vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c492d69be46a775205d9ad047c042e3aaab52a2b
domain/apps/taiga/taiga_workload.tf
Sébastien Huss f2dd6e76b9 fix
2024-05-25 14:21:14 +02:00

844 lines
28 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "Deployment_taiga-events" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-events
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-events
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-events
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-events
spec:
serviceAccountName: default
containers:
- name: taiga-events
image: docker.io/taigaio/taiga-events:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
ports:
- name: taiga-events
containerPort: 8888
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-front" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-front
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-front
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-front
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-front
spec:
serviceAccountName: default
containers:
- name: taiga-front
image: docker.io/taigaio/taiga-front:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
envFrom:
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
ports:
- name: taiga-front
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-protected" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-protected
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-protected
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-protected
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-protected
spec:
serviceAccountName: default
containers:
- name: taiga-protected
image: docker.io/taigaio/taiga-protected:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
env:
- name: SECRET_KEY
value: 9%pno@m688el28@2+^y4v^&6wluqk-g#j#d7$dsjtht)o30dn1
- name: MAX_AGE
value: '360'
ports:
- name: taiga-protected
containerPort: 8003
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
EOF
}
resource "kubectl_manifest" "Deployment_taiga-back" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: taiga-back
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
spec:
selector:
matchLabels:
app.kubernetes.io/name: taiga-back
app.kubernetes.io/instance: taiga
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: taiga-back
helm.sh/chart: taiga-0.0.11
app.kubernetes.io/instance: taiga
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: taiga-back
spec:
serviceAccountName: default
containers:
- name: taiga-back
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
ports:
- name: taiga-back
containerPort: 8000
livenessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /admin/login/
port: 8000
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
- name: taiga-async
image: docker.io/taigaio/taiga-back:latest
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
command:
- /taiga-back/docker/async_entrypoint.sh
env:
- name: RABBITMQ_USER
value: taiga
- name: RABBITMQ_PASS
value: taiga
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: ${var.instance}-${var.component}-pg-app
key: password
envFrom:
- secretRef:
name: ${kubectl_manifest.secret.name}
- configMapRef:
name: ${kubectl_manifest.cm_env.name}
volumeMounts:
- name: taiga-static
mountPath: /taiga-back/static
- name: taiga-media
mountPath: /taiga-back/media
- name: taiga-gateway
image: docker.io/nginx:1.19-alpine
imagePullPolicy: IfNotPresent
resources:
limits: {}
requests: {}
ports:
- name: taiga-gateway
containerPort: 80
livenessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 10
readinessProbe:
httpGet:
path: /admin/login/
port: 80
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 10
volumeMounts:
- name: taiga-static
mountPath: /taiga/static
- name: taiga-media
mountPath: /taiga/media
- name: taiga-conf
mountPath: /etc/nginx/conf.d/
volumes:
- name: taiga-static
persistentVolumeClaim:
claimName: taiga-static
- name: taiga-media
persistentVolumeClaim:
claimName: taiga-media
- name: taiga-conf
configMap:
name: taiga-gateway
EOF
}
# resource "kubectl_manifest" "StatefulSet_taiga-async-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-async-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-async-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: async-rabbitmq
# helm.sh/chart: async-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 217a61a978fa7482416092178a1ec21062391912fcb3b4dcf9d56998cbc7dcb0
# checksum/secret: 6cfb22ee840921fa65ccca1d3b463345d79ab2cf3fbc5da718cdb5d482d8f329
# spec:
# serviceAccountName: taiga-async-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-async-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-async-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-async-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: async-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-events-rabbitmq" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-events-rabbitmq
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# spec:
# serviceName: taiga-events-rabbitmq-headless
# podManagementPolicy: OrderedReady
# replicas: 1
# updateStrategy:
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# template:
# metadata:
# labels:
# app.kubernetes.io/name: events-rabbitmq
# helm.sh/chart: events-rabbitmq-11.9.3
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# annotations:
# checksum/config: 708e775803d7be65e291bb582e83c9ff67ac497152301cd4ab1f23f4f8741485
# checksum/secret: 2d4a98f9c2ae284ad1b5ae4ff40da10e1ce7b9a44a210ca81f647b71f962a5c8
# spec:
# serviceAccountName: taiga-events-rabbitmq
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# terminationGracePeriodSeconds: 120
# initContainers: null
# containers:
# - name: rabbitmq
# image: docker.io/bitnami/rabbitmq:3.11.9-debian-11-r1
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsNonRoot: true
