locals { collabora-labels = merge(local.common_labels, { "app.kubernetes.io/component" = "collabora" }) } resource "kubectl_manifest" "collabora_deploy" { count = var.apps.collabora ? 1 : 0 yaml_body = <<-EOF kind: Deployment apiVersion: apps/v1 metadata: name: "${var.instance}-collabora" namespace: "${var.namespace}" labels: ${jsonencode(local.collabora-labels)} spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 selector: matchLabels: ${jsonencode(local.collabora-labels)} template: metadata: labels: ${jsonencode(local.collabora-labels)} annotations: prometheus.io/scrape: "true" prometheus.io/port: 9980 prometheus.io/path: "/cool/getMetrics" spec: containers: - name: collabora image: "${var.images.collabora.registry}/${var.images.collabora.repository}:${var.images.collabora.tag}" imagePullPolicy: "${var.images.collabora.pull_policy}" env: - name: aliasgroup1 value: "https://${local.dns_name}" - name: DONT_GEN_SSL_CERT value: "true" - name: extra_params value: | --o:ssl.enable=false --o:ssl.termination=true ports: - name: http containerPort: 9980 protocol: TCP livenessProbe: httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 120 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: / port: http scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 2 successThreshold: 1 failureThreshold: 3 securityContext: allowPrivilegeEscalation: true privileged: true capabilities: add: - MKNOD - SYS_ADMIN EOF }