From 568210e097e620ec6461a80b0d5d1045b7d73e8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Mon, 17 Jul 2023 21:23:16 +0200 Subject: [PATCH] adding missng tf files --- apps/nextcloud/datas.tf | 189 +++++++++++++++++++++++++++++++++++ apps/nextcloud/ingress.tf | 76 ++++++++++++++ apps/nextcloud/postgresql.tf | 31 ++++++ apps/nextcloud/redis.tf | 32 ++++++ apps/nextcloud/secret.tf | 21 ++++ 5 files changed, 349 insertions(+) create mode 100644 apps/nextcloud/datas.tf create mode 100644 apps/nextcloud/ingress.tf create mode 100644 apps/nextcloud/postgresql.tf create mode 100644 apps/nextcloud/redis.tf create mode 100644 apps/nextcloud/secret.tf diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf new file mode 100644 index 0000000..6ba751b --- /dev/null +++ b/apps/nextcloud/datas.tf @@ -0,0 +1,189 @@ +locals { + common-labels = { + "vynil.solidite.fr/owner-name" = var.instance + "vynil.solidite.fr/owner-namespace" = var.namespace + "vynil.solidite.fr/owner-category" = var.category + "vynil.solidite.fr/owner-component" = var.component + "app.kubernetes.io/managed-by" = "vynil" + "app.kubernetes.io/name" = var.component + "app.kubernetes.io/instance" = var.instance + } +} + +data "kustomization_overlay" "data" { + namespace = var.namespace + common_labels = local.common-labels + resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] + images { + name = "nextcloud" + new_name = "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}" + new_tag = "${var.images.nextcloud.tag}" + } + patches { + target { + kind = "Deployment" + name = "nextcloud" + } + patch = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: nextcloud + spec: + template: + spec: + containers: + - name: nextcloud + image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" + imagePullPolicy: "${var.images.nextcloud.pullPolicy}" + env: + - name: POSTGRES_HOST + value: "${var.instance}-${var.component}" + - name: POSTGRES_DB + value: "${var.component}" + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-username + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-password + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: nextcloud.kube.home + - name: REDIS_HOST + value: "${var.instance}-${var.component}-redis.${var.namespace}.svc" + - name: REDIS_HOST_PASSWORD + value: "" + resources: + {} + - name: nextcloud-cron + image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" + imagePullPolicy: "${var.images.nextcloud.pullPolicy}" + command: + - /cron.sh + env: + - name: POSTGRES_HOST + value: "${var.instance}-${var.component}" + - name: POSTGRES_DB + value: "${var.component}" + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-username + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-password + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: nextcloud.kube.home + - name: REDIS_HOST + value: "${var.instance}-${var.component}-redis.${var.namespace}.svc" + - name: REDIS_HOST_PASSWORD + value: "" + resources: + {} + - name: nextcloud-nginx + image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}" + imagePullPolicy: "${var.images.nginx.pullPolicy}" + resources: + {} + EOF + } + patches { + target { + kind = "Deployment" + name = "authentik-worker" + } + patch = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: nextcloud-metrics + spec: + template: + spec: + containers: + - name: metrics-exporter + image: "${var.images.exporter.registry}/${var.images.exporter.repository}:${var.images.exporter.tag}" + imagePullPolicy: "${var.images.exporter.pullPolicy}" + env: + - name: NEXTCLOUD_USERNAME + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-username + - name: NEXTCLOUD_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud + key: nextcloud-password + - name: NEXTCLOUD_SERVER + value: "https://${local.dns-name}" + - name: NEXTCLOUD_TIMEOUT + value: 5s + - name: NEXTCLOUD_TLS_SKIP_VERIFY + value: "false" + ports: + - name: metrics + containerPort: 9205 + securityContext: + runAsUser: 1000 + runAsNonRoot: true + EOF + } + patches { + target { + kind = "PersistentVolumeClaim" + name = "nextcloud-nextcloud" + } + patch = <<-EOF + kind: PersistentVolumeClaim + apiVersion: v1 + metadata: + name: nextcloud-nextcloud + spec: + accessModes: + - "${var.storage.accessMode}" + resources: + requests: + storage: "${var.storage.size}" + EOF + } + patches { + target { + kind = "HorizontalPodAutoscaler" + name = "nextcloud" + } + patch = <<-EOF + apiVersion: autoscaling/v1 + kind: HorizontalPodAutoscaler + metadata: + name: nextcloud + spec: + minReplicas: ${var.hpa.min-replicas} + maxReplicas: ${var.hpa.max-replicas} + targetCPUUtilizationPercentage: ${var.hpa.avg-cpu} + EOF + } +} diff --git a/apps/nextcloud/ingress.tf b/apps/nextcloud/ingress.tf new file mode 100644 index 0000000..4040793 --- /dev/null +++ b/apps/nextcloud/ingress.tf @@ -0,0 +1,76 @@ +locals { + dns-name = "${var.sub-domain}.