vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2a021609b7b149ecbc47c217d76b053911c97600
domain/share/organisation/postconfig.tf
Sébastien Huss 2a021609b7 fix
2024-05-31 14:00:58 +02:00

109 lines
4.7 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "post_install_job_taiga" {
count = var.conditions.have_taiga ? 1:0
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: "${var.instance}-${var.component}-config-taiga"
namespace: "${var.domain}-ci"
labels: ${jsonencode(local.common_labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: wait-for-sonar
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/taiga-taiga/80) && exit 0; sleep 2;done; exit 1"]
containers:
- name: post-config
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
command: ["/bin/bash", "-xc"]
args:
- >-
API='http://taiga-taiga.${var.namespace}.svc/api/v1'
JSON='-sH "Content-Type: application/json"'
TOKEN=$(curl -X POST $JSON -d '{ "type": "normal", "username": "admin", "password": "'"$DJANGO_SUPERUSER_PASSWORD"'" }' "$API/auth" | jq -r '.auth_token')
BEAR='-H "Authorization: Bearer '"$TOKEN"'"'
if ! curl $JSON $BEAR "$API/projects"|jq -r '.[].name' |grep -E '^${trimprefix(var.instance,"org-")}$'; then
curl -X POST $JSON $BEAR "http://taiga-taiga.${var.namespace}.svc/api/v1/projects" -d '{ "creation_template": 1, "description": "Organisation ${trimprefix(var.instance,"org-")} project", "is_backlog_activated": true, "is_issues_activated": true, "is_kanban_activated": true, "is_private": true, "is_wiki_activated": true, "name": "${trimprefix(var.instance,"org-")}", }'
fi
envFrom:
- secretRef:
name: taiga-taiga
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
EOF
}
resource "kubectl_manifest" "post_install_job_sonar" {
count = var.conditions.have_gitea && var.conditions.have_sonar ? 0:0
yaml_body = <<-EOF
apiVersion: batch/v1
kind: Job
metadata:
name: "${var.instance}-${var.component}-post-config-sonar"
namespace: "${var.domain}-ci"
labels: ${jsonencode(local.common_labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
template:
spec:
restartPolicy: OnFailure
initContainers:
- name: wait-for-sonar
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
command: ["/bin/bash", "-c"]
args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-sonar/80) && exit 0; sleep 2;done; exit 1"]
containers:
- name: post-config
image: "${var.images.kubectl.registry}/${var.images.kubectl.repository}:${var.images.kubectl.tag}"
imagePullPolicy: ${var.images.kubectl.pull_policy}
command: ["/bin/bash", "-c"]
args:
- >-
curl -o /dev/null -s -w "%%{http_code}\n" -u admin:admin -X POST "http://${module.service.name}.${var.namespace}.svc/api/users/change_password?login=admin&previousPassword=admin&password=$ADMIN_PASSWORD"
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
EOF
}
Reference in New Issue View Git Blame Copy Permalink