215 lines
6.6 KiB
HCL
215 lines
6.6 KiB
HCL
locals {
|
|
authentik_url = "http://authentik.${var.domain}-auth.svc"
|
|
authentik_token = data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]
|
|
common_labels = {
|
|
"vynil.solidite.fr/owner-name" = var.instance
|
|
"vynil.solidite.fr/owner-namespace" = var.namespace
|
|
"vynil.solidite.fr/owner-category" = var.category
|
|
"vynil.solidite.fr/owner-component" = var.component
|
|
"app.kubernetes.io/managed-by" = "vynil"
|
|
"app.kubernetes.io/name" = var.component
|
|
"app.kubernetes.io/instance" = var.instance
|
|
}
|
|
pvc_spec = merge({
|
|
"accessModes" = [var.storage.volume.accessMode]
|
|
"volumeMode" = var.storage.volume.type
|
|
"resources" = {
|
|
"requests" = {
|
|
"storage" = "${var.storage.volume.size}"
|
|
}
|
|
}
|
|
}, var.storage.volume.class != "" ?{
|
|
"storageClassName" = var.storage.volume.class
|
|
}:{})
|
|
}
|
|
|
|
data "kubernetes_secret_v1" "authentik" {
|
|
metadata {
|
|
name = "authentik"
|
|
namespace = "${var.domain}-auth"
|
|
}
|
|
}
|
|
|
|
data "kustomization_overlay" "data" {
|
|
namespace = var.namespace
|
|
common_labels = local.common_labels
|
|
resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml"]
|
|
patches {
|
|
target {
|
|
kind = "Deployment"
|
|
name = "woodpecker-agent"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: woodpecker-agent
|
|
labels:
|
|
app.kubernetes.io/component: agent
|
|
spec:
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/component: agent
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/component: agent
|
|
spec:
|
|
serviceAccountName: woodpecker-agent
|
|
containers:
|
|
- name: agent
|
|
image: "${var.images.agent.registry}/${var.images.agent.repository}:${var.images.agent.tag}"
|
|
imagePullPolicy: "${var.images.agent.pull_policy}"
|
|
command: ["/usr/local/bin/start.sh"]
|
|
env:
|
|
- name: WOODPECKER_BACKEND_K8S_NAMESPACE
|
|
value: "${var.namespace}"
|
|
- name: WOODPECKER_BACKEND_K8S_STORAGE_CLASS
|
|
value: "${var.storage.volume.class}"
|
|
- name: WOODPECKER_BACKEND_K8S_STORAGE_RWX
|
|
value: "${var.storage.volume.accessMode=="ReadOnlyMany"?"true":"false"}"
|
|
- name: WOODPECKER_BACKEND_K8S_VOLUME_SIZE
|
|
value: "${var.storage.agent.size}"
|
|
- name: WOODPECKER_SERVER
|
|
value: "woodpecker-server.${var.namespace}.svc:9000"
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /etc/local-ca
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: "/usr/local/bin/start.sh"
|
|
subPath: "start.sh"
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: "${var.instance}-${var.component}-agent-start"
|
|
defaultMode: 0777
|
|
- name: certs
|
|
secret:
|
|
secretName: "${var.instance}-cert"
|
|
defaultMode: 0444
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "Service"
|
|
name = "woodpecker-server"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: woodpecker-server
|
|
labels:
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: ${var.component}
|
|
app.kubernetes.io/instance: ${var.instance}
|
|
app.kubernetes.io/component: server
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "Service"
|
|
name = "woodpecker-server-headless"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: woodpecker-server-headless
|
|
labels:
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
selector:
|
|
app.kubernetes.io/name: ${var.component}
|
|
app.kubernetes.io/instance: ${var.instance}
|
|
app.kubernetes.io/component: server
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "RoleBinding"
|
|
name = "woodpecker-agent"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: woodpecker-agent
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: woodpecker-agent
|
|
namespace: ${var.namespace}
|
|
EOF
|
|
}
|
|
patches {
|
|
target {
|
|
kind = "StatefulSet"
|
|
name = "woodpecker-server"
|
|
}
|
|
patch = <<-EOF
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: woodpecker-server
|
|
labels:
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: ${var.component}
|
|
app.kubernetes.io/instance: ${var.instance}
|
|
app.kubernetes.io/component: server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: ${var.component}
|
|
app.kubernetes.io/instance: ${var.instance}
|
|
app.kubernetes.io/component: server
|
|
spec:
|
|
containers:
|
|
- name: server
|
|
image: "${var.images.server.registry}/${var.images.server.repository}:${var.images.server.tag}"
|
|
imagePullPolicy: "${var.images.server.pull_policy}"
|
|
command: ["/usr/local/bin/start.sh"]
|
|
env:
|
|
- name: WOODPECKER_ADMIN
|
|
value: "${var.admin-users}"
|
|
- name: WOODPECKER_HOST
|
|
value: "https://${var.sub_domain}.${var.domain_name}"
|
|
- name: WOODPECKER_HOST
|
|
value: "https://${var.sub_domain}.${var.domain_name}"
|
|
envFrom:
|
|
- secretRef:
|
|
name: woodpecker-secret
|
|
- secretRef:
|
|
name: "${var.instance}-${var.component}-gitea"
|
|
- configMapRef:
|
|
name: "${var.instance}-${var.component}-server"
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /etc/local-ca
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: "/usr/local/bin/start.sh"
|
|
subPath: "start.sh"
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: "${var.instance}-${var.component}-server-start"
|
|
defaultMode: 0777
|
|
- name: certs
|
|
secret:
|
|
secretName: "${var.instance}-cert"
|
|
defaultMode: 0444
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: data
|
|
spec: ${jsonencode(local.pvc_spec)}
|
|
EOF
|
|
}
|
|
}
|