locals { collabora-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "collabora" }) dns-collabora = "collabora.${local.dns-name}" collabora-middlewares = ["${var.instance}-https"] collabora-service = { "name" = "${var.instance}-collabora" "port" = { "number" = 80 } } collabora-rules = [ for v in [local.dns-collabora] : { "host" = "${v}" "http" = { "paths" = [{ "backend" = { "service" = local.collabora-service } "path" = "/" "pathType" = "Prefix" }] } }] } resource "kubectl_manifest" "collabora_deploy" { count = var.apps.collabora ? 1 : 0 yaml_body = <<-EOF kind: Deployment apiVersion: apps/v1 metadata: name: "${var.instance}-collabora" namespace: "${var.namespace}" labels: ${jsonencode(local.collabora-labels)} spec: replicas: 1 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 1 selector: matchLabels: ${jsonencode(local.collabora-labels)} template: metadata: labels: ${jsonencode(local.collabora-labels)} annotations: prometheus.io/scrape: "true" prometheus.io/port: 9980 prometheus.io/path: "/cool/getMetrics" spec: containers: - name: collabora image: "${var.images.collabora.registry}/${var.images.collabora.repository}:${var.images.collabora.tag}" imagePullPolicy: "${var.images.collabora.pullPolicy}" env: - name: aliasgroup1 value: "https://${local.dns-name}" - name: username value: vynil - name: DONT_GEN_SSL_CERT value: "true" - name: extra_params value: | --o:ssl.enable=false --o:ssl.termination=true - name: password valueFrom: secretKeyRef: name: ${var.component} key: collabora-password ports: - name: http containerPort: 9980 livenessProbe: httpGet: path: / port: http readinessProbe: httpGet: path: / port: http securitycontext: allowPrivilegeEscalation: true capabilities: add: - MKNOD EOF } resource "kubectl_manifest" "collabora_svc" { count = var.apps.collabora ? 1 : 0 yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: name: "${var.instance}-collabora" namespace: "${var.namespace}" labels: ${jsonencode(local.collabora-labels)} spec: type: ClusterIP ports: - port: 80 targetPort: 9980 protocol: TCP name: http selector: ${jsonencode(local.collabora-labels)} EOF } resource "kubectl_manifest" "collabora_certificate" { count = var.apps.collabora ? 1 : 0 yaml_body = <<-EOF apiVersion: "cert-manager.io/v1" kind: "Certificate" metadata: name: "${var.instance}-collabora" namespace: "${var.namespace}" labels: ${jsonencode(local.collabora-labels)} spec: secretName: "${var.instance}-collabora-cert" dnsNames: ${jsonencode(local.dns-collabora)} issuerRef: name: "${var.issuer}" kind: "ClusterIssuer" group: "cert-manager.io" EOF } resource "kubectl_manifest" "collabora_ing" { count = var.apps.collabora ? 1 : 0 yaml_body = <<-EOF apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "${var.instance}-collabora" namespace: "${var.namespace}" labels: ${jsonencode(local.collabora-labels)} annotations: "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.collabora-middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" spec: ingressClassName: "${var.ingress-class}" rules: ${jsonencode(local.collabora-rules)} tls: - hosts: ${jsonencode(local.dns-collabora)} secretName: "${var.instance}-collabora-cert" EOF }