101 lines
3.6 KiB
HCL
101 lines
3.6 KiB
HCL
data "kubernetes_ingress_v1" "authentik" {
|
|
metadata {
|
|
name = "authentik"
|
|
namespace = "${var.domain}-auth"
|
|
}
|
|
}
|
|
|
|
resource "kubectl_manifest" "cm_env" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-envs"
|
|
labels: ${jsonencode(local.sonar_all_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
SONAR_JDBC_USERNAME: ${var.component}
|
|
SONAR_JDBC_URL: jdbc:postgresql://${var.instance}-${var.component}-pg-rw.${var.namespace}.svc:5432/${var.component}
|
|
SONAR_WEB_CONTEXT: /
|
|
SONAR_WEB_JAVAOPTS: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
|
|
SONAR_CE_JAVAOPTS: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "cm_files" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-files"
|
|
labels: ${jsonencode(local.sonar_all_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
sonar.properties: |-
|
|
sonar.telemetry.enable=false
|
|
sonar.updatecenter.activate=false
|
|
sonar.auth.saml.enabled=true
|
|
sonar.auth.saml.applicationId=https://${local.dns_name}/saml2/metadata
|
|
sonar.auth.saml.providerName=vynil
|
|
sonar.auth.saml.providerId=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}
|
|
sonar.auth.saml.loginUrl=https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/saml/${var.component}-${var.instance}/sso/binding/redirect/
|
|
sonar.auth.saml.certificate.secured=${join("",[for line in split("\n",module.saml.certificate_data): line if !endswith(line, "CERTIFICATE-----")])}
|
|
sonar.auth.saml.user.login=windowsaccountname
|
|
sonar.auth.saml.user.name=name
|
|
sonar.auth.saml.user.email=emailaddress
|
|
sonar.auth.saml.group.name=group
|
|
prometheus-ce-config.yaml: |-
|
|
rules:
|
|
- pattern: .*
|
|
prometheus-config.yaml: |-
|
|
rules:
|
|
- pattern: .*
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "cm_scripts" {
|
|
yaml_body = join("", concat([<<EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-scripts"
|
|
labels: ${jsonencode(local.sonar_all_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
init_sysctl.sh: |-
|
|
if [[ "$(sysctl -n vm.max_map_count)" -lt 524288 ]]; then
|
|
sysctl -w vm.max_map_count=524288
|
|
fi
|
|
if [[ "$(sysctl -n fs.file-max)" -lt 131072 ]]; then
|
|
sysctl -w fs.file-max=131072
|
|
fi
|
|
if [[ "$(ulimit -n)" != "unlimited" ]]; then
|
|
if [[ "$(ulimit -n)" -lt 131072 ]]; then
|
|
echo "ulimit -n 131072"
|
|
ulimit -n 131072
|
|
fi
|
|
fi
|
|
if [[ "$(ulimit -u)" != "unlimited" ]]; then
|
|
if [[ "$(ulimit -u)" -lt 8192 ]]; then
|
|
echo "ulimit -u 8192"
|
|
ulimit -u 8192
|
|
fi
|
|
fi
|
|
init_fs.sh: chown -R 1000:0 /opt/sonarqube
|
|
install_plugins.sh: |-
|
|
#!/bin/bash
|
|
if [ ! -f /data/jmx_prometheus_javaagent.jar ];then
|
|
curl -s 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar' --output /data/jmx_prometheus_javaagent.jar -v
|
|
fi
|
|
get_plugin() {
|
|
file=$(echo $1|sed 's#.*/##')
|
|
if [ ! -f "$file" ];then
|
|
curl -fsSLO "$1"
|
|
fi
|
|
}
|
|
cd /opt/sonarqube/extensions/plugins
|
|
EOF
|
|
],[for p in var.plugins: " get_plugin ${p}"]))
|
|
}
|
|
|