kubernetes.io/instance: taiga # app.kubernetes.io/component: primary # topologyKey: kubernetes.io/hostname # weight: 1 # nodeAffinity: null # securityContext: # fsGroup: 1001 # hostNetwork: false # hostIPC: false # initContainers: null # containers: # - name: postgresql # image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2 # imagePullPolicy: IfNotPresent # securityContext: # runAsUser: 1001 # env: # - name: BITNAMI_DEBUG # value: 'false' # - name: POSTGRESQL_PORT_NUMBER # value: '5432' # - name: POSTGRESQL_VOLUME_DIR # value: /bitnami/postgresql # - name: PGDATA # value: /bitnami/postgresql/data # - name: POSTGRES_USER # value: taiga # - name: POSTGRES_POSTGRES_PASSWORD # valueFrom: # secretKeyRef: # name: taiga-postgresql # key: postgres-password # - name: POSTGRES_PASSWORD # valueFrom: # secretKeyRef: # name: taiga-postgresql # key: password # - name: POSTGRES_DB # value: taiga # - name: POSTGRESQL_ENABLE_LDAP # value: no # - name: POSTGRESQL_ENABLE_TLS # value: no # - name: POSTGRESQL_LOG_HOSTNAME # value: 'false' # - name: POSTGRESQL_LOG_CONNECTIONS # value: 'false' # - name: POSTGRESQL_LOG_DISCONNECTIONS # value: 'false' # - name: POSTGRESQL_PGAUDIT_LOG_CATALOG # value: off # - name: POSTGRESQL_CLIENT_MIN_MESSAGES # value: error # - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES # value: pgaudit # ports: # - name: tcp-postgresql # containerPort: 5432 # livenessProbe: # failureThreshold: 6 # initialDelaySeconds: 30 # periodSeconds: 10 # successThreshold: 1 # timeoutSeconds: 5 # exec: # command: # - /bin/sh # - -c # - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 # readinessProbe: # failureThreshold: 6 # initialDelaySeconds: 5 # periodSeconds: 10 # successThreshold: 1 # timeoutSeconds: 5 # exec: # command: # - /bin/sh # - -c # - -e # - | # exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 # [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] # resources: # limits: {} # requests: # cpu: 250m # memory: 256Mi # volumeMounts: # - name: dshm # mountPath: /dev/shm # - name: data # mountPath: /bitnami/postgresql # volumes: # - name: dshm # emptyDir: # medium: Memory # volumeClaimTemplates: # - metadata: # name: data # spec: # accessModes: # - ReadWriteOnce # resources: # requests: # storage: 8Gi # EOF # }