Fix linter, improve rabbit
This commit is contained in:
@@ -31,7 +31,7 @@ locals {
|
||||
"traefik.ingress.kubernetes.io/router.entrypoints" = var.entrypoint
|
||||
} : {},
|
||||
length(local.middlewares) > 0 ? {
|
||||
"traefik.ingress.kubernetes.io/router.middlewares" : "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}"
|
||||
"traefik.ingress.kubernetes.io/router.middlewares" : join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])
|
||||
} : {},
|
||||
)
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ data "authentik_group" "vynil_admin" {
|
||||
resource "authentik_group" "groups" {
|
||||
count = length(local.sorted_groups)
|
||||
name = local.sorted_groups[count.index].name
|
||||
attributes = jsonencode({ "${local.app_name}" = true })
|
||||
attributes = jsonencode({ local.app_name = true })
|
||||
}
|
||||
|
||||
data "authentik_group" "readed_groups" {
|
||||
|
||||
@@ -38,7 +38,7 @@ resource "authentik_provider_oauth2" "oauth2" {
|
||||
signing_key = data.authentik_certificate_key_pair.ca.id
|
||||
property_mappings = data.authentik_scope_mapping.oauth2.ids
|
||||
redirect_uris = [
|
||||
"https://${var.redirect_path!=""?"${var.dns_name}/${var.redirect_path}":"${var.dns_name}"}"
|
||||
"https://${var.redirect_path != "" ? "${var.dns_name}/${var.redirect_path}" : var.dns_name}"
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ locals {
|
||||
"volumeMode" = var.storage.type
|
||||
"resources" = {
|
||||
"requests" = {
|
||||
"storage" = "${var.storage.size}"
|
||||
"storage" = var.storage.size
|
||||
}
|
||||
}
|
||||
}, var.storage.class != "" ? {
|
||||
@@ -16,6 +16,7 @@ locals {
|
||||
} : {})
|
||||
}
|
||||
resource "kubectl_manifest" "pvc" {
|
||||
ignore_fields = ["spec.resources.requests.storage"]
|
||||
yaml_body = <<-EOF
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
@@ -24,6 +25,7 @@ resource "kubectl_manifest" "pvc" {
|
||||
namespace: "${var.namespace}"
|
||||
annotations:
|
||||
k8up.io/backup: "${var.backup}"
|
||||
resize.kubesphere.io/storage_limit: "${var.storage.max_size}
|
||||
labels: ${jsonencode(local.pvc_labels)}
|
||||
spec: ${jsonencode(local.pvc_spec)}
|
||||
EOF
|
||||
|
||||
@@ -13,19 +13,21 @@ variable "labels" {
|
||||
variable "storage" {
|
||||
type = object({
|
||||
access_mode = optional(string),
|
||||
class = optional(string),
|
||||
size = optional(string),
|
||||
type = optional(string)
|
||||
class = optional(string),
|
||||
size = optional(string),
|
||||
max_size = optional(string),
|
||||
type = optional(string)
|
||||
})
|
||||
default = {
|
||||
"access_mode" = "ReadWriteOnce"
|
||||
"class" = ""
|
||||
"size" = "10Gi"
|
||||
"type" = "Filesystem"
|
||||
"class" = ""
|
||||
"size" = "2Gi"
|
||||
"max_size" = "10Gi"
|
||||
"type" = "Filesystem"
|
||||
}
|
||||
}
|
||||
|
||||
variable "backup" {
|
||||
type = bool
|
||||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
@@ -4,6 +4,11 @@ locals {
|
||||
"app.kubernetes.io/component" = "rabbitmq"
|
||||
})
|
||||
secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
|
||||
pvc_spec = merge({
|
||||
"storage" = var.storage.size
|
||||
}, var.storage.class != "" ? {
|
||||
"storageClassName" = var.storage.class
|
||||
} : {})
|
||||
}
|
||||
|
||||
resource "kubectl_manifest" "certificate" {
|
||||
@@ -73,6 +78,10 @@ resource "kubectl_manifest" "rabbitmq" {
|
||||
labels: ${jsonencode(local.rabbit_labels)}
|
||||
spec:
|
||||
replicas: ${var.replicas}
|
||||
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
|
||||
imagePullPolicy: "${var.image.pull_policy}"
|
||||
persistence: ${jsonencode(local.pvc_spec)}
|
||||
resources: ${jsonencode(var.resources)}
|
||||
tls:
|
||||
secretName: ${local.secret_name}
|
||||
rabbitmq:
|
||||
@@ -85,9 +94,7 @@ resource "kubectl_manifest" "rabbitmq" {
|
||||
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
|
||||
default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]}
|
||||
default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]}
|
||||
additionalPlugins:
|
||||
- rabbitmq_mqtt
|
||||
- rabbitmq_web_mqtt
|
||||
additionalPlugins: ${jsonencode(var.plugins)}
|
||||
service:
|
||||
ipFamilyPolicy: "PreferDualStack"
|
||||
EOF
|
||||
|
||||
@@ -10,19 +10,69 @@ variable "namespace" {
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
}
|
||||
variable "annotations" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
variable "issuer" {
|
||||
type = string
|
||||
}
|
||||
variable "replicas" {
|
||||
type = number
|
||||
type = number
|
||||
default = 1
|
||||
}
|
||||
variable "image" {
|
||||
type = object({
|
||||
registry = optional(string),
|
||||
repository = optional(string),
|
||||
