resource "kubectl_manifest" "cm_env_back" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-back" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: POSTGRES_DB: ${var.component} POSTGRES_USER: ${var.component} POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc TAIGA_URL: https://${local.dns_name} TAIGA_SITES_DOMAIN: ${local.dns_name} TAIGA_SITES_SCHEME: https TAIGA_ASYNC_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name} TAIGA_EVENTS_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name} SESSION_COOKIE_SECURE: "False" CSRF_COOKIE_SECURE: "False" ENABLE_TELEMETRY: "False" PUBLIC_REGISTER_ENABLED: "True" ENABLE_GITHUB_AUTH: "False" ENABLE_GITLAB_AUTH: "True" ENABLE_SLACK: "False" ENABLE_GITHUB_IMPORTER: "False" ENABLE_JIRA_IMPORTER: "False" ENABLE_TRELLO_IMPORTER: "False" OPENID_CONNECT_SCOPES: "openid email profile" GITLAB_URL: "${module.oauth2.sso_configuration_url}" EOF } resource "kubectl_manifest" "cm_events" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-events" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: start.sh: |- #!/bin/sh envsubst < /var/lib/env.template > /taiga-events/.env chown -R taiga:taiga /taiga-events exec su-exec taiga npm run start:production env.template: |- RABBITMQ_URL="amqp://$${RABBITMQ_USER}:$${RABBITMQ_PASS}@$${TAIGA_EVENTS_RABBITMQ_HOST}:5672/taiga" SECRET="$${TAIGA_SECRET_KEY}" WEB_SOCKET_SERVER_PORT=8888 APP_PORT=3023 EOF } resource "kubectl_manifest" "cm_env_front" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-front" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: TAIGA_URL: https://${local.dns_name} TAIGA_SITES_DOMAIN: ${local.dns_name} TAIGA_SITES_SCHEME: https SESSION_COOKIE_SECURE: "false" CSRF_COOKIE_SECURE: "false" ENABLE_TELEMETRY: "false" PUBLIC_REGISTER_ENABLED: "true" ENABLE_GITHUB_AUTH: "false" ENABLE_GITLAB_AUTH: "true" ENABLE_SLACK: "false" ENABLE_GITHUB_IMPORTER: "false" ENABLE_JIRA_IMPORTER: "false" ENABLE_TRELLO_IMPORTER: "false" OPENID_CONNECT_SCOPES: "openid email profile" GITLAB_URL: "${module.oauth2.sso_configuration_url}" EOF } # awk '/taiga-events-rabbitmq/||/taiga-async-rabbitmq/' < /taiga-back/settings/config.py # EVENTS_PUSH_BACKEND_URL = f"amqp://{ os.getenv('RABBITMQ_USER') }:{ os.getenv('RABBITMQ_PASS') }@taiga-events-rabbitmq:5672/taiga" # CELERY_BROKER_URL = f"amqp://{ os.getenv('RABBITMQ_USER') }:{ os.getenv('RABBITMQ_PASS') }@taiga-async-rabbitmq:5672/taiga" resource "kubectl_manifest" "cm_scripts" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-scripts" labels: ${jsonencode(local.postcfg_all_labels)} namespace: ${var.namespace} data: back_entrypoint.sh: |- #!/usr/bin/env bash set -euo pipefail python manage.py migrate python manage.py loaddata initial_project_templates if [ -f /etc/local-ca/ca.crt ];then cp /etc/local-ca/ca.crt /usr/local/share/ca-certificates/ /usr/sbin/update-ca-certificates fi chown -R taiga:taiga /taiga-back sed -i "s/taiga-events-rabbitmq/{ os.getenv('TAIGA_EVENTS_RABBITMQ_HOST') }/;s/taiga-async-rabbitmq/{ os.getenv('TAIGA_ASYNC_RABBITMQ_HOST') }/" /taiga-back/settings/config.py echo Starting Taiga API... exec gosu taiga gunicorn taiga.wsgi:application \ --name taiga_api \ --bind 0.0.0.0:8000 \ --workers 3 \ --worker-tmp-dir /dev/shm \ --log-level=info \ --access-logfile - \ "$@" async_entrypoint.sh: |- #!/usr/bin/env bash set -euo pipefail chown -R taiga:taiga /taiga-back if [ -f /etc/local-ca/ca.crt ];then cp /etc/local-ca/ca.crt /usr/local/share/ca-certificates/ /usr/sbin/update-ca-certificates fi sed -i "s/taiga-events-rabbitmq/{ os.getenv('TAIGA_EVENTS_RABBITMQ_HOST') }/;s/taiga-async-rabbitmq/{ os.getenv('TAIGA_ASYNC_RABBITMQ_HOST') }/" /taiga-back/settings/config.py echo Starting Celery... exec gosu taiga celery -A taiga.celery worker -B \ --concurrency 4 \ -l INFO \ "$@" postconfig.py: |- #!/usr/bin/env python import time import requests import subprocess print('Waiting for backend ...') while requests.get('http://${kubectl_manifest.svc_back.name}/api/v1/').status_code != 200: print('...') time.sleep(2) if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5: print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates'])) if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1: print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back')) EOF } resource "kubectl_manifest" "cm_nginx" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-nginx" namespace: ${var.namespace} labels: ${jsonencode(local.common_labels)} data: default.conf: |- server { listen 8080 default_server; client_max_body_size 100M; charset utf-8; # Frontend location / { proxy_pass http://${kubectl_manifest.svc_front.name}/; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Api location /api { proxy_pass http://${kubectl_manifest.svc_back.name}:8000/api; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Admin location /admin { proxy_pass http://${kubectl_manifest.svc_back.name}:8000/admin; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Static location /static { root /taiga; } # Media location /_protected { internal; alias /taiga/media/; add_header Content-disposition "attachment"; } # Unprotected section location /media/exports { alias /taiga/media/exports/; add_header Content-disposition "attachment"; } location /media { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://${kubectl_manifest.svc_protected.name}:8003/; proxy_redirect off; } # Events location /events { proxy_pass http://${kubectl_manifest.svc_events.name}:8888/events; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } } EOF }