diff --git a/apps/taiga/common.tf b/apps/taiga/common.tf index 2c40dd7..728f317 100644 --- a/apps/taiga/common.tf +++ b/apps/taiga/common.tf @@ -45,11 +45,11 @@ locals { pg_labels = merge(local.common_labels, { "app.kubernetes.io/component" = "pg" }) - async_rabbitmq_labels = merge(local.common_labels, { - "app.kubernetes.io/component" = "async-rabbitmq" - }) - events_rabbitmq_labels = merge(local.common_labels, { - "app.kubernetes.io/component" = "events-rabbitmq" + rabbitmq_labels = merge(local.common_labels, { + "app.kubernetes.io/component" = "rabbitmq" }) + postcfg_all_labels = merge({ + "app.kubernetes.io/componant" = "postconfig" + },local.common_labels) } diff --git a/apps/taiga/index.yaml b/apps/taiga/index.yaml index 8046709..7844bcb 100644 --- a/apps/taiga/index.yaml +++ b/apps/taiga/index.yaml @@ -127,64 +127,82 @@ options: examples: - your-company.com type: string - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object images: default: - app: + back: pull_policy: IfNotPresent registry: docker.io - repository: to-be/defined - tag: v1.0.0 + repository: taigaio/taiga-back + tag: 6.7.3 + events: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-events + tag: 6.7.0 + front: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-front + tag: 6.7.7 + nginx: + pull_policy: IfNotPresent + registry: docker.io + repository: nginx + tag: 1.26.0-alpine3.19 postgresql: registry: ghcr.io repository: cloudnative-pg/postgresql tag: 15.3 - rabbit: + protected: pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-protected + tag: 6.7.0 + rabbit: registry: docker.io repository: rabbitmq tag: 3.10.2-management examples: - - app: + - back: pull_policy: IfNotPresent registry: docker.io - repository: to-be/defined - tag: v1.0.0 + repository: taigaio/taiga-back + tag: 6.7.3 + events: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-events + tag: 6.7.0 + front: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-front + tag: 6.7.7 + nginx: + pull_policy: IfNotPresent + registry: docker.io + repository: nginx + tag: 1.26.0-alpine3.19 postgresql: registry: ghcr.io repository: cloudnative-pg/postgresql tag: 15.3 - rabbit: + protected: pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-protected + tag: 6.7.0 + rabbit: registry: docker.io repository: rabbitmq tag: 3.10.2-management properties: - app: + back: default: pull_policy: IfNotPresent registry: docker.io - repository: to-be/defined - tag: v1.0.0 + repository: taigaio/taiga-back + tag: 6.7.3 properties: pull_policy: default: IfNotPresent @@ -197,10 +215,82 @@ options: default: docker.io type: string repository: - default: to-be/defined + default: taigaio/taiga-back type: string tag: - default: v1.0.0 + default: 6.7.3 + type: string + type: object + events: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-events + tag: 6.7.0 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: taigaio/taiga-events + type: string + tag: + default: 6.7.0 + type: string + type: object + front: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: taigaio/taiga-front + tag: 6.7.7 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: taigaio/taiga-front + type: string + tag: + default: 6.7.7 + type: string + type: object + nginx: + default: + pull_policy: IfNotPresent + registry: docker.io + repository: nginx + tag: 1.26.0-alpine3.19 + properties: + pull_policy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: nginx + type: string + tag: + default: 1.26.0-alpine3.19 type: string type: object postgresql: @@ -219,12 +309,12 @@ options: default: 15.3 type: number type: object - rabbit: + protected: default: pull_policy: IfNotPresent registry: docker.io - repository: rabbitmq - tag: 3.10.2-management + repository: taigaio/taiga-protected + tag: 6.7.0 properties: pull_policy: default: IfNotPresent @@ -233,6 +323,22 @@ options: - Never - IfNotPresent type: string + registry: + default: docker.io + type: string + repository: + default: taigaio/taiga-protected + type: string + tag: + default: 6.7.0 + type: string + type: object + rabbit: + default: + registry: docker.io + repository: rabbitmq + tag: 3.10.2-management + properties: registry: default: docker.io type: string @@ -254,11 +360,6 @@ options: examples: - letsencrypt-prod type: string - language: - default: fr_FR - examples: - - fr_FR - type: string postgres: default: replicas: 1 @@ -315,41 +416,29 @@ options: type: string type: object type: object - replicas: - default: 1 - examples: - - 1 - type: integer - sso_vynil: - default: true - examples: - - true - type: boolean storage: default: postgres: size: 10Gi - rabbitmq_async: - size: 2Gi - rabbitmq_events: + rabbitmq: size: 2Gi volume: accessMode: ReadWriteOnce class: '' - size: 1Gi + maxSize: 100Gi + size: 10Gi type: Filesystem description: Configure this app storage examples: - postgres: size: 10Gi - rabbitmq_async: - size: 2Gi - rabbitmq_events: + rabbitmq: size: 2Gi volume: accessMode: ReadWriteOnce class: '' - size: 1Gi + maxSize: 100Gi + size: 10Gi type: Filesystem properties: postgres: @@ -360,15 +449,7 @@ options: default: 10Gi type: string type: object - rabbitmq_async: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - rabbitmq_events: + rabbitmq: default: size: 2Gi properties: @@ -380,7 +461,8 @@ options: default: accessMode: ReadWriteOnce class: '' - size: 1Gi + maxSize: 100Gi + size: 10Gi type: Filesystem properties: accessMode: @@ -393,8 +475,11 @@ options: class: default: '' type: string + maxSize: + default: 100Gi + type: string size: - default: 1Gi + default: 10Gi type: string type: default: Filesystem @@ -409,15 +494,13 @@ options: examples: - to-be-set type: string - timezone: - default: Europe/Paris - examples: - - Europe/Paris - type: string dependencies: - dist: null category: