diff --git a/apps/code-server/configs.tf b/apps/code-server/configs.tf
index 8206d63..e859900 100644
--- a/apps/code-server/configs.tf
+++ b/apps/code-server/configs.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "code-server-config" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
config.yml: |
auth: none
diff --git a/apps/code-server/datas.tf b/apps/code-server/datas.tf
index d0144e6..db6e427 100644
--- a/apps/code-server/datas.tf
+++ b/apps/code-server/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/code-server/deploy.tf b/apps/code-server/deploy.tf
index 6895fda..7d3537f 100644
--- a/apps/code-server/deploy.tf
+++ b/apps/code-server/deploy.tf
@@ -5,16 +5,16 @@ resource "kubectl_manifest" "deploy" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replicas: 1
hostname: "${var.component}-${var.instance}"
subdomain: "${var.domain_name}"
selector:
- matchLabels: ${jsonencode(local.common-labels)}
+ matchLabels: ${jsonencode(local.common_labels)}
template:
metadata:
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
annotations:
container.apparmor.security.beta.kubernetes.io/code-server: unconfined
container.seccomp.security.alpha.kubernetes.io/code-server: unconfined
diff --git a/apps/code-server/presentation.tf b/apps/code-server/presentation.tf
index 82ea534..a5063e2 100644
--- a/apps/code-server/presentation.tf
+++ b/apps/code-server/presentation.tf
@@ -14,7 +14,7 @@ module "service" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
targets = ["http"]
providers = {
kubectl = kubectl
@@ -28,7 +28,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [module.service.default_definition]
@@ -67,7 +67,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = module.service.default_definition
icon = local.icon
diff --git a/apps/code-server/pvc.tf b/apps/code-server/pvc.tf
index 8d34a6f..551f086 100644
--- a/apps/code-server/pvc.tf
+++ b/apps/code-server/pvc.tf
@@ -18,7 +18,7 @@ resource "kubectl_manifest" "pvc" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec: ${jsonencode(local.pvc_spec)}
EOF
}
diff --git a/apps/code-server/rbac.tf b/apps/code-server/rbac.tf
index ab33bb3..2d3a322 100644
--- a/apps/code-server/rbac.tf
+++ b/apps/code-server/rbac.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "sa" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
EOF
}
@@ -17,7 +17,7 @@ resource "kubectl_manifest" "role" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: ['*']
resources: ['*']
@@ -32,7 +32,7 @@ resource "kubectl_manifest" "rb" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -51,7 +51,7 @@ resource "kubectl_manifest" "clusterrole" {
kind: ClusterRole
metadata:
name: "${var.component}-${var.namespace}-${var.instance}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: ['*']
resources: ['*']
@@ -65,7 +65,7 @@ resource "kubectl_manifest" "crb" {
kind: ClusterRoleBinding
metadata:
name: "${var.component}-${var.namespace}-${var.instance}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
diff --git a/apps/code-server/secret.tf b/apps/code-server/secret.tf
index ee8f753..1412134 100644
--- a/apps/code-server/secret.tf
+++ b/apps/code-server/secret.tf
@@ -7,7 +7,7 @@ resource "kubectl_manifest" "prj_secret" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:
diff --git a/apps/dbgate/configs.tf b/apps/dbgate/configs.tf
index 209f907..02cc48c 100644
--- a/apps/dbgate/configs.tf
+++ b/apps/dbgate/configs.tf
@@ -66,7 +66,7 @@ resource "kubectl_manifest" "dbgate-config" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data: ${jsonencode(merge(local.oauth_config, local.connection_vars))}
EOF
}
diff --git a/apps/dbgate/datas.tf b/apps/dbgate/datas.tf
index 31ef2a9..df054cf 100644
--- a/apps/dbgate/datas.tf
+++ b/apps/dbgate/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -28,6 +28,6 @@ data "kubernetes_ingress_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/dbgate/deploy.tf b/apps/dbgate/deploy.tf
index c835efe..36e5d88 100644
--- a/apps/dbgate/deploy.tf
+++ b/apps/dbgate/deploy.tf
@@ -28,17 +28,17 @@ resource "kubectl_manifest" "deploy" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
annotations:
configmap.reloader.stakater.com/reload: "${var.component}-${var.instance}"
secret.reloader.stakater.com/reload: "${var.component}-${var.instance}"
spec:
replicas: 1
selector:
- matchLabels: ${jsonencode(local.common-labels)}
+ matchLabels: ${jsonencode(local.common_labels)}
template:
metadata:
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
securityContext:
fsGroup: 1000
diff --git a/apps/dbgate/presentation.tf b/apps/dbgate/presentation.tf
index 6bd0714..fac0270 100644
--- a/apps/dbgate/presentation.tf
+++ b/apps/dbgate/presentation.tf
@@ -14,7 +14,7 @@ module "service" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
targets = ["http"]
providers = {
kubectl = kubectl
@@ -28,7 +28,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = []
services = [module.service.default_definition]
@@ -56,7 +56,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
- labels = local.common-labels
+ labels = local.common_labels
dns_name = local.dns_name
redirect_path = ""
providers = {
diff --git a/apps/dbgate/pvc.tf b/apps/dbgate/pvc.tf
index 8d34a6f..551f086 100644
--- a/apps/dbgate/pvc.tf
+++ b/apps/dbgate/pvc.tf
@@ -18,7 +18,7 @@ resource "kubectl_manifest" "pvc" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec: ${jsonencode(local.pvc_spec)}
EOF
}
diff --git a/apps/dolibarr/backups.tf b/apps/dolibarr/backups.tf
index b46635b..2e95719 100644
--- a/apps/dolibarr/backups.tf
+++ b/apps/dolibarr/backups.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:
diff --git a/apps/dolibarr/check.rhai b/apps/dolibarr/check.rhai
new file mode 100644
index 0000000..0bf130f
--- /dev/null
+++ b/apps/dolibarr/check.rhai
@@ -0,0 +1,17 @@
+const DOMAIN = config.domain;
+fn check_domain() {
+ assert(have_namespace(`${global::DOMAIN}`), `There is no ${global::DOMAIN} namespace`);
+}
+fn check_authentik() {
+ assert(have_namespace(`${global::DOMAIN}-auth`), `There is no ${global::DOMAIN}-auth namespace`);
+ assert(have_install(`${global::DOMAIN}-auth`, "authentik"), `No authentik installation in ${global::DOMAIN}-auth`);
+ assert(have_secret(`${global::DOMAIN}-auth`, "authentik"), `No authentik secret in ${global::DOMAIN}-auth`);
+}
+fn check_authentik_ldap() {
+ assert(have_install(`${global::DOMAIN}-auth`, "authentik-ldap"), `No authentik-forward installation in ${global::DOMAIN}-auth`);
+}
+fn pre_check() {
+ check_domain();
+ check_authentik();
+ check_authentik_ldap();
+}
diff --git a/apps/dolibarr/common.tf b/apps/dolibarr/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/apps/dolibarr/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/apps/dolibarr/configmap.tf b/apps/dolibarr/configmap.tf
index 730624e..a5f2654 100644
--- a/apps/dolibarr/configmap.tf
+++ b/apps/dolibarr/configmap.tf
@@ -79,7 +79,7 @@ resource "kubectl_manifest" "config-json" {
metadata:
name: "${var.instance}-json"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
"docker-php-ext-redis.ini": |-
extension = redis.so
@@ -157,7 +157,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
DOLI_DB_HOST: "${var.instance}-${var.component}-pg-rw.${var.namespace}.svc"
DOLI_DB_USER: "${var.component}"
diff --git a/apps/dolibarr/deploy.tf b/apps/dolibarr/deploy.tf
index ae705c3..57ade68 100644
--- a/apps/dolibarr/deploy.tf
+++ b/apps/dolibarr/deploy.tf
@@ -1,5 +1,5 @@
locals {
- deploy-labels = merge(local.common-labels, {
+ deploy-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "dolibarr"
})
}
diff --git a/apps/dolibarr/ingress.tf b/apps/dolibarr/ingress.tf
index 7e64cba..2b6dc2f 100644
--- a/apps/dolibarr/ingress.tf
+++ b/apps/dolibarr/ingress.tf
@@ -28,7 +28,7 @@ resource "kubectl_manifest" "prj_certificate" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
secretName: "${var.instance}-cert"
dnsNames: ${jsonencode(local.dns_names)}
@@ -46,7 +46,7 @@ resource "kubectl_manifest" "prj_https_redirect" {
metadata:
name: "${var.instance}-https"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
redirectScheme:
scheme: "https"
@@ -62,7 +62,7 @@ resource "kubectl_manifest" "prj_ingress" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
annotations:
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
spec:
diff --git a/apps/dolibarr/ldap.tf b/apps/dolibarr/ldap.tf
index a2b13fe..a07e2ca 100644
--- a/apps/dolibarr/ldap.tf
+++ b/apps/dolibarr/ldap.tf
@@ -26,7 +26,7 @@ resource "kubectl_manifest" "dolibarr_ldap" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
fields:
diff --git a/apps/dolibarr/nginx-config.tf b/apps/dolibarr/nginx-config.tf
index 9ab14dd..974a2b4 100644
--- a/apps/dolibarr/nginx-config.tf
+++ b/apps/dolibarr/nginx-config.tf
@@ -6,7 +6,7 @@ apiVersion: v1
metadata:
name: ${var.instance}-nginx
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
nginx.conf: |
worker_processes 5;
diff --git a/apps/dolibarr/postgresql.tf b/apps/dolibarr/postgresql.tf
index 7571b70..d7aa1bc 100644
--- a/apps/dolibarr/postgresql.tf
+++ b/apps/dolibarr/postgresql.tf
@@ -1,5 +1,5 @@
locals {
- pg-labels = merge(local.common-labels, {
+ pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
}
diff --git a/apps/dolibarr/pvc.tf b/apps/dolibarr/pvc.tf
index ca22045..32a7dbf 100644
--- a/apps/dolibarr/pvc.tf
+++ b/apps/dolibarr/pvc.tf
@@ -20,7 +20,7 @@ resource "kubectl_manifest" "pvc" {
namespace: "${var.namespace}"
annotations:
k8up.io/backup: "true"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec: ${jsonencode(local.pvc_spec)}
EOF
}
diff --git a/apps/dolibarr/redis.tf b/apps/dolibarr/redis.tf
index 22a400e..791a3ca 100644
--- a/apps/dolibarr/redis.tf
+++ b/apps/dolibarr/redis.tf
@@ -1,5 +1,5 @@
locals {
- redis-labels = merge(local.common-labels, {
+ redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}
diff --git a/apps/dolibarr/saml.tf b/apps/dolibarr/saml.tf
index 7503c26..493ac5b 100644
--- a/apps/dolibarr/saml.tf
+++ b/apps/dolibarr/saml.tf
@@ -32,7 +32,7 @@ resource "kubectl_manifest" "saml_certificate" {
metadata:
name: "${var.instance}-${var.component}-saml"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
secretName: "${var.instance}-${var.component}-saml"
dnsNames: ${jsonencode(local.dns_names)}
diff --git a/apps/gitea/backups.tf b/apps/gitea/backups.tf
index b46635b..2e95719 100644
--- a/apps/gitea/backups.tf
+++ b/apps/gitea/backups.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:
diff --git a/apps/gitea/datas.tf b/apps/gitea/datas.tf
index c2a687e..f204441 100644
--- a/apps/gitea/datas.tf
+++ b/apps/gitea/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -54,7 +54,7 @@ data "kubernetes_ingress_v1" "authentik" {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if ! contains(["index.yaml", "v1_ConfigMap_gitea-themes.yaml"], file)]
patches {
diff --git a/apps/gitea/inline-config.tf b/apps/gitea/inline-config.tf
index 16af33a..cc03cf1 100644
--- a/apps/gitea/inline-config.tf
+++ b/apps/gitea/inline-config.tf
@@ -2,7 +2,7 @@ resource "kubernetes_secret_v1" "gitea_inline_config" {
metadata {
name = "gitea-inline-config"
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
}
data = {
diff --git a/apps/gitea/postgresql.tf b/apps/gitea/postgresql.tf
index 7571b70..d7aa1bc 100644
--- a/apps/gitea/postgresql.tf
+++ b/apps/gitea/postgresql.tf
@@ -1,5 +1,5 @@
locals {
- pg-labels = merge(local.common-labels, {
+ pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
}
diff --git a/apps/gitea/presentation.tf b/apps/gitea/presentation.tf
index 099a570..ba9f4da 100644
--- a/apps/gitea/presentation.tf
+++ b/apps/gitea/presentation.tf
@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = []
services = [local.service]
@@ -50,7 +50,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
- labels = local.common-labels
+ labels = local.common_labels
dns_name = local.dns_name
redirect_path = "user/oauth2/vynil/callback"
providers = {
diff --git a/apps/gitea/redis.tf b/apps/gitea/redis.tf
index 6316802..da0d5c2 100644
--- a/apps/gitea/redis.tf
+++ b/apps/gitea/redis.tf
@@ -1,5 +1,5 @@
locals {
- redis-labels = merge(local.common-labels, {
+ redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}
diff --git a/apps/gitea/secret.tf b/apps/gitea/secret.tf
index 8edbd8b..eb9ee70 100644
--- a/apps/gitea/secret.tf
+++ b/apps/gitea/secret.tf
@@ -1,5 +1,5 @@
locals {
- secret-labels = merge(local.common-labels, {
+ secret-labels = merge(local.common_labels, {
"k8up.io/backup" = "true"
})
}
diff --git a/apps/gramo/datas.tf b/apps/gramo/datas.tf
index d0144e6..db6e427 100644
--- a/apps/gramo/datas.tf
+++ b/apps/gramo/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/gramo/deploy.tf b/apps/gramo/deploy.tf
index 84e3b36..ab290df 100644
--- a/apps/gramo/deploy.tf
+++ b/apps/gramo/deploy.tf
@@ -5,14 +5,14 @@ resource "kubectl_manifest" "deploy" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replicas: 1
selector:
- matchLabels: ${jsonencode(local.common-labels)}
+ matchLabels: ${jsonencode(local.common_labels)}
template:
metadata:
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
securityContext:
fsGroup: 1000
diff --git a/apps/gramo/presentation.tf b/apps/gramo/presentation.tf
index 80b23ef..2187fdc 100644
--- a/apps/gramo/presentation.tf
+++ b/apps/gramo/presentation.tf
@@ -14,7 +14,7 @@ module "service" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
targets = ["http"]
providers = {
kubectl = kubectl
@@ -28,7 +28,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [module.service.default_definition]
@@ -67,7 +67,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = module.service.default_definition
icon = local.icon
diff --git a/apps/gramo/rbac.tf b/apps/gramo/rbac.tf
index 7c394a2..a626cf0 100644
--- a/apps/gramo/rbac.tf
