fix

2024-05-25 14:21:14 +02:00
parent 57954c4192
commit f2dd6e76b9
13 changed files with 2098 additions and 0 deletions
--- a/apps/sonar/sonar_Job.tf
+++ b/apps/sonar/sonar_Job.tf
@@ -0,0 +1,49 @@
+resource "kubectl_manifest" "post_install_job" {
+  yaml_body  = <<-EOF
+    apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: "${var.instance}-${var.component}-post-config"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          initContainers:
+          - name: wait-for-svc
+            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
+            imagePullPolicy: ${var.images.sonar.pull_policy}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 0
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+            command: ["/bin/bash", "-c"]
+            args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${module.service.name}/80) && exit 0; sleep 2;done; exit 1"]
+          containers:
+          - name: post-config
+            image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}"
+            imagePullPolicy: ${var.images.sonar.pull_policy}
+            command: ["/bin/bash", "-cx"]
+            args:
+            - >-
+              curl -v -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
+            envFrom:
+            - secretRef:
+                name: ${kubectl_manifest.secret.name}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop: ["ALL"]
+              runAsGroup: 1000
+              runAsNonRoot: true
+              runAsUser: 1000
+              seccompProfile:
+                type: RuntimeDefault
+  EOF
+}
--- a/apps/sonar/sonar_Secret.tf
+++ b/apps/sonar/sonar_Secret.tf
@@ -2,6 +2,10 @@ resource "random_password" "system" {
  length           = 16
  special          = false
 }
+resource "random_password" "admin" {
+  length           = 16
+  special          = false
+}

 resource "kubectl_manifest" "secret" {
  yaml_body  = <<-EOF
@@ -14,5 +18,6 @@ resource "kubectl_manifest" "secret" {
    type: Opaque
    stringData:
      SONAR_WEB_SYSTEMPASSCODE: "${random_password.system.result}"
+      ADMIN_PASSWORD: "${random_password.admin.result}"
 EOF
 }