vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dac4852e3283e3c37cfced66e6f98c86514cda6f
domain/apps/openproject/openproject_workload.tf
Sébastien Huss dac4852e32 fix
2024-05-28 17:01:16 +02:00

565 lines
18 KiB
HCL
Raw Blame History

resource "kubectl_manifest" "Deployment_openproject-worker-default" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: openproject-worker-default
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: openproject
app.kubernetes.io/instance: openproject
openproject/process: worker-default
template:
metadata:
annotations:
checksum/env-core: a4294db8b065a4d77e098d233e1b73e5ad4557890fd69436ba8fc7c2daf7a181
checksum/env-memcached: f4f558dde2e4422edc31e686317ce225beea60a136cbb9459cfca7d1f5548be6
checksum/env-oidc: 2a3d493b7fac498a180683454c58815e0a3bc6319adaf87d6e1eb459db3a8c04
checksum/env-s3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/env-environment: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
labels:
app.kubernetes.io/name: openproject
helm.sh/chart: openproject-5.1.4
app.kubernetes.io/instance: openproject
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: '14'
openproject/process: worker-default
spec:
securityContext:
fsGroup: 1000
serviceAccountName: openproject
volumes:
- name: tmp
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- name: app-tmp
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- name: data
persistentVolumeClaim:
claimName: openproject
initContainers:
- name: wait-for-db
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: docker.io/openproject/openproject:14-slim
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: openproject-core
- secretRef:
name: openproject-oidc
- secretRef:
name: openproject-memcached
env:
- name: OPENPROJECT_DB_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: password
command:
- bash
- /app/docker/prod/wait-for-db
containers:
- name: openproject
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: docker.io/openproject/openproject:14-slim
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: openproject-core
- secretRef:
name: openproject-oidc
- secretRef:
name: openproject-memcached
command:
- bash
- /app/docker/prod/worker
env:
- name: OPENPROJECT_DB_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: password
- name: QUEUE
value: ''
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /app/tmp
name: app-tmp
- name: data
mountPath: /var/openproject/assets
resources:
limits:
cpu: '4'
memory: 4Gi
requests:
cpu: 250m
memory: 512Mi
EOF
}
resource "kubectl_manifest" "Deployment_openproject-web" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: openproject-web
labels: ${jsonencode(local.common-labels)}
namespace: ${var.namespace}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: openproject
app.kubernetes.io/instance: openproject
openproject/process: web
template:
metadata:
annotations:
checksum/env-core: a4294db8b065a4d77e098d233e1b73e5ad4557890fd69436ba8fc7c2daf7a181
checksum/env-memcached: f4f558dde2e4422edc31e686317ce225beea60a136cbb9459cfca7d1f5548be6
checksum/env-oidc: 2a3d493b7fac498a180683454c58815e0a3bc6319adaf87d6e1eb459db3a8c04
checksum/env-s3: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
checksum/env-environment: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
labels:
app.kubernetes.io/name: openproject
helm.sh/chart: openproject-5.1.4
app.kubernetes.io/instance: openproject
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: '14'
openproject/process: web
spec:
securityContext:
fsGroup: 1000
serviceAccountName: openproject
volumes:
- name: tmp
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- name: app-tmp
ephemeral:
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
- name: data
persistentVolumeClaim:
claimName: openproject
initContainers:
- name: wait-for-db
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: docker.io/openproject/openproject:14-slim
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: openproject-core
- secretRef:
name: openproject-oidc
- secretRef:
name: openproject-memcached
env:
- name: OPENPROJECT_DB_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: password
command:
- bash
- /app/docker/prod/wait-for-db
containers:
- name: openproject
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
image: docker.io/openproject/openproject:14-slim
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: openproject-core
- secretRef:
name: openproject-oidc
- secretRef:
name: openproject-memcached
env:
- name: OPENPROJECT_DB_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: password
command:
- bash
- /app/docker/prod/web
volumeMounts:
- mountPath: /tmp
name: tmp
- mountPath: /app/tmp
name: app-tmp
- name: data
mountPath: /var/openproject/assets
