139 lines
3.9 KiB
HCL
139 lines
3.9 KiB
HCL
locals {
|
|
collabora-labels = merge(local.common-labels, {
|
|
"app.kubernetes.io/component" = "collabora"
|
|
})
|
|
dns-collabora = "collabora.${local.dns-name}"
|
|
collabora-middlewares = ["${var.instance}-https"]
|
|
collabora-service = {
|
|
"name" = "${var.instance}-collabora"
|
|
"port" = {
|
|
"number" = 80
|
|
}
|
|
}
|
|
collabora-rules = [ for v in [local.dns-collabora] : {
|
|
"host" = "${v}"
|
|
"http" = {
|
|
"paths" = [{
|
|
"backend" = {
|
|
"service" = local.collabora-service
|
|
}
|
|
"path" = "/"
|
|
"pathType" = "Prefix"
|
|
}]
|
|
}
|
|
}]
|
|
}
|
|
|
|
resource "kubectl_manifest" "collabora_deploy" {
|
|
count = var.apps.collabora ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: "${var.instance}-collabora"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.collabora-labels)}
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels: ${jsonencode(local.collabora-labels)}
|
|
template:
|
|
metadata:
|
|
labels: ${jsonencode(local.collabora-labels)}
|
|
annotations:
|
|
prometheus.io/scrape: "true"
|
|
prometheus.io/port: 9980
|
|
prometheus.io/path: "/cool/getMetrics"
|
|
spec:
|
|
containers:
|
|
- name: collabora
|
|
image: "${var.images.collabora.registry}/${var.images.collabora.repository}:${var.images.collabora.tag}"
|
|
imagePullPolicy: "${var.images.collabora.pullPolicy}"
|
|
env:
|
|
- name: aliasgroup1
|
|
value: "https://${local.dns-name}"
|
|
- name: DONT_GEN_SSL_CERT
|
|
value: "true"
|
|
- name: extra_params
|
|
value: |
|
|
--o:ssl.enable=false
|
|
--o:ssl.termination=true
|
|
ports:
|
|
- name: http
|
|
containerPort: 9980
|
|
protocol: TCP
|
|
securitycontext:
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
capabilities:
|
|
add:
|
|
- MKNOD
|
|
- SYS_ADMIN
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "collabora_svc" {
|
|
count = var.apps.collabora ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: "${var.instance}-collabora"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.collabora-labels)}
|
|
spec:
|
|
type: ClusterIP
|
|
ports:
|
|
- port: 80
|
|
targetPort: 9980
|
|
protocol: TCP
|
|
name: http
|
|
selector: ${jsonencode(local.collabora-labels)}
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "collabora_certificate" {
|
|
count = var.apps.collabora ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: "cert-manager.io/v1"
|
|
kind: "Certificate"
|
|
metadata:
|
|
name: "${var.instance}-collabora"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.collabora-labels)}
|
|
spec:
|
|
secretName: "${var.instance}-collabora-cert"
|
|
dnsNames: [${jsonencode(local.dns-collabora)}]
|
|
issuerRef:
|
|
name: "${var.issuer}"
|
|
kind: "ClusterIssuer"
|
|
group: "cert-manager.io"
|
|
EOF
|
|
}
|
|
|
|
resource "kubectl_manifest" "collabora_ing" {
|
|
count = var.apps.collabora ? 1 : 0
|
|
yaml_body = <<-EOF
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: "${var.instance}-collabora"
|
|
namespace: "${var.namespace}"
|
|
labels: ${jsonencode(local.collabora-labels)}
|
|
annotations:
|
|
"traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.collabora-middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
|
|
spec:
|
|
ingressClassName: "${var.ingress-class}"
|
|
rules: ${jsonencode(local.collabora-rules)}
|
|
tls:
|
|
- hosts: [${local.dns-collabora}]
|
|
secretName: "${var.instance}-collabora-cert"
|
|
EOF
|
|
}
|
|
|