vynil/kydah-modules
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix linter, improve rabbit

Browse Source
This commit is contained in:
Xavier Mortelette
2024-06-23 18:37:30 +02:00
parent 9f12af60bc
commit 5299267f47
13 changed files with 100 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ingress/ingress.tf
View File

@@ -31,7 +31,7 @@ locals {
"traefik.ingress.kubernetes.io/router.entrypoints" = var.entrypoint "traefik.ingress.kubernetes.io/router.entrypoints" = var.entrypoint
} : {}, } : {},
length(local.middlewares) > 0 ? { length(local.middlewares) > 0 ? {
"traefik.ingress.kubernetes.io/router.middlewares" : "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" "traefik.ingress.kubernetes.io/router.middlewares" : join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])
} : {}, } : {},
) )
} }

2
ldap/ldap.tf
View File

@@ -30,7 +30,7 @@ data "authentik_group" "vynil_admin" {
resource "authentik_group" "groups" { resource "authentik_group" "groups" {
count = length(local.sorted_groups) count = length(local.sorted_groups)
name = local.sorted_groups[count.index].name name = local.sorted_groups[count.index].name
attributes = jsonencode({ "${local.app_name}" = true }) attributes = jsonencode({ local.app_name = true })
} }
data "authentik_group" "readed_groups" { data "authentik_group" "readed_groups" {

2
oauth2/oauth2.tf
View File

@@ -38,7 +38,7 @@ resource "authentik_provider_oauth2" "oauth2" {
signing_key = data.authentik_certificate_key_pair.ca.id signing_key = data.authentik_certificate_key_pair.ca.id
property_mappings = data.authentik_scope_mapping.oauth2.ids property_mappings = data.authentik_scope_mapping.oauth2.ids
redirect_uris = [ redirect_uris = [
"https://${var.redirect_path!=""?"${var.dns_name}/${var.redirect_path}":"${var.dns_name}"}" "https://${var.redirect_path != "" ? "${var.dns_name}/${var.redirect_path}" : var.dns_name}"
] ]
} }

4
pvc/pvc.tf
View File

@@ -8,7 +8,7 @@ locals {
"volumeMode" = var.storage.type "volumeMode" = var.storage.type
"resources" = { "resources" = {
"requests" = { "requests" = {
"storage" = "${var.storage.size}" "storage" = var.storage.size
} }
} }
}, var.storage.class != "" ? { }, var.storage.class != "" ? {
@@ -16,6 +16,7 @@ locals {
} : {}) } : {})
} }
resource "kubectl_manifest" "pvc" { resource "kubectl_manifest" "pvc" {
ignore_fields = ["spec.resources.requests.storage"]
yaml_body = <<-EOF yaml_body = <<-EOF
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@@ -24,6 +25,7 @@ resource "kubectl_manifest" "pvc" {
namespace: "${var.namespace}" namespace: "${var.namespace}"
annotations: annotations:
k8up.io/backup: "${var.backup}" k8up.io/backup: "${var.backup}"
resize.kubesphere.io/storage_limit: "${var.storage.max_size}
labels: ${jsonencode(local.pvc_labels)} labels: ${jsonencode(local.pvc_labels)}
spec: ${jsonencode(local.pvc_spec)} spec: ${jsonencode(local.pvc_spec)}
EOF EOF

16
pvc/variables.tf
View File

@@ -13,19 +13,21 @@ variable "labels" {
variable "storage" { variable "storage" {
type = object({ type = object({
access_mode = optional(string), access_mode = optional(string),
class = optional(string), class = optional(string),
size = optional(string), size = optional(string),
type = optional(string) max_size = optional(string),
type = optional(string)
}) })
default = { default = {
"access_mode" = "ReadWriteOnce" "access_mode" = "ReadWriteOnce"
"class" = "" "class" = ""
"size" = "10Gi" "size" = "2Gi"
"type" = "Filesystem" "max_size" = "10Gi"
"type" = "Filesystem"
} }
} }
variable "backup" { variable "backup" {
type = bool type = bool
default = true default = true
} }