+++ b/apps/gramo/rbac.tf
@@ -8,7 +8,7 @@ resource "kubectl_manifest" "gramo_sa" {
metadata:
name: "${var.component}-${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
EOF
}
@@ -19,7 +19,7 @@ resource "kubectl_manifest" "gramo_crb_admin" {
kind: ClusterRoleBinding
metadata:
name: "${var.namespace}-${var.component}-${var.instance}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -39,7 +39,7 @@ resource "kubectl_manifest" "gramo_roles" {
metadata:
name: "${var.namespace}-${var.component}-${var.instance}"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: ["*"]
resources: ["*"]
@@ -55,7 +55,7 @@ resource "kubectl_manifest" "gramo_role_bindings" {
metadata:
name: "${var.namespace}-${var.component}-${var.instance}"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.component}-${var.instance}"
@@ -74,7 +74,7 @@ resource "kubectl_manifest" "gramo_clusterrole" {
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.component}-${var.instance}-list"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: [""]
resources: ["namespaces"]
@@ -97,7 +97,7 @@ resource "kubectl_manifest" "gramo_clusterrole_bindings" {
metadata:
name: "${var.namespace}-${var.component}-${var.instance}-list"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.component}-${var.instance}"
diff --git a/apps/infisical/configs.tf b/apps/infisical/configs.tf
index c422928..05696aa 100644
--- a/apps/infisical/configs.tf
+++ b/apps/infisical/configs.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
NODE_EXTRA_CA_CERTS: /etc/local-ca/ca.crt
INVITE_ONLY_SIGNUP: "true"
diff --git a/apps/infisical/datas.tf b/apps/infisical/datas.tf
index d0144e6..db6e427 100644
--- a/apps/infisical/datas.tf
+++ b/apps/infisical/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/infisical/deploy.tf b/apps/infisical/deploy.tf
index 7ee7552..9c3a838 100644
--- a/apps/infisical/deploy.tf
+++ b/apps/infisical/deploy.tf
@@ -5,17 +5,17 @@ resource "kubectl_manifest" "deploy" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
annotations:
configmap.reloader.stakater.com/reload: "${kubectl_manifest.config.name}"
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name}"
spec:
replicas: ${var.replicas}
selector:
- matchLabels: ${jsonencode(local.common-labels)}
+ matchLabels: ${jsonencode(local.common_labels)}
template:
metadata:
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
containers:
- name: infisical-backend
diff --git a/apps/infisical/presentation.tf b/apps/infisical/presentation.tf
index b4c7407..5da2796 100644
--- a/apps/infisical/presentation.tf
+++ b/apps/infisical/presentation.tf
@@ -13,7 +13,7 @@ module "service" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
targets = ["http"]
providers = {
kubectl = kubectl
@@ -27,7 +27,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [module.service.default_definition]
@@ -66,7 +66,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = module.service.default_definition
icon = local.icon
diff --git a/apps/infisical/secret.tf b/apps/infisical/secret.tf
index 89c981b..4269c5a 100644
--- a/apps/infisical/secret.tf
+++ b/apps/infisical/secret.tf
@@ -7,7 +7,7 @@ resource "kubectl_manifest" "secret" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:
diff --git a/apps/infisical/storage.tf b/apps/infisical/storage.tf
index 5f36544..34ddc3f 100644
--- a/apps/infisical/storage.tf
+++ b/apps/infisical/storage.tf
@@ -3,7 +3,7 @@ module "redis" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
images = var.images
exporter = var.redis.exporter
providers = {
@@ -15,7 +15,7 @@ module "mongo" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
providers = {
kubectl = kubectl
}
diff --git a/apps/k8s-api/datas.tf b/apps/k8s-api/datas.tf
index 5fa90b2..7dc39b7 100644
--- a/apps/k8s-api/datas.tf
+++ b/apps/k8s-api/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
diff --git a/apps/k8s-api/ingress.tf b/apps/k8s-api/ingress.tf
index 54304bf..f1a2d76 100644
--- a/apps/k8s-api/ingress.tf
+++ b/apps/k8s-api/ingress.tf
@@ -22,7 +22,7 @@ resource "kubectl_manifest" "prj_certificate" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
secretName: "${var.instance}-cert"
dnsNames: ${jsonencode(local.dns_names)}
@@ -41,7 +41,7 @@ resource "kubectl_manifest" "prj_ingress" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
entryPoints: ["websecure"]
routes: ${jsonencode(local.routes)}
diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
deleted file mode 100644
index d8c812a..0000000
--- a/apps/nextcloud/apps_v1_Deployment_nextcloud-metrics.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-# Source: nextcloud/templates/metrics/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nextcloud-metrics
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: metrics
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: metrics
- template:
- metadata:
- annotations:
- null
- labels:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: metrics
- spec:
- containers:
- - name: metrics-exporter
- image: "xperimental/nextcloud-exporter:0.6.2"
- imagePullPolicy: IfNotPresent
- env:
- - name: NEXTCLOUD_USERNAME
- valueFrom:
- secretKeyRef:
- name: nextcloud
- key: nextcloud-username
- - name: NEXTCLOUD_PASSWORD
- valueFrom:
- secretKeyRef:
- name: nextcloud
- key: nextcloud-password
- # NEXTCLOUD_SERVER is used by metrics-exporter to reach the Nextcloud (K8s-)Service to grab the serverinfo api endpoint
- - name: NEXTCLOUD_SERVER # deployment.namespace.svc.cluster.local
- value: "http://nextcloud.vynil-cloud.svc.cluster.local:80"
- - name: NEXTCLOUD_TIMEOUT
- value: 5s
- - name: NEXTCLOUD_TLS_SKIP_VERIFY
- value: "false"
- ports:
- - name: metrics
- containerPort: 9205
- securityContext:
- runAsUser: 1000
- runAsNonRoot: true
\ No newline at end of file
diff --git a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml b/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
deleted file mode 100644
index 4376e77..0000000
--- a/apps/nextcloud/apps_v1_Deployment_nextcloud.yaml
+++ /dev/null
@@ -1,185 +0,0 @@
-# Source: nextcloud/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nextcloud
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: app
-spec:
- replicas: 1
- strategy:
- type: RollingUpdate
- selector:
- matchLabels:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: app
- template:
- metadata:
- labels:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: app
- annotations:
- nextcloud-config-hash: 389c7a366de1675e1455b824e52d593448eb9f3d376f49a478d2135e037b30a0
- php-config-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- nginx-config-hash: 18dd8f905a93ed27f032e9ae68084222ed7e5926f7144cda17b979780f4da54b
- hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
- spec:
- containers:
- - name: nextcloud
- image: nextcloud:29.0.0-apache
- imagePullPolicy: IfNotPresent
- env:
-
- - name: POSTGRES_HOST
- value:
- - name: POSTGRES_DB
- value: "nextcloud"
- - name: POSTGRES_USER
- valueFrom:
- secretKeyRef:
- name: nextcloud-db
- key: username
- - name: POSTGRES_PASSWORD
- valueFrom:
- secretKeyRef:
- name: nextcloud-db
- key: password
- - name: NEXTCLOUD_ADMIN_USER
- valueFrom:
- secretKeyRef:
- name: nextcloud
- key: nextcloud-username
- - name: NEXTCLOUD_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: nextcloud
- key: nextcloud-password
- - name: NEXTCLOUD_TRUSTED_DOMAINS
- value: nextcloud.kube.home
- - name: NEXTCLOUD_UPDATE
- value: "1"
- - name: NEXTCLOUD_DATA_DIR
- value: "/var/www/html/data"
- resources:
- {}
- volumeMounts:
- - name: nextcloud-main
- mountPath: /var/www/
- subPath: root
- - name: nextcloud-main
- mountPath: /var/www/html
- subPath: html
- - name: nextcloud-main
- mountPath: /var/www/html/data
- subPath: data
- - name: nextcloud-main
- mountPath: /var/www/html/config
- subPath: config
- - name: nextcloud-main
- mountPath: /var/www/html/custom_apps
- subPath: custom_apps
- - name: nextcloud-main
- mountPath: /var/www/tmp
- subPath: tmp
- - name: nextcloud-main
- mountPath: /var/www/html/themes
- subPath: themes
- - name: nextcloud-config
- mountPath: /var/www/html/config/locale.config.php
- subPath: locale.config.php
- - name: nextcloud-config
- mountPath: /var/www/html/config/redis.config.php
- subPath: redis.config.php
- - name: nextcloud-config
- mountPath: /var/www/html/config/.htaccess
- subPath: .htaccess
- - name: nextcloud-config
- mountPath: /var/www/html/config/apcu.config.php
- subPath: apcu.config.php
- - name: nextcloud-config
- mountPath: /var/www/html/config/apps.config.php
- subPath: apps.config.php
- - name: nextcloud-config
- mountPath: /var/www/html/config/autoconfig.php
- subPath: autoconfig.php
- - name: nextcloud-config
- mountPath: /var/www/html/config/smtp.config.php
- subPath: smtp.config.php
- - name: nextcloud-nginx
- image: "nginx:alpine"
- imagePullPolicy: IfNotPresent
- ports:
- - name: http
- protocol: TCP
- containerPort: 80
- livenessProbe:
- httpGet:
- path: /status.php
- port: 80
- httpHeaders:
- - name: Host
- value: "nextcloud.kube.home"
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
- readinessProbe:
- httpGet:
- path: /status.php
- port: 80
- httpHeaders:
- - name: Host
- value: "nextcloud.kube.home"
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 3
-
- resources:
- {}
- volumeMounts:
- - name: nextcloud-main
- mountPath: /var/www/
- subPath: root
- - name: nextcloud-main
- mountPath: /var/www/html
- subPath: html
- - name: nextcloud-main
- mountPath: /var/www/html/data
- subPath: data
- - name: nextcloud-main
- mountPath: /var/www/html/config
- subPath: config
- - name: nextcloud-main
- mountPath: /var/www/html/custom_apps
- subPath: custom_apps
- - name: nextcloud-main
- mountPath: /var/www/tmp
- subPath: tmp
- - name: nextcloud-main
- mountPath: /var/www/html/themes
- subPath: themes
- - name: nextcloud-nginx-config
- mountPath: /etc/nginx/conf.d/
- volumes:
- - name: nextcloud-main
- persistentVolumeClaim:
- claimName: nextcloud-nextcloud
- - name: nextcloud-config
- configMap:
- name: nextcloud-config
- - name: nextcloud-nginx-config
- configMap:
- name: nextcloud-nginxconfig
- securityContext:
- # Will mount configuration files as www-data (id: 82) for nextcloud
- fsGroup: 82
- serviceAccountName: nextcloud-serviceaccount
\ No newline at end of file
diff --git a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml b/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
deleted file mode 100644
index 23c0450..0000000
--- a/apps/nextcloud/autoscaling_v1_HorizontalPodAutoscaler_nextcloud.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Source: nextcloud/templates/hpa.yaml
-apiVersion: autoscaling/v1
-kind: HorizontalPodAutoscaler
-metadata:
- name: nextcloud
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: app
-spec:
- scaleTargetRef:
- kind: Deployment
- apiVersion: apps/v1
- name: nextcloud
- minReplicas: 1
- maxReplicas: 10
- targetCPUUtilizationPercentage: 60
\ No newline at end of file
diff --git a/apps/nextcloud/backups.tf b/apps/nextcloud/backups.tf
index b46635b..2e95719 100644
--- a/apps/nextcloud/backups.tf
+++ b/apps/nextcloud/backups.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:
diff --git a/apps/nextcloud/collabora.tf b/apps/nextcloud/collabora.tf
index a38aea1..f78f72e 100644
--- a/apps/nextcloud/collabora.tf
+++ b/apps/nextcloud/collabora.tf
@@ -1,5 +1,5 @@
locals {
- collabora-labels = merge(local.common-labels, {
+ collabora-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "collabora"
})
}
diff --git a/apps/nextcloud/configs.tf b/apps/nextcloud/configs.tf
index f433f2a..152e2b7 100644
--- a/apps/nextcloud/configs.tf
+++ b/apps/nextcloud/configs.tf
@@ -68,7 +68,7 @@ resource "kubectl_manifest" "nextcloud-config" {
metadata:
name: "${var.component}-${var.instance}-init"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data: ${jsonencode(local.data-config-init)}
EOF
}
diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf
index 5318f76..523fb8a 100644
--- a/apps/nextcloud/datas.tf
+++ b/apps/nextcloud/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,7 +21,7 @@ locals {
}, var.storage.volume.class != "" ?{
"storageClassName" = var.storage.volume.class
}:{})
- nextcloud-labels = merge(local.common-labels, {
+ nextcloud-labels = merge(local.common_labels, {
})
}
diff --git a/apps/nextcloud/middlewares.tf b/apps/nextcloud/middlewares.tf
index 8e7b8f7..4c7c80e 100644
--- a/apps/nextcloud/middlewares.tf
+++ b/apps/nextcloud/middlewares.tf
@@ -5,7 +5,7 @@ kind: Middleware
metadata:
name: "${var.instance}-redirectdav"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
redirectRegex:
permanent: true
@@ -21,7 +21,7 @@ kind: Middleware
metadata:
name: "${var.instance}-redirectindex"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
redirectRegex:
permanent: false
@@ -37,7 +37,7 @@ kind: Middleware
metadata:
name: "${var.instance}-sslenforce"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
headers:
stsSeconds: 15552000
diff --git a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml b/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
deleted file mode 100644
index da91681..0000000
--- a/apps/nextcloud/monitoring.coreos.com_v1_ServiceMonitor_nextcloud.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-# Source: nextcloud/templates/metrics/servicemonitor.yaml
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: nextcloud
- namespace: "vynil-cloud"
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: metrics
-spec:
- jobLabel: ""
- selector:
- matchLabels:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: metrics
- namespaceSelector:
- matchNames:
- - "vynil-cloud"
- endpoints:
- - port: metrics
- path: "/"
- interval: 30s
\ No newline at end of file
diff --git a/apps/nextcloud/onlyoffice.tf b/apps/nextcloud/onlyoffice.tf
