vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2890064fd42e626d2a2f5c3203ced9510c293e8d
domain/apps/nextcloud/datas.tf
Sébastien Huss 2890064fd4 fix
2024-05-12 12:03:32 +02:00

214 lines
7.0 KiB
HCL
Raw Blame History

locals {
authentik_url = "http://authentik.${var.domain}-auth.svc"
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
common_labels = {
"vynil.solidite.fr/owner-name" = var.instance
"vynil.solidite.fr/owner-namespace" = var.namespace
"vynil.solidite.fr/owner-category" = var.category
"vynil.solidite.fr/owner-component" = var.component
"app.kubernetes.io/managed-by" = "vynil"
"app.kubernetes.io/name" = var.component
"app.kubernetes.io/instance" = var.instance
}
pvc_spec = merge({
"accessModes" = [var.storage.volume.accessMode]
"volumeMode" = var.storage.volume.type
"resources" = {
"requests" = {
"storage" = "${var.storage.volume.size}"
}
}
}, var.storage.volume.class != "" ?{
"storageClassName" = var.storage.volume.class
}:{})
nextcloud-labels = merge(local.common_labels, {
})
}
data "kubernetes_secret_v1" "authentik" {
metadata {
name = "authentik"
namespace = "${var.domain}-auth"
}
}
data "kubernetes_ingress_v1" "authentik" {
metadata {
name = "authentik"
namespace = "${var.domain}-auth"
}
}
data "kustomization_overlay" "data" {
namespace = var.namespace
common_labels = local.nextcloud-labels
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
images {
name = "nextcloud"
new_name = "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}"
new_tag = "${var.images.nextcloud.tag}"
}
patches {
target {
kind = "Deployment"
name = "nextcloud"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
annotations:
secret.reloader.stakater.com/reload: "${var.instance}-${var.component}-pg-app,${var.component}-${var.instance}-id,${var.component}-${var.instance}-secret,${var.component}"
spec:
template:
spec:
volumes:
- name: certs
secret:
secretName: "${var.instance}-cert"
defaultMode: 0444
- name: config
configMap:
name: "${var.component}-${var.instance}-init"
defaultMode: 0777
containers:
- name: nextcloud
image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}"
imagePullPolicy: "${var.images.nextcloud.pull_policy}"
command: ["/usr/local/bin/wrapper"]
args: ["php-fpm"]
env:
- name: POSTGRES_HOST
value: "${var.instance}-${var.component}-pg-rw.${var.namespace}.svc"
- name: POSTGRES_DB
value: "${var.component}"
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: "${var.instance}-${var.component}-pg-app"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "${var.instance}-${var.component}-pg-app"
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: "${local.dns_name}"
- name: REDIS_HOST
value: "${var.instance}-${var.component}-redis.${var.namespace}.svc"
- name: REDIS_HOST_PORT
value: "6379"
- name: OAUTH2_CONNECTOR_NAME
value: "${var.openid-name}"
- name: OAUTH2_DISCOVER_URI
value: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/${var.component}-${var.instance}/.well-known/openid-configuration"
- name: OAUTH2_CLIENT_ID
valueFrom:
secretKeyRef:
name: "${var.component}-${var.instance}-id"
key: client-id
- name: OAUTH2_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: "${var.component}-${var.instance}-secret"
key: client-secret
- name: INSTANCE
value: "${var.instance}"
- name: ONLYOFFICE_JWT_SECRET
valueFrom:
secretKeyRef:
name: "${var.component}"
key: onlyoffice-jwt-secret
- name: COLLABORA_PASSWORD
valueFrom:
secretKeyRef:
name: "${var.component}"
key: collabora-password
resources:
{}
volumeMounts:
- name: certs
mountPath: /etc/local-ca
readOnly: true
- name: config
mountPath: "/docker-entrypoint-hooks.d/before-starting/autostart.sh"
subPath: "autostart.sh"
- name: config
mountPath: "/usr/local/bin/wrapper"
subPath: "wrapper"
- name: nextcloud-nginx
image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}"
imagePullPolicy: "${var.images.nginx.pull_policy}"
resources:
{}
readinessProbe:
httpGet:
httpHeaders:
- name: Host
value: "${local.dns_name}"
livenessProbe:
httpGet:
httpHeaders:
- name: Host
value: "${local.dns_name}"
EOF
}
patches {
target {
kind = "Deployment"
name = "nextcloud-metrics"
}
patch = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud-metrics
annotations:
secret.reloader.stakater.com/reload: "nextcloud"
spec:
template:
spec:
containers:
- name: metrics-exporter
image: "${var.images.exporter.registry}/${var.images.exporter.repository}:${var.images.exporter.tag}"
imagePullPolicy: "${var.images.exporter.pull_policy}"
env:
- name: NEXTCLOUD_SERVER
value: "https://${local.dns_name}"
- name: NEXTCLOUD_TLS_SKIP_VERIFY
value: "${var.issuer=="letsencrypt-prod"?"false":"true"}"
EOF
}
patches {
target {
kind = "PersistentVolumeClaim"
name = "nextcloud-nextcloud"
}
patch = <<-EOF
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: nextcloud-nextcloud
annotations:
k8up.io/backup: "true"
spec: ${jsonencode(local.pvc_spec)}
EOF
}
patches {
target {
kind = "HorizontalPodAutoscaler"
name = "nextcloud"
}
patch = <<-EOF
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: nextcloud
spec:
minReplicas: ${var.hpa.min-replicas}
maxReplicas: ${var.hpa.max-replicas}
targetCPUUtilizationPercentage: ${var.hpa.avg-cpu}
EOF
}
}
Reference in New Issue View Git Blame Copy Permalink