vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Sébastien Huss
2023-07-14 11:51:07 +02:00
commit 284dc650c4
101 changed files with 8629 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
meta/domain-auth/apps.tf Normal file
View File

@@ -0,0 +1,81 @@
locals {
annotations = {
"vynil.solidite.fr/meta" = "domain-auth"
"vynil.solidite.fr/name" = "${var.namespace}-auth"
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
}
authentik = { for k, v in var.authentik : k => v if k!="enable" }
authentik-ldap = { for k, v in var.authentik-ldap : k => v if k!="enable" }
authentik-forward = { for k, v in var.authentik-forward : k => v if k!="enable" }
}
resource "kubernetes_namespace_v1" "auth-ns" {
count = var.authentik.enable || var.authentik-ldap.enable || var.authentik-forward.enable ? 1 : 0
metadata {
annotations = local.annotations
labels = merge(local.common-labels, local.annotations)
name = "${var.namespace}-auth"
}
}
resource "kubectl_manifest" "authentik" {
count = var.authentik.enable || var.authentik-ldap.enable || var.authentik-forward.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.auth-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "authentik"
namespace: "${var.namespace}-auth"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "share"
component: "authentik"
options: ${jsonencode(merge(local.global, local.authentik))}
EOF
}
resource "kubectl_manifest" "authentik-ldap" {
count = var.authentik-ldap.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.auth-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "authentik-ldap"
namespace: "${var.namespace}-auth"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "share"
component: "authentik-ldap"
options: ${jsonencode(merge(local.global, local.authentik-ldap))}
EOF
}
resource "kubectl_manifest" "authentik-forward" {
count = var.authentik-forward.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.auth-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "authentik-forward"
namespace: "${var.namespace}-auth"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "share"
component: "authentik-forward"
options: ${jsonencode(merge(local.global, local.authentik-forward))}
EOF
}

66
meta/domain-auth/index.yaml Normal file
View File

@@ -0,0 +1,66 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: meta
metadata:
name: domain-auth
description: null
options:
authentik-ldap:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
authentik:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
authentik-forward:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
domain:
default: your-company
examples:
- your-company
type: string
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null

43
meta/domain-ci/apps.tf Normal file
View File

@@ -0,0 +1,43 @@
locals {
annotations = {
"vynil.solidite.fr/meta" = "domain-ci"
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
}
gitea = { for k, v in var.gitea : k => v if k!="enable" }
}
resource "kubernetes_namespace_v1" "ci-ns" {
count = ( var.gitea.enable )? 1 : 0
metadata {
annotations = local.annotations
labels = merge(local.common-labels, local.annotations)
name = "${var.namespace}-ci"
}
}
resource "kubectl_manifest" "gitea" {
count = var.gitea.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.ci-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "gitea"
namespace: "${var.namespace}-ci"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "apps"
component: "gitea"
options: ${jsonencode(merge(local.global, local.gitea))}
EOF
}

46
meta/domain-ci/index.yaml Normal file
View File

@@ -0,0 +1,46 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: meta
metadata:
name: domain-ci
description: null
options:
gitea:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
domain:
default: your-company
examples:
- your-company
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null

43
meta/domain-erp/apps.tf Normal file
View File

@@ -0,0 +1,43 @@
locals {
annotations = {
"vynil.solidite.fr/meta" = "domain-ci"
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
}
dolibarr = { for k, v in var.dolibarr : k => v if k!="enable" }
}
resource "kubernetes_namespace_v1" "erp-ns" {
count = ( var.dolibarr.enable )? 1 : 0
metadata {
annotations = local.annotations
labels = merge(local.common-labels, local.annotations)
name = "${var.namespace}-erp"
}
}
resource "kubectl_manifest" "dolibarr" {
count = var.dolibarr.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.erp-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "dolibarr"
namespace: "${kubernetes_namespace_v1.erp-ns[0].metadata[0].name}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "apps"
component: "dolibarr"
options: ${jsonencode(merge(local.global, local.dolibarr))}
EOF
}

46
meta/domain-erp/index.yaml Normal file
View File

@@ -0,0 +1,46 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: meta
metadata:
name: domain-erp
description: null
options:
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
dolibarr:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null