index c177ee0..ff52e62 100644
--- a/apps/nextcloud/onlyoffice.tf
+++ b/apps/nextcloud/onlyoffice.tf
@@ -1,5 +1,5 @@
locals {
- onlyoffice-labels = merge(local.common-labels, {
+ onlyoffice-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "onlyoffice"
})
}
diff --git a/apps/nextcloud/postgresql.tf b/apps/nextcloud/postgresql.tf
index 7571b70..d7aa1bc 100644
--- a/apps/nextcloud/postgresql.tf
+++ b/apps/nextcloud/postgresql.tf
@@ -1,5 +1,5 @@
locals {
- pg-labels = merge(local.common-labels, {
+ pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
}
diff --git a/apps/nextcloud/presentation.tf b/apps/nextcloud/presentation.tf
index 0837c47..2c75de3 100644
--- a/apps/nextcloud/presentation.tf
+++ b/apps/nextcloud/presentation.tf
@@ -20,7 +20,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = ["${var.instance}-sslenforce", "${var.instance}-redirectdav", "${var.instance}-redirectindex"]
services = [local.service]
@@ -48,7 +48,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
- labels = local.common-labels
+ labels = local.common_labels
dns_name = local.dns_name
redirect_path = "apps/user_oidc/code"
providers = {
diff --git a/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml b/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml
deleted file mode 100644
index d3b610b..0000000
--- a/apps/nextcloud/rbac.authorization.k8s.io_v1_RoleBinding_nextcloud-privileged.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-# Source: nextcloud/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: nextcloud-privileged
- namespace: vynil-cloud
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: nextcloud-privileged
-subjects:
- - kind: ServiceAccount
- name: nextcloud-serviceaccount
- namespace: vynil-cloud
\ No newline at end of file
diff --git a/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml b/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml
deleted file mode 100644
index 8b755a7..0000000
--- a/apps/nextcloud/rbac.authorization.k8s.io_v1_Role_nextcloud-privileged.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-# Source: nextcloud/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: nextcloud-privileged
- namespace: vynil-cloud
-rules:
- - apiGroups:
- - extensions
- resourceNames:
- - privileged
- resources:
- - podsecuritypolicies
- verbs:
- - use
\ No newline at end of file
diff --git a/apps/nextcloud/redis.tf b/apps/nextcloud/redis.tf
index 6316802..da0d5c2 100644
--- a/apps/nextcloud/redis.tf
+++ b/apps/nextcloud/redis.tf
@@ -1,5 +1,5 @@
locals {
- redis-labels = merge(local.common-labels, {
+ redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}
diff --git a/apps/nextcloud/secret.tf b/apps/nextcloud/secret.tf
index bba752b..a009ab6 100644
--- a/apps/nextcloud/secret.tf
+++ b/apps/nextcloud/secret.tf
@@ -7,7 +7,7 @@ resource "kubectl_manifest" "prj_secret" {
metadata:
name: "${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:
diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
deleted file mode 100644
index d941d80..0000000
--- a/apps/nextcloud/v1_ConfigMap_nextcloud-config.yaml
+++ /dev/null
@@ -1,111 +0,0 @@
-# Source: nextcloud/templates/config.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: nextcloud-config
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
-data:
- locale.config.php: |-
- 'fr',
- 'default_locale' => 'fr_FR',
- 'default_phone_region' => 'FR',
- 'log_type' => 'errorlog',
- 'loglevel' => 0,
- 'logdateformat' => 'F d, Y H:i:s',
- 'trusted_proxies' => array('10.244.0.0/16','2001:cafe:42::1'),
- 'allow_local_remote_servers' => true,
- );
- redis.config.php: |-
- true,
- 'memcache.distributed' => '\OC\Memcache\Redis',
- 'memcache.locking' => '\OC\Memcache\Redis',
- 'redis' => array(
- 'host' => getenv('REDIS_HOST'),
- 'port' => getenv('REDIS_HOST_PORT') ?: 6379,
- ),
- );
- }
- .htaccess: |-
- # line below if for Apache 2.4
-
- Require all denied
-
- # line below if for Apache 2.2
-
- deny from all
-
- # section for Apache 2.2 and 2.4
-
- IndexIgnore *
-
- apcu.config.php: |-
- '\OC\Memcache\APCu',
- );
- apps.config.php: |-
- array (
- 0 => array (
- "path" => OC::$SERVERROOT."/apps",
- "url" => "/apps",
- "writable" => false,
- ),
- 1 => array (
- "path" => OC::$SERVERROOT."/custom_apps",
- "url" => "/custom_apps",
- "writable" => true,
- ),
- ),
- );
- autoconfig.php: |-
- 'smtp',
- 'mail_smtphost' => getenv('SMTP_HOST'),
- 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
- 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
- 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
- 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
- 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
- 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
- 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
- 'mail_domain' => getenv('MAIL_DOMAIN'),
- );
- }
\ No newline at end of file
diff --git a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml b/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
deleted file mode 100644
index b372c68..0000000
--- a/apps/nextcloud/v1_ConfigMap_nextcloud-nginxconfig.yaml
+++ /dev/null
@@ -1,153 +0,0 @@
-# Source: nextcloud/templates/nginx-config.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: nextcloud-nginxconfig
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
-data:
- default.conf: |-
- upstream php-handler {
- server 127.0.0.1:9000;
- }
-
- server {
- listen 80;
-
- # HSTS settings
- # WARNING: Only add the preload option once you read about
- # the consequences in https://hstspreload.org/. This option
- # will add the domain to a hardcoded list that is shipped
- # in all major browsers and getting removed from this list
- # could take several months.
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-
- # set max upload size
- client_max_body_size 10G;
- fastcgi_buffers 64 4K;
-
- # Enable gzip but do not remove ETag headers
- gzip on;
- gzip_vary on;
- gzip_comp_level 4;
- gzip_min_length 256;
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
- gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-
- # Pagespeed is not supported by Nextcloud, so if your server is built
- # with the `ngx_pagespeed` module, uncomment this line to disable it.
- #pagespeed off;
-
- # HTTP response headers borrowed from Nextcloud `.htaccess`
- add_header Referrer-Policy "no-referrer" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-Download-Options "noopen" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Permitted-Cross-Domain-Policies "none" always;
- add_header X-Robots-Tag "noindex, nofollow" always;
- add_header X-XSS-Protection "1; mode=block" always;
-
- # Remove X-Powered-By, which is an information leak
- fastcgi_hide_header X-Powered-By;
-
- # Add .mjs as a file extension for javascript
- # Either include it in the default mime.types list
- # or include you can include that list explicitly and add the file extension
- # only for Nextcloud like below:
- include mime.types;
- types {
- text/javascript js mjs;
- }
-
- # Path to the root of your installation
- root /var/www/html;
-
- # Specify how to handle directories -- specifying `/index.php$request_uri`
- # here as the fallback means that Nginx always exhibits the desired behaviour
- # when a client requests a path that corresponds to a directory that exists
- # on the server. In particular, if that directory contains an index.php file,
- # that file is correctly served; if it doesn't, then the request is passed to
- # the front-end controller. This consistent behaviour means that we don't need
- # to specify custom rules for certain paths (e.g. images and other assets,
- # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
- # `try_files $uri $uri/ /index.php$request_uri`
- # always provides the desired behaviour.
- index index.php index.html /index.php$request_uri;
-
- # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
- location = / {
- if ( $http_user_agent ~ ^DavClnt ) {
- return 302 /remote.php/webdav/$is_args$args;
- }
- }
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- # Make a regex exception for `/.well-known` so that clients can still
- # access it despite the existence of the regex rule
- # `location ~ /(\.|autotest|...)` which would otherwise handle requests
- # for `/.well-known`.
- location ^~ /.well-known {
- # The following 6 rules are borrowed from `.htaccess`
-
- location = /.well-known/carddav { return 301 /remote.php/dav/; }
- location = /.well-known/caldav { return 301 /remote.php/dav/; }
- # Anything else is dynamically handled by Nextcloud
- location ^~ /.well-known { return 301 /index.php$uri; }
-
- try_files $uri $uri/ =404;
- }
-
- # Rules borrowed from `.htaccess` to hide certain paths from clients
- location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
-
- # Ensure this block, which passes PHP files to the PHP process, is above the blocks
- # which handle static assets (as seen below). If this block is not declared first,
- # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
- # to the URI, resulting in a HTTP 500 error response.
- location ~ \.php(?:$|/) {
- # Required for legacy support
- rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
-
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- set $path_info $fastcgi_path_info;
-
- try_files $fastcgi_script_name =404;
-
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $path_info;
- #fastcgi_param HTTPS on;
-
- fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
- fastcgi_param front_controller_active true; # Enable pretty urls
- fastcgi_pass php-handler;
-
- fastcgi_intercept_errors on;
- fastcgi_request_buffering off;
- }
-
- location ~ \.(?:css|js|svg|gif)$ {
- try_files $uri /index.php$request_uri;
- expires 6M; # Cache-Control policy borrowed from `.htaccess`
- access_log off; # Optional: Don't log access to assets
- }
-
- location ~ \.woff2?$ {
- try_files $uri /index.php$request_uri;
- expires 7d; # Cache-Control policy borrowed from `.htaccess`
- access_log off; # Optional: Don't log access to assets
- }
-
- location / {
- try_files $uri $uri/ /index.php$request_uri;
- }
- }
\ No newline at end of file
diff --git a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml b/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
deleted file mode 100644
index 8cfbce7..0000000
--- a/apps/nextcloud/v1_PersistentVolumeClaim_nextcloud-nextcloud.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Source: nextcloud/templates/nextcloud-pvc.yaml
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: nextcloud-nextcloud
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: app
- annotations:
- helm.sh/resource-policy: keep
-spec:
- accessModes:
- - "ReadWriteOnce"
- resources:
- requests:
- storage: "8Gi"
\ No newline at end of file
diff --git a/apps/nextcloud/v1_ServiceAccount_nextcloud-serviceaccount.yaml b/apps/nextcloud/v1_ServiceAccount_nextcloud-serviceaccount.yaml
deleted file mode 100644
index c4b9c51..0000000
--- a/apps/nextcloud/v1_ServiceAccount_nextcloud-serviceaccount.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# Source: nextcloud/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: nextcloud-serviceaccount
\ No newline at end of file
diff --git a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml b/apps/nextcloud/v1_Service_nextcloud-metrics.yaml
deleted file mode 100644
index 0c2d56e..0000000
--- a/apps/nextcloud/v1_Service_nextcloud-metrics.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Source: nextcloud/templates/metrics/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: nextcloud-metrics
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: metrics
- annotations:
- prometheus.io/port: "9205"
- prometheus.io/scrape: "true"
-spec:
- type: ClusterIP
- ports:
- - name: metrics
- port: 9205
- targetPort: metrics
- selector:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: metrics
\ No newline at end of file
diff --git a/apps/nextcloud/v1_Service_nextcloud.yaml b/apps/nextcloud/v1_Service_nextcloud.yaml
deleted file mode 100644
index f9183fb..0000000
--- a/apps/nextcloud/v1_Service_nextcloud.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Source: nextcloud/templates/service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: nextcloud
- labels:
- app.kubernetes.io/name: nextcloud
- helm.sh/chart: nextcloud-4.6.8
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/managed-by: Helm
- app.kubernetes.io/component: app
-spec:
- type: ClusterIP
- ports:
- - port: 80
- targetPort: 80
- protocol: TCP
- name: http
- selector:
- app.kubernetes.io/name: nextcloud
- app.kubernetes.io/instance: nextcloud
- app.kubernetes.io/component: app
\ No newline at end of file
diff --git a/apps/okd/datas.tf b/apps/okd/datas.tf
index d0144e6..db6e427 100644
--- a/apps/okd/datas.tf
+++ b/apps/okd/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/okd/deploy.tf b/apps/okd/deploy.tf
index 5e6d24e..6a01c20 100644
--- a/apps/okd/deploy.tf
+++ b/apps/okd/deploy.tf
@@ -5,14 +5,14 @@ resource "kubectl_manifest" "deploy" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replicas: 1
selector:
- matchLabels: ${jsonencode(local.common-labels)}
+ matchLabels: ${jsonencode(local.common_labels)}
template:
metadata:
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
securityContext:
fsGroup: 1000
diff --git a/apps/okd/presentation.tf b/apps/okd/presentation.tf
index 769e0e0..2222aa9 100644
--- a/apps/okd/presentation.tf
+++ b/apps/okd/presentation.tf
@@ -14,7 +14,7 @@ module "service" {
component = var.component
instance = var.instance
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
targets = ["http"]
providers = {
kubectl = kubectl
@@ -28,7 +28,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [module.service.default_definition]
