diff --git a/main.tf b/main.tf index d6a338a9..b4ec926c 100644 --- a/main.tf +++ b/main.tf @@ -225,6 +225,8 @@ module "docker-registry-template" { ) ) ), + "( crontab -l 2>/dev/null; echo '0 3 * * 0 /usr/bin/docker exec registry registry garbage-collect -m /etc/docker/registry/config.yml' ) | crontab -", + "( crontab -l 2>/dev/null; echo '0 * * * * /usr/bin/docker restart registry' ) | crontab -", "docker run -p 5000:5000 -p 5001:5001 -d --restart always --name registry -v /etc/docker-registry/config.yml:/etc/docker/registry/config.yml registry:2" ] } diff --git a/modules/create-vm/main.tf b/modules/create-vm/main.tf index 6df8883c..219d41c2 100644 --- a/modules/create-vm/main.tf +++ b/modules/create-vm/main.tf @@ -61,6 +61,11 @@ resource "proxmox_vm_qemu" "cloudinit-vm" { cores = var.vm_cpus type = "host" # emulate host cpu } + startup_shutdown { + order = -1 + shutdown_timeout = -1 + startup_delay = -1 + } # Most cloud-init images require a serial device for their display serial { diff --git a/modules/kubernetes/actualbudget/main.tf b/modules/kubernetes/actualbudget/main.tf index fc4ac749..17091036 100644 --- a/modules/kubernetes/actualbudget/main.tf +++ b/modules/kubernetes/actualbudget/main.tf @@ -18,7 +18,7 @@ resource "kubernetes_namespace" "actualbudget" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "actualbudget" + namespace = kubernetes_namespace.actualbudget tls_secret_name = var.tls_secret_name } @@ -29,6 +29,7 @@ module "viktor" { name = "viktor" tag = "edge" tls_secret_name = var.tls_secret_name + depends_on = [kubernetes_namespace.actualbudget] } # https://budget-anca.viktorbarzin.me/ @@ -37,4 +38,5 @@ module "anca" { name = "anca" tag = "edge" tls_secret_name = var.tls_secret_name + depends_on = [kubernetes_namespace.actualbudget] } diff --git a/modules/kubernetes/audiobookshelf/main.tf b/modules/kubernetes/audiobookshelf/main.tf index f3e6759e..39e46787 100644 --- a/modules/kubernetes/audiobookshelf/main.tf +++ b/modules/kubernetes/audiobookshelf/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "audiobookshelf" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "audiobookshelf" + namespace = kubernetes_namespace.audiobookshelf.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "audiobookshelf" { metadata { name = "audiobookshelf" - namespace = "audiobookshelf" + namespace = kubernetes_namespace.audiobookshelf.metadata[0].name labels = { app = "audiobookshelf" } @@ -103,7 +103,7 @@ resource "kubernetes_deployment" "audiobookshelf" { resource "kubernetes_service" "audiobookshelf" { metadata { name = "audiobookshelf" - namespace = "audiobookshelf" + namespace = kubernetes_namespace.audiobookshelf.metadata[0].name labels = { "app" = "audiobookshelf" } @@ -124,7 +124,7 @@ resource "kubernetes_service" "audiobookshelf" { module "ingress" { source = "../ingress_factory" - namespace = "audiobookshelf" + namespace = kubernetes_namespace.audiobookshelf.metadata[0].name name = "audiobookshelf" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/authelia/main.tf b/modules/kubernetes/authelia/main.tf index 1bc69e2b..133f5670 100644 --- a/modules/kubernetes/authelia/main.tf +++ b/modules/kubernetes/authelia/main.tf @@ -11,12 +11,12 @@ resource "kubernetes_namespace" "authelia" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "authelia" + namespace = kubernetes_namespace.authelia.metadata[0].name tls_secret_name = var.tls_secret_name } resource "helm_release" "authelia" { - namespace = "authelia" + namespace = kubernetes_namespace.authelia.metadata[0].name name = "authelia" atomic = true @@ -32,7 +32,7 @@ resource "helm_release" "authelia" { # resource "kubernetes_config_map" "configuration" { # metadata { # name = "configuration" -# namespace = "authelia" +# namespace = kubernetes_namespace.authelia.metadata[0].name # labels = { # app = "configuration" @@ -53,7 +53,7 @@ resource "helm_release" "authelia" { # resource "kubernetes_deployment" "authelia" { # metadata { # name = "authelia" -# namespace = "authelia" +# namespace = kubernetes_namespace.authelia.metadata[0].name # labels = { # app = "authelia" # } @@ -119,7 +119,7 @@ resource "helm_release" "authelia" { # resource "kubernetes_service" "authelia" { # metadata { # name = "authelia" -# namespace = "authelia" +# namespace = kubernetes_namespace.authelia.metadata[0].name # labels = { # "app" = "authelia" # } @@ -142,7 +142,7 @@ resource "helm_release" "authelia" { # resource "kubernetes_ingress_v1" "authelia" { # metadata { # name = "authelia" -# namespace = "authelia" +# namespace = kubernetes_namespace.authelia.metadata[0].name # annotations = { # "kubernetes.io/ingress.class" = "nginx" # # "nginx.ingress.kubernetes.io/affinity" = "cookie" diff --git a/modules/kubernetes/authentik/main.tf b/modules/kubernetes/authentik/main.tf index 73e376e4..f5df26e1 100644 --- a/modules/kubernetes/authentik/main.tf +++ b/modules/kubernetes/authentik/main.tf @@ -5,7 +5,7 @@ variable "postgres_password" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "authentik" + namespace = kubernetes_namespace.authentik.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -16,7 +16,7 @@ resource "kubernetes_namespace" "authentik" { } resource "helm_release" "authentik" { - namespace = "authentik" + namespace = kubernetes_namespace.authentik.metadata[0].name create_namespace = true name = "goauthentik" @@ -34,7 +34,7 @@ resource "helm_release" "authentik" { resource "kubernetes_ingress_v1" "authentik" { metadata { name = "authentik" - namespace = "authentik" + namespace = kubernetes_namespace.authentik.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" } diff --git a/modules/kubernetes/blog/main.tf b/modules/kubernetes/blog/main.tf index fbf14df6..91cf4fed 100644 --- a/modules/kubernetes/blog/main.tf +++ b/modules/kubernetes/blog/main.tf @@ -12,20 +12,20 @@ resource "kubernetes_namespace" "website" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "website" + namespace = kubernetes_namespace.website.metadata[0].name tls_secret_name = var.tls_secret_name } # module "dockerhub_creds" { # source = "../dockerhub_secret" -# namespace = "website" +# namespace = kubernetes_namespace.website.metadata[0].name # password = var.dockerhub_password # } resource "kubernetes_deployment" "blog" { metadata { name = "blog" - namespace = "website" + namespace = kubernetes_namespace.website.metadata[0].name labels = { run = "blog" } @@ -78,7 +78,7 @@ resource "kubernetes_deployment" "blog" { resource "kubernetes_service" "blog" { metadata { name = "blog" - namespace = "website" + namespace = kubernetes_namespace.website.metadata[0].name labels = { "run" = "blog" } @@ -109,7 +109,7 @@ resource "kubernetes_service" "blog" { resource "kubernetes_ingress_v1" "blog" { metadata { name = "blog-ingress" - namespace = "website" + namespace = kubernetes_namespace.website.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOT diff --git a/modules/kubernetes/calibre/main.tf b/modules/kubernetes/calibre/main.tf index 77eb6fdd..040374bf 100644 --- a/modules/kubernetes/calibre/main.tf +++ b/modules/kubernetes/calibre/main.tf @@ -17,14 +17,14 @@ resource "kubernetes_namespace" "calibre" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name tls_secret_name = var.tls_secret_name } # resource "kubernetes_deployment" "calibre" { # metadata { # name = "calibre" -# namespace = "calibre" +# namespace = kubernetes_namespace.calibre.metadata[0].name # labels = { # app = "calibre" # } @@ -97,7 +97,7 @@ module "tls_secret" { resource "kubernetes_deployment" "calibre-web-automated" { metadata { name = "calibre-web-automated" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name labels = { app = "calibre-web-automated" } @@ -196,7 +196,7 @@ resource "kubernetes_deployment" "calibre-web-automated" { resource "kubernetes_service" "calibre" { metadata { name = "calibre" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name labels = { "app" = "calibre" } @@ -218,7 +218,7 @@ resource "kubernetes_service" "calibre" { module "ingress" { source = "../ingress_factory" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name name = "calibre" tls_secret_name = var.tls_secret_name extra_annotations = { @@ -248,7 +248,7 @@ module "ingress" { resource "kubernetes_deployment" "annas-archive-stacks" { metadata { name = "annas-archive-stacks" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name labels = { app = "annas-archive-stacks" } @@ -304,7 +304,7 @@ resource "kubernetes_deployment" "annas-archive-stacks" { resource "kubernetes_service" "annas-archive-stacks" { metadata { name = "annas-archive-stacks" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name labels = { "app" = "annas-archive-stacks" } @@ -324,7 +324,7 @@ resource "kubernetes_service" "annas-archive-stacks" { module "stacks-ingress" { source = "../ingress_factory" - namespace = "calibre" + namespace = kubernetes_namespace.calibre.metadata[0].name name = "stacks" service_name = "annas-archive-stacks" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/changedetection/main.tf b/modules/kubernetes/changedetection/main.tf index 0a52da3b..c7154e72 100644 --- a/modules/kubernetes/changedetection/main.tf +++ b/modules/kubernetes/changedetection/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "changedetection" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "changedetection" + namespace = kubernetes_namespace.changedetection.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "changedetection" { metadata { name = "changedetection" - namespace = "changedetection" + namespace = kubernetes_namespace.changedetection.metadata[0].name labels = { app = "changedetection" } @@ -103,7 +103,7 @@ resource "kubernetes_deployment" "changedetection" { resource "kubernetes_service" "changedetection" { metadata { name = "changedetection" - namespace = "changedetection" + namespace = kubernetes_namespace.changedetection.metadata[0].name labels = { "app" = "changedetection" } @@ -122,7 +122,7 @@ resource "kubernetes_service" "changedetection" { module "ingress" { source = "../ingress_factory" - namespace = "changedetection" + namespace = kubernetes_namespace.changedetection.metadata[0].name name = "changedetection" tls_secret_name = var.tls_secret_name protected = true diff --git a/modules/kubernetes/cloudflared/cloudflare.tf b/modules/kubernetes/cloudflared/cloudflare.tf index 627bb09f..fe6fb945 100644 --- a/modules/kubernetes/cloudflared/cloudflare.tf +++ b/modules/kubernetes/cloudflared/cloudflare.tf @@ -1,10 +1,8 @@ # Contents for cloudflare account variable "cloudflare_api_key" {} variable "cloudflare_email" {} -variable "cloudflare_proxied_names" {} -variable "cloudflare_non_proxied_names" { - type = list(string) -} +variable "cloudflare_proxied_names" { type = list(string) } +variable "cloudflare_non_proxied_names" { type = list(string) } variable "cloudflare_zone_id" { description = "Zone ID for your domain" type = string @@ -36,6 +34,18 @@ provider "cloudflare" { email = var.cloudflare_email } + +locals { + cloudflare_proxied_names_map = { + for h in var.cloudflare_proxied_names : + h => h + } + cloudflare_non_proxied_names_map = { + for h in var.cloudflare_non_proxied_names : + h => h + } +} + resource "cloudflare_zero_trust_tunnel_cloudflared_config" "sof" { account_id = var.cloudflare_account_id tunnel_id = var.cloudflare_tunnel_id @@ -62,9 +72,11 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "sof" { } resource "cloudflare_record" "dns_record" { + # for_each = local.cloudflare_proxied_names_map count = length(var.cloudflare_proxied_names) content = "${var.cloudflare_tunnel_id}.cfargotunnel.com" name = var.cloudflare_proxied_names[count.index] + # name = each.key proxied = true ttl = 1 type = "CNAME" @@ -72,10 +84,12 @@ resource "cloudflare_record" "dns_record" { } resource "cloudflare_record" "non_proxied_dns_record" { + # for_each = local.cloudflare_non_proxied_names_map count = length(var.cloudflare_non_proxied_names) # content = var.non_proxied_names[count.index].ip content = var.public_ip name = var.cloudflare_non_proxied_names[count.index] + # name = each.key proxied = false ttl = 1 type = "A" diff --git a/modules/kubernetes/cloudflared/main.tf b/modules/kubernetes/cloudflared/main.tf index 7fe90b83..bbd33b47 100644 --- a/modules/kubernetes/cloudflared/main.tf +++ b/modules/kubernetes/cloudflared/main.tf @@ -10,14 +10,14 @@ resource "kubernetes_namespace" "cloudflared" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "cloudflared" + namespace = kubernetes_namespace.cloudflared.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "cloudflared" { metadata { name = "cloudflared" - namespace = "cloudflared" + namespace = kubernetes_namespace.cloudflared.metadata[0].name labels = { app = "cloudflared" } @@ -64,7 +64,7 @@ resource "kubernetes_deployment" "cloudflared" { resource "kubernetes_service" "cloudflared" { metadata { name = "cloudflared" - namespace = "cloudflared" + namespace = kubernetes_namespace.cloudflared.metadata[0].name labels = { "app" = "cloudflared" } diff --git a/modules/kubernetes/crowdsec/main.tf b/modules/kubernetes/crowdsec/main.tf index baf3b0a6..e3cb5566 100644 --- a/modules/kubernetes/crowdsec/main.tf +++ b/modules/kubernetes/crowdsec/main.tf @@ -9,7 +9,7 @@ variable "crowdsec_dash_machine_password" { type = string } # used for web dash module "tls_secret" { source = "../setup_tls_secret" - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -22,7 +22,7 @@ resource "kubernetes_namespace" "crowdsec" { resource "kubernetes_config_map" "crowdsec_custom_scenarios" { metadata { name = "crowdsec-custom-scenarios" - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name labels = { "app.kubernetes.io/name" = "crowdsec" } @@ -62,7 +62,7 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" { resource "helm_release" "crowdsec" { - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name create_namespace = true name = "crowdsec" atomic = true @@ -80,7 +80,7 @@ resource "helm_release" "crowdsec" { resource "kubernetes_deployment" "crowdsec-web" { metadata { name = "crowdsec-web" - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name labels = { app = "crowdsec_web" "kubernetes.io/cluster-service" = "true" @@ -137,7 +137,7 @@ resource "kubernetes_deployment" "crowdsec-web" { resource "kubernetes_service" "crowdsec-web" { metadata { name = "crowdsec-web" - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name labels = { "app" = "crowdsec_web" } @@ -155,7 +155,7 @@ resource "kubernetes_service" "crowdsec-web" { } module "ingress" { source = "../ingress_factory" - namespace = "crowdsec" + namespace = kubernetes_namespace.crowdsec.metadata[0].name name = "crowdsec-web" protected = true tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/cyberchef/main.tf b/modules/kubernetes/cyberchef/main.tf index e6db2fe8..8049635e 100644 --- a/modules/kubernetes/cyberchef/main.tf +++ b/modules/kubernetes/cyberchef/main.tf @@ -7,14 +7,14 @@ resource "kubernetes_namespace" "cyberchef" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "cyberchef" + namespace = kubernetes_namespace.cyberchef.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "cyberchef" { metadata { name = "cyberchef" - namespace = "cyberchef" + namespace = kubernetes_namespace.cyberchef.metadata[0].name labels = { app = "cyberchef" } @@ -55,7 +55,7 @@ resource "kubernetes_deployment" "cyberchef" { resource "kubernetes_service" "cyberchef" { metadata { name = "cc" - namespace = "cyberchef" + namespace = kubernetes_namespace.cyberchef.metadata[0].name labels = { "app" = "cyberchef" } @@ -76,7 +76,7 @@ resource "kubernetes_service" "cyberchef" { module "ingress" { source = "../ingress_factory" - namespace = "cyberchef" + namespace = kubernetes_namespace.cyberchef.metadata[0].name name = "cc" tls_secret_name = var.tls_secret_name rybbit_site_id = "7c460afc68c4" diff --git a/modules/kubernetes/dashy/main.tf b/modules/kubernetes/dashy/main.tf index dc946ecf..1fb34fb9 100644 --- a/modules/kubernetes/dashy/main.tf +++ b/modules/kubernetes/dashy/main.tf @@ -3,7 +3,7 @@ variable "tls_secret_name" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "dashy" + namespace = kubernetes_namespace.dashy.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -19,7 +19,7 @@ resource "kubernetes_namespace" "dashy" { resource "kubernetes_config_map" "config" { metadata { name = "config" - namespace = "dashy" + namespace = kubernetes_namespace.dashy.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -34,7 +34,7 @@ resource "kubernetes_config_map" "config" { resource "kubernetes_deployment" "dashy" { metadata { name = "dashy" - namespace = "dashy" + namespace = kubernetes_namespace.dashy.metadata[0].name labels = { app = "dashy" } @@ -85,7 +85,7 @@ resource "kubernetes_deployment" "dashy" { resource "kubernetes_service" "dashy" { metadata { name = "dashy" - namespace = "dashy" + namespace = kubernetes_namespace.dashy.metadata[0].name labels = { app = "dashy" } @@ -105,7 +105,7 @@ resource "kubernetes_service" "dashy" { module "ingress" { source = "../ingress_factory" - namespace = "dashy" + namespace = kubernetes_namespace.dashy.metadata[0].name name = "dashy" tls_secret_name = var.tls_secret_name protected = true # hidden as we use homepage now diff --git a/modules/kubernetes/dawarich/main.tf b/modules/kubernetes/dawarich/main.tf index b93c11a0..d6a1cef5 100644 --- a/modules/kubernetes/dawarich/main.tf +++ b/modules/kubernetes/dawarich/main.tf @@ -17,14 +17,14 @@ resource "kubernetes_namespace" "dawarich" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "dawarich" + namespace = kubernetes_namespace.dawarich.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "dawarich" { metadata { name = "dawarich" - namespace = "dawarich" + namespace = kubernetes_namespace.dawarich.metadata[0].name labels = { app = "dawarich" } @@ -218,7 +218,7 @@ resource "kubernetes_deployment" "dawarich" { # resource "kubernetes_deployment" "photon" { # metadata { # name = "photon" -# namespace = "dawarich" +# namespace = kubernetes_namespace.dawarich.metadata[0].name # labels = { # app = "photon" # } @@ -276,7 +276,7 @@ resource "kubernetes_deployment" "dawarich" { resource "kubernetes_service" "dawarich" { metadata { name = "dawarich" - namespace = "dawarich" + namespace = kubernetes_namespace.dawarich.metadata[0].name labels = { "app" = "dawarich" } @@ -298,7 +298,7 @@ resource "kubernetes_service" "dawarich" { # resource "kubernetes_service" "photon" { # metadata { # name = "photon" -# namespace = "dawarich" +# namespace = kubernetes_namespace.dawarich.metadata[0].name # labels = { # "app" = "photon" # } @@ -318,7 +318,7 @@ resource "kubernetes_service" "dawarich" { # } module "ingress" { source = "../ingress_factory" - namespace = "dawarich" + namespace = kubernetes_namespace.dawarich.metadata[0].name name = "dawarich" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/dbaas/main.tf b/modules/kubernetes/dbaas/main.tf index 01ed7ed5..5d3a9d8f 100644 --- a/modules/kubernetes/dbaas/main.tf +++ b/modules/kubernetes/dbaas/main.tf @@ -19,7 +19,7 @@ resource "kubernetes_namespace" "dbaas" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -27,7 +27,7 @@ module "tls_secret" { resource "kubernetes_config_map" "mycnf" { metadata { name = "mycnf" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -80,7 +80,7 @@ resource "kubernetes_config_map" "mycnf" { resource "kubernetes_service" "mysql" { metadata { name = var.cluster_master_service - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { selector = { @@ -95,7 +95,7 @@ resource "kubernetes_service" "mysql" { resource "kubernetes_deployment" "mysql" { metadata { name = "mysql" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name annotations = { "reloader.stakater.com/search" = "true" } @@ -166,7 +166,7 @@ resource "kubernetes_deployment" "mysql" { resource "kubernetes_cron_job_v1" "mysql-backup" { metadata { name = "mysql-backup" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { concurrency_policy = "Replace" @@ -244,7 +244,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" { # resource "helm_release" "mysql" { -# namespace = "dbaas" +# namespace = kubernetes_namespace.dbaas.metadata[0].name # create_namespace = false # name = "mysql" @@ -259,7 +259,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" { # } # # resource "helm_release" "mysql" { -# # namespace = "dbaas" +# # namespace = kubernetes_namespace.dbaas.metadata[0].name # # create_namespace = false # # name = "mysql-operator" @@ -270,7 +270,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" { # # } # # resource "helm_release" "innodb-cluster" { -# # namespace = "dbaas" +# # namespace = kubernetes_namespace.dbaas.metadata[0].name # # create_namespace = false # # name = var.cluster_master_service @@ -304,7 +304,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" { resource "kubernetes_secret" "cluster-password" { metadata { name = "cluster-secret" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" } @@ -318,7 +318,7 @@ resource "kubernetes_secret" "cluster-password" { # resource "kubernetes_ingress_v1" "dbaas" { # metadata { # name = "orchestrator-ingress" -# namespace = "dbaas" +# namespace = kubernetes_namespace.dbaas.metadata[0].name # annotations = { # "kubernetes.io/ingress.class" = "nginx" # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" @@ -355,7 +355,7 @@ resource "kubernetes_secret" "cluster-password" { resource "kubernetes_deployment" "phpmyadmin" { metadata { name = "phpmyadmin" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name labels = { "app" = "phpmyadmin" @@ -414,7 +414,7 @@ resource "kubernetes_deployment" "phpmyadmin" { resource "kubernetes_service" "phpmyadmin" { metadata { name = "pma" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { selector = { @@ -428,7 +428,7 @@ resource "kubernetes_service" "phpmyadmin" { } module "ingress" { source = "../ingress_factory" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name name = "pma" tls_secret_name = var.tls_secret_name protected = true @@ -448,7 +448,7 @@ module "ingress" { # kind: MysqlCluster # metadata: # name: mysql-cluster -# namespace: dbaas +# namespace = kubernetes_namespace.dbaas.metadata[0].name # spec: # mysqlVersion: "5.7" # replicas: 1 @@ -481,7 +481,7 @@ module "ingress" { # # kind = "MysqlCluster" # # metadata = { # # name = "mysql-cluster" -# # namespace = "dbaas" +# # namespace = kubernetes_namespace.dbaas.metadata[0].name # # } # # spec = { # # mysqlVersion = "5.7" @@ -523,7 +523,7 @@ module "ingress" { # listKind: MysqlUserList # plural: mysqlusers # singular: mysqluser -# scope: Namespaced +# scope:namespace = kubernetes_namespace.dbaas.metadata[0].name # versions: # - additionalPrinterColumns: # - description: The user status @@ -566,8 +566,8 @@ module "ingress" { # name: # description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' # type: string -# namespace: -# description: Namespace the MySQL cluster namespace +# namespace = kubernetes_namespace.dbaas.metadata[0].name +# description:namespace = kubernetes_namespace.dbaas.metadata[0].name # type: string # type: object # password: @@ -680,7 +680,7 @@ module "ingress" { resource "kubernetes_deployment" "postgres" { metadata { name = "postgresql" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name annotations = { "reloader.stakater.com/search" = "true" } @@ -754,7 +754,7 @@ resource "kubernetes_deployment" "postgres" { resource "kubernetes_service" "postgresql" { metadata { name = "postgresql" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { selector = { @@ -773,7 +773,7 @@ resource "kubernetes_service" "postgresql" { resource "kubernetes_deployment" "pgadmin" { metadata { name = "pgadmin" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name annotations = { "reloader.stakater.com/search" = "true" } @@ -830,7 +830,7 @@ resource "kubernetes_deployment" "pgadmin" { resource "kubernetes_service" "pgadmin" { metadata { name = "pgadmin" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { selector = { @@ -844,7 +844,7 @@ resource "kubernetes_service" "pgadmin" { } module "ingress-pgadmin" { source = "../ingress_factory" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name name = "pgadmin" tls_secret_name = var.tls_secret_name protected = true @@ -858,7 +858,7 @@ module "ingress-pgadmin" { resource "kubernetes_cron_job_v1" "postgresql-backup" { metadata { name = "postgresql-backup" - namespace = "dbaas" + namespace = kubernetes_namespace.dbaas.metadata[0].name } spec { concurrency_policy = "Replace" diff --git a/modules/kubernetes/descheduler/main.tf b/modules/kubernetes/descheduler/main.tf index 56abaa97..4d49240a 100644 --- a/modules/kubernetes/descheduler/main.tf +++ b/modules/kubernetes/descheduler/main.tf @@ -53,7 +53,7 @@ resource "kubernetes_cluster_role" "descheduler" { resource "kubernetes_service_account" "descheduler" { metadata { name = "descheduler-sa" - namespace = "descheduler" + namespace = kubernetes_namespace.descheduler.metadata[0].name } } @@ -70,12 +70,12 @@ resource "kubernetes_cluster_role_binding" "descheduler" { subject { name = "descheduler-sa" kind = "ServiceAccount" - namespace = "descheduler" + namespace = kubernetes_namespace.descheduler.metadata[0].name } } resource "helm_release" "prometheus" { - namespace = "descheduler" + namespace = kubernetes_namespace.descheduler.metadata[0].name name = "descheduler" repository = "https://kubernetes-sigs.github.io/descheduler/" diff --git a/modules/kubernetes/discount-bandit/main.tf b/modules/kubernetes/discount-bandit/main.tf index 8d6bc658..1d605a84 100644 --- a/modules/kubernetes/discount-bandit/main.tf +++ b/modules/kubernetes/discount-bandit/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "discount-bandit" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "discount-bandit" + namespace = kubernetes_namespace.discount-bandit.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "discount-bandit" { metadata { name = "discount-bandit" - namespace = "discount-bandit" + namespace = kubernetes_namespace.discount-bandit.metadata[0].name labels = { app = "discount-bandit" } @@ -79,7 +79,7 @@ resource "kubernetes_deployment" "discount-bandit" { resource "kubernetes_service" "discount-bandit" { metadata { name = "discount-bandit" - namespace = "discount-bandit" + namespace = kubernetes_namespace.discount-bandit.metadata[0].name labels = { "app" = "discount-bandit" } @@ -101,7 +101,7 @@ resource "kubernetes_service" "discount-bandit" { resource "kubernetes_ingress_v1" "discount-bandit" { metadata { name = "discount-bandit" - namespace = "discount-bandit" + namespace = kubernetes_namespace.discount-bandit.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" } diff --git a/modules/kubernetes/diun/main.tf b/modules/kubernetes/diun/main.tf index 7b7ef9d3..3a075d4d 100644 --- a/modules/kubernetes/diun/main.tf +++ b/modules/kubernetes/diun/main.tf @@ -13,14 +13,14 @@ resource "kubernetes_namespace" "diun" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "diun" + namespace = kubernetes_namespace.diun.