114 lines
3.0 KiB
HCL
114 lines
3.0 KiB
HCL
locals {
|
|
authentik_url = "http://authentik.${var.domain}-auth.svc"
|
|
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
|
|
common_labels = {
|
|
"vynil.solidite.fr/owner-name" = var.instance
|
|
"vynil.solidite.fr/owner-namespace" = var.namespace
|
|
"vynil.solidite.fr/owner-category" = var.category
|
|
"vynil.solidite.fr/owner-component" = var.component
|
|
"app.kubernetes.io/managed-by" = "vynil"
|
|
"app.kubernetes.io/instance" = var.instance
|
|
}
|
|
pvc_spec = merge({
|
|
"accessModes" = [var.storage.volume.accessMode]
|
|
"volumeMode" = var.storage.volume.type
|
|
"resources" = {
|
|
"requests" = {
|
|
"storage" = "${var.storage.volume.size}"
|
|
}
|
|
}
|
|
}, var.storage.volume.class != "" ?{
|
|
"storageClassName" = var.storage.volume.class
|
|
}:{})
|
|
}
|
|
|
|
|
|
data "kubernetes_secret_v1" "authentik" {
|
|
metadata {
|
|
name = "authentik"
|
|
namespace = "${var.domain}-auth"
|
|
}
|
|
}
|
|
|
|
data "kubernetes_ingress_v1" "authentik" {
|
|
metadata {
|
|
name = "authentik"
|
|
namespace = "${var.domain}-auth"
|
|
}
|
|
}
|
|
|
|
data "kustomization_overlay" "data" {
|
|
common_labels = local.common_labels
|
|
namespace = var.namespace
|
|
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
|
|
images {
|
|
name = "docker.io/grafana/grafana"
|
|
new_name = "${var.images.grafana.registry}/${var.images.grafana.repository}"
|
|
new_tag = "${var.images.grafana.tag}"
|
|
}
|
|
images {
|
|
name = "docker.io/library/busybox"
|
|
new_name = "${var.images.busybox.registry}/${var.images.busybox.repository}"
|
|
new_tag = "${var.images.busybox.tag}"
|
|
}
|
|
images {
|
|
name = "quay.io/kiwigrid/k8s-sidecar"
|
|
new_name = "${var.images.sidecar.registry}/${var.images.sidecar.repository}"
|
|
new_tag = "${var.images.sidecar.tag}"
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "PersistentVolumeClaim"
|
|
name = "grafana"
|
|
}
|
|
patch = <<-EOF
|
|
kind: PersistentVolumeClaim
|
|
apiVersion: v1
|
|
metadata:
|
|
name: grafana
|
|
annotations:
|
|
k8up.io/backup: "true"
|
|
resize.kubesphere.io/storage_limit: "${var.storage.volume.maxSize}"
|
|
spec: ${jsonencode(local.pvc_spec)}
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "ServiceMonitor"
|
|
name = "grafana"
|
|
}
|
|
patch = <<-EOF
|
|
- op: replace
|
|
path: /spec/namespaceSelector/matchNames/0
|
|
value: "${var.namespace}"
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "Deployment"
|
|
name = "grafana"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: grafana
|
|
annotations:
|
|
configmap.reloader.stakater.com/reload: "grafana"
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: grafana
|
|
volumeMounts:
|
|
- name: local-certs
|
|
mountPath: "/etc/local-certs"
|
|
volumes:
|
|
- name: local-certs
|
|
secret:
|
|
secretName: "${var.instance}-cert"
|
|
defaultMode: 0444
|
|
EOF
|
|
}
|
|
}
|