From 5299267f470cbf7e02201c548bb1a6728b5745be Mon Sep 17 00:00:00 2001 From: Xavier Mortelette Date: Sun, 23 Jun 2024 18:37:30 +0200 Subject: [PATCH] Fix linter, improve rabbit --- ingress/ingress.tf | 2 +- ldap/ldap.tf | 2 +- oauth2/oauth2.tf | 2 +- pvc/pvc.tf | 4 ++- pvc/variables.tf | 16 ++++++----- rabbitmq/rabbitmq.tf | 13 ++++++--- rabbitmq/variables.tf | 62 ++++++++++++++++++++++++++++++++++++++----- redis/outputs.tf | 4 +++ redis/redis.tf | 2 +- redis/variables.tf | 4 --- service/outputs.tf | 2 +- service/svc.tf | 9 ++++--- service/variables.tf | 9 ++++++- 13 files changed, 100 insertions(+), 31 deletions(-) diff --git a/ingress/ingress.tf b/ingress/ingress.tf index 374383a..9ce0242 100644 --- a/ingress/ingress.tf +++ b/ingress/ingress.tf @@ -31,7 +31,7 @@ locals { "traefik.ingress.kubernetes.io/router.entrypoints" = var.entrypoint } : {}, length(local.middlewares) > 0 ? { - "traefik.ingress.kubernetes.io/router.middlewares" : "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" + "traefik.ingress.kubernetes.io/router.middlewares" : join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)]) } : {}, ) } diff --git a/ldap/ldap.tf b/ldap/ldap.tf index a5fc1da..390fb18 100644 --- a/ldap/ldap.tf +++ b/ldap/ldap.tf @@ -30,7 +30,7 @@ data "authentik_group" "vynil_admin" { resource "authentik_group" "groups" { count = length(local.sorted_groups) name = local.sorted_groups[count.index].name - attributes = jsonencode({ "${local.app_name}" = true }) + attributes = jsonencode({ local.app_name = true }) } data "authentik_group" "readed_groups" { diff --git a/oauth2/oauth2.tf b/oauth2/oauth2.tf index dca14c1..f43d2e1 100644 --- a/oauth2/oauth2.tf +++ b/oauth2/oauth2.tf @@ -38,7 +38,7 @@ resource "authentik_provider_oauth2" "oauth2" { signing_key = data.authentik_certificate_key_pair.ca.id property_mappings = data.authentik_scope_mapping.oauth2.ids redirect_uris = [ - "https://${var.redirect_path!=""?"${var.dns_name}/${var.redirect_path}":"${var.dns_name}"}" + "https://${var.redirect_path != "" ? "${var.dns_name}/${var.redirect_path}" : var.dns_name}" ] } diff --git a/pvc/pvc.tf b/pvc/pvc.tf index d37353f..5d72593 100644 --- a/pvc/pvc.tf +++ b/pvc/pvc.tf @@ -8,7 +8,7 @@ locals { "volumeMode" = var.storage.type "resources" = { "requests" = { - "storage" = "${var.storage.size}" + "storage" = var.storage.size } } }, var.storage.class != "" ? { @@ -16,6 +16,7 @@ locals { } : {}) } resource "kubectl_manifest" "pvc" { + ignore_fields = ["spec.resources.requests.storage"] yaml_body = <<-EOF apiVersion: v1 kind: PersistentVolumeClaim @@ -24,6 +25,7 @@ resource "kubectl_manifest" "pvc" { namespace: "${var.namespace}" annotations: k8up.io/backup: "${var.backup}" + resize.kubesphere.io/storage_limit: "${var.storage.max_size} labels: ${jsonencode(local.pvc_labels)} spec: ${jsonencode(local.pvc_spec)} EOF diff --git a/pvc/variables.tf b/pvc/variables.tf index 4fb5eed..08492d4 100644 --- a/pvc/variables.tf +++ b/pvc/variables.tf @@ -13,19 +13,21 @@ variable "labels" { variable "storage" { type = object({ access_mode = optional(string), - class = optional(string), - size = optional(string), - type = optional(string) + class = optional(string), + size = optional(string), + max_size = optional(string), + type = optional(string) }) default = { "access_mode" = "ReadWriteOnce" - "class" = "" - "size" = "10Gi" - "type" = "Filesystem" + "class" = "" + "size" = "2Gi" + "max_size" = "10Gi" + "type" = "Filesystem" } } variable "backup" { - type = bool + type = bool default = true } diff --git a/rabbitmq/rabbitmq.tf b/rabbitmq/rabbitmq.tf index 91108f5..c890369 100644 --- a/rabbitmq/rabbitmq.tf +++ b/rabbitmq/rabbitmq.tf @@ -4,6 +4,11 @@ locals { "app.kubernetes.io/component" = "rabbitmq" }) secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert" + pvc_spec = merge({ + "storage" = var.storage.size + }, var.storage.class != "" ? { + "storageClassName" = var.storage.class + } : {}) } resource "kubectl_manifest" "certificate" { @@ -73,6 +78,10 @@ resource "kubectl_manifest" "rabbitmq" { labels: ${jsonencode(local.rabbit_labels)} spec: replicas: ${var.replicas} + image: "${var.image.registry}/${var.image.repository}:${var.image.tag}" + imagePullPolicy: "${var.image.pull_policy}" + persistence: ${jsonencode(local.pvc_spec)} + resources: ${jsonencode(var.resources)} tls: secretName: ${local.secret_name} rabbitmq: @@ -85,9 +94,7 @@ resource "kubectl_manifest" "rabbitmq" { cluster_formation.k8s.host = kubernetes.default.svc.cluster.local default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]} default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]} - additionalPlugins: - - rabbitmq_mqtt - - rabbitmq_web_mqtt + additionalPlugins: ${jsonencode(var.plugins)} service: ipFamilyPolicy: "PreferDualStack" EOF diff --git a/rabbitmq/variables.tf b/rabbitmq/variables.tf index