13
rabbitmq/rabbitmq.tf
View File

@@ -4,6 +4,11 @@ locals {
"app.kubernetes.io/component" = "rabbitmq" "app.kubernetes.io/component" = "rabbitmq"
}) })
secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert" secret_name = var.cert_name != "" ? var.cert_name : "${local.app_slug}-cert"
pvc_spec = merge({
"storage" = var.storage.size
}, var.storage.class != "" ? {
"storageClassName" = var.storage.class
} : {})
} }
resource "kubectl_manifest" "certificate" { resource "kubectl_manifest" "certificate" {
@@ -73,6 +78,10 @@ resource "kubectl_manifest" "rabbitmq" {
labels: ${jsonencode(local.rabbit_labels)} labels: ${jsonencode(local.rabbit_labels)}
spec: spec:
replicas: ${var.replicas} replicas: ${var.replicas}
image: "${var.image.registry}/${var.image.repository}:${var.image.tag}"
imagePullPolicy: "${var.image.pull_policy}"
persistence: ${jsonencode(local.pvc_spec)}
resources: ${jsonencode(var.resources)}
tls: tls:
secretName: ${local.secret_name} secretName: ${local.secret_name}
rabbitmq: rabbitmq:
@@ -85,9 +94,7 @@ resource "kubectl_manifest" "rabbitmq" {
cluster_formation.k8s.host = kubernetes.default.svc.cluster.local cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]} default_user=${data.kubernetes_secret_v1.rabbit_secret.data["username"]}
default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]} default_pass=${data.kubernetes_secret_v1.rabbit_secret.data["password"]}
additionalPlugins: additionalPlugins: ${jsonencode(var.plugins)}
- rabbitmq_mqtt
- rabbitmq_web_mqtt
service: service:
ipFamilyPolicy: "PreferDualStack" ipFamilyPolicy: "PreferDualStack"
EOF EOF

62
rabbitmq/variables.tf
View File

@@ -10,19 +10,69 @@ variable "namespace" {
variable "labels" { variable "labels" {
type = map(string) type = map(string)
} }
variable "annotations" {
type = map(string)
default = {}
}
variable "issuer" { variable "issuer" {
type = string type = string
} }
variable "replicas" { variable "replicas" {
type = number type = number
default = 1 default = 1
} }
variable "image" {
type = object({
registry = optional(string),
repository = optional(string),
tag = optional(string),
pull_policy = optional(string)
})
description = "Image parameters"
default = {
"registry" = "docker.io"
"repository" = "rabbitmq"
"tag" = "3.11.28-management-alpine"
"pull_policy" = "IfNotPresent"
}
}
variable "storage" {
description = "Storage parameters"
type = object({
class = optional(string),
size = optional(string),
})
default = {
class = ""
size = "1Gi"
}
}
variable "resources" {
description = "Resources parameters"
type = object({
requests = optional(object({
cpu = optional(string),
memory = optional(string)
})),
limits = optional(object({
cpu = optional(string),
memory = optional(string)
}))
})
default = {
requests = {
cpu = "1000m",
memory = "2Gi"
},
limits = {
cpu = "1000m",
memory = "2Gi"
}
}
}
variable "cert_name" { variable "cert_name" {
type = string type = string
default = "" default = ""
description = "Give a secret name for tls, if empty and entrypointis websecure or empty, one will be created" description = "Give a secret name for tls, if empty a new one will be created"
}
variable "plugins" {
description = "RabitMQ plugins"
type = list(string)
default = ["rabbitmq_mqtt", "rabbitmq_web_mqtt"]
} }

4
redis/outputs.tf
View File

@@ -6,6 +6,10 @@ output "service" {
value = "${local.app_slug}-redis.${var.namespace}.svc" value = "${local.app_slug}-redis.${var.namespace}.svc"
} }
output "port" {
value = 6379
}
output "db_host" { output "db_host" {
value = "${local.app_slug}-redis" value = "${local.app_slug}-redis"
} }

