vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-29 12:56:08 +02:00
parent 3febdf5b21
commit 32880c9ca5
2 changed files with 40 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
apps/taiga/taiga_ConfigMap.tf
View File

@@ -25,6 +25,8 @@ resource "kubectl_manifest" "cm_env_back" {
OPENID_USER_URL: "${module.oauth2.sso_userinfo_url}"
WEBHOOKS_ALLOW_PRIVATE_ADDRESS: "${var.webhook.allow_private_addr?"True":"False"}"
WEBHOOKS_ALLOW_REDIRECTS: "${var.webhook.allow_private_addr?"True":"False"}"
DJANGO_SUPERUSER_USERNAME: "admin"
DJANGO_SUPERUSER_EMAIL: "admin@${var.domain_name}"
EOF
}
@@ -72,22 +74,19 @@ resource "kubectl_manifest" "cm_scripts" {
else
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
fi
postconfig.py: |-
#!/usr/bin/env python
import time
import requests
import subprocess
print('Waiting for backend ...')
while requests.get('http://${kubectl_manifest.svc_back.name}/api/v1/').status_code != 200:
print('...')
time.sleep(2)
if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates']))
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
postconfig.sh: |-
#!/usr/bin/env bash
export PATH="/opt/venv/bin/:$PATH" TAIGA_URL="http://${module.service.name}" TAIGA_SITES_DOMAIN="${module.service.name}" TAIGA_SITES_SCHEME=http
if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then
python manage.py loaddata initial_project_templates
else
echo "skipping loading initial templates : already here"
fi
if ! python 'manage.py' 'dumpdata' users.user|grep -q '"is_superuser": true';then
python manage.py createsuperuser --noinput
else
python 'manage.py' 'dumpdata' users.user
fi
EOF
}

26
apps/taiga/taiga_Job.tf
View File

@@ -12,11 +12,26 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
template:
spec:
restartPolicy: Never
initContainers:
- name: wait-for-svc
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
containers:
- name: postconfig
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
command: ["/scripts/postconfig.py"]
command: ["/scripts/postconfig.sh"]
env:
- name: POSTGRES_PASSWORD
valueFrom:
@@ -31,6 +46,15 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
volumeMounts:
- name: scripts
mountPath: /scripts
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumes:
- name: scripts
configMap: