144 lines
4.1 KiB
HCL
144 lines
4.1 KiB
HCL
locals {
|
|
onlyoffice-labels = merge(local.common-labels, {
|
|
"app.kubernetes.io/component" = "onlyoffice"
|
|
})
|
|
dns-onlyoffice = "onlyoffice.${local.dns-name}"
|
|
onlyoffice-middlewares = ["${var.instance}-https"]
|
|
onlyoffice-service = {
|
|
"name" = "${var.instance}-onlyoffice"
|
|
"port" = {
|
|
"number" = 80
|
|
}
|
|
}
|
|
onlyoffice-rules = [ for v in [local.dns-onlyoffice] : {
|
|
"host" = "${v}"
|
|
"http" = {
|
|
"paths" = [{
|
|
"backend" = {
|
|
"service" = local.onlyoffice-service
|
|
}
|
|
"path" = "/"
|
|
"pathType" = "Prefix"
|
|
}]
|
|
}
|
|
}]
|
|
}
|
|
|
|
resource "kubectl_manifest" "onlyoffice_deploy" {
|
|
count = var.apps.onlyoffice ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "${var.instance}-onlyoffice"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.onlyoffice-labels)}
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels: ${jsonencode(local.onlyoffice-labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.onlyoffice-labels)}
|
|
spec:
|
|
containers:
|
|
- name: "onlyoffice"
|
|
image: "${var.images.onlyoffice.registry}/${var.images.onlyoffice.repository}:${var.images.onlyoffice.tag}"
|
|
imagePullPolicy: "${var.images.onlyoffice.pullPolicy}"
|
|
env:
|
|
- name: JWT_ENABLED
|
|
value: "true"
|
|
- name: JWT_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ${var.component}
|
|
key: collabora-password
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthcheck
|
|
port: http
|
|
scheme: HTTP
|
|
initialDelaySeconds: 120
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthcheck
|
|
port: http
|
|
scheme: HTTP
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 2
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
protocol: TCP
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "onlyoffice_svc" {
|
|
count = var.apps.onlyoffice ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: "${var.instance}-onlyoffice"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.onlyoffice-labels)}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 80
|
|
targetPort: http
|
|
protocol: TCP
|
|
name: http
|
|
selector: ${jsonencode(local.onlyoffice-labels)}
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "onlyoffice_certificate" {
|
|
count = var.apps.onlyoffice ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Certificate"
|
|
metadata:
|
|
name: "${var.instance}-onlyoffice"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.onlyoffice-labels)}
|
|
spec:
|
|
secretName: "${var.instance}-onlyoffice-cert"
|
|
dnsNames: [${jsonencode(local.dns-onlyoffice)}]
|
|
issuerRef:
|
|
name: "${var.issuer}"
|
|
kind: "ClusterIssuer"
|
|
group: "cert-manager.io"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "onlyoffice_ing" {
|
|
count = var.apps.onlyoffice ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: "${var.instance}-onlyoffice"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.onlyoffice-labels)}
|
|
annotations:
|
|
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.onlyoffice-middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
|
|
spec:
|
|
ingressClassName: "${var.ingress-class}"
|
|
rules: ${jsonencode(local.onlyoffice-rules)}
|
|
tls:
|
|
- hosts: [${local.dns-onlyoffice}]
|
|
secretName: "${var.instance}-onlyoffice-cert"
|
|
EOF
|
|
}
|
|
|