fix

2024-05-31 14:00:58 +02:00
parent dc68bd8d10
commit 2a021609b7
4 changed files with 114 additions and 17 deletions
--- a/share/organisation/postconfig.tf
+++ b/share/organisation/postconfig.tf
@@ -1,19 +1,21 @@
-resource "kubectl_manifest" "post_install_job" {
+resource "kubectl_manifest" "post_install_job_taiga" {
+  count  = var.conditions.have_taiga ? 1:0
  yaml_body  = <<-EOF
    apiVersion: batch/v1
    kind: Job
    metadata:
-      name: "${var.instance}-${var.component}-post-config"
-      namespace: "${var.namespace}"
-      labels: ${jsonencode(local.postcfg_all_labels)}
+      name: "${var.instance}-${var.component}-config-taiga"
+      namespace: "${var.domain}-ci"
+      labels: ${jsonencode(local.common_labels)}
+      ownerReferences: ${jsonencode(var.install_owner)}
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          initContainers:
-          - name: wait-for-svc
-            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
-            imagePullPolicy: ${var.images.sonar.pull_policy}
+          - name: wait-for-sonar
+            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
+            imagePullPolicy: ${var.images.kubectl.pull_policy}
            securityContext:
              allowPrivilegeEscalation: false
              capabilities:
@@ -24,11 +26,68 @@ resource "kubectl_manifest" "post_install_job" {
              seccompProfile:
                type: RuntimeDefault
            command: ["/bin/bash", "-c"]
-            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
+            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
          containers:
          - name: post-config
-            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
-            imagePullPolicy: ${var.images.sonar.pull_policy}
+            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
+            imagePullPolicy: ${var.images.kubectl.pull_policy}
+            command: ["/bin/bash", "-xc"]
+            args:
+            - >-
+              API='http://taiga-taiga.${var.namespace}.svc/api/v1'
+              JSON='-sH  "Content-Type: application/json"'
+              TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token')
+              BEAR='-H "Authorization: Bearer '"$TOKEN"'"'
+              if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
+                curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }'
+              fi
+            envFrom:
+            - secretRef:
+                name: taiga-taiga
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 1000
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+  EOF
+}
+resource "kubectl_manifest" "post_install_job_sonar" {
+  count  = var.conditions.have_gitea && var.conditions.have_sonar ? 0:0
+  yaml_body  = <<-EOF
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: "${var.instance}-${var.component}-post-config-sonar"
+      namespace: "${var.domain}-ci"
+      labels: ${jsonencode(local.common_labels)}
+      ownerReferences: ${jsonencode(var.install_owner)}
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          initContainers:
+          - name: wait-for-sonar
+            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
+            imagePullPolicy: ${var.images.kubectl.pull_policy}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 0
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+            command: ["/bin/bash", "-c"]
+            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-sonar/80) && exit 0; sleep 2;done; exit 1"]
+          containers:
+          - name: post-config
+            image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
+            imagePullPolicy: ${var.images.kubectl.pull_policy}
            command: ["/bin/bash", "-c"]
            args:
            - >-