# runAsUser: 1001
# lifecycle:
# preStop:
# exec:
# command:
# - /bin/bash
# - -ec
# - |
# if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then
# /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t "120" -d "false"
# else
# rabbitmqctl stop_app
# fi
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: MY_POD_IP
# valueFrom:
# fieldRef:
# fieldPath: status.podIP
# - name: MY_POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: MY_POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# - name: K8S_SERVICE_NAME
# value: taiga-events-rabbitmq-headless
# - name: K8S_ADDRESS_TYPE
# value: hostname
# - name: RABBITMQ_FEATURE_FLAGS
# value: null
# - name: RABBITMQ_FORCE_BOOT
# value: no
# - name: RABBITMQ_NODE_NAME
# value: rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: K8S_HOSTNAME_SUFFIX
# value: .$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.cluster.local
# - name: RABBITMQ_MNESIA_DIR
# value: /bitnami/rabbitmq/mnesia/$(RABBITMQ_NODE_NAME)
# - name: RABBITMQ_LDAP_ENABLE
# value: no
# - name: RABBITMQ_LOGS
# value: '-'
# - name: RABBITMQ_ULIMIT_NOFILES
# value: '65536'
# - name: RABBITMQ_USE_LONGNAME
# value: 'true'
# - name: RABBITMQ_ERL_COOKIE
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-erlang-cookie
# - name: RABBITMQ_LOAD_DEFINITIONS
# value: no
# - name: RABBITMQ_DEFINITIONS_FILE
# value: /app/load_definition.json
# - name: RABBITMQ_SECURE_PASSWORD
# value: yes
# - name: RABBITMQ_USERNAME
# value: taiga
# - name: RABBITMQ_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-events-rabbitmq
# key: rabbitmq-password
# - name: RABBITMQ_PLUGINS
# value: rabbitmq_management, rabbitmq_peer_discovery_k8s, rabbitmq_auth_backend_ldap
# envFrom: null
# ports:
# - name: amqp
# containerPort: 5672
# - name: dist
# containerPort: 25672
# - name: stats
# containerPort: 15672
# - name: epmd
# containerPort: 4369
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 120
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q ping
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 20
# exec:
# command:
# - /bin/bash
# - -ec
# - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms
# resources:
# limits: {}
# requests: {}
# volumeMounts:
# - name: configuration
# mountPath: /bitnami/rabbitmq/conf
# - name: data
# mountPath: /bitnami/rabbitmq/mnesia
# volumes:
# - name: configuration
# projected:
# sources:
# - secret:
# name: taiga-events-rabbitmq-config
# volumeClaimTemplates:
# - metadata:
# name: data
# labels:
# app.kubernetes.io/name: events-rabbitmq
# app.kubernetes.io/instance: taiga
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
# resource "kubectl_manifest" "StatefulSet_taiga-postgresql" {
# yaml_body = <<-EOF
# apiVersion: apps/v1
# kind: StatefulSet
# metadata:
# name: taiga-postgresql
# namespace: ${var.namespace}
# labels: ${jsonencode(local.common-labels)}
# annotations: null
# spec:
# replicas: 1
# serviceName: taiga-postgresql-hl
# updateStrategy:
# rollingUpdate: {}
# type: RollingUpdate
# selector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# template:
# metadata:
# name: taiga-postgresql
# labels:
# app.kubernetes.io/name: postgresql
# helm.sh/chart: postgresql-11.6.26
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/managed-by: Helm
# app.kubernetes.io/component: primary
# annotations: null
# spec:
# serviceAccountName: default
# affinity:
# podAffinity: null
# podAntiAffinity:
# preferredDuringSchedulingIgnoredDuringExecution:
# - podAffinityTerm:
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: postgresql
# app.kubernetes.io/instance: taiga
# app.kubernetes.io/component: primary
# topologyKey: kubernetes.io/hostname
# weight: 1
# nodeAffinity: null
# securityContext:
# fsGroup: 1001
# hostNetwork: false
# hostIPC: false
# initContainers: null
# containers:
# - name: postgresql
# image: docker.io/bitnami/postgresql:13.10.0-debian-11-r2
# imagePullPolicy: IfNotPresent
# securityContext:
# runAsUser: 1001
# env:
# - name: BITNAMI_DEBUG
# value: 'false'
# - name: POSTGRESQL_PORT_NUMBER
# value: '5432'
# - name: POSTGRESQL_VOLUME_DIR
# value: /bitnami/postgresql
# - name: PGDATA
# value: /bitnami/postgresql/data
# - name: POSTGRES_USER
# value: taiga
# - name: POSTGRES_POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: postgres-password
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: taiga-postgresql
# key: password
# - name: POSTGRES_DB
# value: taiga
# - name: POSTGRESQL_ENABLE_LDAP
# value: no
# - name: POSTGRESQL_ENABLE_TLS
# value: no
# - name: POSTGRESQL_LOG_HOSTNAME
# value: 'false'
# - name: POSTGRESQL_LOG_CONNECTIONS
# value: 'false'
# - name: POSTGRESQL_LOG_DISCONNECTIONS
# value: 'false'
# - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
# value: off
# - name: POSTGRESQL_CLIENT_MIN_MESSAGES
# value: error
# - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
# value: pgaudit
# ports:
# - name: tcp-postgresql
# containerPort: 5432
# livenessProbe:
# failureThreshold: 6
# initialDelaySeconds: 30
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# readinessProbe:
# failureThreshold: 6
# initialDelaySeconds: 5
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 5
# exec:
# command:
# - /bin/sh
# - -c
# - -e
# - |
# exec pg_isready -U "taiga" -d "dbname=taiga" -h 127.0.0.1 -p 5432
# [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
# resources:
# limits: {}
# requests:
# cpu: 250m
# memory: 256Mi
# volumeMounts:
# - name: dshm
# mountPath: /dev/shm
# - name: data
# mountPath: /bitnami/postgresql
# volumes:
# - name: dshm
# emptyDir:
# medium: Memory
# volumeClaimTemplates:
# - metadata:
# name: data
# spec:
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 8Gi
# EOF
# }
Reference in New Issue View Git Blame Copy Permalink