locals { common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-category" = var.category "vynil.solidite.fr/owner-component" = var.component "app.kubernetes.io/managed-by" = "vynil" "app.kubernetes.io/name" = var.component "app.kubernetes.io/instance" = var.instance } } data "kustomization_overlay" "data" { namespace = var.namespace common_labels = local.common-labels resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] images { name = "nextcloud" new_name = "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}" new_tag = "${var.images.nextcloud.tag}" } patches { target { kind = "Deployment" name = "nextcloud" } patch = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud spec: template: spec: containers: - name: nextcloud image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" imagePullPolicy: "${var.images.nextcloud.pullPolicy}" env: - name: POSTGRES_HOST value: "${var.instance}-${var.component}" - name: POSTGRES_DB value: "${var.component}" - name: POSTGRES_USER valueFrom: secretKeyRef: name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud key: nextcloud-username - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud key: nextcloud-password - name: NEXTCLOUD_TRUSTED_DOMAINS value: nextcloud.kube.home - name: REDIS_HOST value: "${var.instance}-${var.component}-redis.${var.namespace}.svc" - name: REDIS_HOST_PASSWORD value: "" resources: {} - name: nextcloud-nginx image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}" imagePullPolicy: "${var.images.nginx.pullPolicy}" resources: {} EOF } patches { target { kind = "Deployment" name = "authentik-worker" } patch = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud-metrics spec: template: spec: containers: - name: metrics-exporter image: "${var.images.exporter.registry}/${var.images.exporter.repository}:${var.images.exporter.tag}" imagePullPolicy: "${var.images.exporter.pullPolicy}" env: - name: NEXTCLOUD_USERNAME valueFrom: secretKeyRef: name: nextcloud key: nextcloud-username - name: NEXTCLOUD_PASSWORD valueFrom: secretKeyRef: name: nextcloud key: nextcloud-password - name: NEXTCLOUD_SERVER value: "https://${local.dns-name}" - name: NEXTCLOUD_TIMEOUT value: 5s - name: NEXTCLOUD_TLS_SKIP_VERIFY value: "false" ports: - name: metrics containerPort: 9205 securityContext: runAsUser: 1000 runAsNonRoot: true EOF } patches { target { kind = "PersistentVolumeClaim" name = "nextcloud-nextcloud" } patch = <<-EOF kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nextcloud-nextcloud spec: accessModes: - "${var.storage.accessMode}" resources: requests: storage: "${var.storage.size}" EOF } patches { target { kind = "HorizontalPodAutoscaler" name = "nextcloud" } patch = <<-EOF apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: nextcloud spec: minReplicas: ${var.hpa.min-replicas} maxReplicas: ${var.hpa.max-replicas} targetCPUUtilizationPercentage: ${var.hpa.avg-cpu} EOF } }