dbo component: pg +- dist: null + category: dbo + component: rabbitmq providers: kubernetes: true authentik: true diff --git a/apps/taiga/rabbitmq.tf b/apps/taiga/rabbitmq.tf new file mode 100644 index 0000000..d41689f --- /dev/null +++ b/apps/taiga/rabbitmq.tf @@ -0,0 +1,22 @@ +resource "kubectl_manifest" "rabbit" { + yaml_body = <<-EOF + apiVersion: rabbitmq.com/v1beta1 + kind: RabbitmqCluster + metadata: + name: "${var.instance}-${var.component}-rabbitmq" + namespace: "${var.namespace}" + labels: ${jsonencode(local.rabbitmq_labels)} + spec: + image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}" + persistence: + storage: "${var.storage.rabbitmq}" + replicas: ${var.rabbitmq.replicas} + resources: + limits: + cpu: "${var.rabbitmq.limits.cpu}" + memory: "${var.rabbitmq.limits.memory}" + requests: + cpu: "${var.rabbitmq.requests.cpu}" + memory: "${var.rabbitmq.requests.memory}" + EOF +} diff --git a/apps/taiga/rabbits.tf b/apps/taiga/rabbits.tf deleted file mode 100644 index d22212b..0000000 --- a/apps/taiga/rabbits.tf +++ /dev/null @@ -1,45 +0,0 @@ -resource "kubectl_manifest" "async_rabbit" { - yaml_body = <<-EOF - apiVersion: rabbitmq.com/v1beta1 - kind: RabbitmqCluster - metadata: - name: "${var.component}-async-rabbitmq" - namespace: "${var.namespace}" - labels: ${jsonencode(local.async_rabbitmq_labels)} - spec: - image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}" - persistence: - storage: "${var.storage.rabbitmq_async}" - replicas: ${var.rabbitmq.replicas} - resources: - limits: - cpu: "${var.rabbitmq.limits.cpu}" - memory: "${var.rabbitmq.limits.memory}" - requests: - cpu: "${var.rabbitmq.requests.cpu}" - memory: "${var.rabbitmq.requests.memory}" - EOF -} - -resource "kubectl_manifest" "events_rabbit" { - yaml_body = <<-EOF - apiVersion: rabbitmq.com/v1beta1 - kind: RabbitmqCluster - metadata: - name: "${var.component}-events-rabbitmq" - namespace: "${var.namespace}" - labels: ${jsonencode(local.events_rabbitmq_labels)} - spec: - image: "${var.images.rabbit.registry}/${var.images.rabbit.repository}:${var.images.rabbit.tag}" - persistence: - storage: "${var.storage.rabbitmq_events}" - replicas: ${var.rabbitmq.replicas} - resources: - limits: - cpu: "${var.rabbitmq.limits.cpu}" - memory: "${var.rabbitmq.limits.memory}" - requests: - cpu: "${var.rabbitmq.requests.cpu}" - memory: "${var.rabbitmq.requests.memory}" - EOF -} diff --git a/apps/taiga/taiga_ConfigMap.tf b/apps/taiga/taiga_ConfigMap.tf index f6d5eb8..25f8ea4 100644 --- a/apps/taiga/taiga_ConfigMap.tf +++ b/apps/taiga/taiga_ConfigMap.tf @@ -10,45 +10,20 @@ resource "kubectl_manifest" "cm_env" { POSTGRES_DB: ${var.component} POSTGRES_USER: ${var.component} POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc + TAIGA_URL: https://localhost:9000 TAIGA_SITES_DOMAIN: localhost:9000 - TAIGA_SITES_SCHEME: http - SESSION_COOKIE_SECURE: 'False' - CSRF_COOKIE_SECURE: 'False' - ENABLE_TELEMETRY: 'False' - PUBLIC_REGISTER_ENABLED: 'False' - ENABLE_GITHUB_AUTH: 'False' - ENABLE_GITLAB_AUTH: 'True' - GITLAB_CLIENT_ID: - GITLAB_API_CLIENT_ID: gitlab-api-client-id - GITLAB_API_CLIENT_SECRET: gitlab-api-client-secret - GITLAB_URL: gitlab-url - ENABLE_SLACK: 'False' - ENABLE_GITHUB_IMPORTER: 'False' - ENABLE_JIRA_IMPORTER: 'False' - ENABLE_TRELLO_IMPORTER: 'False' - TRELLO_IMPORTER_API_KEY: api-key-from-trello - TRELLO_IMPORTER_SECRET_KEY: secret-key-from-trello - - - name: TAIGA_URL - value: http://localhost:9000 - - name: PUBLIC_REGISTER_ENABLED - value: 'false' - - name: ENABLE_GITHUB_AUTH - value: 'false' - - name: ENABLE_GITLAB_AUTH - value: 'true' - - name: GITLAB_CLIENT_ID - value: gitlab-api-client-id - - name: GITLAB_URL - value: gitlab-url - - name: ENABLE_SLACK - value: 'false' - - name: ENABLE_GITHUB_IMPORTER - value: 'false' - - name: ENABLE_JIRA_IMPORTER - value: 'false' - - name: ENABLE_TRELLO_IMPORTER - value: 'false' + TAIGA_SITES_SCHEME: https + SESSION_COOKIE_SECURE: "False" + CSRF_COOKIE_SECURE: "False" + ENABLE_TELEMETRY: "False" + PUBLIC_REGISTER_ENABLED: "False" + ENABLE_GITHUB_AUTH: "False" + ENABLE_GITLAB_AUTH: "True" + ENABLE_SLACK: "False" + ENABLE_GITHUB_IMPORTER: "False" + ENABLE_JIRA_IMPORTER: "False" + ENABLE_TRELLO_IMPORTER: "False" + OPENID_CONNECT_SCOPES: "openid email profile" EOF } @@ -58,66 +33,48 @@ resource "kubectl_manifest" "cm_scripts" { apiVersion: v1 kind: ConfigMap metadata: - name: taiga-createinitialtemplates - labels: ${jsonencode(local.common_labels)} + name: "${var.instance}-${var.component}-scripts" + labels: ${jsonencode(local.postcfg_all_labels)} namespace: ${var.namespace} data: - createinitialtemplates.sh: |- - #!/bin/sh - echo """ + postconfig.py: |- + #!/usr/bin/env python import time import requests import subprocess print('Waiting for backend ...') - while requests.get('http://taiga-back/api/v1/').status_code != 200: + while requests.get('http://${kubectl_manifest.svc_back.name}/api/v1/').status_code != 200: print('...') time.sleep(2) if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5: print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates'])) - """ > /tmp/create_initial_project_templates.py - python /tmp/create_initial_project_templates.py - createinitialuser.sh: |- - #!/bin/sh - echo """ - import time - import requests - import subprocess - - print('Waiting for backend ...') - while requests.get('http://taiga-back/api/v1/').status_code != 200: - print('...') - time.sleep(2) if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1: print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back')) - else: - print('Admin user yet created.') - """ > /tmp/create_superuser.py - python /tmp/create_superuser.py EOF } -resource "kubectl_manifest" "ConfigMap_taiga-gateway" { +resource "kubectl_manifest" "cm_nginx" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: - name: taiga-gateway + name: "${var.instance}-${var.component}-nginx" namespace: ${var.namespace} labels: ${jsonencode(local.common_labels)} data: default.conf: |- server { - listen 80 default_server; + listen 8080 default_server; client_max_body_size 100M; charset utf-8; # Frontend location / { - proxy_pass http://taiga-front/; + proxy_pass http://${kubectl_manifest.svc_front.name}/; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; @@ -127,7 +84,7 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" { # Api location /api { - proxy_pass http://taiga-back:8000/api; + proxy_pass http://${kubectl_manifest.svc_back.name}:8000/api; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; @@ -137,7 +94,7 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" { # Admin location /admin { - proxy_pass http://taiga-back:8000/admin; + proxy_pass http://${kubectl_manifest.svc_back.name}:8000/admin; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; @@ -169,13 +126,13 @@ resource "kubectl_manifest" "ConfigMap_taiga-gateway" { proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://taiga-protected:8003/; + proxy_pass http://${kubectl_manifest.svc_protected.name}:8003/; proxy_redirect off; } # Events location /events { - proxy_pass http://taiga-events:8888/events; + proxy_pass http://${kubectl_manifest.svc_events.name}:8888/events; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/apps/taiga/taiga_Job.tf b/apps/taiga/taiga_Job.tf index 8990e2b..5659189 100644 --- a/apps/taiga/taiga_Job.tf +++ b/apps/taiga/taiga_Job.tf @@ -3,18 +3,18 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" { apiVersion: batch/v1 kind: Job metadata: - name: taiga-createinitialtemplates - namespace: ${var.namespace} - labels: ${jsonencode(local.common_labels)} + name: "${var.instance}-${var.component}-post-config" + namespace: "${var.namespace}" + labels: ${jsonencode(local.postcfg_all_labels)} spec: template: spec: + restartPolicy: OnFailure containers: - - name: createinitialtemplates - image: docker.io/taigaio/taiga-back:latest - command: - - sh - - /scripts/createinitialtemplates.sh + - name: postconfig + image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" + imagePullPolicy: ${var.images.back.pull_policy} + command: ["/scripts/postconfig.py"] env: - name: POSTGRES_PASSWORD valueFrom: @@ -27,56 +27,13 @@ resource "kubectl_manifest" "Job_taiga-createinitialtemplates" { - configMapRef: name: ${kubectl_manifest.cm_env.name} volumeMounts: - - name: createinitialtemplates + - name: scripts mountPath: /scripts - restartPolicy: Never volumes: - - name: createinitialtemplates + - name: scripts configMap: - name: taiga-createinitialtemplates - defaultMode: '0744' + name: ${kubectl_manifest.cm_scripts.name} + defaultMode: '0755' backoffLimit: 4 EOF } - -resource "kubectl_manifest" "Job_taiga-createinitialuser" { - yaml_body = <<-EOF - apiVersion: batch/v1 - kind: Job - metadata: - name: taiga-createinitialuser - namespace: ${var.namespace} - labels: ${jsonencode(local.common_labels)} - spec: - template: - spec: - containers: - - name: createinitialuser - image: docker.io/taigaio/taiga-back:latest - command: - - sh - - /scripts/createinitialuser.sh - volumeMounts: - - name: createinitialuser - mountPath: /scripts - env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: ${var.instance}-${var.component}-pg-app - key: password - envFrom: - - secretRef: - name: ${kubectl_manifest.secret.name} - - configMapRef: - name: ${kubectl_manifest.cm_env.name} - restartPolicy: Never - volumes: - - name: createinitialuser - configMap: - name: taiga-createinitialuser - defaultMode: '0744' - backoffLimit: 4 -EOF -} - diff --git a/apps/taiga/taiga_PersistentVolumeClaim.tf b/apps/taiga/taiga_PersistentVolumeClaim.tf index 05c2c9f..2c33411 100644 --- a/apps/taiga/taiga_PersistentVolumeClaim.tf +++ b/apps/taiga/taiga_PersistentVolumeClaim.tf @@ -1,34 +1,28 @@ -resource "kubectl_manifest" "PersistentVolumeClaim_taiga-media" { - yaml_body = <<-EOF - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: taiga-media - labels: ${jsonencode(local.common_labels)} - namespace: ${var.namespace} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi -EOF +locals { + pvc_spec = merge({ + "accessModes" = [var.storage.volume.accessMode] + "volumeMode" = var.storage.volume.type + "resources" = { + "requests" = { + "storage" = "${var.storage.volume.size}" + } + } + }, var.storage.volume.class != "" ?{ + "storageClassName" = var.storage.volume.class + }:{}) } -resource "kubectl_manifest" "PersistentVolumeClaim_taiga-static" { +resource "kubectl_manifest" "pvc" { + ignore_fields = ["spec.resources.requests.storage"] yaml_body = <<-EOF - kind: PersistentVolumeClaim apiVersion: v1 + kind: PersistentVolumeClaim metadata: - name: taiga-static + name: "${var.component}-${var.instance}" + namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} - namespace: ${var.namespace} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi -EOF + annotations: + resize.kubesphere.io/storage_limit: "${var.storage.volume.maxSize}" + spec: ${jsonencode(local.pvc_spec)} + EOF } - diff --git a/apps/taiga/taiga_Service.tf b/apps/taiga/taiga_Service.tf index 7009f5d..03f205e 100644 --- a/apps/taiga/taiga_Service.tf +++ b/apps/taiga/taiga_Service.tf @@ -1,10 +1,76 @@ -resource "kubectl_manifest" "Service_taiga-back" { +locals { + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = (var.component == var.instance || var.component=="") ? var.instance : format("%s-%s", var.component, var.instance) + icon = "favicon.ico" +} + +module "service" { + source = "git::https://git.solidite.fr/vynil/kydah-modules.git//service?ref=0.3.0" + component = var.component + instance = var.instance + namespace = var.namespace + labels = local.common_labels + selector = local.back_labels + targets = ["http"] + providers = { + kubectl = kubectl + } +} + +module "ingress" { + source = "git::https://git.solidite.fr/vynil/kydah-modules.git//ingress?ref=0.3.0" + component = "" + instance = var.instance + namespace = var.namespace + issuer = var.issuer + ingress_class = var.ingress_class + labels = local.common_labels + dns_names = local.dns_names + services = [module.service.default_definition] + providers = { + kubectl = kubectl + } +} + +module "application" { + source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application?ref=0.3.0" + component = var.component + instance = var.instance + app_group = var.app_group + dns_name = local.dns_name + icon = local.icon + sub_groups = ["admin"] + protocol_provider = module.oauth2.provider-id + providers = { + authentik = authentik + } +} + +module "oauth2" { + source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2?ref=0.3.0" + component = var.component + instance = var.instance + namespace = var.namespace + domain = var.domain + labels = local.common_labels + dns_name = "${local.dns_name}/" + redirect_path = "" + providers = { + kubernetes = kubernetes + kubectl = kubectl + authentik = authentik + } +} + + +resource "kubectl_manifest" "svc_back" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: - name: taiga-back - labels: ${jsonencode(local.common-labels)} + name: "${var.instance}-${var.component}-back" + labels: ${jsonencode(local.back_all_labels)} namespace: ${var.namespace} spec: type: ClusterIP @@ -12,146 +78,20 @@ resource "kubectl_manifest" "Service_taiga-back" { - name: taiga-back port: 8000 targetPort: taiga-back - - name: taiga-gateway + - name: http port: 80 - targetPort: taiga-gateway - selector: - app.kubernetes.io/name: taiga-back - app.kubernetes.io/instance: taiga + targetPort: http + selector: ${jsonencode(local.back_labels)} EOF } -resource "kubectl_manifest" "Service_taiga-async-rabbitmq-headless" { +resource "kubectl_manifest" "svc_front" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: - name: taiga-async-rabbitmq-headless - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - clusterIP: None - ports: - - name: epmd - port: 4369 - targetPort: epmd - - name: amqp - port: 5672 - targetPort: amqp - - name: dist - port: 25672 - targetPort: dist - - name: http-stats - port: 15672 - targetPort: stats - selector: - app.kubernetes.io/name: async-rabbitmq - app.kubernetes.io/instance: taiga - publishNotReadyAddresses: true -EOF -} - -resource "kubectl_manifest" "Service_taiga-postgresql" { - yaml_body = <<-EOF - apiVersion: v1 - kind: Service - metadata: - name: taiga-postgresql - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - annotations: null - spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - nodePort: null - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: taiga - app.kubernetes.io/component: primary -EOF -} - -resource "kubectl_manifest" "Service_taiga-events" { - yaml_body = <<-EOF - apiVersion: v1 - kind: Service - metadata: - name: taiga-events - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - type: ClusterIP - ports: - - name: taiga-events - port: 8888 - targetPort: taiga-events - selector: - app.kubernetes.io/name: taiga-events - app.kubernetes.io/instance: taiga -EOF -} - -resource "kubectl_manifest" "Service_taiga-protected" { - yaml_body = <<-EOF - apiVersion: v1 - kind: Service - metadata: - name: taiga-protected - labels: ${jsonencode(local.common-labels)} - namespace: ${var.namespace} - spec: - type: ClusterIP - ports: - - name: taiga-protected - port: 8003 - targetPort: taiga-protected - selector: - app.kubernetes.io/name: taiga-protected - app.kubernetes.io/instance: taiga -EOF -} - -resource "kubectl_manifest" "Service_taiga-events-rabbitmq-headless" { - yaml_body = <<-EOF - apiVersion: v1 - kind: Service - metadata: - name: taiga-events-rabbitmq-headless - namespace: ${var.namespace} - labels: ${jsonencode(local.common-labels)} - spec: - clusterIP: None - ports: - - name: epmd - port: 4369 - targetPort: epmd - - name: amqp - port: 5672 - targetPort: amqp - - name: dist - port: 25672 - targetPort: dist - - name: http-stats - port: 15672 - targetPort: stats - selector: - app.kubernetes.io/name: events-rabbitmq - app.kubernetes.io/instance: taiga - publishNotReadyAddresses: true -EOF -} - -resource "kubectl_manifest" "Service_taiga-front" { - yaml_body = <<-EOF - apiVersion: v1 - kind: Service - metadata: - name: taiga-front - labels: ${jsonencode(local.common-labels)} + name: "${var.instance}-${var.component}-front" + labels: ${jsonencode(local.front_all_labels)} namespace: ${var.namespace} spec: type: ClusterIP @@ -159,120 +99,43 @@ resource "kubectl_manifest" "Service_taiga-front" { - name: taiga-front port: 80 targetPort: taiga-front - selector: - app.kubernetes.io/name: taiga-front - app.kubernetes.io/instance: taiga + selector: ${jsonencode(local.front_labels)} EOF } -resource "kubectl_manifest" "Service_taiga-gateway" { +resource "kubectl_manifest" "svc_events" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: - name: taiga-gateway - labels: ${jsonencode(local.common-labels)} + name: "${var.instance}-${var.component}-events" + labels: ${jsonencode(local.event_all_labels)} namespace: ${var.namespace} spec: type: ClusterIP ports: - - name: taiga-gateway - port: 80 - targetPort: taiga-gateway - selector: - app.kubernetes.io/name: taiga-back - app.kubernetes.io/instance: taiga + - name: taiga-events + port: 8888 + targetPort: taiga-events + selector: ${jsonencode(local.event_labels)} EOF } +resource "kubectl_manifest" "svc_protected" { + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: "${var.instance}-${var.component}-protected" + labels: ${jsonencode(local.protected_all_labels)} + namespace: ${var.namespace} + spec: + type: ClusterIP + ports: + - name: taiga-protected + port: 8003 + targetPort: taiga-protected + selector: ${jsonencode(local.protected_labels)} +EOF +} -# resource "kubectl_manifest" "Service_taiga-events-rabbitmq" { -# yaml_body = <<-EOF -# apiVersion: v1 -# kind: Service -# metadata: -# name: taiga-events-rabbitmq -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# spec: -# type: ClusterIP -# sessionAffinity: None -# ports: -# - name: amqp -# port: 5672 -# targetPort: amqp -# nodePort: null -# - name: epmd -# port: 4369 -# targetPort: epmd -# nodePort: null -# - name: dist -# port: 25672 -# targetPort: dist -# nodePort: null -# - name: http-stats -# port: 15672 -# targetPort: stats -# nodePort: null -# selector: -# app.kubernetes.io/name: events-rabbitmq -# app.kubernetes.io/instance: taiga -# EOF -# } - -# resource "kubectl_manifest" "Service_taiga-postgresql-hl" { -# yaml_body = <<-EOF -# apiVersion: v1 -# kind: Service -# metadata: -# name: taiga-postgresql-hl -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# spec: -# type: ClusterIP -# clusterIP: None -# publishNotReadyAddresses: true -# ports: -# - name: tcp-postgresql -# port: 5432 -# targetPort: tcp-postgresql -# selector: -# app.kubernetes.io/name: postgresql -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/component: primary -# EOF -# } - -# resource "kubectl_manifest" "Service_taiga-async-rabbitmq" { -# yaml_body = <<-EOF -# apiVersion: v1 -# kind: Service -# metadata: -# name: taiga-async-rabbitmq -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# spec: -# type: ClusterIP -# sessionAffinity: None -# ports: -# - name: amqp -# port: 5672 -# targetPort: amqp -# nodePort: null -# - name: epmd -# port: 4369 -# targetPort: epmd -# nodePort: null -# - name: dist -# port: 25672 -# targetPort: dist -# nodePort: null -# - name: http-stats -# port: 15672 -# targetPort: stats -# nodePort: null -# selector: -# app.kubernetes.io/name: async-rabbitmq -# app.kubernetes.io/instance: taiga -# EOF -# } diff --git a/apps/taiga/taiga_workload.tf b/apps/taiga/taiga_workload.tf index 72b13a7..a3e84c3 100644 --- a/apps/taiga/taiga_workload.tf +++ b/apps/taiga/taiga_workload.tf @@ -4,62 +4,59 @@ resource "kubectl_manifest" "Deployment_taiga-events" { kind: Deployment metadata: name: taiga-events - labels: ${jsonencode(local.common-labels)} + labels: ${jsonencode(local.event_all_labels)} namespace: ${var.namespace} spec: selector: - matchLabels: - app.kubernetes.io/name: taiga-events - app.kubernetes.io/instance: taiga + matchLabels: ${jsonencode(local.event_labels)} replicas: 1 template: metadata: - labels: - app.kubernetes.io/name: taiga-events - helm.sh/chart: taiga-0.0.11 - app.kubernetes.io/instance: taiga - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: taiga-events + labels: ${jsonencode(local.event_labels)} spec: - serviceAccountName: default containers: - name: taiga-events - image: docker.io/taigaio/taiga-events:latest - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + image: "${var.images.events.registry}/${var.images.events.repository}:${var.images.events.tag}" + imagePullPolicy: ${var.images.events.pull_policy} envFrom: - secretRef: name: ${kubectl_manifest.secret.name} env: + - name: TAIGA_EVENTS_RABBITMQ_HOST + value: ${kubectl_manifest.rabbit.name} - name: RABBITMQ_USER - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: username - name: RABBITMQ_PASS - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: password ports: - name: taiga-events containerPort: 8888 - livenessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 EOF } + # livenessProbe: + # httpGet: + # path: /admin/login/ + # port: 8000 + # initialDelaySeconds: 20 + # periodSeconds: 10 + # timeoutSeconds: 5 + # successThreshold: 1 + # failureThreshold: 3 + # readinessProbe: + # httpGet: + # path: /admin/login/ + # port: 8000 + # initialDelaySeconds: 5 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + # failureThreshold: 3 resource "kubectl_manifest" "Deployment_taiga-front" { yaml_body = <<-EOF @@ -67,55 +64,29 @@ resource "kubectl_manifest" "Deployment_taiga-front" { kind: Deployment metadata: name: taiga-front - labels: ${jsonencode(local.common-labels)} + labels: ${jsonencode(local.front_all_labels)} namespace: ${var.namespace} spec: selector: - matchLabels: - app.kubernetes.io/name: taiga-front - app.kubernetes.io/instance: taiga + matchLabels: ${jsonencode(local.front_labels)} replicas: 1 template: metadata: - labels: - app.kubernetes.io/name: taiga-front - helm.sh/chart: taiga-0.0.11 - app.kubernetes.io/instance: taiga - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: taiga-front + labels: ${jsonencode(local.front_labels)} spec: - serviceAccountName: default containers: - name: taiga-front - image: docker.io/taigaio/taiga-front:latest - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + image: "${var.images.front.registry}/${var.images.front.repository}:${var.images.front.tag}" + imagePullPolicy: ${var.images.front.pull_policy} + env: + - name: GITLAB_CLIENT_ID + value: gitlab-api-client-id envFrom: - configMapRef: name: ${kubectl_manifest.cm_env.name} ports: - name: taiga-front containerPort: 80 - livenessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 EOF } @@ -125,57 +96,31 @@ resource "kubectl_manifest" "Deployment_taiga-protected" { kind: Deployment metadata: name: taiga-protected - labels: ${jsonencode(local.common-labels)} + labels: ${jsonencode(local.protected_all_labels)} namespace: ${var.namespace} spec: selector: - matchLabels: - app.kubernetes.io/name: taiga-protected - app.kubernetes.io/instance: taiga + matchLabels: ${jsonencode(local.protected_labels)} replicas: 