${var.domain-name}" + dns-names = [local.dns-name] + middlewares = ["${var.instance}-https"] + service = { + "name" = "${var.component}" + "port" = { + "number" = 80 + } + } + rules = [ for v in local.dns-names : { + "host" = "${v}" + "http" = { + "paths" = [{ + "backend" = { + "service" = local.service + } + "path" = "/" + "pathType" = "Prefix" + }] + } + }] +} + +resource "kubectl_manifest" "prj_certificate" { + yaml_body = <<-EOF + apiVersion: "cert-manager.io/v1" + kind: "Certificate" + metadata: + name: "${var.instance}" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + secretName: "${var.instance}-cert" + dnsNames: ${jsonencode(local.dns-names)} + issuerRef: + name: "${var.issuer}" + kind: "ClusterIssuer" + group: "cert-manager.io" + EOF +} + +resource "kubectl_manifest" "prj_https_redirect" { + yaml_body = <<-EOF + apiVersion: "traefik.containo.us/v1alpha1" + kind: "Middleware" + metadata: + name: "${var.instance}-https" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + redirectScheme: + scheme: "https" + permanent: true + EOF +} + +resource "kubectl_manifest" "prj_ingress" { + force_conflicts = true + yaml_body = <<-EOF + apiVersion: "networking.k8s.io/v1" + kind: "Ingress" + metadata: + name: "${var.instance}" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + annotations: + "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" + spec: + ingressClassName: "${var.ingress-class}" + rules: ${jsonencode(local.rules)} + tls: + - hosts: ${jsonencode(local.dns-names)} + secretName: "${var.instance}-cert" + EOF +} diff --git a/apps/nextcloud/postgresql.tf b/apps/nextcloud/postgresql.tf new file mode 100644 index 0000000..eb9c3a2 --- /dev/null +++ b/apps/nextcloud/postgresql.tf @@ -0,0 +1,31 @@ +locals { + pg-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "postgresql" + }) +} +resource "kubectl_manifest" "dolibarr_postgresql" { + yaml_body = <<-EOF + apiVersion: "acid.zalan.do/v1" + kind: "postgresql" + metadata: + name: "${var.instance}-${var.component}" + namespace: "${var.namespace}" + labels: ${jsonencode(local.pg-labels)} + spec: + databases: + ${var.component}: "${var.component}" + numberOfInstances: ${var.postgres.replicas} + podAnnotations: + "k8up.io/backupcommand": "pg_dump -U postgres -d ${var.component} --clean" + "k8up.io/file-extension": ".sql" + postgresql: + version: "${var.postgres.version}" + teamId: "${var.instance}" + users: + ${var.component}: + - "superuser" + - "createdb" + volume: + size: "${var.postgres.storage}" + EOF +} diff --git a/apps/nextcloud/redis.tf b/apps/nextcloud/redis.tf new file mode 100644 index 0000000..648115f --- /dev/null +++ b/apps/nextcloud/redis.tf @@ -0,0 +1,32 @@ +locals { + redis-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "redis" + }) +} +resource "kubectl_manifest" "dolibarr_redis" { + yaml_body = <<-EOF + apiVersion: "redis.redis.opstreelabs.in/v1beta1" + kind: "Redis" + metadata: + name: "${var.instance}-${var.component}-redis" + namespace: "${var.namespace}" + labels: ${jsonencode(local.redis-labels)} + spec: + kubernetesConfig: + image: "${var.redis.image}" + imagePullPolicy: "IfNotPresent" + storage: + volumeClaimTemplate: + spec: + accessModes: ["ReadWriteOnce"] + resources: + requests: + storage: "${var.redis.storage}" + redisExporter: + enabled: ${var.redis.exporter.enabled} + image: "${var.redis.exporter.image}" + securityContext: + runAsUser: 1000 + fsGroup: 1000 + EOF +} diff --git a/apps/nextcloud/secret.tf b/apps/nextcloud/secret.tf new file mode 100644 index 0000000..5cb6064 --- /dev/null +++ b/apps/nextcloud/secret.tf @@ -0,0 +1,21 @@ + +resource "kubectl_manifest" "gitea_secret" { + ignore_fields = ["metadata.annotations"] + yaml_body = <<-EOF + apiVersion: "secretgenerator.mittwald.de/v1alpha1" + kind: "StringSecret" + metadata: + name: "nextcloud" + namespace: "${var.namespace}" + labels: ${jsonencode(local.common-labels)} + spec: + forceRegenerate: false + data: + nextcloud-username: "${var.admin.name}" + fields: + - fieldName: "nextcloud-password" + length: "32" + - fieldName: "nextcloud-token" + length: "32" + EOF +}