2
redis/redis.tf
View File

@@ -5,7 +5,7 @@ locals {
}) })
cfg = merge({ cfg = merge({
"image" = "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" "image" = "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}"
"imagePullPolicy" = "${var.images.redis.pull_policy}" "imagePullPolicy" = var.images.redis.pull_policy
}, lookup(var.password, "enabled", false) ? { }, lookup(var.password, "enabled", false) ? {
redisSecret = { redisSecret = {
name = lookup(var.password, "name", var.component) name = lookup(var.password, "name", var.component)

4
redis/variables.tf
View File

@@ -10,10 +10,6 @@ variable "namespace" {
variable "labels" { variable "labels" {
type = map(string) type = map(string)
} }
variable "annotations" {
type = map(string)
default = {}
}
variable "images" { variable "images" {
type = object({ type = object({

2
service/outputs.tf
View File

@@ -5,7 +5,7 @@ output "ingress_backend_exposure" {
value = [for port_map in var.port_mapper : value = [for port_map in var.port_mapper :
{ {
"service" = { "service" = {
"name" = "${local.app_slug}" "name" = local.app_slug
"port" = { "port" = {
"name" = port_map.name "name" = port_map.name
} }

9
service/svc.tf
View File

@@ -1,7 +1,8 @@
locals { locals {
app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}" app_slug = "${var.instance}${var.component == "" ? "" : "-"}${var.component}"
selector = length(var.selector) > 0 ? var.selector : var.labels
default_ports = var.svc_type != "NodePort" ? [for port_map in var.port_mapper : { default_ports = var.svc_type != "NodePort" ? [for port_map in var.port_mapper : {
"name" = port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}" "name" = lower(port_map.name != null && port_map.name != "" ? port_map.name : "${port_map.port}-${port_map.protocol}")
"port" = port_map.port "port" = port_map.port
"protocol" = port_map.protocol "protocol" = port_map.protocol
"targetPort" = port_map.target "targetPort" = port_map.target
@@ -25,7 +26,7 @@ locals {
"ClusterIP" = { "ClusterIP" = {
type = "ClusterIP" type = "ClusterIP"
ports = local.default_ports ports = local.default_ports
selector = var.labels selector = local.selector
ipFamilyPolicy = var.ip_family ipFamilyPolicy = var.ip_family
}, },
"ExternalName" = { "ExternalName" = {
@@ -35,13 +36,13 @@ locals {
}, },
"NodePort" = { "NodePort" = {
type = "NodePort" type = "NodePort"
selector = var.labels selector = local.selector
ports = local.node_ports ports = local.node_ports
ipFamilyPolicy = var.ip_family ipFamilyPolicy = var.ip_family
}, },
"LoadBalancer" = { "LoadBalancer" = {
type = "LoadBalancer" type = "LoadBalancer"
selector = var.labels selector = local.selector
ports = local.default_ports ports = local.default_ports
externalTrafficPolicy = var.lb_policy externalTrafficPolicy = var.lb_policy
ipFamilyPolicy = var.ip_family ipFamilyPolicy = var.ip_family

9
service/variables.tf
View File

@@ -8,7 +8,13 @@ variable "namespace" {
type = string type = string
} }
variable "labels" { variable "labels" {
type = map(string) type = map(string)
description = "Service labels"
}
variable "selector" {
type = map(string)
description = "Service selector labels (default same as labels)"
default = {}
} }
variable "annotations" { variable "annotations" {
type = map(string) type = map(string)
@@ -33,6 +39,7 @@ variable "ip_family" {
} }
variable "port_mapper" { variable "port_mapper" {
description = "List information for port mapping in the service"
type = list(object({ type = list(object({
name = optional(string) name = optional(string)
port = number port = number