188 lines
6.2 KiB
HCL
188 lines
6.2 KiB
HCL
resource "kubectl_manifest" "Deployment_server" {
|
|
yaml_body = join("", concat([<<EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "${var.instance}-${var.component}-server"
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.server_all_labels)}
|
|
annotations:
|
|
configmap.reloader.stakater.com/reload: "${(var.customisation.configmap_name!="" && (var.customisation.use_icon_left || var.customisation.use_custom_css))?"${kubectl_manifest.cm.name},${var.customisation.configmap_name}":"${kubectl_manifest.cm.name}"}"
|
|
secret.reloader.stakater.com/reload: "${kubectl_manifest.authentik_secret.name}"
|
|
spec:
|
|
revisionHistoryLimit: 3
|
|
selector:
|
|
matchLabels: ${jsonencode(local.server_labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.server_labels)}
|
|
annotations:
|
|
prometheus.io/port: '9300'
|
|
prometheus.io/scrape: 'true'
|
|
spec:
|
|
terminationGracePeriodSeconds: 30
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels: ${jsonencode(local.server_labels)}
|
|
topologyKey: kubernetes.io/hostname
|
|
enableServiceLinks: true
|
|
containers:
|
|
- name: server
|
|
image: "${var.images.app.registry}/${var.images.app.repository}:${var.images.app.tag}"
|
|
imagePullPolicy: ${var.images.app.pull_policy}
|
|
args:
|
|
- server
|
|
env:
|
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: ${var.instance}-${var.component}-pg-app
|
|
key: password
|
|
- name: AUTHENTIK_LISTEN__HTTP
|
|
value: 0.0.0.0:9000
|
|
- name: AUTHENTIK_LISTEN__HTTPS
|
|
value: 0.0.0.0:9443
|
|
- name: AUTHENTIK_LISTEN__METRICS
|
|
value: 0.0.0.0:9300
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "${kubectl_manifest.cm.name}"
|
|
- secretRef:
|
|
name: "${kubectl_manifest.authentik_secret.name}"
|
|
ports:
|
|
- name: http
|
|
containerPort: 9000
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 9443
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: 9300
|
|
protocol: TCP
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /-/health/live/
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /-/health/ready/
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
startupProbe:
|
|
failureThreshold: 60
|
|
httpGet:
|
|
path: /-/health/live/
|
|
port: http
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources: {}
|
|
EOF
|
|
], var.customisation.configmap_name!="" && var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
|
|
volumeMounts:
|
|
- name: custom-css
|
|
mountPath: /web/dist/custom.css
|
|
subPath: custom.css
|
|
- name: custom-left
|
|
mountPath: /web/dist/assets/icons/icon_left_brand.svg
|
|
subPath: icon_left_brand.svg
|
|
volumes:
|
|
- name: custom-css
|
|
configMap:
|
|
name: "${var.customisation.configmap_name}"
|
|
items:
|
|
- key: custom.css
|
|
path: custom.css
|
|
- name: custom-left
|
|
configMap:
|
|
name: "${var.customisation.configmap_name}"
|
|
items:
|
|
- key: icon_left_brand.svg
|
|
path: icon_left_brand.svg
|
|
EOF
|
|
]
|
|
:var.customisation.configmap_name!="" && var.customisation.use_icon_left && !var.customisation.use_custom_css?[<<EOF
|
|
volumeMounts:
|
|
- name: custom-left
|
|
mountPath: /web/dist/assets/icons/icon_left_brand.svg
|
|
subPath: icon_left_brand.svg
|
|
volumes:
|
|
- name: custom-left
|
|
configMap:
|
|
name: "${var.customisation.configmap_name}"
|
|
items:
|
|
- key: icon_left_brand.svg
|
|
path: icon_left_brand.svg
|
|
EOF
|
|
]
|
|
:var.customisation.configmap_name!="" && !var.customisation.use_icon_left && var.customisation.use_custom_css?[<<EOF
|
|
volumeMounts:
|
|
- name: custom-css
|
|
mountPath: /web/dist/custom.css
|
|
subPath: custom.css
|
|
volumes:
|
|
- name: custom-css
|
|
configMap:
|
|
name: "${var.customisation.configmap_name}"
|
|
items:
|
|
- key: custom.css
|
|
path: custom.css
|
|
EOF
|
|
]
|
|
:[""] ))
|
|
}
|
|
|
|
resource "kubectl_manifest" "HorizontalPodAutoscaler_authentik-server" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: autoscaling/v2
|
|
kind: HorizontalPodAutoscaler
|
|
metadata:
|
|
name: ${kubectl_manifest.Deployment_server.name}
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.server_all_labels)}
|
|
spec:
|
|
scaleTargetRef:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
name: ${kubectl_manifest.Deployment_server.name}
|
|
minReplicas: 1
|
|
maxReplicas: 5
|
|
metrics:
|
|
- type: Resource
|
|
resource:
|
|
name: cpu
|
|
target:
|
|
type: Utilization
|
|
averageUtilization: 50
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "PodDisruptionBudget_authentik-server" {
|
|
yaml_body = <<-EOF
|
|
apiVersion: policy/v1
|
|
kind: PodDisruptionBudget
|
|
metadata:
|
|
name: ${kubectl_manifest.Deployment_server.name}
|
|
namespace: ${var.namespace}
|
|
labels: ${jsonencode(local.server_all_labels)}
|
|
spec:
|
|
minAvailable: 0
|
|
selector:
|
|
matchLabels: ${jsonencode(local.server_labels)}
|
|
EOF
|
|
}
|