182 lines
6.2 KiB
HCL
182 lines
6.2 KiB
HCL
resource "kubectl_manifest" "cm_env_back" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-back"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
POSTGRES_DB: ${var.component}
|
|
POSTGRES_USER: ${var.component}
|
|
POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc
|
|
TAIGA_URL: https://${local.dns_name}
|
|
TAIGA_SITES_DOMAIN: ${local.dns_name}
|
|
TAIGA_SITES_SCHEME: https
|
|
TAIGA_ASYNC_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name}
|
|
TAIGA_EVENTS_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name}
|
|
CELERY_TIMEZONE: "${var.timezone}"
|
|
LANGUAGE_CODE: "${var.language}"
|
|
ENABLE_TELEMETRY: "False"
|
|
PUBLIC_REGISTER_ENABLED: "${var.enable_registration?"True":"False"}"
|
|
ENABLE_OPENID: "True"
|
|
OPENID_SCOPE: "openid email profile"
|
|
OPENID_TOKEN_URL: "${module.oauth2.sso_token_url}"
|
|
OPENID_USER_URL: "${module.oauth2.sso_userinfo_url}"
|
|
WEBHOOKS_ALLOW_PRIVATE_ADDRESS: "${var.webhook.allow_private_addr?"True":"False"}"
|
|
WEBHOOKS_ALLOW_REDIRECTS: "${var.webhook.allow_private_addr?"True":"False"}"
|
|
DJANGO_SUPERUSER_USERNAME: "admin"
|
|
DJANGO_SUPERUSER_EMAIL: "admin@${var.domain_name}"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "cm_env_front" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-front"
|
|
labels: ${jsonencode(local.common_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
TAIGA_URL: https://${local.dns_name}
|
|
TAIGA_SITES_DOMAIN: ${local.dns_name}
|
|
TAIGA_SITES_SCHEME: https
|
|
ENABLE_TELEMETRY: "false"
|
|
PUBLIC_REGISTER_ENABLED: "${jsonencode(var.enable_registration)}"
|
|
ENABLE_GITHUB_AUTH: "false"
|
|
ENABLE_GITLAB_AUTH: "false"
|
|
ENABLE_SLACK: "false"
|
|
ENABLE_GITHUB_IMPORTER: "false"
|
|
ENABLE_JIRA_IMPORTER: "false"
|
|
ENABLE_TRELLO_IMPORTER: "false"
|
|
ENABLE_OIDC_AUTH: "false"
|
|
ENABLE_OPENID_AUTH: "true"
|
|
OPENID_URL: "${module.oauth2.sso_authorize_url}"
|
|
OPENID_SCOPE: "openid email profile"
|
|
OPENID_NAME: "${var.domain_name}"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "cm_scripts" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-scripts"
|
|
labels: ${jsonencode(local.postcfg_all_labels)}
|
|
namespace: ${var.namespace}
|
|
data:
|
|
certs.sh: |-
|
|
#!/usr/bin/env bash
|
|
if [ -f /etc/local-ca/ca.crt ];then
|
|
export REQUESTS_CA_BUNDLE=/etc/local-ca/ca.crt
|
|
else
|
|
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
|
fi
|
|
postconfig.sh: |-
|
|
#!/usr/bin/env bash
|
|
export PATH="/opt/venv/bin/:$PATH" TAIGA_URL="http://${module.service.name}" TAIGA_SITES_DOMAIN="${module.service.name}" TAIGA_SITES_SCHEME=http
|
|
if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then
|
|
python manage.py loaddata initial_project_templates
|
|
else
|
|
echo "skipping loading initial templates : already here"
|
|
fi
|
|
if ! python 'manage.py' 'dumpdata' users.user|grep -q '"is_superuser": true';then
|
|
python manage.py createsuperuser --noinput
|
|
else
|
|
python 'manage.py' 'dumpdata' users.user
|
|
fi
|
|
EOF
|
|
}
|
|
|
|
|
|
resource "kubectl_manifest" "cm_nginx" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-nginx"
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.common_labels)}
|
|
data:
|
|
default.conf: |-
|
|
server {
|
|
listen 8080 default_server;
|
|
|
|
client_max_body_size 100M;
|
|
charset utf-8;
|
|
|
|
# Frontend
|
|
location / {
|
|
proxy_pass http://${kubectl_manifest.svc_front.name}/;
|
|
proxy_pass_header Server;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
}
|
|
|
|
# Api
|
|
location /api {
|
|
proxy_pass http://${kubectl_manifest.svc_back.name}:8000/api;
|
|
proxy_pass_header Server;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
}
|
|
|
|
# Admin
|
|
location /admin {
|
|
proxy_pass http://${kubectl_manifest.svc_back.name}:8000/admin;
|
|
proxy_pass_header Server;
|
|
proxy_set_header Host $http_host;
|
|
proxy_redirect off;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
}
|
|
|
|
# Static
|
|
location /static {
|
|
root /taiga;
|
|
}
|
|
|
|
# Media
|
|
location /_protected {
|
|
internal;
|
|
alias /taiga/media/;
|
|
add_header Content-disposition "attachment";
|
|
}
|
|
|
|
# Unprotected section
|
|
location /media/exports {
|
|
alias /taiga/media/exports/;
|
|
add_header Content-disposition "attachment";
|
|
}
|
|
|
|
location /media {
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass http://${kubectl_manifest.svc_protected.name}:8003/;
|
|
proxy_redirect off;
|
|
}
|
|
|
|
# Events
|
|
location /events {
|
|
proxy_pass http://${kubectl_manifest.svc_events.name}:8888/events;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_connect_timeout 7d;
|
|
proxy_send_timeout 7d;
|
|
proxy_read_timeout 7d;
|
|
}
|
|
}
|
|
EOF
|
|
}
|
|
|