@@ -67,7 +67,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = module.service.default_definition
icon = local.icon
diff --git a/apps/okd/rbac.tf b/apps/okd/rbac.tf
index 2203408..001648e 100644
--- a/apps/okd/rbac.tf
+++ b/apps/okd/rbac.tf
@@ -8,7 +8,7 @@ resource "kubectl_manifest" "okd_sa" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
EOF
}
@@ -19,7 +19,7 @@ resource "kubectl_manifest" "okd_crb_admin" {
kind: ClusterRoleBinding
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@@ -39,7 +39,7 @@ resource "kubectl_manifest" "okd_roles" {
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: ["*"]
resources: ["*"]
@@ -55,7 +55,7 @@ resource "kubectl_manifest" "okd_role_bindings" {
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.instance}-${var.component}"
@@ -74,7 +74,7 @@ resource "kubectl_manifest" "okd_clusterrole" {
kind: ClusterRole
metadata:
name: "${var.namespace}-${var.instance}-${var.component}-list"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
rules:
- apiGroups: [""]
resources: ["namespaces"]
@@ -94,7 +94,7 @@ resource "kubectl_manifest" "okd_clusterrole_bindings" {
metadata:
name: "${var.namespace}-${var.instance}-${var.component}-list"
namespace: "${local.sorted-namespaces[count.index]}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.instance}-${var.component}"
diff --git a/apps/sonar/apps_v1_StatefulSet_sonar-sonarqube.yaml b/apps/sonar/apps_v1_StatefulSet_sonar-sonarqube.yaml
index e145c67..62577e4 100644
--- a/apps/sonar/apps_v1_StatefulSet_sonar-sonarqube.yaml
+++ b/apps/sonar/apps_v1_StatefulSet_sonar-sonarqube.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
app.kubernetes.io/name: sonarqube-sonar-sonarqube
@@ -13,7 +13,7 @@ metadata:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: sonarqube
app.kubernetes.io/component: sonar-sonarqube
- app.kubernetes.io/version: "10.4.0-community"
+ app.kubernetes.io/version: "10.5.1-community"
spec:
replicas: 1
revisionHistoryLimit: 10
@@ -28,19 +28,20 @@ spec:
app: sonarqube
release: sonar
annotations:
- checksum/init-sysctl: a12e75ed1a8c3b06d9caf75f108948bde1e6cf6210bb3035994c8d4fdb9e1f39
- checksum/init-fs: 36564fb78d2715ef7f589fd3df9b29b970835c4f265186a47fbb0f1f8ce35c7e
- checksum/plugins: db3ffc7959ef0fc65edbd6803efe5cfa5bed57043487c5d29af43708459ce9fd
- checksum/config: ead0105b73e0ab65eebc0f041f2c07af74aab9f4e121ada0b788b5e287bc1132
- checksum/secret: 14fc9b43c5d5c61345694c7c8a2cab4fdee67d198dfec45498f58eb7a30b283d
- checksum/prometheus-config: 79e17e350acb6b7a07c0204a52a6fe22bcb4c38b9f8339d15757f040698774dc
- checksum/prometheus-ce-config: ef57c8341973db7eb712730278966b61b4aa23721f65f5e0e51a9012a6a7b28b
- spec:
+ checksum/init-sysctl: f024654d224568f7d00f522ab1f651e593efb55ee745e9624beec68996a4458d
+ checksum/init-fs: 4c8e59703fd03b0281f452e07eb3f3bdab1150a196f823234e641aaa2afb0253
+ checksum/plugins: 4e5baae46155e41236fcbdf85ea8b9ba3358994284bc26fb45d44a728d2b5c8e
+ checksum/config: 8dfa24e99816e4a8762c59197f8f41e53f8517b2f62d8839b7464952f77ad240
+ checksum/secret: 11c9bb7cdad024fc7971937b62d5245054c1091fc798528488974ef4bd5b7255
+ checksum/prometheus-config: 8b558b466ef4f60ab41a25ee83bb1cd6798a7c51aea6c557c75718f8b0527a61
+ checksum/prometheus-ce-config: 6af690da3580e26dbbfb7d1eea66284f1f52b2cff5db113b8acad5cdb87f4772
+ spec:
+ automountServiceAccountToken: false
securityContext:
fsGroup: 0
initContainers:
- name: "wait-for-db"
- image: sonarqube:10.4.0-community
+ image: sonarqube:10.5.1-community
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -57,7 +58,7 @@ spec:
command: ["/bin/bash", "-c"]
args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-postgresql/5432) && exit 0; sleep 2;done; exit 1']
- name: init-sysctl
- image: sonarqube:10.4.0-community
+ image: sonarqube:10.5.1-community
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
@@ -70,8 +71,15 @@ spec:
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
+ env:
+ - name: SONAR_WEB_CONTEXT
+ value: /
+ - name: SONAR_WEB_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
+ - name: SONAR_CE_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
- name: inject-prometheus-exporter
- image: sonarqube:10.4.0-community
+ image: sonarqube:10.5.1-community
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
@@ -98,8 +106,14 @@ spec:
value:
- name: no_proxy
value:
+ - name: SONAR_WEB_CONTEXT
+ value: /
+ - name: SONAR_WEB_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
+ - name: SONAR_CE_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
- name: install-plugins
- image: sonarqube:10.4.0-community
+ image: sonarqube:10.5.1-community
imagePullPolicy: IfNotPresent
command: ["sh",
"-e",
@@ -129,9 +143,15 @@ spec:
value:
- name: no_proxy
value:
+ - name: SONAR_WEB_CONTEXT
+ value: /
+ - name: SONAR_WEB_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
+ - name: SONAR_CE_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
containers:
- name: sonarqube
- image: sonarqube:10.4.0-community
+ image: sonarqube:10.5.1-community
imagePullPolicy: IfNotPresent
ports:
- name: http
@@ -146,19 +166,21 @@ spec:
resources:
limits:
cpu: 800m
- memory: 4Gi
+ ephemeral-storage: 512000M
+ memory: 6144M
requests:
cpu: 400m
- memory: 2Gi
+ ephemeral-storage: 1536M
+ memory: 2048M
env:
- - name: SONAR_HELM_CHART_VERSION
- value: 10.4.0_2288
- - name: SONAR_WEB_JAVAOPTS
- value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml"
- name: SONAR_WEB_CONTEXT
value: /
+ - name: SONAR_WEB_JAVAOPTS
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
- name: SONAR_CE_JAVAOPTS
- value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml"
+ value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
+ - name: SONAR_HELM_CHART_VERSION
+ value: 10.5.1_2816
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
@@ -178,8 +200,7 @@ spec:
- sh
- -c
- |
- host="$(hostname -i || echo '127.0.0.1')"
- wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:9000/api/system/liveness"
+ wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:9000/api/system/liveness"
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
@@ -193,8 +214,7 @@ spec:
#!/bin/bash
# A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are added to prevent the node to be kill while sonarqube is upgrading the database.
- host="$(hostname -i || echo '127.0.0.1')"
- if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
+ if wget --no-proxy -qO- http://localhost:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
exit 0
fi
exit 1
diff --git a/apps/sonar/index.yaml b/apps/sonar/index.yaml
index 66fa70a..20eea39 100644
--- a/apps/sonar/index.yaml
+++ b/apps/sonar/index.yaml
@@ -6,33 +6,15 @@ metadata:
name: sonar
description: The code quality tool for better code
options:
- issuer:
- default: letsencrypt-prod
+ domain:
+ default: your-company
examples:
- - letsencrypt-prod
+ - your-company
type: string
- plugins:
- default:
- - https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
- - https://github.com/jycr/sonar-l10n-fr/releases/download/9.9.0/sonar-l10n-fr-plugin-9.9.0.jar
- - https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar
- - https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.5.0/sonar-shellcheck-plugin-2.5.0.jar
- - https://github.com/cnescatlab/sonar-hadolint-plugin/releases/download/1.1.0/sonar-hadolint-plugin-1.1.0.jar
- - https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-extras-plugin-2.5.1.jar
+ domain_name:
+ default: your_company.com
examples:
- - - https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
- - https://github.com/jycr/sonar-l10n-fr/releases/download/9.9.0/sonar-l10n-fr-plugin-9.9.0.jar
- - https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar
- - https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.5.0/sonar-shellcheck-plugin-2.5.0.jar
- - https://github.com/cnescatlab/sonar-hadolint-plugin/releases/download/1.1.0/sonar-hadolint-plugin-1.1.0.jar
- - https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-extras-plugin-2.5.1.jar
- items:
- type: string
- type: array
- ingress_class:
- default: traefik
- examples:
- - traefik
+ - your_company.com
type: string
images:
default:
@@ -73,21 +55,39 @@ options:
type: string
type: object
type: object
- domain_name:
- default: your_company.com
+ ingress_class:
+ default: traefik
examples:
- - your_company.com
+ - traefik
type: string
+ issuer:
+ default: letsencrypt-prod
+ examples:
+ - letsencrypt-prod
+ type: string
+ plugins:
+ default:
+ - https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
+ - https://github.com/jycr/sonar-l10n-fr/releases/download/9.9.0/sonar-l10n-fr-plugin-9.9.0.jar
+ - https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar
+ - https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.5.0/sonar-shellcheck-plugin-2.5.0.jar
+ - https://github.com/cnescatlab/sonar-hadolint-plugin/releases/download/1.1.0/sonar-hadolint-plugin-1.1.0.jar
+ - https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-extras-plugin-2.5.1.jar
+ examples:
+ - - https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar
+ - https://github.com/jycr/sonar-l10n-fr/releases/download/9.9.0/sonar-l10n-fr-plugin-9.9.0.jar
+ - https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar
+ - https://github.com/sbaudoin/sonar-shellcheck/releases/download/v2.5.0/sonar-shellcheck-plugin-2.5.0.jar
+ - https://github.com/cnescatlab/sonar-hadolint-plugin/releases/download/1.1.0/sonar-hadolint-plugin-1.1.0.jar
+ - https://github.com/sbaudoin/sonar-ansible/releases/download/v2.5.1/sonar-ansible-extras-plugin-2.5.1.jar
+ items:
+ type: string
+ type: array
sub_domain:
default: sonar
examples:
- sonar
type: string
- domain:
- default: your-company
- examples:
- - your-company
- type: string
dependencies: []
providers:
kubernetes: true
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-config.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-config.yaml
index 44ba11a..c510a98 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-config.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-config.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-config
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-fs.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-fs.yaml
index 2dff73e..7dffa6d 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-fs.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-fs.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-init-fs
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-sysctl.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-sysctl.yaml
index 629b7a5..64687bd 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-sysctl.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-init-sysctl.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-init-sysctl
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-install-plugins.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-install-plugins.yaml
index 05ef598..18da357 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-install-plugins.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-install-plugins.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-install-plugins
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-jdbc-config.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-jdbc-config.yaml
index 641a2c4..498d603 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-jdbc-config.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-jdbc-config.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-jdbc-config
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-ce-config.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-ce-config.yaml
index 61b54c2..56175f2 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-ce-config.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-ce-config.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-prometheus-ce-config
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-config.yaml b/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-config.yaml
index 79b3971..7129f7f 100644
--- a/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-config.yaml
+++ b/apps/sonar/v1_ConfigMap_sonar-sonarqube-prometheus-config.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube-prometheus-config
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
data:
diff --git a/apps/sonar/v1_Secret_sonar-sonarqube-monitoring-passcode.yaml b/apps/sonar/v1_Secret_sonar-sonarqube-monitoring-passcode.yaml
index 60ada13..a2b2b8c 100644
--- a/apps/sonar/v1_Secret_sonar-sonarqube-monitoring-passcode.yaml
+++ b/apps/sonar/v1_Secret_sonar-sonarqube-monitoring-passcode.yaml
@@ -4,7 +4,7 @@ metadata:
name: sonar-sonarqube-monitoring-passcode
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
type: Opaque
diff --git a/apps/sonar/v1_Service_sonar-sonarqube.yaml b/apps/sonar/v1_Service_sonar-sonarqube.yaml
index 3678450..5b78ba7 100644
--- a/apps/sonar/v1_Service_sonar-sonarqube.yaml
+++ b/apps/sonar/v1_Service_sonar-sonarqube.yaml
@@ -5,7 +5,7 @@ metadata:
name: sonar-sonarqube
labels:
app: sonarqube
- chart: sonarqube-10.4.0_2288
+ chart: sonarqube-10.5.1_2816
release: sonar
heritage: Helm
diff --git a/apps/traefik-ui/datas.tf b/apps/traefik-ui/datas.tf
index d0144e6..db6e427 100644
--- a/apps/traefik-ui/datas.tf
+++ b/apps/traefik-ui/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/apps/traefik-ui/presentation.tf b/apps/traefik-ui/presentation.tf
index caa26e3..e8f39e8 100644
--- a/apps/traefik-ui/presentation.tf
+++ b/apps/traefik-ui/presentation.tf
@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [local.service]
@@ -61,7 +61,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = local.service
icon = local.icon
diff --git a/apps/traefik-ui/svc.tf b/apps/traefik-ui/svc.tf