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
httpGet:
path: /health_checks/default
port: 8080
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 120
timeoutSeconds: 3
periodSeconds: 30
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /health_checks/default
port: 8080
httpHeaders:
- name: Host
value: localhost
initialDelaySeconds: 30
timeoutSeconds: 3
periodSeconds: 15
failureThreshold: 30
successThreshold: 1
resources:
limits:
cpu: '4'
memory: 4Gi
requests:
cpu: 250m
memory: 512Mi
EOF
}
resource "kubectl_manifest" "StatefulSet_openproject-postgresql" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: openproject-postgresql
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
replicas: 1
serviceName: openproject-postgresql-hl
updateStrategy:
rollingUpdate: {}
type: RollingUpdate
selector:
matchLabels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
template:
metadata:
name: openproject-postgresql
labels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: postgresql
app.kubernetes.io/version: 15.4.0
helm.sh/chart: postgresql-12.12.10
app.kubernetes.io/component: primary
spec:
serviceAccountName: default
affinity:
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/name: postgresql
app.kubernetes.io/component: primary
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity: null
securityContext:
fsGroup: 1001
hostNetwork: false
hostIPC: false
containers:
- name: postgresql
image: docker.io/bitnami/postgresql:15.4.0-debian-11-r45
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUG
value: 'false'
- name: POSTGRESQL_PORT_NUMBER
value: '5432'
- name: POSTGRESQL_VOLUME_DIR
value: /bitnami/postgresql
- name: PGDATA
value: /bitnami/postgresql/data
- name: POSTGRES_USER
value: openproject
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: password
- name: POSTGRES_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: openproject-postgresql
key: postgres-password
- name: POSTGRES_DATABASE
value: openproject
- name: POSTGRESQL_ENABLE_LDAP
value: no
- name: POSTGRESQL_ENABLE_TLS
value: no
- name: POSTGRESQL_LOG_HOSTNAME
value: 'false'
- name: POSTGRESQL_LOG_CONNECTIONS
value: 'false'
- name: POSTGRESQL_LOG_DISCONNECTIONS
value: 'false'
- name: POSTGRESQL_PGAUDIT_LOG_CATALOG
value: off
- name: POSTGRESQL_CLIENT_MIN_MESSAGES
value: error
- name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
value: pgaudit
ports:
- name: tcp-postgresql
containerPort: 5432
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "openproject" -d "dbname=openproject" -h 127.0.0.1 -p 5432
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
exec:
command:
- /bin/sh
- -c
- -e
- |
exec pg_isready -U "openproject" -d "dbname=openproject" -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
resources:
limits: {}
requests:
cpu: 250m
memory: 256Mi
volumeMounts:
- name: dshm
mountPath: /dev/shm
- name: data
mountPath: /bitnami/postgresql
volumes:
- name: dshm
emptyDir:
medium: Memory
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
EOF
}
resource "kubectl_manifest" "Deployment_openproject-memcached" {
yaml_body = <<-EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: openproject-memcached
namespace: ${var.namespace}
labels: ${jsonencode(local.common-labels)}
ownerReferences: ${jsonencode(var.install_owner)}
spec:
selector:
matchLabels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/name: memcached
replicas: 1
strategy:
rollingUpdate: {}
type: RollingUpdate
template:
metadata:
labels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: memcached
app.kubernetes.io/version: 1.6.24
helm.sh/chart: memcached-6.14.0
annotations: null
spec:
automountServiceAccountToken: false
affinity:
podAffinity: null
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/instance: openproject
app.kubernetes.io/name: memcached
topologyKey: kubernetes.io/hostname
weight: 1
nodeAffinity: null
securityContext:
fsGroup: 1001
fsGroupChangePolicy: Always
supplementalGroups: []
sysctls: []
serviceAccountName: openproject-memcached
containers:
- name: memcached
image: docker.io/bitnami/memcached:1.6.24-debian-12-r0
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
seccompProfile:
type: RuntimeDefault
env:
- name: BITNAMI_DEBUG
value: 'false'
- name: MEMCACHED_PORT_NUMBER
value: '11211'
ports:
- name: memcache
containerPort: 11211
livenessProbe:
failureThreshold: 6
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
tcpSocket:
port: memcache
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
tcpSocket:
port: memcache
volumeMounts:
- name: empty-dir
mountPath: /opt/bitnami/memcached/conf
subPath: app-conf-dir
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
volumes:
- name: empty-dir
emptyDir: {}
EOF
}
Reference in New Issue View Git Blame Copy Permalink