resource "kubectl_manifest" "cm_env_back" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-back" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: POSTGRES_DB: ${var.component} POSTGRES_USER: ${var.component} POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc TAIGA_URL: https://${local.dns_name} TAIGA_SITES_DOMAIN: ${local.dns_name} TAIGA_SITES_SCHEME: https TAIGA_ASYNC_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name} TAIGA_EVENTS_RABBITMQ_HOST: ${kubectl_manifest.rabbit.name} CELERY_TIMEZONE: "${var.timezone}" LANGUAGE_CODE: "${var.lang}" ENABLE_TELEMETRY: "False" PUBLIC_REGISTER_ENABLED: "${var.enable_registration?"True":"False"}" ENABLE_OPENID: "True" OPENID_SCOPE: "openid email profile" OPENID_TOKEN_URL: "${module.oauth2.sso_token_url}" OPENID_USER_URL: "${module.oauth2.sso_userinfo_url}" WEBHOOKS_ALLOW_PRIVATE_ADDRESS: "${var.webhook.allow_private_addr?"True":"False"}" WEBHOOKS_ALLOW_REDIRECTS: "${var.webhook.allow_private_addr?"True":"False"}" DJANGO_SUPERUSER_USERNAME: "admin" DJANGO_SUPERUSER_EMAIL: "admin@${var.domain_name}" EOF } resource "kubectl_manifest" "cm_env_front" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-front" labels: ${jsonencode(local.common_labels)} namespace: ${var.namespace} data: TAIGA_URL: https://${local.dns_name} TAIGA_SITES_DOMAIN: ${local.dns_name} TAIGA_SITES_SCHEME: https ENABLE_TELEMETRY: "false" PUBLIC_REGISTER_ENABLED: "${jsonencode(var.enable_registration)}" ENABLE_GITHUB_AUTH: "false" ENABLE_GITLAB_AUTH: "false" ENABLE_SLACK: "false" ENABLE_GITHUB_IMPORTER: "false" ENABLE_JIRA_IMPORTER: "false" ENABLE_TRELLO_IMPORTER: "false" ENABLE_OIDC_AUTH: "false" ENABLE_OPENID_AUTH: "true" OPENID_URL: "${module.oauth2.sso_authorize_url}" OPENID_SCOPE: "openid email profile" OPENID_NAME: "${var.domain_name}" EOF } resource "kubectl_manifest" "cm_scripts" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-scripts" labels: ${jsonencode(local.postcfg_all_labels)} namespace: ${var.namespace} data: certs.sh: |- #!/usr/bin/env bash if [ -f /etc/local-ca/ca.crt ];then export REQUESTS_CA_BUNDLE=/etc/local-ca/ca.crt else export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt fi postconfig.sh: |- #!/usr/bin/env bash export PATH="/opt/venv/bin/:$PATH" TAIGA_URL="http://${module.service.name}" TAIGA_SITES_DOMAIN="${module.service.name}" TAIGA_SITES_SCHEME=http DIRNAME=$(dirname $0) . $DIRNAME/certs.sh sleep 5 if ! python 'manage.py' 'dumpdata' users.user|grep -q '"is_superuser": true';then python manage.py createsuperuser --noinput fi if [ $(python manage.py dumpdata projects.projecttemplate|wc -c) -lt 1000 ];then python manage.py loaddata initial_project_templates fi EOF } resource "kubectl_manifest" "cm_nginx" { yaml_body = <<-EOF apiVersion: v1 kind: ConfigMap metadata: name: "${var.instance}-${var.component}-nginx" namespace: ${var.namespace} labels: ${jsonencode(local.common_labels)} data: default.conf: |- server { listen 8080 default_server; client_max_body_size 100M; charset utf-8; # Frontend location / { proxy_pass http://${kubectl_manifest.svc_front.name}/; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Api location /api { proxy_pass http://${kubectl_manifest.svc_back.name}:8000/api; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Admin location /admin { proxy_pass http://${kubectl_manifest.svc_back.name}:8000/admin; proxy_pass_header Server; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; } # Static location /static { root /taiga; } # Media location /_protected { internal; alias /taiga/media/; add_header Content-disposition "attachment"; } # Unprotected section location /media/exports { alias /taiga/media/exports/; add_header Content-disposition "attachment"; } location /media { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://${kubectl_manifest.svc_protected.name}:8003/; proxy_redirect off; } # Events location /events { proxy_pass http://${kubectl_manifest.svc_events.name}:8888/events; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; } } EOF }