index 6082a7e..d400e28 100644
--- a/apps/traefik-ui/svc.tf
+++ b/apps/traefik-ui/svc.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "service" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
type: ClusterIP
ports:
diff --git a/apps/woodpecker/config_server.tf b/apps/woodpecker/config_server.tf
index e621787..86d0539 100644
--- a/apps/woodpecker/config_server.tf
+++ b/apps/woodpecker/config_server.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "server_config" {
metadata:
name: "${var.instance}-${var.component}-server"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
WOODPECKER_WEBHOOK_HOST: "http://woodpecker-server.${var.namespace}.svc"
WOODPECKER_METRICS_SERVER_ADDR: ":9001"
@@ -22,7 +22,7 @@ resource "kubectl_manifest" "server_start" {
metadata:
name: "${var.instance}-${var.component}-server-start"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
"start.sh": |-
#!/bin/ash
@@ -38,7 +38,7 @@ resource "kubectl_manifest" "agent_start" {
metadata:
name: "${var.instance}-${var.component}-agent-start"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
"start.sh": |-
#!/bin/ash
diff --git a/apps/woodpecker/datas.tf b/apps/woodpecker/datas.tf
index a7f5000..79d05a4 100644
--- a/apps/woodpecker/datas.tf
+++ b/apps/woodpecker/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -32,7 +32,7 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
patches {
target {
diff --git a/apps/woodpecker/presentation.tf b/apps/woodpecker/presentation.tf
index 85ec66d..755b90c 100644
--- a/apps/woodpecker/presentation.tf
+++ b/apps/woodpecker/presentation.tf
@@ -17,7 +17,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = []
services = [local.service]
diff --git a/apps/woodpecker/secret.tf b/apps/woodpecker/secret.tf
index 5fdc61d..eaa7d6c 100644
--- a/apps/woodpecker/secret.tf
+++ b/apps/woodpecker/secret.tf
@@ -7,7 +7,7 @@ resource "kubectl_manifest" "prj_secret" {
metadata:
name: "${var.component}-secret"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
fields:
diff --git a/meta/domain-apps/apps.tf b/meta/domain-apps/apps.tf
index c7a52f3..172656b 100644
--- a/meta/domain-apps/apps.tf
+++ b/meta/domain-apps/apps.tf
@@ -57,7 +57,7 @@ resource "kubernetes_namespace_v1" "files-ns" {
count = var.nextcloud.enable ? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-files"
}
}
@@ -71,7 +71,7 @@ resource "kubectl_manifest" "nextcloud" {
metadata:
name: "nextcloud"
namespace: "${kubernetes_namespace_v1.files-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
diff --git a/meta/domain-apps/common.tf b/meta/domain-apps/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-apps/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-auth/apps.tf b/meta/domain-auth/apps.tf
index 6547ef5..009db58 100644
--- a/meta/domain-auth/apps.tf
+++ b/meta/domain-auth/apps.tf
@@ -69,7 +69,7 @@ resource "kubernetes_namespace_v1" "auth-ns" {
count = var.authentik.enable || var.authentik-ldap.enable || var.authentik-forward.enable ? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-auth"
}
}
@@ -83,7 +83,7 @@ resource "kubectl_manifest" "authentik" {
metadata:
name: "authentik"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -101,7 +101,7 @@ resource "kubectl_manifest" "authentik-ldap" {
metadata:
name: "authentik-ldap"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -119,7 +119,7 @@ resource "kubectl_manifest" "authentik-forward" {
metadata:
name: "authentik-forward"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/meta/domain-auth/common.tf b/meta/domain-auth/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-auth/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-auth/divisions.tf b/meta/domain-auth/divisions.tf
index 8ef3eba..89bf2b5 100644
--- a/meta/domain-auth/divisions.tf
+++ b/meta/domain-auth/divisions.tf
@@ -46,7 +46,7 @@ resource "kubectl_manifest" "accounts-management" {
metadata:
name: "accounts-management"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -68,7 +68,7 @@ resource "kubectl_manifest" "employes-divisions" {
metadata:
name: "employes-${local.sorted-div-employes[count.index].name}"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -90,7 +90,7 @@ resource "kubectl_manifest" "clients-divisions" {
metadata:
name: "clients-${local.sorted-div-clients[count.index].name}"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -112,7 +112,7 @@ resource "kubectl_manifest" "fournisseurs-divisions" {
metadata:
name: "fournisseurs-${local.sorted-div-fournisseurs[count.index].name}"
namespace: "${var.namespace}-auth"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/meta/domain-ci/apps.tf b/meta/domain-ci/apps.tf
index 45ebe74..311bd18 100644
--- a/meta/domain-ci/apps.tf
+++ b/meta/domain-ci/apps.tf
@@ -63,7 +63,7 @@ resource "kubernetes_namespace_v1" "ci-ns" {
count = ( var.gitea.enable )? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-ci"
}
}
@@ -77,7 +77,7 @@ resource "kubectl_manifest" "gitea" {
metadata:
name: "gitea"
namespace: "${var.namespace}-ci"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -95,7 +95,7 @@ resource "kubectl_manifest" "woodpecker" {
metadata:
name: "woodpecker"
namespace: "${var.namespace}-ci"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
diff --git a/meta/domain-ci/common.tf b/meta/domain-ci/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-ci/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-devspaces/apps.tf b/meta/domain-devspaces/apps.tf
index 2cd7171..799fa99 100644
--- a/meta/domain-devspaces/apps.tf
+++ b/meta/domain-devspaces/apps.tf
@@ -201,7 +201,7 @@ resource "kubernetes_namespace_v1" "apps-ns" {
count = (var.apps.dbgate.enable || var.apps.okd.enable || var.apps.gramo.enable) ? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-devapps"
}
}
@@ -215,7 +215,7 @@ resource "kubectl_manifest" "okd" {
metadata:
name: "dev-okd"
namespace: "${kubernetes_namespace_v1.apps-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -233,7 +233,7 @@ resource "kubectl_manifest" "gramo" {
metadata:
name: "dev-gramo"
namespace: "${kubernetes_namespace_v1.apps-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -251,7 +251,7 @@ resource "kubectl_manifest" "dbgate" {
metadata:
name: "dbgate"
namespace: "${kubernetes_namespace_v1.apps-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
diff --git a/meta/domain-devspaces/common.tf b/meta/domain-devspaces/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-devspaces/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-devspaces/organisations.tf b/meta/domain-devspaces/organisations.tf
index b9b90da..6d34273 100644
--- a/meta/domain-devspaces/organisations.tf
+++ b/meta/domain-devspaces/organisations.tf
@@ -18,7 +18,7 @@ resource "kubectl_manifest" "organisations" {
metadata:
name: "org-${local.sorted-organisations[count.index].name}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/meta/domain-devspaces/stations.tf b/meta/domain-devspaces/stations.tf
index e7f6626..278ba32 100644
--- a/meta/domain-devspaces/stations.tf
+++ b/meta/domain-devspaces/stations.tf
@@ -34,7 +34,7 @@ resource "kubernetes_namespace_v1" "dev-ns" {
count = length(local.sorted-stations)
metadata {
annotations = local.annotations
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.domain}-devspaces-${local.sorted-stations[count.index].name}"
}
}
@@ -48,7 +48,7 @@ resource "kubectl_manifest" "devstations" {
metadata:
name: "${local.sorted-stations[count.index].name}"
namespace: "${var.domain}-devspaces-${local.sorted-stations[count.index].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -66,7 +66,7 @@ resource "kubectl_manifest" "datasets" {
metadata:
name: "${local.sorted-datasets[count.index].name}"
namespace: "${local.sorted-datasets[count.index].namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/meta/domain-erp/apps.tf b/meta/domain-erp/apps.tf
index 76a0ded..8be5a32 100644
--- a/meta/domain-erp/apps.tf
+++ b/meta/domain-erp/apps.tf
@@ -57,7 +57,7 @@ resource "kubernetes_namespace_v1" "erp-ns" {
count = ( var.dolibarr.enable )? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-erp"
}
}
@@ -71,7 +71,7 @@ resource "kubectl_manifest" "dolibarr" {
metadata:
name: "dolibarr"
namespace: "${kubernetes_namespace_v1.erp-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
diff --git a/meta/domain-erp/common.tf b/meta/domain-erp/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-erp/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-infra/apps.tf b/meta/domain-infra/apps.tf
index f40406d..4d15716 100644
--- a/meta/domain-infra/apps.tf
+++ b/meta/domain-infra/apps.tf
@@ -81,7 +81,7 @@ resource "kubernetes_namespace_v1" "infra-ns" {
count = ( var.dns.enable || var.okd.enable || var.gramo.enable )? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-infra"
}
}
@@ -95,7 +95,7 @@ resource "kubectl_manifest" "dns" {
metadata:
name: "dns"
namespace: "${kubernetes_namespace_v1.infra-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -112,7 +112,7 @@ resource "kubectl_manifest" "traefik" {
metadata:
name: "${var.namespace}"
namespace: "${var.traefik.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -129,7 +129,7 @@ resource "kubectl_manifest" "k8s_api" {
metadata:
name: "k8s-api-${var.namespace}"
namespace: "default"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -147,7 +147,7 @@ resource "kubectl_manifest" "okd" {
metadata:
name: "infra-okd"
namespace: "${kubernetes_namespace_v1.infra-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
@@ -165,7 +165,7 @@ resource "kubectl_manifest" "gramo" {
metadata:
name: "infra-gramo"
namespace: "${kubernetes_namespace_v1.infra-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "apps"
diff --git a/meta/domain-infra/common.tf b/meta/domain-infra/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-infra/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-mail/apps.tf b/meta/domain-mail/apps.tf
index 084ad9d..fb965a9 100644
--- a/meta/domain-mail/apps.tf
+++ b/meta/domain-mail/apps.tf
@@ -57,7 +57,7 @@ resource "kubernetes_namespace_v1" "mail-ns" {
count = ( var.wildduck.enable )? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-mail"
}
}
@@ -71,7 +71,7 @@ resource "kubectl_manifest" "wildduck" {
metadata:
name: "wildduck"
namespace: "${kubernetes_namespace_v1.mail-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/meta/domain-mail/common.tf b/meta/domain-mail/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-mail/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain-monitor/apps.tf b/meta/domain-monitor/apps.tf
index b4cf316..775aca9 100644
--- a/meta/domain-monitor/apps.tf
+++ b/meta/domain-monitor/apps.tf
@@ -135,7 +135,7 @@ resource "kubernetes_namespace_v1" "monitor-ns" {
count = ( var.grafana.enable || var.loki.enable || var.promtail.enable || var.prometheus.enable || var.alertmanager.enable || var.node-exporter.enable || var.kube-state-metrics.enable || var.monitor-control-plan.enable )? 1 : 0
metadata {
annotations = merge(local.annotations, local.annotations_default)
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.namespace}-monitor"
}
}
@@ -149,7 +149,7 @@ resource "kubectl_manifest" "alertmanager" {
metadata:
name: "alertmanager"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -166,7 +166,7 @@ resource "kubectl_manifest" "prometheus" {
metadata:
name: "prometheus"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -183,7 +183,7 @@ resource "kubectl_manifest" "nodeExporter" {
metadata:
name: "node-exporter"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -201,7 +201,7 @@ resource "kubectl_manifest" "kubeStateMetrics" {
metadata:
name: "kube-state-metrics"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -219,7 +219,7 @@ resource "kubectl_manifest" "monitorControlPlan" {
metadata:
name: "monitor-control-plan"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -237,7 +237,7 @@ resource "kubectl_manifest" "alerts-core" {
metadata:
name: "alerts-core"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -254,7 +254,7 @@ resource "kubectl_manifest" "alerts-containers" {
metadata:
name: "alerts-containers"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -271,7 +271,7 @@ resource "kubectl_manifest" "dashboards-cluster" {
metadata:
name: "dashboards-cluster"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -287,7 +287,7 @@ resource "kubectl_manifest" "dashboards-minimal" {
metadata:
name: "dashboards-minimal"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -303,7 +303,7 @@ resource "kubectl_manifest" "dashboards-namespace" {
metadata:
name: "dashboards-namespace"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -319,7 +319,7 @@ resource "kubectl_manifest" "dashboards-workload" {
metadata:
name: "dashboards-workload"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -336,7 +336,7 @@ resource "kubectl_manifest" "grafana" {
metadata:
name: "grafana"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -353,7 +353,7 @@ resource "kubectl_manifest" "promtail" {
metadata:
name: "promtail"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
@@ -370,7 +370,7 @@ resource "kubectl_manifest" "loki" {
metadata:
name: "loki"
namespace: "${kubernetes_namespace_v1.monitor-ns[0].metadata[0].name}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "monitor"
diff --git a/meta/domain-monitor/common.tf b/meta/domain-monitor/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain-monitor/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain/common.tf b/meta/domain/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/meta/domain/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/meta/domain/installs.tf b/meta/domain/installs.tf
index 22bf10c..e1316ad 100644
--- a/meta/domain/installs.tf
+++ b/meta/domain/installs.tf
@@ -177,7 +177,7 @@ resource "kubectl_manifest" "auth" {