tag = optional(string),
|
||||
pull_policy = optional(string)
|
||||
})
|
||||
description = "Image parameters"
|
||||
default = {
|
||||
"registry" = "docker.io"
|
||||
"repository" = "rabbitmq"
|
||||
"tag" = "3.11.28-management-alpine"
|
||||
"pull_policy" = "IfNotPresent"
|
||||
}
|
||||
}
|
||||
variable "storage" {
|
||||
description = "Storage parameters"
|
||||
type = object({
|
||||
class = optional(string),
|
||||
size = optional(string),
|
||||
})
|
||||
default = {
|
||||
class = ""
|
||||
size = "1Gi"
|
||||
}
|
||||
}
|
||||
variable "resources" {
|
||||
description = "Resources parameters"
|
||||
type = object({
|
||||
requests = optional(object({
|
||||
cpu = optional(string),
|
||||
memory = optional(string)
|
||||
})),
|
||||
limits = optional(object({
|
||||
cpu = optional(string),
|
||||
memory = optional(string)
|
||||
}))
|
||||
})
|
||||
default = {
|
||||
requests = {
|
||||
cpu = "1000m",
|
||||
memory = "2Gi"
|
||||
},
|
||||
limits = {
|
||||
cpu = "1000m",
|
||||
memory = "2Gi"
|
||||
}
|
||||
}
|
||||
}
|
||||
variable "cert_name" {
|
||||
type = string
|
||||
default = ""
|
||||
description = "Give a secret name for tls, if empty and entrypointis websecure or empty, one will be created"
|
||||
description = "Give a secret name for tls, if empty a new one will be created"
|
||||
}
|
||||
variable "plugins" {
|
||||
description = "RabitMQ plugins"
|
||||
type = list(string)
|
||||
default = ["rabbitmq_mqtt", "rabbitmq_web_mqtt"]
|
||||
}
|
||||
|
||||
@@ -6,6 +6,10 @@ output "service" {
|
||||
value = "${local.app_slug}-redis.${var.namespace}.svc"
|
||||
}
|
||||
|
||||
output "port" {
|
||||
value = 6379
|
||||
}
|
||||
|
||||
output "db_host" {
|
||||
value = "${local.app_slug}-redis"
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ locals {
|
||||
})
|
||||
cfg = merge({
|
||||
"image" = "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
|
||||
"imagePullPolicy" = "${var.images.redis.pull_policy}"
|
||||
"imagePullPolicy" = var.images.redis.pull_policy
|
||||
}, lookup(var.password, "enabled", false) ? {
|
||||
redisSecret = {
|
||||
name = lookup(var.password, "name", var.component)
|
||||
|
||||
@@ -10,10 +10,6 @@ variable "namespace" {
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
}
|
||||
variable "annotations" {
|
||||
type = map(string)
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "images" {
|
||||
type = object({
|
||||
|
||||
@@ -5,7 +5,7 @@ output "ingress_backend_exposure" {
|
||||
value = [for port_map in var.port_mapper :
|
||||
{
|
||||
"service" = {
|
||||
"name" = "${local.app_slug}"
|
||||
"name" = local.app_slug
|
||||
"port" = {
|
||||
"name" = port_map.name
|
||||
}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
locals {
|
||||
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
|
||||
selector = length(var.selector) > 0 ? var.selector : var.labels
|
||||
default_ports = var.svc_type != "NodePort" ? [for port_map in var.port_mapper : {
|
||||
"name" = port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}"
|
||||
"name" = lower(port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}")
|
||||
"port" = port_map.port
|
||||
"protocol" = port_map.protocol
|
||||
"targetPort" = port_map.target
|
||||
@@ -25,7 +26,7 @@ locals {
|
||||
"ClusterIP" = {
|
||||
type = "ClusterIP"
|
||||
ports = local.default_ports
|
||||
selector = var.labels
|
||||
selector = local.selector
|
||||
ipFamilyPolicy = var.ip_family
|
||||
},
|
||||
"ExternalName" = {
|
||||
@@ -35,13 +36,13 @@ locals {
|
||||
},
|
||||
"NodePort" = {
|
||||
type = "NodePort"
|
||||
selector = var.labels
|
||||
selector = local.selector
|
||||
ports = local.node_ports
|
||||
ipFamilyPolicy = var.ip_family
|
||||
},
|
||||
"LoadBalancer" = {
|
||||
type = "LoadBalancer"
|
||||
selector = var.labels
|
||||
selector = local.selector
|
||||
ports = local.default_ports
|
||||
externalTrafficPolicy = var.lb_policy
|
||||
ipFamilyPolicy = var.ip_family
|
||||
|
||||
@@ -8,7 +8,13 @@ variable "namespace" {
|
||||
type = string
|
||||
}
|
||||
variable "labels" {
|
||||
type = map(string)
|
||||
type = map(string)
|
||||
description = "Service labels"
|
||||
}
|
||||
variable "selector" {
|
||||
type = map(string)
|
||||
description = "Service selector labels (default same as labels)"
|
||||
default = {}
|
||||
}
|
||||
variable "annotations" {
|
||||
type = map(string)
|
||||
@@ -33,6 +39,7 @@ variable "ip_family" {
|
||||
}
|
||||
|
||||
variable "port_mapper" {
|
||||
description = "List information for port mapping in the service"
|
||||
type = list(object({
|
||||
name = optional(string)
|
||||
port = number
|
||||
|
||||
Reference in New Issue
Block a user