c4725fa..6786f23 100644 --- a/rabbitmq/variables.tf +++ b/rabbitmq/variables.tf @@ -10,19 +10,69 @@ variable "namespace" { variable "labels" { type = map(string) } -variable "annotations" { - type = map(string) - default = {} -} variable "issuer" { type = string } variable "replicas" { - type = number + type = number default = 1 } +variable "image" { + type = object({ + registry = optional(string), + repository = optional(string), + tag = optional(string), + pull_policy = optional(string) + }) + description = "Image parameters" + default = { + "registry" = "docker.io" + "repository" = "rabbitmq" + "tag" = "3.11.28-management-alpine" + "pull_policy" = "IfNotPresent" + } +} +variable "storage" { + description = "Storage parameters" + type = object({ + class = optional(string), + size = optional(string), + }) + default = { + class = "" + size = "1Gi" + } +} +variable "resources" { + description = "Resources parameters" + type = object({ + requests = optional(object({ + cpu = optional(string), + memory = optional(string) + })), + limits = optional(object({ + cpu = optional(string), + memory = optional(string) + })) + }) + default = { + requests = { + cpu = "1000m", + memory = "2Gi" + }, + limits = { + cpu = "1000m", + memory = "2Gi" + } + } +} variable "cert_name" { type = string default = "" - description = "Give a secret name for tls, if empty and entrypointis websecure or empty, one will be created" + description = "Give a secret name for tls, if empty a new one will be created" +} +variable "plugins" { + description = "RabitMQ plugins" + type = list(string) + default = ["rabbitmq_mqtt", "rabbitmq_web_mqtt"] } diff --git a/redis/outputs.tf b/redis/outputs.tf index 7ea2064..6595f1a 100644 --- a/redis/outputs.tf +++ b/redis/outputs.tf @@ -6,6 +6,10 @@ output "service" { value = "${local.app_slug}-redis.${var.namespace}.svc" } +output "port" { + value = 6379 +} + output "db_host" { value = "${local.app_slug}-redis" } diff --git a/redis/redis.tf b/redis/redis.tf index 1eceab0..22cd99f 100644 --- a/redis/redis.tf +++ b/redis/redis.tf @@ -5,7 +5,7 @@ locals { }) cfg = merge({ "image" = "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" - "imagePullPolicy" = "${var.images.redis.pull_policy}" + "imagePullPolicy" = var.images.redis.pull_policy }, lookup(var.password, "enabled", false) ? { redisSecret = { name = lookup(var.password, "name", var.component) diff --git a/redis/variables.tf b/redis/variables.tf index 326b2bd..ad9a6bd 100644 --- a/redis/variables.tf +++ b/redis/variables.tf @@ -10,10 +10,6 @@ variable "namespace" { variable "labels" { type = map(string) } -variable "annotations" { - type = map(string) - default = {} -} variable "images" { type = object({ diff --git a/service/outputs.tf b/service/outputs.tf index fc01c22..ca27f8e 100644 --- a/service/outputs.tf +++ b/service/outputs.tf @@ -5,7 +5,7 @@ output "ingress_backend_exposure" { value = [for port_map in var.port_mapper : { "service" = { - "name" = "${local.app_slug}" + "name" = local.app_slug "port" = { "name" = port_map.name } diff --git a/service/svc.tf b/service/svc.tf index 528e94a..06cafc4 100644 --- a/service/svc.tf +++ b/service/svc.tf @@ -1,7 +1,8 @@ locals { app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}" + selector = length(var.selector) > 0 ? var.selector : var.labels default_ports = var.svc_type != "NodePort" ? [for port_map in var.port_mapper : { - "name" = port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}" + "name" = lower(port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}") "port" = port_map.port "protocol" = port_map.protocol "targetPort" = port_map.target @@ -25,7 +26,7 @@ locals { "ClusterIP" = { type = "ClusterIP" ports = local.default_ports - selector = var.labels + selector = local.selector ipFamilyPolicy = var.ip_family }, "ExternalName" = { @@ -35,13 +36,13 @@ locals { }, "NodePort" = { type = "NodePort" - selector = var.labels + selector = local.selector ports = local.node_ports ipFamilyPolicy = var.ip_family }, "LoadBalancer" = { type = "LoadBalancer" - selector = var.labels + selector = local.selector ports = local.default_ports externalTrafficPolicy = var.lb_policy ipFamilyPolicy = var.ip_family diff --git a/service/variables.tf b/service/variables.tf index b36a9e0..bbf444a 100644 --- a/service/variables.tf +++ b/service/variables.tf @@ -8,7 +8,13 @@ variable "namespace" { type = string } variable "labels" { - type = map(string) + type = map(string) + description = "Service labels" +} +variable "selector" { + type = map(string) + description = "Service selector labels (default same as labels)" + default = {} } variable "annotations" { type = map(string) @@ -33,6 +39,7 @@ variable "ip_family" { } variable "port_mapper" { + description = "List information for port mapping in the service" type = list(object({ name = optional(string) port = number