fix
This commit is contained in:
187
share/authentik/authentik_workload.tf
Normal file
187
share/authentik/authentik_workload.tf
Normal file
@@ -0,0 +1,187 @@
|
||||
resource "kubectl_manifest" "Deployment_server" {
|
||||
yaml_body = join("", concat([<<EOF
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: "${var.instance}-${var.component}-server"
|
||||
namespace: ${var.namespace}
|
||||
labels: ${jsonencode(local.server_all_labels)}
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: "${(var.customisation.configmap_name!="" && (var.customisation.use_icon_left || var.customisation.use_custom_css))?"${kubectl_manifest.cm.name},${var.customisation.configmap_name}":"${kubectl_manifest.cm.name}"}"
|
||||
secret.reloader.stakater.com/reload: "${kubectl_manifest.authentik_secret.name}"
|
||||
spec:
|
||||
revisionHistoryLimit: 3
|
||||
selector:
|
||||
matchLabels: ${jsonencode(local.server_labels)}
|
||||
template:
|
||||
metadata:
|
||||
labels: ${jsonencode(local.server_labels)}
|
||||
annotations:
|
||||
prometheus.io/port: '9300'
|
||||
prometheus.io/scrape: 'true'
|
||||
spec:
|
||||
terminationGracePeriodSeconds: 30
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 100
|
||||
podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels: ${jsonencode(local.server_labels)}
|
||||
topologyKey: kubernetes.io/hostname
|
||||
enableServiceLinks: true
|
||||
containers:
|
||||
- name: server
|
||||
image: "${var.images.app.registry}/${var.images.app.repository}:${var.images.app.tag}"
|
||||
imagePullPolicy: ${var.images.app.pull_policy}
|
||||
args:
|
||||
- server
|
||||
env:
|
||||
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ${var.instance}-${var.component}-pg-app
|
||||
key: password
|
||||
- name: AUTHENTIK_LISTEN__HTTP
|
||||
value: 0.0.0.0:9000
|
||||
- name: AUTHENTIK_LISTEN__HTTPS
|
||||
value: 0.0.0.0:9443
|
||||
- name: AUTHENTIK_LISTEN__METRICS
|
||||
value: 0.0.0.0:9300
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "${kubectl_manifest.cm.name}"
|
||||
- secretRef:
|
||||
name: "${kubectl_manifest.authentik_secret.name}"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: metrics
|
||||
containerPort: 9300
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /-/health/live/
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /-/health/ready/
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
startupProbe:
|
||||
failureThreshold: 60
|
||||
httpGet:
|
||||
path: /-/health/live/
|
||||
port: http
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources: {}
|
||||
EOF
|
||||
], var.customisation.configmap_name!="" && var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
|
||||
volumeMounts:
|
||||
- name: custom-css
|
||||
mountPath: /web/dist/custom.css
|
||||
subPath: custom.css
|
||||
- name: custom-left
|
||||
mountPath: /web/dist/assets/icons/icon_left_brand.svg
|
||||
subPath: icon_left_brand.svg
|
||||
volumes:
|
||||
- name: custom-css
|
||||
configMap:
|
||||
name: "${var.customisation.configmap_name}"
|
||||
items:
|
||||
- key: custom.css
|
||||
path: custom.css
|
||||
- name: custom-left
|
||||
configMap:
|
||||
name: "${var.customisation.configmap_name}"
|
||||
items:
|
||||
- key: icon_left_brand.svg
|
||||
path: icon_left_brand.svg
|
||||
EOF
|
||||
]
|
||||
:var.customisation.configmap_name!="" && var.customisation.use_icon_left && !var.customisation.use_custom_css?[<<EOF
|
||||
volumeMounts:
|
||||
- name: custom-left
|
||||
mountPath: /web/dist/assets/icons/icon_left_brand.svg
|
||||
subPath: icon_left_brand.svg
|
||||
volumes:
|
||||
- name: custom-left
|
||||
configMap:
|
||||
name: "${var.customisation.configmap_name}"
|
||||
items:
|
||||
- key: icon_left_brand.svg
|
||||
path: icon_left_brand.svg
|
||||
EOF
|
||||
]
|
||||
:var.customisation.configmap_name!="" && !var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
|
||||
volumeMounts:
|
||||
- name: custom-css
|
||||
mountPath: /web/dist/custom.css
|
||||
subPath: custom.css
|
||||
volumes:
|
||||
- name: custom-css
|
||||
configMap:
|
||||
name: "${var.customisation.configmap_name}"
|
||||
items:
|
||||
- key: custom.css
|
||||
path: custom.css
|
||||
EOF
|
||||
]
|
||||
:[""] ))
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "HorizontalPodAutoscaler_authentik-server" {
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: autoscaling/v2
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: ${kubectl_manifest.Deployment_server.name}
|
||||
namespace: ${var.namespace}
|
||||
labels: ${jsonencode(local.server_all_labels)}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: ${kubectl_manifest.Deployment_server.name}
|
||||
minReplicas: 1
|
||||
maxReplicas: 5
|
||||
metrics:
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
target:
|
||||
type: Utilization
|
||||
averageUtilization: 50
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "PodDisruptionBudget_authentik-server" {
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: ${kubectl_manifest.Deployment_server.name}
|
||||
namespace: ${var.namespace}
|
||||
labels: ${jsonencode(local.server_all_labels)}
|
||||
spec:
|
||||
minAvailable: 0
|
||||
selector:
|
||||
matchLabels: ${jsonencode(local.server_labels)}
|
||||
EOF
|
||||
}
|
||||
Reference in New Issue
Block a user