metadata:
name: "auth"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -193,7 +193,7 @@ resource "kubectl_manifest" "infra" {
metadata:
name: "infra"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -209,7 +209,7 @@ resource "kubectl_manifest" "ci" {
metadata:
name: "ci"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -225,7 +225,7 @@ resource "kubectl_manifest" "erp" {
metadata:
name: "erp"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -241,7 +241,7 @@ resource "kubectl_manifest" "apps" {
metadata:
name: "apps"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -257,7 +257,7 @@ resource "kubectl_manifest" "mail" {
metadata:
name: "mail"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -273,7 +273,7 @@ resource "kubectl_manifest" "monitor" {
metadata:
name: "monitor"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
@@ -289,7 +289,7 @@ resource "kubectl_manifest" "devspaces" {
metadata:
name: "devspaces"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
diff --git a/monitor/alertmanager/datas.tf b/monitor/alertmanager/datas.tf
index b7cc2bc..a818381 100644
--- a/monitor/alertmanager/datas.tf
+++ b/monitor/alertmanager/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -24,7 +24,7 @@ data "kubernetes_secret_v1" "authentik" {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
patches {
diff --git a/monitor/alertmanager/presentation.tf b/monitor/alertmanager/presentation.tf
index 6e2aa81..9e9b71a 100644
--- a/monitor/alertmanager/presentation.tf
+++ b/monitor/alertmanager/presentation.tf
@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [local.service]
@@ -61,7 +61,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = local.service
icon = local.icon
diff --git a/monitor/alertmanager/svc.tf b/monitor/alertmanager/svc.tf
index c5220bb..66e5567 100644
--- a/monitor/alertmanager/svc.tf
+++ b/monitor/alertmanager/svc.tf
@@ -1,5 +1,5 @@
locals {
- svc-label = merge(local.common-labels, {
+ svc-label = merge(local.common_labels, {
"app" = "kube-prometheus-stack-prometheus"
"release" = "prometheus"
"self-monitor" = "true"
diff --git a/monitor/alerts-containers/datas.tf b/monitor/alerts-containers/datas.tf
index 9797980..3c73027 100644
--- a/monitor/alerts-containers/datas.tf
+++ b/monitor/alerts-containers/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/alerts-core/datas.tf b/monitor/alerts-core/datas.tf
index 9797980..3c73027 100644
--- a/monitor/alerts-core/datas.tf
+++ b/monitor/alerts-core/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/dashboards-cluster/datas.tf b/monitor/dashboards-cluster/datas.tf
index 9797980..3c73027 100644
--- a/monitor/dashboards-cluster/datas.tf
+++ b/monitor/dashboards-cluster/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/dashboards-minimal/datas.tf b/monitor/dashboards-minimal/datas.tf
index 9797980..3c73027 100644
--- a/monitor/dashboards-minimal/datas.tf
+++ b/monitor/dashboards-minimal/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/dashboards-namespace/datas.tf b/monitor/dashboards-namespace/datas.tf
index 9797980..3c73027 100644
--- a/monitor/dashboards-namespace/datas.tf
+++ b/monitor/dashboards-namespace/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/dashboards-workload/datas.tf b/monitor/dashboards-workload/datas.tf
index 9797980..3c73027 100644
--- a/monitor/dashboards-workload/datas.tf
+++ b/monitor/dashboards-workload/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
}
diff --git a/monitor/grafana/config.tf b/monitor/grafana/config.tf
index d10de92..38ea293 100644
--- a/monitor/grafana/config.tf
+++ b/monitor/grafana/config.tf
@@ -2,7 +2,7 @@ resource "kubernetes_config_map_v1" "config" {
metadata {
name = "grafana"
namespace = var.namespace
- labels = local.common-labels
+ labels = local.common_labels
}
data = {
"grafana.ini" = <<-EOF
diff --git a/monitor/grafana/datas.tf b/monitor/grafana/datas.tf
index 591b91d..e511203 100644
--- a/monitor/grafana/datas.tf
+++ b/monitor/grafana/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -38,7 +38,7 @@ data "kubernetes_ingress_v1" "authentik" {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
diff --git a/monitor/grafana/presentation.tf b/monitor/grafana/presentation.tf
index b38289f..c19fd36 100644
--- a/monitor/grafana/presentation.tf
+++ b/monitor/grafana/presentation.tf
@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = []
services = [local.service]
@@ -51,7 +51,7 @@ module "oauth2" {
instance = var.instance
namespace = var.namespace
domain = var.domain
- labels = local.common-labels
+ labels = local.common_labels
dns_name = local.dns_name
redirect_path = "login/generic_oauth"
providers = {
diff --git a/monitor/grafana/secret.tf b/monitor/grafana/secret.tf
index ee72b3e..6a2222a 100644
--- a/monitor/grafana/secret.tf
+++ b/monitor/grafana/secret.tf
@@ -7,7 +7,7 @@ resource "kubectl_manifest" "grafana_secret" {
metadata:
name: "grafana-admin-user"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
data:
diff --git a/monitor/kube-state-metrics/datas.tf b/monitor/kube-state-metrics/datas.tf
index f26ff7e..53ad4ad 100644
--- a/monitor/kube-state-metrics/datas.tf
+++ b/monitor/kube-state-metrics/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -15,7 +15,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
@@ -37,7 +37,7 @@ data "kustomization_overlay" "data" {
}
data "kustomization_overlay" "data_no_ns" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0]
patches {
target {
diff --git a/monitor/loki-dashboard/common.tf b/monitor/loki-dashboard/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/monitor/loki-dashboard/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/monitor/loki-dashboard/index.yaml b/monitor/loki-dashboard/index.yaml
index 6f087dc..1de700b 100644
--- a/monitor/loki-dashboard/index.yaml
+++ b/monitor/loki-dashboard/index.yaml
@@ -6,6 +6,16 @@ metadata:
name: loki-dashboard
description: Install Loki related dashboard into Grafana
options:
+ domain:
+ default: your-company
+ examples:
+ - your-company
+ type: string
+ domain_name:
+ default: your_company.com
+ examples:
+ - your_company.com
+ type: string
images:
default:
operator:
@@ -45,31 +55,21 @@ options:
type: string
type: object
type: object
- issuer:
- default: letsencrypt-prod
- examples:
- - letsencrypt-prod
- type: string
ingress_class:
default: traefik
examples:
- traefik
type: string
+ issuer:
+ default: letsencrypt-prod
+ examples:
+ - letsencrypt-prod
+ type: string
sub_domain:
default: to-be-set
examples:
- to-be-set
type: string
- domain:
- default: your-company
- examples:
- - your-company
- type: string
- domain_name:
- default: your_company.com
- examples:
- - your_company.com
- type: string
dependencies: []
providers:
kubernetes: true
diff --git a/monitor/loki/config.tf b/monitor/loki/config.tf
index de79b58..a5d5652 100644
--- a/monitor/loki/config.tf
+++ b/monitor/loki/config.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "datasource" {
metadata:
name: loki-datasource
namespace: "${var.namespace}"
- labels: ${jsonencode(merge(local.common-labels, {"grafana_datasource" = "1"}))}
+ labels: ${jsonencode(merge(local.common_labels, {"grafana_datasource" = "1"}))}
data:
loki-datasource.yaml: |-
apiVersion: 1
@@ -27,7 +27,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: loki
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
config.yaml: |
auth_enabled: false
diff --git a/monitor/loki/datas.tf b/monitor/loki/datas.tf
index 54e28bb..8c033af 100644
--- a/monitor/loki/datas.tf
+++ b/monitor/loki/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -26,7 +26,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
diff --git a/monitor/monitor-control-plan/datas.tf b/monitor/monitor-control-plan/datas.tf
index d850fcd..fa32bd3 100644
--- a/monitor/monitor-control-plan/datas.tf
+++ b/monitor/monitor-control-plan/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("v1_Service_prometheus",file))<1]
}
diff --git a/monitor/node-exporter/datas.tf b/monitor/node-exporter/datas.tf
index 7068eea..77d04ea 100644
--- a/monitor/node-exporter/datas.tf
+++ b/monitor/node-exporter/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -10,7 +10,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
diff --git a/monitor/prometheus/datas.tf b/monitor/prometheus/datas.tf
index 0bb6ac9..3ae2bca 100644
--- a/monitor/prometheus/datas.tf
+++ b/monitor/prometheus/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -24,7 +24,7 @@ data "kubernetes_secret_v1" "authentik" {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("Service_prometheus",file))<1]
patches {
diff --git a/monitor/prometheus/presentation.tf b/monitor/prometheus/presentation.tf
index 2f42d6e..b68a22e 100644
--- a/monitor/prometheus/presentation.tf
+++ b/monitor/prometheus/presentation.tf
@@ -22,7 +22,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [module.forward.middleware]
services = [local.service]
@@ -61,7 +61,7 @@ module "forward" {
domain = var.domain
namespace = var.namespace
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
service = local.service
icon = local.icon
diff --git a/monitor/prometheus/prometheus.tf b/monitor/prometheus/prometheus.tf
index 2e1ecdb..fe43c56 100644
--- a/monitor/prometheus/prometheus.tf
+++ b/monitor/prometheus/prometheus.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "prometheus" {
metadata:
name: prometheus
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
image: "${var.images.prometheus.registry}/${var.images.prometheus.repository}:${var.images.prometheus.tag}"
version: ${var.images.prometheus.tag}
diff --git a/monitor/prometheus/svc.tf b/monitor/prometheus/svc.tf
index 3b6bab6..9a9b895 100644
--- a/monitor/prometheus/svc.tf
+++ b/monitor/prometheus/svc.tf
@@ -1,5 +1,5 @@
locals {
- svc-label = merge(local.common-labels, {
+ svc-label = merge(local.common_labels, {
"app" = "kube-prometheus-stack-prometheus"
"release" = "prometheus"
"self-monitor" = "true"
diff --git a/monitor/promtail/config.tf b/monitor/promtail/config.tf
index 0cbf1a6..72b02b9 100644
--- a/monitor/promtail/config.tf
+++ b/monitor/promtail/config.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "config" {
metadata:
name: promtail
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
data:
promtail.yaml: |
server:
diff --git a/monitor/promtail/datas.tf b/monitor/promtail/datas.tf
index 977a334..e925552 100644
--- a/monitor/promtail/datas.tf
+++ b/monitor/promtail/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -15,7 +15,7 @@ locals {
}
data "kustomization_overlay" "data" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
namespace = var.namespace
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1]
images {
@@ -25,7 +25,7 @@ data "kustomization_overlay" "data" {
}
}
data "kustomization_overlay" "data_no_ns" {
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if length(regexall("ClusterRole",file))>0]
patches {
diff --git a/monitor/thanos-ruler/common.tf b/monitor/thanos-ruler/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/monitor/thanos-ruler/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/monitor/thanos-ruler/index.rhai b/monitor/thanos-ruler/index.rhai
new file mode 100644
index 0000000..aacedf2
--- /dev/null
+++ b/monitor/thanos-ruler/index.rhai
@@ -0,0 +1,7 @@
+const NS=config.namespace;
+const SRC=src;
+const DEST=dest;
+fn pre_pack() {
+ shell("helm repo add prometheus-community https://prometheus-community.github.io/helm-charts");
+ shell(`helm template prometheus-community prometheus-community/kube-prometheus-stack --namespace=vynil-monitor --values values.yml >${global::SRC}/chart.yaml`);
+}
diff --git a/monitor/thanos-ruler/index.yaml b/monitor/thanos-ruler/index.yaml
new file mode 100644
index 0000000..4bad28f
--- /dev/null
+++ b/monitor/thanos-ruler/index.yaml
@@ -0,0 +1,83 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: monitor
+metadata:
+ name: thanos-ruler
+ description: null
+options:
+ domain:
+ default: your-company
+ examples:
+ - your-company
+ type: string
+ domain_name:
+ default: your_company.com
+ examples:
+ - your_company.com
+ type: string
+ images:
+ default:
+ operator:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: to-be/defined
+ tag: v1.0.0
+ examples:
+ - operator:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: to-be/defined
+ tag: v1.0.0
+ properties:
+ operator:
+ default:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: to-be/defined
+ tag: v1.0.0
+ properties:
+ pull_policy:
+ default: IfNotPresent
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ registry:
+ default: docker.io
+ type: string
+ repository:
+ default: to-be/defined
+ type: string
+ tag:
+ default: v1.0.0
+ type: string
+ type: object
+ type: object
+ ingress_class:
+ default: traefik
+ examples:
+ - traefik
+ type: string
+ issuer:
+ default: letsencrypt-prod
+ examples:
+ - letsencrypt-prod
+ type: string
+ sub_domain:
+ default: to-be-set
+ examples:
+ - to-be-set
+ type: string
+dependencies: []
+providers:
+ kubernetes: true
+ authentik: true
+ kubectl: true
+ postgresql: null
+ mysql: null
+ restapi: null
+ http: null
+ gitea: null
+tfaddtype: null
diff --git a/monitor/thanos-ruler/monitoring.coreos.com_v1_ServiceMonitor_kube-prometheus-stack-thanos-ruler.yaml b/monitor/thanos-ruler/monitoring.coreos.com_v1_ServiceMonitor_kube-prometheus-stack-thanos-ruler.yaml
new file mode 100644
index 0000000..ce456fb
--- /dev/null
+++ b/monitor/thanos-ruler/monitoring.coreos.com_v1_ServiceMonitor_kube-prometheus-stack-thanos-ruler.yaml
@@ -0,0 +1,29 @@
+# Source: kube-prometheus-stack/templates/thanos-ruler/servicemonitor.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: kube-prometheus-stack-thanos-ruler
+ namespace: vynil-monitor
+ labels:
