domain/apps/taiga/taiga_ConfigMap.tf

resource "kubectl_manifest" "cm_env" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: "${var.instance}-${var.component}-envs"
      labels: ${jsonencode(local.common_labels)}
      namespace: ${var.namespace}
    data:
      POSTGRES_DB: ${var.component}
      POSTGRES_USER: ${var.component}
      POSTGRES_HOST: ${var.instance}-${var.component}-pg-rw.${var.namespace}.svc
      TAIGA_SITES_DOMAIN: localhost:9000
      TAIGA_SITES_SCHEME: http
      SESSION_COOKIE_SECURE: 'False'
      CSRF_COOKIE_SECURE: 'False'
      ENABLE_TELEMETRY: 'False'
      PUBLIC_REGISTER_ENABLED: 'False'
      ENABLE_GITHUB_AUTH: 'False'
      ENABLE_GITLAB_AUTH: 'True'
      GITLAB_CLIENT_ID:
      GITLAB_API_CLIENT_ID: gitlab-api-client-id
      GITLAB_API_CLIENT_SECRET: gitlab-api-client-secret
      GITLAB_URL: gitlab-url
      ENABLE_SLACK: 'False'
      ENABLE_GITHUB_IMPORTER: 'False'
      ENABLE_JIRA_IMPORTER: 'False'
      ENABLE_TRELLO_IMPORTER: 'False'
      TRELLO_IMPORTER_API_KEY: api-key-from-trello
      TRELLO_IMPORTER_SECRET_KEY: secret-key-from-trello

            - name: TAIGA_URL
              value: http://localhost:9000
            - name: PUBLIC_REGISTER_ENABLED
              value: 'false'
            - name: ENABLE_GITHUB_AUTH
              value: 'false'
            - name: ENABLE_GITLAB_AUTH
              value: 'true'
            - name: GITLAB_CLIENT_ID
              value: gitlab-api-client-id
            - name: GITLAB_URL
              value: gitlab-url
            - name: ENABLE_SLACK
              value: 'false'
            - name: ENABLE_GITHUB_IMPORTER
              value: 'false'
            - name: ENABLE_JIRA_IMPORTER
              value: 'false'
            - name: ENABLE_TRELLO_IMPORTER
              value: 'false'

EOF
}

resource "kubectl_manifest" "cm_scripts" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: taiga-createinitialtemplates
      labels: ${jsonencode(local.common_labels)}
      namespace: ${var.namespace}
    data:
      createinitialtemplates.sh: |-
        #!/bin/sh
        echo """
        import time
        import requests
        import subprocess

        print('Waiting for backend ...')
        while requests.get('http://taiga-back/api/v1/').status_code != 200:
            print('...')
            time.sleep(2)

        if len(str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'projects.projecttemplate']))) < 5:
            print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_project_templates']))
        """ > /tmp/create_initial_project_templates.py
        python /tmp/create_initial_project_templates.py
      createinitialuser.sh: |-
        #!/bin/sh
        echo """
        import time
        import requests
        import subprocess

        print('Waiting for backend ...')
        while requests.get('http://taiga-back/api/v1/').status_code != 200:
            print('...')
            time.sleep(2)

        if str(subprocess.check_output(['python', 'manage.py', 'dumpdata', 'users.user'], cwd='/taiga-back')).find('\"is_superuser\": true') == -1:
            print(subprocess.check_output(['python', 'manage.py', 'loaddata', 'initial_user'], cwd='/taiga-back'))
        else:
            print('Admin user yet created.')
            """ > /tmp/create_superuser.py
            python /tmp/create_superuser.py
EOF
}

resource "kubectl_manifest" "ConfigMap_taiga-gateway" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: taiga-gateway
      namespace: ${var.namespace}
      labels: ${jsonencode(local.common_labels)}
    data:
      default.conf: |-
        server {
            listen 80 default_server;

            client_max_body_size 100M;
            charset utf-8;

            # Frontend
            location / {
                proxy_pass http://taiga-front/;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
            }

            # Api
            location /api {
                proxy_pass http://taiga-back:8000/api;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
            }

            # Admin
            location /admin {
                proxy_pass http://taiga-back:8000/admin;
                proxy_pass_header Server;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
            }

            # Static
            location /static {
                root /taiga;
            }

            # Media
            location /_protected {
                internal;
                alias /taiga/media/;
                add_header Content-disposition "attachment";
            }

            # Unprotected section
            location /media/exports {
                alias /taiga/media/exports/;
                add_header Content-disposition "attachment";
            }

            location /media {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://taiga-protected:8003/;
                proxy_redirect off;
            }

            # Events
            location /events {
                proxy_pass http://taiga-events:8888/events;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_connect_timeout 7d;
                proxy_send_timeout 7d;
                proxy_read_timeout 7d;
            }
        }
EOF
}