extract remaining 19 modules from platform, complete stack split [ci skip]
Phase 3: all 27 platform modules now run as independent stacks. Platform reduced to empty shell (outputs only) for backward compat with 72 app stacks that declare dependency "platform". Fixed technitium cross-module dashboard reference by copying file. Woodpecker pipeline applies all 27+1 stacks in parallel via loop. All applied with zero destroys.
This commit is contained in:
parent
ae36dc253b
commit
73511b1230
134 changed files with 7930 additions and 270 deletions
14
stacks/iscsi-csi/main.tf
Normal file
14
stacks/iscsi-csi/main.tf
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
variable "nfs_server" { type = string }
|
||||
|
||||
data "vault_kv_secret_v2" "secrets" {
|
||||
mount = "secret"
|
||||
name = "platform"
|
||||
}
|
||||
|
||||
module "iscsi-csi" {
|
||||
source = "./modules/iscsi-csi"
|
||||
tier = local.tiers.cluster
|
||||
truenas_host = var.nfs_server
|
||||
truenas_api_key = data.vault_kv_secret_v2.secrets.data["truenas_api_key"]
|
||||
truenas_ssh_private_key = data.vault_kv_secret_v2.secrets.data["truenas_ssh_private_key"]
|
||||
}
|
||||
148
stacks/iscsi-csi/modules/iscsi-csi/main.tf
Normal file
148
stacks/iscsi-csi/modules/iscsi-csi/main.tf
Normal file
|
|
@ -0,0 +1,148 @@
|
|||
resource "kubernetes_namespace" "iscsi_csi" {
|
||||
metadata {
|
||||
name = "iscsi-csi"
|
||||
labels = {
|
||||
tier = var.tier
|
||||
"resource-governance/custom-quota" = "true"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "helm_release" "democratic_csi" {
|
||||
namespace = kubernetes_namespace.iscsi_csi.metadata[0].name
|
||||
create_namespace = false
|
||||
name = "democratic-csi-iscsi"
|
||||
atomic = true
|
||||
timeout = 300
|
||||
|
||||
repository = "https://democratic-csi.github.io/charts/"
|
||||
chart = "democratic-csi"
|
||||
|
||||
values = [yamlencode({
|
||||
csiDriver = {
|
||||
name = "org.democratic-csi.iscsi"
|
||||
}
|
||||
|
||||
storageClasses = [{
|
||||
name = "iscsi-truenas"
|
||||
defaultClass = false
|
||||
reclaimPolicy = "Retain"
|
||||
volumeBindingMode = "Immediate"
|
||||
allowVolumeExpansion = true
|
||||
parameters = {
|
||||
fsType = "ext4"
|
||||
}
|
||||
mountOptions = []
|
||||
}]
|
||||
|
||||
controller = {
|
||||
replicas = 2
|
||||
driver = {
|
||||
resources = {
|
||||
requests = { cpu = "25m", memory = "192Mi" }
|
||||
limits = { memory = "192Mi" }
|
||||
}
|
||||
}
|
||||
externalProvisioner = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "64Mi" }
|
||||
limits = { memory = "64Mi" }
|
||||
}
|
||||
}
|
||||
externalAttacher = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "64Mi" }
|
||||
limits = { memory = "64Mi" }
|
||||
}
|
||||
}
|
||||
externalResizer = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "64Mi" }
|
||||
limits = { memory = "64Mi" }
|
||||
}
|
||||
}
|
||||
externalSnapshotter = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "80Mi" }
|
||||
limits = { memory = "80Mi" }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# csiProxy is a top-level chart key, NOT nested under controller/node
|
||||
csiProxy = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "32Mi" }
|
||||
limits = { memory = "32Mi" }
|
||||
}
|
||||
}
|
||||
|
||||
node = {
|
||||
driver = {
|
||||
resources = {
|
||||
requests = { cpu = "25m", memory = "192Mi" }
|
||||
limits = { memory = "192Mi" }
|
||||
}
|
||||
}
|
||||
driverRegistrar = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "32Mi" }
|
||||
limits = { memory = "32Mi" }
|
||||
}
|
||||
}
|
||||
cleanup = {
|
||||
resources = {
|
||||
requests = { cpu = "5m", memory = "32Mi" }
|
||||
limits = { memory = "32Mi" }
|
||||
}
|
||||
}
|
||||
|
||||
hostPID = true
|
||||
hostPath = "/lib/modules"
|
||||
}
|
||||
|
||||
driver = {
|
||||
config = {
|
||||
driver = "freenas-iscsi"
|
||||
|
||||
instance_id = "truenas-iscsi"
|
||||
|
||||
httpConnection = {
|
||||
protocol = "http"
|
||||
host = var.truenas_host
|
||||
port = 80
|
||||
apiKey = var.truenas_api_key
|
||||
}
|
||||
|
||||
sshConnection = {
|
||||
host = var.truenas_host
|
||||
port = 22
|
||||
username = "root"
|
||||
privateKey = var.truenas_ssh_private_key
|
||||
}
|
||||
|
||||
zfs = {
|
||||
datasetParentName = "main/iscsi"
|
||||
detachedSnapshotsDatasetParentName = "main/iscsi-snaps"
|
||||
}
|
||||
|
||||
iscsi = {
|
||||
targetPortal = "${var.truenas_host}:3260"
|
||||
namePrefix = "csi-"
|
||||
nameSuffix = ""
|
||||
targetGroups = [{
|
||||
targetGroupPortalGroup = 1
|
||||
targetGroupInitiatorGroup = 1
|
||||
targetGroupAuthType = "None"
|
||||
}]
|
||||
extentInsecureTpc = true
|
||||
extentXenCompat = false
|
||||
extentDisablePhysicalBlocksize = true
|
||||
extentBlocksize = 512
|
||||
extentRpm = "SSD"
|
||||
extentAvailThreshold = 0
|
||||
}
|
||||
}
|
||||
}
|
||||
})]
|
||||
}
|
||||
10
stacks/iscsi-csi/modules/iscsi-csi/variables.tf
Normal file
10
stacks/iscsi-csi/modules/iscsi-csi/variables.tf
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
variable "tier" { type = string }
|
||||
variable "truenas_host" { type = string }
|
||||
variable "truenas_api_key" {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
variable "truenas_ssh_private_key" {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
1
stacks/iscsi-csi/secrets
Symbolic link
1
stacks/iscsi-csi/secrets
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
../../secrets
|
||||
8
stacks/iscsi-csi/terragrunt.hcl
Normal file
8
stacks/iscsi-csi/terragrunt.hcl
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
include "root" {
|
||||
path = find_in_parent_folders()
|
||||
}
|
||||
|
||||
dependency "infra" {
|
||||
config_path = "../infra"
|
||||
skip_outputs = true
|
||||
}
|
||||
10
stacks/iscsi-csi/tiers.tf
Normal file
10
stacks/iscsi-csi/tiers.tf
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||
locals {
|
||||
tiers = {
|
||||
core = "0-core"
|
||||
cluster = "1-cluster"
|
||||
gpu = "2-gpu"
|
||||
edge = "3-edge"
|
||||
aux = "4-aux"
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue