vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-05-29 12:56:08 +02:00
parent 3febdf5b21
commit 32880c9ca5
2 changed files with 40 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
apps/taiga/taiga_ConfigMap.tf
View File

@@ -25,6 +25,8 @@ resource "kubectl_manifest" "cm_env_back" {
OPENID_USER_URL: "${module.oauth2.sso_userinfo_url}" OPENID_USER_URL: "${module.oauth2.sso_userinfo_url}"
WEBHOOKS_ALLOW_PRIVATE_ADDRESS: "${var.webhook.allow_private_addr?"True":"False"}" WEBHOOKS_ALLOW_PRIVATE_ADDRESS: "${var.webhook.allow_private_addr?"True":"False"}"
WEBHOOKS_ALLOW_REDIRECTS: "${var.webhook.allow_private_addr?"True":"False"}" WEBHOOKS_ALLOW_REDIRECTS: "${var.webhook.allow_private_addr?"True":"False"}"
DJANGO_SUPERUSER_USERNAME: "admin"
DJANGO_SUPERUSER_EMAIL: "admin@${var.domain_name}"
EOF EOF
} }
@@ -72,22 +74,19 @@ resource "kubectl_manifest" "cm_scripts" {
else else
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
fi fi
postconfig.py: |- postconfig.sh: |-
#!/usr/bin/env python #!/usr/bin/env bash
import time export PATH="/opt/venv/bin/:$PATH" TAIGA_URL="http://${module.service.name}" TAIGA_SITES_DOMAIN="${module.service.name}" TAIGA_SITES_SCHEME=http
import requests if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then
import subprocess python manage.py loaddata initial_project_templates
else
print('Waiting for backend ...') echo "skipping loading initial templates : already here"
while requests.get('http://${kubectl_manifest.svc_back.name}/api/v1/').status_code != 200: fi
print('...') if ! python 'manage.py' 'dumpdata' users.user|grep -q '"is_superuser": true';then
time.sleep(2) python manage.py createsuperuser --noinput
else
if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5: python 'manage.py' 'dumpdata' users.user
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates'])) fi
if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
EOF EOF
} }

26
apps/taiga/taiga_Job.tf
View File

@@ -12,11 +12,26 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
template: template:
spec: spec:
restartPolicy: Never restartPolicy: Never
initContainers:
- name: wait-for-svc
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy}
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: postconfig - name: postconfig
image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}"
imagePullPolicy: ${var.images.back.pull_policy} imagePullPolicy: ${var.images.back.pull_policy}
command: ["/scripts/postconfig.py"] command: ["/scripts/postconfig.sh"]
env: env:
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
valueFrom: valueFrom:
@@ -31,6 +46,15 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" {
volumeMounts: volumeMounts:
- name: scripts - name: scripts
mountPath: /scripts mountPath: /scripts
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
volumes: volumes:
- name: scripts - name: scripts
configMap: configMap: