locals { dns-name = "${var.sub-domain}.${var.domain-name}" common-labels = { "vynil.solidite.fr/owner-name" = var.instance "vynil.solidite.fr/owner-namespace" = var.namespace "vynil.solidite.fr/owner-category" = var.category "vynil.solidite.fr/owner-component" = var.component "app.kubernetes.io/managed-by" = "vynil" "app.kubernetes.io/name" = var.component "app.kubernetes.io/instance" = var.instance } } data "kustomization_overlay" "data" { namespace = var.namespace common_labels = local.common-labels resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"] images { name = "nextcloud" new_name = "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}" new_tag = "${var.images.nextcloud.tag}" } patches { target { kind = "Deployment" name = "nextcloud" } patch = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud spec: template: spec: volumes: - name: certs secret: secretName: "${var.instance}-cert" containers: - name: nextcloud image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" imagePullPolicy: "${var.images.nextcloud.pullPolicy}" env: - name: POSTGRES_HOST value: "${var.instance}-${var.component}" - name: POSTGRES_DB value: "${var.component}" - name: POSTGRES_USER valueFrom: secretKeyRef: name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: "${var.component}.${var.instance}-${var.component}.credentials.postgresql.acid.zalan.do" - name: NEXTCLOUD_TRUSTED_DOMAINS value: "${local.dns-name}" - name: REDIS_HOST value: "${var.instance}-${var.component}-redis.${var.namespace}.svc" - name: REDIS_HOST_PORT value: "6379" resources: {} volumeMounts: - name: certs mountPath: /etc/local-ca readOnly: true - name: nextcloud-nginx image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}" imagePullPolicy: "${var.images.nginx.pullPolicy}" resources: {} readinessProbe: httpGet: httpHeaders: - name: Host value: "${local.dns-name}" livenessProbe: httpGet: httpHeaders: - name: Host value: "${local.dns-name}" EOF } patches { target { kind = "Deployment" name = "authentik-worker" } patch = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud-metrics spec: template: spec: containers: - name: metrics-exporter image: "${var.images.exporter.registry}/${var.images.exporter.repository}:${var.images.exporter.tag}" imagePullPolicy: "${var.images.exporter.pullPolicy}" env: - name: NEXTCLOUD_SERVER value: "https://${local.dns-name}" - name: NEXTCLOUD_TLS_SKIP_VERIFY value: "${var.issuer=="letsencrypt-prod"?"false":"true"}" EOF } patches { target { kind = "PersistentVolumeClaim" name = "nextcloud-nextcloud" } patch = <<-EOF kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nextcloud-nextcloud annotations: k8up.io/backup: "true" spec: accessModes: - "${var.storage.accessMode}" resources: requests: storage: "${var.storage.size}" EOF } patches { target { kind = "HorizontalPodAutoscaler" name = "nextcloud" } patch = <<-EOF apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: nextcloud spec: minReplicas: ${var.hpa.min-replicas} maxReplicas: ${var.hpa.max-replicas} targetCPUUtilizationPercentage: ${var.hpa.avg-cpu} EOF } }