80
meta/domain-infra/apps.tf Normal file
View File

@@ -0,0 +1,80 @@
locals {
annotations = {
"vynil.solidite.fr/meta" = "domain-ci"
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
}
traefik = { for k, v in var.traefik : k => v if k!="enable" }
dns = { for k, v in var.dns : k => v if k!="enable" }
api = { for k, v in var.api : k => v if k!="enable" }
}
resource "kubernetes_namespace_v1" "infra-ns" {
count = ( var.dns.enable )? 1 : 0
metadata {
annotations = local.annotations
labels = merge(local.common-labels, local.annotations)
name = "${var.namespace}-infra"
}
}
resource "kubectl_manifest" "dns" {
count = var.dns.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.infra-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "dns"
namespace: "${kubernetes_namespace_v1.infra-ns.name}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "share"
component: "dns"
options: ${jsonencode(merge(local.global, local.dns))}
EOF
}
resource "kubectl_manifest" "traefik" {
count = var.traefik.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.infra-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "traefik-ui-${var.namespace}"
namespace: "${var.traefik.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "apps"
component: "traefik-ui"
options: ${jsonencode(merge(local.global, local.traefik))}
EOF
}
resource "kubectl_manifest" "traefik" {
count = var.traefik.enable ? 1 : 0
depends_on = [kubernetes_namespace_v1.infra-ns]
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "k8s-api-${var.namespace}"
namespace: "default"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "apps"
component: "k8s-ui"
options: ${jsonencode(merge(local.global, local.api))}
EOF
}

71
meta/domain-infra/index.yaml Normal file
View File

@@ -0,0 +1,71 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: meta
metadata:
name: domain-infra
description: null
options:
ingress-class:
default: traefik
examples:
- traefik
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
traefik:
default:
enable: false
namespace: traefik
examples:
- enable: false
namespace: traefik
properties:
enable:
default: false
type: boolean
namespace:
default: traefik
type: string
type: object
domain:
default: your-company
examples:
- your-company
type: string
api:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
dns:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
dependencies: []
providers:
kubernetes: true
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null

107
meta/domain/index.yaml Normal file
View File

@@ -0,0 +1,107 @@
---
apiVersion: vinyl.solidite.fr/v1beta1
kind: Component
category: meta
metadata:
name: domain
description: null
options:
auth:
default:
enable: true
examples:
- enable: true
properties:
enable:
default: true
type: boolean
type: object
ci:
default:
enable: false
gitea:
enable: true
examples:
- enable: false
gitea:
enable: true
properties:
enable:
default: false
type: boolean
gitea:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
erp:
default:
dolibarr:
enable: true
enable: false
examples:
- dolibarr:
enable: true
enable: false
properties:
dolibarr:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
enable:
default: false
type: boolean
type: object
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
infra:
default:
enable: false
traefik:
enable: false
examples:
- enable: false
traefik:
enable: false
properties:
enable:
default: false
type: boolean
traefik:
default:
enable: false
properties:
enable:
default: false
type: boolean
type: object
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
dependencies: []
providers:
kubernetes: null
authentik: null
kubectl: true
postgresql: null
restapi: null
http: null

98
meta/domain/installs.tf Normal file
View File

@@ -0,0 +1,98 @@
locals {
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
}
annotations = {
"vynil.solidite.fr/meta" = "domain"
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
auth = { for k, v in var.auth : k => v if k!="enable" }
infra = { for k, v in var.infra : k => v if k!="enable" }
ci = { for k, v in var.ci : k => v if k!="enable" }
erp = { for k, v in var.erp : k => v if k!="enable" }
# Force install authentik and it's modules when any are needed
use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
use-forward = var.infra.enable && var.infra.traefik.enable
use-other-auth = false
added-auth-ldap = local.use-ldap?{
"authentik-ldap" = {"enable"= true}
}:{}
added-auth-forward = local.use-forward?{
"authentik-forward" = {"enable"= true}
}:{}
added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({
"authentik" = {"enable" = true}
},local.added-auth-ldap,local.added-auth-forward):{}
}
resource "kubectl_manifest" "auth" {
count = var.auth.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "auth"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "meta"
component: "domain-auth"
options: ${jsonencode(merge(merge(local.global, local.auth), local.added-auth))}
EOF
}
resource "kubectl_manifest" "infra" {
count = var.infra.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "infra"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "meta"
component: "domain-infra"
options: ${jsonencode(merge(local.global, local.infra))}
EOF
}
resource "kubectl_manifest" "ci" {
count = var.ci.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "ci"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "meta"
component: "domain-ci"
options: ${jsonencode(merge(local.global, local.ci))}
EOF
}
resource "kubectl_manifest" "erp" {
count = var.erp.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "erp"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common-labels)}
spec:
distrib: "core"
category: "meta"
component: "domain-erp"
options: ${jsonencode(merge(local.global, local.erp))}
EOF
}