1 template: metadata: - labels: - app.kubernetes.io/name: taiga-protected - helm.sh/chart: taiga-0.0.11 - app.kubernetes.io/instance: taiga - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: taiga-protected + labels: ${jsonencode(local.protected_labels)} spec: - serviceAccountName: default containers: - name: taiga-protected - image: docker.io/taigaio/taiga-protected:latest - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + image: "${var.images.protected.registry}/${var.images.protected.repository}:${var.images.protected.tag}" + imagePullPolicy: ${var.images.protected.pull_policy} env: - name: SECRET_KEY - value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1 + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.secret.name} + key: TAIGA_SECRET_KEY - name: MAX_AGE value: '360' ports: - name: taiga-protected containerPort: 8003 - livenessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /admin/login/ - port: 8000 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 EOF } @@ -185,36 +130,39 @@ resource "kubectl_manifest" "Deployment_taiga-back" { kind: Deployment metadata: name: taiga-back - labels: ${jsonencode(local.common-labels)} + labels: ${jsonencode(local.back_all_labels)} namespace: ${var.namespace} spec: selector: - matchLabels: - app.kubernetes.io/name: taiga-back - app.kubernetes.io/instance: taiga + matchLabels: ${jsonencode(local.back_labels)} replicas: 1 template: metadata: - labels: - app.kubernetes.io/name: taiga-back - helm.sh/chart: taiga-0.0.11 - app.kubernetes.io/instance: taiga - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: taiga-back + labels: ${jsonencode(local.back_labels)} spec: - serviceAccountName: default containers: - name: taiga-back - image: docker.io/taigaio/taiga-back:latest - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" + imagePullPolicy: ${var.images.back.pull_policy} env: + - name: TAIGA_EVENTS_RABBITMQ_HOST + value: ${kubectl_manifest.rabbit.name} + - name: TAIGA_ASYNC_RABBITMQ_HOST + value: ${kubectl_manifest.rabbit.name} - name: RABBITMQ_USER - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: username - name: RABBITMQ_PASS - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: password + - name: GITLAB_API_CLIENT_ID + value: gitlab-api-client-id + - name: GITLAB_API_CLIENT_SECRET + value: gitlab-api-client-secret - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: @@ -228,9 +176,16 @@ resource "kubectl_manifest" "Deployment_taiga-back" { ports: - name: taiga-back containerPort: 8000 + volumeMounts: + - name: data + mountPath: /taiga-back/static + subPath: static + - name: data + mountPath: /taiga-back/media + subPath: media livenessProbe: httpGet: - path: /admin/login/ + path: /api/v1/ port: 8000 initialDelaySeconds: 20 periodSeconds: 10 @@ -239,31 +194,29 @@ resource "kubectl_manifest" "Deployment_taiga-back" { failureThreshold: 3 readinessProbe: httpGet: - path: /admin/login/ + path: /api/v1/ port: 8000 initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 - volumeMounts: - - name: taiga-static - mountPath: /taiga-back/static - - name: taiga-media - mountPath: /taiga-back/media - name: taiga-async - image: docker.io/taigaio/taiga-back:latest - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + image: "${var.images.back.registry}/${var.images.back.repository}:${var.images.back.tag}" + imagePullPolicy: ${var.images.back.pull_policy} command: - /taiga-back/docker/async_entrypoint.sh env: - name: RABBITMQ_USER - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: username - name: RABBITMQ_PASS - value: taiga + valueFrom: + secretKeyRef: + name: ${kubectl_manifest.rabbit.name}-default-user + key: password - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: @@ -275,569 +228,33 @@ resource "kubectl_manifest" "Deployment_taiga-back" { - configMapRef: name: ${kubectl_manifest.cm_env.name} volumeMounts: - - name: taiga-static + - name: data mountPath: /taiga-back/static - - name: taiga-media + subPath: static + - name: data mountPath: /taiga-back/media - - name: taiga-gateway - image: docker.io/nginx:1.19-alpine - imagePullPolicy: IfNotPresent - resources: - limits: {} - requests: {} + subPath: media + - name: nginx + image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}" + imagePullPolicy: ${var.images.nginx.pull_policy} ports: - - name: taiga-gateway - containerPort: 80 - livenessProbe: - httpGet: - path: /admin/login/ - port: 80 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 10 - readinessProbe: - httpGet: - path: /admin/login/ - port: 80 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 10 + - name: http + containerPort: 8080 volumeMounts: - - name: taiga-static + - name: data mountPath: /taiga/static - - name: taiga-media + subPath: static + - name: data mountPath: /taiga/media + subPath: media - name: taiga-conf mountPath: /etc/nginx/conf.d/ volumes: - - name: taiga-static + - name: data persistentVolumeClaim: - claimName: taiga-static - - name: taiga-media - persistentVolumeClaim: - claimName: taiga-media + claimName: ${kubectl_manifest.pvc.name} - name: taiga-conf configMap: - name: taiga-gateway + name: ${kubectl_manifest.cm_nginx.name} EOF } - -# resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" { -# yaml_body = <<-EOF -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: taiga-async-rabbitmq -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# spec: -# serviceName: taiga-async-rabbitmq-headless -# podManagementPolicy: OrderedReady -# replicas: 1 -# updateStrategy: -# type: RollingUpdate -# selector: -# matchLabels: -# app.kubernetes.io/name: async-rabbitmq -# app.kubernetes.io/instance: taiga -# template: -# metadata: -# labels: -# app.kubernetes.io/name: async-rabbitmq -# helm.sh/chart: async-rabbitmq-11.9.3 -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/managed-by: Helm -# annotations: -# checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0 -# checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329 -# spec: -# serviceAccountName: taiga-async-rabbitmq -# affinity: -# podAffinity: null -# podAntiAffinity: -# preferredDuringSchedulingIgnoredDuringExecution: -# - podAffinityTerm: -# labelSelector: -# matchLabels: -# app.kubernetes.io/name: async-rabbitmq -# app.kubernetes.io/instance: taiga -# topologyKey: kubernetes.io/hostname -# weight: 1 -# nodeAffinity: null -# securityContext: -# fsGroup: 1001 -# terminationGracePeriodSeconds: 120 -# initContainers: null -# containers: -# - name: rabbitmq -# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 -# imagePullPolicy: IfNotPresent -# securityContext: -# runAsNonRoot: true -# runAsUser: 1001 -# lifecycle: -# preStop: -# exec: -# command: -# - /bin/bash -# - -ec -# - | -# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then -# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" -# else -# rabbitmqctl stop_app -# fi -# env: -# - name: BITNAMI_DEBUG -# value: 'false' -# - name: MY_POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP -# - name: MY_POD_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.name -# - name: MY_POD_NAMESPACE -# valueFrom: -# fieldRef: -# fieldPath: metadata.namespace -# - name: K8S_SERVICE_NAME -# value: taiga-async-rabbitmq-headless -# - name: K8S_ADDRESS_TYPE -# value: hostname -# - name: RABBITMQ_FEATURE_FLAGS -# value: null -# - name: RABBITMQ_FORCE_BOOT -# value: no -# - name: RABBITMQ_NODE_NAME -# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local -# - name: K8S_HOSTNAME_SUFFIX -# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local -# - name: RABBITMQ_MNESIA_DIR -# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) -# - name: RABBITMQ_LDAP_ENABLE -# value: no -# - name: RABBITMQ_LOGS -# value: '-' -# - name: RABBITMQ_ULIMIT_NOFILES -# value: '65536' -# - name: RABBITMQ_USE_LONGNAME -# value: 'true' -# - name: RABBITMQ_ERL_COOKIE -# valueFrom: -# secretKeyRef: -# name: taiga-async-rabbitmq -# key: rabbitmq-erlang-cookie -# - name: RABBITMQ_LOAD_DEFINITIONS -# value: no -# - name: RABBITMQ_DEFINITIONS_FILE -# value: /app/load_definition.json -# - name: RABBITMQ_SECURE_PASSWORD -# value: yes -# - name: RABBITMQ_USERNAME -# value: taiga -# - name: RABBITMQ_PASSWORD -# valueFrom: -# secretKeyRef: -# name: taiga-async-rabbitmq -# key: rabbitmq-password -# - name: RABBITMQ_PLUGINS -# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap -# envFrom: null -# ports: -# - name: amqp -# containerPort: 5672 -# - name: dist -# containerPort: 25672 -# - name: stats -# containerPort: 15672 -# - name: epmd -# containerPort: 4369 -# livenessProbe: -# failureThreshold: 6 -# initialDelaySeconds: 120 -# periodSeconds: 30 -# successThreshold: 1 -# timeoutSeconds: 20 -# exec: -# command: -# - /bin/bash -# - -ec -# - rabbitmq-diagnostics -q ping -# readinessProbe: -# failureThreshold: 3 -# initialDelaySeconds: 10 -# periodSeconds: 30 -# successThreshold: 1 -# timeoutSeconds: 20 -# exec: -# command: -# - /bin/bash -# - -ec -# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms -# resources: -# limits: {} -# requests: {} -# volumeMounts: -# - name: configuration -# mountPath: /bitnami/rabbitmq/conf -# - name: data -# mountPath: /bitnami/rabbitmq/mnesia -# volumes: -# - name: configuration -# projected: -# sources: -# - secret: -# name: taiga-async-rabbitmq-config -# volumeClaimTemplates: -# - metadata: -# name: data -# labels: -# app.kubernetes.io/name: async-rabbitmq -# app.kubernetes.io/instance: taiga -# spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 8Gi -# EOF -# } - -# resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" { -# yaml_body = <<-EOF -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: taiga-events-rabbitmq -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# spec: -# serviceName: taiga-events-rabbitmq-headless -# podManagementPolicy: OrderedReady -# replicas: 1 -# updateStrategy: -# type: RollingUpdate -# selector: -# matchLabels: -# app.kubernetes.io/name: events-rabbitmq -# app.kubernetes.io/instance: taiga -# template: -# metadata: -# labels: -# app.kubernetes.io/name: events-rabbitmq -# helm.sh/chart: events-rabbitmq-11.9.3 -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/managed-by: Helm -# annotations: -# checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485 -# checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8 -# spec: -# serviceAccountName: taiga-events-rabbitmq -# affinity: -# podAffinity: null -# podAntiAffinity: -# preferredDuringSchedulingIgnoredDuringExecution: -# - podAffinityTerm: -# labelSelector: -# matchLabels: -# app.kubernetes.io/name: events-rabbitmq -# app.kubernetes.io/instance: taiga -# topologyKey: kubernetes.io/hostname -# weight: 1 -# nodeAffinity: null -# securityContext: -# fsGroup: 1001 -# terminationGracePeriodSeconds: 120 -# initContainers: null -# containers: -# - name: rabbitmq -# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1 -# imagePullPolicy: IfNotPresent -# securityContext: -# runAsNonRoot: true -# runAsUser: 1001 -# lifecycle: -# preStop: -# exec: -# command: -# - /bin/bash -# - -ec -# - | -# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then -# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false" -# else -# rabbitmqctl stop_app -# fi -# env: -# - name: BITNAMI_DEBUG -# value: 'false' -# - name: MY_POD_IP -# valueFrom: -# fieldRef: -# fieldPath: status.podIP -# - name: MY_POD_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.name -# - name: MY_POD_NAMESPACE -# valueFrom: -# fieldRef: -# fieldPath: metadata.namespace -# - name: K8S_SERVICE_NAME -# value: taiga-events-rabbitmq-headless -# - name: K8S_ADDRESS_TYPE -# value: hostname -# - name: RABBITMQ_FEATURE_FLAGS -# value: null -# - name: RABBITMQ_FORCE_BOOT -# value: no -# - name: RABBITMQ_NODE_NAME -# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local -# - name: K8S_HOSTNAME_SUFFIX -# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local -# - name: RABBITMQ_MNESIA_DIR -# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME) -# - name: RABBITMQ_LDAP_ENABLE -# value: no -# - name: RABBITMQ_LOGS -# value: '-' -# - name: RABBITMQ_ULIMIT_NOFILES -# value: '65536' -# - name: RABBITMQ_USE_LONGNAME -# value: 'true' -# - name: RABBITMQ_ERL_COOKIE -# valueFrom: -# secretKeyRef: -# name: taiga-events-rabbitmq -# key: rabbitmq-erlang-cookie -# - name: RABBITMQ_LOAD_DEFINITIONS -# value: no -# - name: RABBITMQ_DEFINITIONS_FILE -# value: /app/load_definition.json -# - name: RABBITMQ_SECURE_PASSWORD -# value: yes -# - name: RABBITMQ_USERNAME -# value: taiga -# - name: RABBITMQ_PASSWORD -# valueFrom: -# secretKeyRef: -# name: taiga-events-rabbitmq -# key: rabbitmq-password -# - name: RABBITMQ_PLUGINS -# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap -# envFrom: null -# ports: -# - name: amqp -# containerPort: 5672 -# - name: dist -# containerPort: 25672 -# - name: stats -# containerPort: 15672 -# - name: epmd -# containerPort: 4369 -# livenessProbe: -# failureThreshold: 6 -# initialDelaySeconds: 120 -# periodSeconds: 30 -# successThreshold: 1 -# timeoutSeconds: 20 -# exec: -# command: -# - /bin/bash -# - -ec -# - rabbitmq-diagnostics -q ping -# readinessProbe: -# failureThreshold: 3 -# initialDelaySeconds: 10 -# periodSeconds: 30 -# successThreshold: 1 -# timeoutSeconds: 20 -# exec: -# command: -# - /bin/bash -# - -ec -# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms -# resources: -# limits: {} -# requests: {} -# volumeMounts: -# - name: configuration -# mountPath: /bitnami/rabbitmq/conf -# - name: data -# mountPath: /bitnami/rabbitmq/mnesia -# volumes: -# - name: configuration -# projected: -# sources: -# - secret: -# name: taiga-events-rabbitmq-config -# volumeClaimTemplates: -# - metadata: -# name: data -# labels: -# app.kubernetes.io/name: events-rabbitmq -# app.kubernetes.io/instance: taiga -# spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 8Gi -# EOF -# } - -# resource "kubectl_manifest" "StatefulSet_taiga-postgresql" { -# yaml_body = <<-EOF -# apiVersion: apps/v1 -# kind: StatefulSet -# metadata: -# name: taiga-postgresql -# namespace: ${var.namespace} -# labels: ${jsonencode(local.common-labels)} -# annotations: null -# spec: -# replicas: 1 -# serviceName: taiga-postgresql-hl -# updateStrategy: -# rollingUpdate: {} -# type: RollingUpdate -# selector: -# matchLabels: -# app.kubernetes.io/name: postgresql -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/component: primary -# template: -# metadata: -# name: taiga-postgresql -# labels: -# app.kubernetes.io/name: postgresql -# helm.sh/chart: postgresql-11.6.26 -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/managed-by: Helm -# app.kubernetes.io/component: primary -# annotations: null -# spec: -# serviceAccountName: default -# affinity: -# podAffinity: null -# podAntiAffinity: -# preferredDuringSchedulingIgnoredDuringExecution: -# - podAffinityTerm: -# labelSelector: -# matchLabels: -# app.kubernetes.io/name: postgresql -# app.kubernetes.io/instance: taiga -# app.kubernetes.io/component: primary -# topologyKey: kubernetes.io/hostname -# weight: 1 -# nodeAffinity: null -# securityContext: -# fsGroup: 1001 -# hostNetwork: false -# hostIPC: false -# initContainers: null -# containers: -# - name: postgresql -# image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2 -# imagePullPolicy: IfNotPresent -# securityContext: -# runAsUser: 1001 -# env: -# - name: BITNAMI_DEBUG -# value: 'false' -# - name: POSTGRESQL_PORT_NUMBER -# value: '5432' -# - name: POSTGRESQL_VOLUME_DIR -# value: /bitnami/postgresql -# - name: PGDATA -# value: /bitnami/postgresql/data -# - name: POSTGRES_USER -# value: taiga -# - name: POSTGRES_POSTGRES_PASSWORD -# valueFrom: -# secretKeyRef: -# name: taiga-postgresql -# key: postgres-password -# - name: POSTGRES_PASSWORD -# valueFrom: -# secretKeyRef: -# name: taiga-postgresql -# key: password -# - name: POSTGRES_DB -# value: taiga -# - name: POSTGRESQL_ENABLE_LDAP -# value: no -# - name: POSTGRESQL_ENABLE_TLS -# value: no -# - name: POSTGRESQL_LOG_HOSTNAME -# value: 'false' -# - name: POSTGRESQL_LOG_CONNECTIONS -# value: 'false' -# - name: POSTGRESQL_LOG_DISCONNECTIONS -# value: 'false' -# - name: POSTGRESQL_PGAUDIT_LOG_CATALOG -# value: off -# - name: POSTGRESQL_CLIENT_MIN_MESSAGES -# value: error -# - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES -# value: pgaudit -# ports: -# - name: tcp-postgresql -# containerPort: 5432 -# livenessProbe: -# failureThreshold: 6 -# initialDelaySeconds: 30 -# periodSeconds: 10 -# successThreshold: 1 -# timeoutSeconds: 5 -# exec: -# command: -# - /bin/sh -# - -c -# - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 -# readinessProbe: -# failureThreshold: 6 -# initialDelaySeconds: 5 -# periodSeconds: 10 -# successThreshold: 1 -# timeoutSeconds: 5 -# exec: -# command: -# - /bin/sh -# - -c -# - -e -# - | -# exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432 -# [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] -# resources: -# limits: {} -# requests: -# cpu: 250m -# memory: 256Mi -# volumeMounts: -# - name: dshm -# mountPath: /dev/shm -# - name: data -# mountPath: /bitnami/postgresql -# volumes: -# - name: dshm -# emptyDir: -# medium: Memory -# volumeClaimTemplates: -# - metadata: -# name: data -# spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 8Gi -# EOF -# } -