+ app: kube-prometheus-stack-thanos-ruler
+
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: prometheus-community
+ app.kubernetes.io/version: "58.5.0"
+ app.kubernetes.io/part-of: kube-prometheus-stack
+ chart: kube-prometheus-stack-58.5.0
+ release: "prometheus-community"
+ heritage: "Helm"
+spec:
+
+ selector:
+ matchLabels:
+ app: kube-prometheus-stack-thanos-ruler
+ release: "prometheus-community"
+ self-monitor: "true"
+ namespaceSelector:
+ matchNames:
+ - "vynil-monitor"
+ endpoints:
+ - port: web
+ path: "/metrics"
\ No newline at end of file
diff --git a/monitor/thanos-ruler/monitoring.coreos.com_v1_ThanosRuler_prometheus-community-kube-thanos-ruler.yaml b/monitor/thanos-ruler/monitoring.coreos.com_v1_ThanosRuler_prometheus-community-kube-thanos-ruler.yaml
new file mode 100644
index 0000000..cd85f9e
--- /dev/null
+++ b/monitor/thanos-ruler/monitoring.coreos.com_v1_ThanosRuler_prometheus-community-kube-thanos-ruler.yaml
@@ -0,0 +1,39 @@
+# Source: kube-prometheus-stack/templates/thanos-ruler/ruler.yaml
+apiVersion: monitoring.coreos.com/v1
+kind: ThanosRuler
+metadata:
+ name: prometheus-community-kube-thanos-ruler
+ namespace: vynil-monitor
+ labels:
+ app: kube-prometheus-stack-thanos-ruler
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: prometheus-community
+ app.kubernetes.io/version: "58.5.0"
+ app.kubernetes.io/part-of: kube-prometheus-stack
+ chart: kube-prometheus-stack-58.5.0
+ release: "prometheus-community"
+ heritage: "Helm"
+spec:
+ image: "quay.io/thanos/thanos:v0.35.0"
+ replicas: 1
+ listenLocal: false
+ serviceAccountName: kube-prometheus-stack-thanos-ruler
+ externalPrefix: "http://kube-prometheus-stack-thanos-ruler.vynil-monitor:10902"
+ paused: false
+ logFormat: "logfmt"
+ logLevel: "info"
+ retention: "24h"
+ ruleNamespaceSelector: {}
+ ruleSelector:
+ matchLabels:
+ release: "prometheus-community"
+
+ routePrefix: "/"
+ securityContext:
+ fsGroup: 2000
+ runAsGroup: 2000
+ runAsNonRoot: true
+ runAsUser: 1000
+ seccompProfile:
+ type: RuntimeDefault
+ portName: web
\ No newline at end of file
diff --git a/monitor/thanos-ruler/v1_Secret_kube-prometheus-stack-thanos-ruler.yaml b/monitor/thanos-ruler/v1_Secret_kube-prometheus-stack-thanos-ruler.yaml
new file mode 100644
index 0000000..23e8604
--- /dev/null
+++ b/monitor/thanos-ruler/v1_Secret_kube-prometheus-stack-thanos-ruler.yaml
@@ -0,0 +1,17 @@
+# Source: kube-prometheus-stack/templates/thanos-ruler/secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: kube-prometheus-stack-thanos-ruler
+ namespace: vynil-monitor
+ labels:
+ app: kube-prometheus-stack-thanos-ruler
+
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: prometheus-community
+ app.kubernetes.io/version: "58.5.0"
+ app.kubernetes.io/part-of: kube-prometheus-stack
+ chart: kube-prometheus-stack-58.5.0
+ release: "prometheus-community"
+ heritage: "Helm"
+data:
\ No newline at end of file
diff --git a/monitor/thanos-ruler/v1_ServiceAccount_kube-prometheus-stack-thanos-ruler.yaml b/monitor/thanos-ruler/v1_ServiceAccount_kube-prometheus-stack-thanos-ruler.yaml
new file mode 100644
index 0000000..bef66a0
--- /dev/null
+++ b/monitor/thanos-ruler/v1_ServiceAccount_kube-prometheus-stack-thanos-ruler.yaml
@@ -0,0 +1,18 @@
+---
+# Source: kube-prometheus-stack/templates/thanos-ruler/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: kube-prometheus-stack-thanos-ruler
+ namespace: vynil-monitor
+ labels:
+ app: kube-prometheus-stack-thanos-ruler
+ app.kubernetes.io/name: kube-prometheus-stack-thanos-ruler
+ app.kubernetes.io/component: thanos-ruler
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: prometheus-community
+ app.kubernetes.io/version: "58.5.0"
+ app.kubernetes.io/part-of: kube-prometheus-stack
+ chart: kube-prometheus-stack-58.5.0
+ release: "prometheus-community"
+ heritage: "Helm"
\ No newline at end of file
diff --git a/monitor/thanos-ruler/v1_Service_kube-prometheus-stack-thanos-ruler.yaml b/monitor/thanos-ruler/v1_Service_kube-prometheus-stack-thanos-ruler.yaml
new file mode 100644
index 0000000..ee34a07
--- /dev/null
+++ b/monitor/thanos-ruler/v1_Service_kube-prometheus-stack-thanos-ruler.yaml
@@ -0,0 +1,26 @@
+# Source: kube-prometheus-stack/templates/thanos-ruler/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: kube-prometheus-stack-thanos-ruler
+ namespace: vynil-monitor
+ labels:
+ app: kube-prometheus-stack-thanos-ruler
+ self-monitor: "true"
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: prometheus-community
+ app.kubernetes.io/version: "58.5.0"
+ app.kubernetes.io/part-of: kube-prometheus-stack
+ chart: kube-prometheus-stack-58.5.0
+ release: "prometheus-community"
+ heritage: "Helm"
+spec:
+ ports:
+ - name: web
+ port: 10902
+ targetPort: 10902
+ protocol: TCP
+ selector:
+ app.kubernetes.io/name: thanos-ruler
+ thanos-ruler: prometheus-community-kube-thanos-ruler
+ type: "ClusterIP"
\ No newline at end of file
diff --git a/share/accounts-management/datas.tf b/share/accounts-management/datas.tf
index 5fbc842..9aedf40 100644
--- a/share/accounts-management/datas.tf
+++ b/share/accounts-management/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/share/authentik-forward/datas.tf b/share/authentik-forward/datas.tf
index 5fbc842..9aedf40 100644
--- a/share/authentik-forward/datas.tf
+++ b/share/authentik-forward/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/share/authentik-ldap/datas.tf b/share/authentik-ldap/datas.tf
index 5fbc842..9aedf40 100644
--- a/share/authentik-ldap/datas.tf
+++ b/share/authentik-ldap/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/share/authentik/backups.tf b/share/authentik/backups.tf
index eab99b7..b0b0811 100644
--- a/share/authentik/backups.tf
+++ b/share/authentik/backups.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:
diff --git a/share/authentik/datas.tf b/share/authentik/datas.tf
index a33b2a9..505f157 100644
--- a/share/authentik/datas.tf
+++ b/share/authentik/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -15,7 +15,7 @@ locals {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "ghcr.io/goauthentik/server"
diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf
index caaf20b..9befc84 100644
--- a/share/authentik/postgresql.tf
+++ b/share/authentik/postgresql.tf
@@ -1,8 +1,8 @@
locals {
- pg-labels = merge(local.common-labels, {
+ pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg"
})
- pool-labels = merge(local.common-labels, {
+ pool-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg-pool"
})
}
diff --git a/share/authentik/presentation.tf b/share/authentik/presentation.tf
index 00ce13c..3e8322a 100644
--- a/share/authentik/presentation.tf
+++ b/share/authentik/presentation.tf
@@ -14,7 +14,7 @@ resource "kubectl_manifest" "gitlab_userinfo" {
metadata:
name: "${var.instance}-gitlab-userinfo"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replacePathRegex:
regex: ^/application/o/[^\\/]*/api/v4/user
@@ -28,7 +28,7 @@ resource "kubectl_manifest" "gitlab_authorize" {
metadata:
name: "${var.instance}-gitlab-authorize"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replacePathRegex:
regex: ^/application/o/[^\\/]*/oauth/authorize
@@ -42,7 +42,7 @@ resource "kubectl_manifest" "gitlab_token" {
metadata:
name: "${var.instance}-gitlab-token"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
replacePathRegex:
regex: ^/application/o/[^\\/]*/oauth/token
@@ -56,7 +56,7 @@ module "ingress" {
namespace = var.namespace
issuer = var.issuer
ingress_class = var.ingress_class
- labels = local.common-labels
+ labels = local.common_labels
dns_names = local.dns_names
middlewares = [kubectl_manifest.gitlab_userinfo.name,kubectl_manifest.gitlab_authorize.name,kubectl_manifest.gitlab_token.name]
services = [local.service]
diff --git a/share/authentik/redis.tf b/share/authentik/redis.tf
index d762561..c92864b 100644
--- a/share/authentik/redis.tf
+++ b/share/authentik/redis.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "authentik_redis" {
metadata:
name: "${var.name}-${var.component}-redis"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
kubernetesConfig:
image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
diff --git a/share/authentik/secret.tf b/share/authentik/secret.tf
index 803f2df..4bda326 100644
--- a/share/authentik/secret.tf
+++ b/share/authentik/secret.tf
@@ -1,5 +1,5 @@
locals {
- secrets-labels = merge(local.common-labels, {
+ secrets-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "backup-secret"
})
secret-labels = merge(local.secrets-labels, {
diff --git a/share/dataset-maria/common.tf b/share/dataset-maria/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/dataset-maria/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/dataset-maria/index.yaml b/share/dataset-maria/index.yaml
index 769f6e5..a54bba8 100644
--- a/share/dataset-maria/index.yaml
+++ b/share/dataset-maria/index.yaml
@@ -6,11 +6,6 @@ metadata:
name: dataset-maria
description: null
options:
- storage:
- default: 8Gi
- examples:
- - 8Gi
- type: string
images:
default:
mariadb:
@@ -50,6 +45,11 @@ options:
type: string
type: object
type: object
+ storage:
+ default: 8Gi
+ examples:
+ - 8Gi
+ type: string
dependencies:
- dist: null
category: dbo
@@ -59,6 +59,7 @@ providers:
authentik: null
kubectl: true
postgresql: null
+ mysql: null
restapi: null
http: null
gitea: null
diff --git a/share/dataset-maria/mariadb.tf b/share/dataset-maria/mariadb.tf
index 923dab0..d97b522 100644
--- a/share/dataset-maria/mariadb.tf
+++ b/share/dataset-maria/mariadb.tf
@@ -1,5 +1,5 @@
locals {
- maria-labels = merge(local.common-labels, {
+ maria-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "mariadb"
})
mariadb-password = data.kubernetes_secret_v1.prj_mariadb_secret.data["password"]
diff --git a/share/dataset-mongo/common.tf b/share/dataset-mongo/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/dataset-mongo/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/dataset-mongo/index.yaml b/share/dataset-mongo/index.yaml
index 5e4711a..b0789ff 100644
--- a/share/dataset-mongo/index.yaml
+++ b/share/dataset-mongo/index.yaml
@@ -6,6 +6,11 @@ metadata:
name: dataset-mongo
description: null
options:
+ cacheSizeGB:
+ default: 1
+ examples:
+ - 1
+ type: integer
image:
default:
pull_policy: IfNotPresent
@@ -20,16 +25,6 @@ options:
- IfNotPresent
type: string
type: object
- cacheSizeGB:
- default: 1
- examples:
- - 1
- type: integer
- replicas:
- default: 1
- examples:
- - 1
- type: integer
mongo:
default:
version: 6.0.13
@@ -40,6 +35,11 @@ options:
default: 6.0.13
type: string
type: object
+ replicas:
+ default: 1
+ examples:
+ - 1
+ type: integer
ressources:
default:
limits:
diff --git a/share/dataset-mongo/mongo.tf b/share/dataset-mongo/mongo.tf
index 12e1440..879a95c 100644
--- a/share/dataset-mongo/mongo.tf
+++ b/share/dataset-mongo/mongo.tf
@@ -1,5 +1,5 @@
locals {
- mongo-labels = merge(local.common-labels, {
+ mongo-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "mongo"
})
}
diff --git a/share/dataset-pg/backups.tf b/share/dataset-pg/backups.tf
index 09c596e..9985e93 100644
--- a/share/dataset-pg/backups.tf
+++ b/share/dataset-pg/backups.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "backup_schedule" {
metadata:
name: "${var.instance}-backup"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
backend:
repoPasswordSecretRef:
diff --git a/share/dataset-pg/common.tf b/share/dataset-pg/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/dataset-pg/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/dataset-pg/databases.tf b/share/dataset-pg/databases.tf
index b443e9f..d9664d8 100644
--- a/share/dataset-pg/databases.tf
+++ b/share/dataset-pg/databases.tf
@@ -41,7 +41,7 @@ resource "kubectl_manifest" "db_secret" {
metadata:
name: "${var.instance}-${var.component}-${local.sorted-dbs[count.index].name}"
namespace: "${var.namespace}"
- labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-dbs[count.index].name}))}
+ labels: ${jsonencode(merge(local.common_labels, {"app.kubernetes.io/component" = local.sorted-dbs[count.index].name}))}
spec:
forceRegenerate: false
data:
diff --git a/share/dataset-pg/directus.tf b/share/dataset-pg/directus.tf
index eaf121e..1ae4a26 100644
--- a/share/dataset-pg/directus.tf
+++ b/share/dataset-pg/directus.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- directus-labels = merge(local.common-labels, {
+ directus-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "directus"
})
directus-icon = "admin/img/directus-white.png"
@@ -87,7 +87,7 @@ resource "kubectl_manifest" "directus_pvc" {
metadata:
name: "${var.instance}-${var.component}-directus"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
accessModes:
- "${var.extentions.directus.storage.accessMode}"
diff --git a/share/dataset-pg/postgresql.tf b/share/dataset-pg/postgresql.tf
index feec95f..80d6f22 100644
--- a/share/dataset-pg/postgresql.tf
+++ b/share/dataset-pg/postgresql.tf
@@ -1,9 +1,9 @@
locals {
dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}"
- pg-labels = merge(local.common-labels, {
+ pg-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "postgresql"
})
- pool-labels = merge(local.common-labels, {
+ pool-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "pg-pool"
})
}
diff --git a/share/dataset-pg/postgrest.tf b/share/dataset-pg/postgrest.tf
index b885590..251ee62 100644
--- a/share/dataset-pg/postgrest.tf
+++ b/share/dataset-pg/postgrest.tf
@@ -1,5 +1,5 @@
locals {
- prest-labels = merge(local.common-labels, {
+ prest-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "postgrest"
})
prest-dns_name = "api.${local.dns_name}"
diff --git a/share/dataset-pg/roles.tf b/share/dataset-pg/roles.tf
index 63269cf..58d86d9 100644
--- a/share/dataset-pg/roles.tf
+++ b/share/dataset-pg/roles.tf
@@ -21,7 +21,7 @@ resource "kubectl_manifest" "db_secret_role" {
metadata:
name: "${var.instance}-${var.component}-role-${local.sorted-roles[count.index].name}"
namespace: "${var.namespace}"
- labels: ${jsonencode(merge(local.common-labels, {"app.kubernetes.io/component" = local.sorted-roles[count.index].name}))}
+ labels: ${jsonencode(merge(local.common_labels, {"app.kubernetes.io/component" = local.sorted-roles[count.index].name}))}
spec:
forceRegenerate: false
data:
diff --git a/share/dataset-rabbit/common.tf b/share/dataset-rabbit/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/dataset-rabbit/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/dataset-rabbit/index.yaml b/share/dataset-rabbit/index.yaml
index b526bad..05ce3f1 100644
--- a/share/dataset-rabbit/index.yaml
+++ b/share/dataset-rabbit/index.yaml
@@ -6,11 +6,45 @@ metadata:
name: dataset-rabbit
description: null
options:
- storage:
- default: 8Gi
+ images:
+ default:
+ rabbit:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: rabbitmq
+ tag: 3.10.2-management
examples:
- - 8Gi
- type: string
+ - rabbit:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: rabbitmq
+ tag: 3.10.2-management
+ properties:
+ rabbit:
+ default:
+ pull_policy: IfNotPresent
+ registry: docker.io
+ repository: rabbitmq
+ tag: 3.10.2-management
+ properties:
+ pull_policy:
+ default: IfNotPresent
+ enum:
+ - Always
+ - Never
+ - IfNotPresent
+ type: string
+ registry:
+ default: docker.io
+ type: string
+ repository:
+ default: rabbitmq
+ type: string
+ tag:
+ default: 3.10.2-management
+ type: string
+ type: object
+ type: object
replicas:
default: 1
examples:
@@ -57,45 +91,11 @@ options:
type: string
type: object
type: object
- images:
- default:
- rabbit:
- pull_policy: IfNotPresent
- registry: docker.io
- repository: rabbitmq
- tag: 3.10.2-management
+ storage:
+ default: 8Gi
examples:
- - rabbit:
- pull_policy: IfNotPresent
- registry: docker.io
- repository: rabbitmq
- tag: 3.10.2-management
- properties:
- rabbit:
- default:
- pull_policy: IfNotPresent
- registry: docker.io
- repository: rabbitmq
- tag: 3.10.2-management
- properties:
- pull_policy:
- default: IfNotPresent
- enum:
- - Always
- - Never
- - IfNotPresent
- type: string
- registry:
- default: docker.io
- type: string
- repository:
- default: rabbitmq
- type: string
- tag:
- default: 3.10.2-management
- type: string
- type: object
- type: object
+ - 8Gi
+ type: string
dependencies:
- dist: null
category: dbo
@@ -105,6 +105,7 @@ providers:
authentik: null
kubectl: true
postgresql: null
+ mysql: null
restapi: null
http: null
gitea: null
diff --git a/share/dataset-rabbit/rabbit.tf b/share/dataset-rabbit/rabbit.tf
index 4c3decd..6b9ceed 100644
--- a/share/dataset-rabbit/rabbit.tf
+++ b/share/dataset-rabbit/rabbit.tf
@@ -1,5 +1,5 @@
locals {
- rabbit-labels = merge(local.common-labels, {
+ rabbit-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "rabbit"
})
}
diff --git a/share/dataset-redis/common.tf b/share/dataset-redis/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/dataset-redis/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/dataset-redis/redis.tf b/share/dataset-redis/redis.tf
index 5a45c7f..e762b9b 100644
--- a/share/dataset-redis/redis.tf
+++ b/share/dataset-redis/redis.tf
@@ -1,5 +1,5 @@
locals {
- redis-labels = merge(local.common-labels, {
+ redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}
diff --git a/share/division/datas.tf b/share/division/datas.tf
index 5fbc842..9aedf40 100644
--- a/share/division/datas.tf
+++ b/share/division/datas.tf
@@ -1,7 +1,7 @@
locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -21,6 +21,6 @@ data "kubernetes_secret_v1" "authentik" {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = []
}
diff --git a/share/dns/config.tf b/share/dns/config.tf
index fd7adb6..a3a3ca4 100644
--- a/share/dns/config.tf
+++ b/share/dns/config.tf
@@ -59,7 +59,7 @@ resource "kubernetes_config_map_v1" "coredns-config" {
metadata {
name = "${var.component}-${var.instance}"
namespace = "${var.namespace}"
- labels = local.common-labels
+ labels = local.common_labels
}
data = local.files
}
diff --git a/share/dns/datas.tf b/share/dns/datas.tf
index f2fc96f..8c26ac3 100644
--- a/share/dns/datas.tf
+++ b/share/dns/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -19,7 +19,7 @@ locals {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "coredns/coredns"
diff --git a/share/gitea-tekton-org/auto-cd.tf b/share/gitea-tekton-org/auto-cd.tf
index 099e262..936e9f1 100644
--- a/share/gitea-tekton-org/auto-cd.tf
+++ b/share/gitea-tekton-org/auto-cd.tf
@@ -1,11 +1,11 @@
locals {
- create-labels = merge(local.common-labels, {
+ create-labels = merge(local.common_labels, {
"type" = "repo-new"
})
- activate-labels = merge(local.common-labels, {
+ activate-labels = merge(local.common_labels, {
"type" = "package-new"
})
- delete-labels = merge(local.common-labels, {
+ delete-labels = merge(local.common_labels, {
"type" = "repo-delete"
})
}
diff --git a/share/gitea-tekton-org/auto-ci.tf b/share/gitea-tekton-org/auto-ci.tf
index db845ad..80062de 100644
--- a/share/gitea-tekton-org/auto-ci.tf
+++ b/share/gitea-tekton-org/auto-ci.tf
@@ -1,8 +1,8 @@
locals {
- push-labels = merge(local.common-labels, {
+ push-labels = merge(local.common_labels, {
"type" = "branch-push"
})
- tag-labels = merge(local.common-labels, {
+ tag-labels = merge(local.common_labels, {
"type" = "tag-push"
})
}
@@ -118,7 +118,7 @@ resource "kubectl_manifest" "ci-git-repo" {
metadata:
name: "${var.instance}-${var.component}-ci"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m0s
ref:
@@ -137,7 +137,7 @@ resource "kubectl_manifest" "ci-kustomization" {
metadata:
name: "${var.instance}-${var.component}-ci"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m
path: ./ci
diff --git a/share/gitea-tekton-org/datas.tf b/share/gitea-tekton-org/datas.tf
index 1f1bf86..644bb98 100644
--- a/share/gitea-tekton-org/datas.tf
+++ b/share/gitea-tekton-org/datas.tf
@@ -1,5 +1,5 @@
locals {
- common-labels = {
+ common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
@@ -12,7 +12,7 @@ locals {
data "kustomization_overlay" "data" {
namespace = var.namespace
- common_labels = local.common-labels
+ common_labels = local.common_labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
patches {
target {
diff --git a/share/gitea-tekton-org/listener.tf b/share/gitea-tekton-org/listener.tf
index 5bb93f3..0490455 100644
--- a/share/gitea-tekton-org/listener.tf
+++ b/share/gitea-tekton-org/listener.tf
@@ -5,7 +5,7 @@ resource "kubectl_manifest" "el" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
serviceAccountName: "${var.instance}-${var.component}"
triggerGroups:
diff --git a/share/gitea-tekton-org/pvc.tf b/share/gitea-tekton-org/pvc.tf
index fd90aa6..c4da2d1 100644
--- a/share/gitea-tekton-org/pvc.tf
+++ b/share/gitea-tekton-org/pvc.tf
@@ -20,7 +20,7 @@ resource "kubectl_manifest" "pvc" {
namespace: "${var.namespace}"
annotations:
k8up.io/backup: "false"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec: ${jsonencode(local.pvc_spec)}
EOF
}
diff --git a/share/gitea-tekton-org/rbac.tf b/share/gitea-tekton-org/rbac.tf
index 1a46881..81f3aac 100644
--- a/share/gitea-tekton-org/rbac.tf
+++ b/share/gitea-tekton-org/rbac.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "sa" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
EOF
}
resource "kubectl_manifest" "rb" {
@@ -16,7 +16,7 @@ resource "kubectl_manifest" "rb" {
metadata:
name: "${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.instance}-${var.component}"
@@ -33,7 +33,7 @@ resource "kubectl_manifest" "crb" {
metadata:
name: "${var.namespace}-${var.instance}-${var.component}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
subjects:
- kind: ServiceAccount
name: "${var.instance}-${var.component}"
diff --git a/share/organisation/ci-space.tf b/share/organisation/ci-space.tf
index 6e9f86c..9f15108 100644
--- a/share/organisation/ci-space.tf
+++ b/share/organisation/ci-space.tf
@@ -2,7 +2,7 @@ resource "kubernetes_namespace_v1" "ns-tekton" {
count = var.haveGitea && var.haveTekton?1:0
metadata {
annotations = local.annotations
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = "${var.domain}-ci-${var.instance}"
}
}
@@ -16,7 +16,7 @@ resource "kubectl_manifest" "tekton" {
metadata:
name: "tekton-base"
namespace: "${var.domain}-ci-${var.instance}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
@@ -43,7 +43,7 @@ resource "kubectl_manifest" "ci-ssh-creds" {
metadata:
name: "ssh-credentials"
namespace: "${var.domain}-ci-${var.instance}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
length: "2048"
forceRegenerate: false
diff --git a/share/organisation/common.tf b/share/organisation/common.tf
new file mode 100644
index 0000000..ef3c93f
--- /dev/null
+++ b/share/organisation/common.tf
@@ -0,0 +1,12 @@
+
+locals {
+ common-labels = {
+ "vynil.solidite.fr/owner-name" = var.instance
+ "vynil.solidite.fr/owner-namespace" = var.namespace
+ "vynil.solidite.fr/owner-category" = var.category
+ "vynil.solidite.fr/owner-component" = var.component
+ "app.kubernetes.io/managed-by" = "vynil"
+ "app.kubernetes.io/name" = var.component
+ "app.kubernetes.io/instance" = var.instance
+ }
+}
diff --git a/share/organisation/gitea-user.tf b/share/organisation/gitea-user.tf
index 732c358..13c6992 100644
--- a/share/organisation/gitea-user.tf
+++ b/share/organisation/gitea-user.tf
@@ -58,7 +58,7 @@ resource "kubectl_manifest" "ssh-creds" {
metadata:
name: "ssh-credentials"
namespace: "${local.sorted-stages[count.index].namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
length: "2048"
forceRegenerate: false
diff --git a/share/organisation/stages.tf b/share/organisation/stages.tf
index f4376bd..26f1c27 100644
--- a/share/organisation/stages.tf
+++ b/share/organisation/stages.tf
@@ -38,7 +38,7 @@ resource "kubernetes_namespace_v1" "ns" {
count = length(local.sorted-stages)
metadata {
annotations = local.annotations
- labels = merge(local.common-labels, local.annotations)
+ labels = merge(local.common_labels, local.annotations)
name = local.sorted-stages[count.index].namespace
}
}
@@ -85,7 +85,7 @@ resource "kubectl_manifest" "ci-git-repo" {
metadata:
name: "deploy-git"
namespace: "${local.sorted-stages[count.index].namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m0s
ref:
@@ -104,7 +104,7 @@ resource "kubectl_manifest" "ci-kustomization" {
metadata:
name: "${var.instance}-${var.component}-deploy"
namespace: "${local.sorted-stages[count.index].namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
interval: 5m
path: ./stages/${local.sorted-stages[count.index].name}/deploy
@@ -127,7 +127,7 @@ resource "kubectl_manifest" "datasets" {
metadata:
name: "${local.sorted-datasets[count.index].name}"
namespace: "${local.sorted-datasets[count.index].namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "share"
diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf
index 3ac92b4..e1c8d01 100644
--- a/share/wildduck/haraka.tf
+++ b/share/wildduck/haraka.tf
@@ -1,5 +1,5 @@
locals {
- haraka-labels = merge(local.common-labels, {
+ haraka-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "haraka"
})
}
diff --git a/share/wildduck/mongo.tf b/share/wildduck/mongo.tf
index 84aedcb..40e0c20 100644
--- a/share/wildduck/mongo.tf
+++ b/share/wildduck/mongo.tf
@@ -1,5 +1,5 @@
locals {
- mongo-labels = merge(local.common-labels, {
+ mongo-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "mongo"
})
}
diff --git a/share/wildduck/redis.tf b/share/wildduck/redis.tf
index 6316802..da0d5c2 100644
--- a/share/wildduck/redis.tf
+++ b/share/wildduck/redis.tf
@@ -1,5 +1,5 @@
locals {
- redis-labels = merge(local.common-labels, {
+ redis-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "redis"
})
}
diff --git a/share/wildduck/rspamd.tf b/share/wildduck/rspamd.tf
index 2b82fdf..433b27c 100644
--- a/share/wildduck/rspamd.tf
+++ b/share/wildduck/rspamd.tf
@@ -1,5 +1,5 @@
locals {
- rspamd-labels = merge(local.common-labels, {
+ rspamd-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "rspamd"
})
}
diff --git a/share/wildduck/scimgateway.tf b/share/wildduck/scimgateway.tf
index 13f892c..4ab78a2 100644
--- a/share/wildduck/scimgateway.tf
+++ b/share/wildduck/scimgateway.tf
@@ -1,5 +1,5 @@
locals {
- scimgateway-labels = merge(local.common-labels, {
+ scimgateway-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "scimgateway"
})
}
diff --git a/share/wildduck/secret.tf b/share/wildduck/secret.tf
index 28887e0..eab818c 100644
--- a/share/wildduck/secret.tf
+++ b/share/wildduck/secret.tf
@@ -6,7 +6,7 @@ resource "kubectl_manifest" "wildduck_secret" {
metadata:
name: "${var.instance}"
namespace: "${var.namespace}"
- labels: ${jsonencode(local.common-labels)}
+ labels: ${jsonencode(local.common_labels)}
spec:
forceRegenerate: false
fields:
diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf
index 2ab27bd..be83b78 100644
--- a/share/wildduck/webmail.tf
+++ b/share/wildduck/webmail.tf
@@ -1,5 +1,5 @@
locals {
- webmail-labels = merge(local.common-labels, {
+ webmail-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "webmail"
})
}
diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf
index a93aa69..09ebb6f 100644
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -1,5 +1,5 @@
locals {
- wildduck-labels = merge(local.common-labels, {
+ wildduck-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "wildduck"
})
}
diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf
index 09618c4..9323c1a 100644
--- a/share/wildduck/zonemta.tf
+++ b/share/wildduck/zonemta.tf
@@ -1,5 +1,5 @@
locals {
- zonemta-labels = merge(local.common-labels, {
+ zonemta-labels = merge(local.common_labels, {
"app.kubernetes.io/component" = "zonemta"
})
}