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_service_account" "diun" { metadata { name = "diun" - namespace = "diun" + namespace = kubernetes_namespace.diun.metadata[0].name } } @@ -47,14 +47,14 @@ resource "kubernetes_cluster_role_binding" "diun" { subject { kind = "ServiceAccount" name = "diun" - namespace = "diun" + namespace = kubernetes_namespace.diun.metadata[0].name } } resource "kubernetes_deployment" "diun" { metadata { name = "diun" - namespace = "diun" + namespace = kubernetes_namespace.diun.metadata[0].name labels = { app = "diun" } diff --git a/modules/kubernetes/dnscat2/main.tf b/modules/kubernetes/dnscat2/main.tf index 4d8186f1..f5ffcb16 100644 --- a/modules/kubernetes/dnscat2/main.tf +++ b/modules/kubernetes/dnscat2/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "dnscat2" { # module "tls_secret" { # source = "../setup_tls_secret" -# namespace = "dnscat2" +# namespace = kubernetes_namespace.dnscat2.metadata[0].name # tls_secret_name = var.tls_secret_name # } resource "kubernetes_deployment" "dnscat2" { metadata { name = "dnscat2" - namespace = "dnscat2" + namespace = kubernetes_namespace.dnscat2.metadata[0].name labels = { app = "dnscat2" } @@ -43,7 +43,7 @@ resource "kubernetes_deployment" "dnscat2" { stdin = true tty = true port { - name="dns" + name = "dns" container_port = 53 protocol = "UDP" } @@ -60,7 +60,7 @@ resource "kubernetes_deployment" "dnscat2" { resource "kubernetes_service" "dnscat2" { metadata { name = "dnscat2" - namespace = "dnscat2" + namespace = kubernetes_namespace.dnscat2.metadata[0].name labels = { "app" = "dnscat2" } diff --git a/modules/kubernetes/dnscrypt/main.tf b/modules/kubernetes/dnscrypt/main.tf index 753d5ce9..1eec6158 100644 --- a/modules/kubernetes/dnscrypt/main.tf +++ b/modules/kubernetes/dnscrypt/main.tf @@ -7,7 +7,7 @@ resource "kubernetes_namespace" "dnscrypt" { resource "kubernetes_config_map" "dnscrypt" { metadata { name = "dnscrypt-proxy-configmap" - namespace = "dnscrypt" + namespace = kubernetes_namespace.dnscrypt.metadata[0].name } data = { "dnscrypt-proxy.toml" = var.dnscrypt_proxy_toml @@ -17,7 +17,7 @@ resource "kubernetes_config_map" "dnscrypt" { resource "kubernetes_deployment" "dnscrypt" { metadata { name = "dnscrypt-proxy" - namespace = "dnscrypt" + namespace = kubernetes_namespace.dnscrypt.metadata[0].name labels = { app = "dnscrypt-proxy" "kubernetes.io/cluster-service" = "true" @@ -69,7 +69,7 @@ resource "kubernetes_deployment" "dnscrypt" { resource "kubernetes_service" "dnscrypt" { metadata { name = "dnscrypt-proxy" - namespace = "dnscrypt" + namespace = kubernetes_namespace.dnscrypt.metadata[0].name labels = { "app" = "dnscrypt-proxy" } diff --git a/modules/kubernetes/drone/main.tf b/modules/kubernetes/drone/main.tf index 1db2ebbb..de9c02a6 100644 --- a/modules/kubernetes/drone/main.tf +++ b/modules/kubernetes/drone/main.tf @@ -23,14 +23,14 @@ resource "kubernetes_namespace" "drone" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_config_map" "git_crypt_key" { metadata { name = "git-crypt-key" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name } data = { @@ -41,7 +41,7 @@ resource "kubernetes_config_map" "git_crypt_key" { resource "kubernetes_deployment" "drone_server" { metadata { name = "drone-server" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name labels = { app = "drone" } @@ -136,7 +136,7 @@ resource "kubernetes_deployment" "drone_server" { resource "kubernetes_service" "drone" { metadata { name = "drone" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name labels = { app = "drone" } @@ -155,7 +155,7 @@ resource "kubernetes_service" "drone" { module "ingress" { source = "../ingress_factory" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name name = "drone" tls_secret_name = var.tls_secret_name # protected = true @@ -196,7 +196,7 @@ resource "kubernetes_cluster_role_binding" "drone" { subject { kind = "ServiceAccount" name = "default" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name } role_ref { kind = "ClusterRole" @@ -209,7 +209,7 @@ resource "kubernetes_cluster_role_binding" "drone" { resource "kubernetes_deployment" "drone_runner" { metadata { name = "drone-runner" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name labels = { app = "drone-runner" } @@ -284,7 +284,7 @@ resource "kubernetes_deployment" "drone_runner" { resource "kubernetes_deployment" "drone_runner_secret" { metadata { name = "drone-runner-secret" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name labels = { app = "drone-runner-secret" } @@ -339,7 +339,7 @@ resource "kubernetes_deployment" "drone_runner_secret" { resource "kubernetes_service" "drone_runner_secret" { metadata { name = "drone-runner-secret" - namespace = "drone" + namespace = kubernetes_namespace.drone.metadata[0].name labels = { app = "drone-runner-secret" } diff --git a/modules/kubernetes/echo/main.tf b/modules/kubernetes/echo/main.tf index 015b9f7b..e668d87c 100644 --- a/modules/kubernetes/echo/main.tf +++ b/modules/kubernetes/echo/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "echo" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "echo" + namespace = kubernetes_namespace.echo.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "echo" { metadata { name = "echo" - namespace = "echo" + namespace = kubernetes_namespace.echo.metadata[0].name labels = { app = "echo" } @@ -55,7 +55,7 @@ resource "kubernetes_deployment" "echo" { resource "kubernetes_service" "echo" { metadata { name = "echo" - namespace = "echo" + namespace = kubernetes_namespace.echo.metadata[0].name labels = { "app" = "echo" } @@ -75,7 +75,7 @@ resource "kubernetes_service" "echo" { module "ingress" { source = "../ingress_factory" - namespace = "echo" + namespace = kubernetes_namespace.echo.metadata[0].name name = "echo" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/excalidraw/main.tf b/modules/kubernetes/excalidraw/main.tf index 979e34ad..206f8879 100644 --- a/modules/kubernetes/excalidraw/main.tf +++ b/modules/kubernetes/excalidraw/main.tf @@ -1,6 +1,6 @@ variable "tls_secret_name" {} -resource "kubernetes_namespace" "finance_app" { +resource "kubernetes_namespace" "excalidraw" { metadata { name = "excalidraw" labels = { @@ -12,14 +12,14 @@ resource "kubernetes_namespace" "finance_app" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "excalidraw" + namespace = kubernetes_namespace.excalidraw.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "excalidraw" { metadata { name = "excalidraw" - namespace = "excalidraw" + namespace = kubernetes_namespace.excalidraw.metadata[0].name labels = { app = "excalidraw" } @@ -54,7 +54,7 @@ resource "kubernetes_deployment" "excalidraw" { resource "kubernetes_service" "draw" { metadata { name = "draw" - namespace = "excalidraw" + namespace = kubernetes_namespace.excalidraw.metadata[0].name labels = { app = "excalidraw" } @@ -73,7 +73,7 @@ resource "kubernetes_service" "draw" { module "ingress" { source = "../ingress_factory" - namespace = "excalidraw" + namespace = kubernetes_namespace.excalidraw.metadata[0].name name = "draw" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/f1-stream/main.tf b/modules/kubernetes/f1-stream/main.tf index 6239e9ac..bb0569bb 100644 --- a/modules/kubernetes/f1-stream/main.tf +++ b/modules/kubernetes/f1-stream/main.tf @@ -12,7 +12,7 @@ resource "kubernetes_namespace" "f1-stream" { resource "kubernetes_deployment" "f1-stream" { metadata { name = "f1-stream" - namespace = "f1-stream" + namespace = kubernetes_namespace.f1-stream.metadata[0].name labels = { app = "f1-stream" } @@ -57,7 +57,7 @@ resource "kubernetes_deployment" "f1-stream" { resource "kubernetes_service" "f1-stream" { metadata { name = "f1" - namespace = "f1-stream" + namespace = kubernetes_namespace.f1-stream.metadata[0].name labels = { "app" = "f1-stream" } @@ -75,14 +75,14 @@ resource "kubernetes_service" "f1-stream" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "f1-stream" + namespace = kubernetes_namespace.f1-stream.metadata[0].name tls_secret_name = var.tls_secret_name } module "ingress" { source = "../ingress_factory" - namespace = "f1-stream" + namespace = kubernetes_namespace.f1-stream.metadata[0].name name = "f1" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/finance_app/main.tf b/modules/kubernetes/finance_app/main.tf index feccb7d4..b2539e4d 100644 --- a/modules/kubernetes/finance_app/main.tf +++ b/modules/kubernetes/finance_app/main.tf @@ -23,7 +23,7 @@ resource "kubernetes_namespace" "finance_app" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -49,7 +49,7 @@ module "tls_secret" { # resource "kubernetes_persistent_volume_claim" "finance_app_pvc" { # metadata { # name = "finance-iscsi-pvc" -# namespace = "finance-app" +# namespace = kubernetes_namespace.finance_app.metadata[0].name # } # spec { # access_modes = ["ReadWriteOnce"] @@ -64,7 +64,7 @@ module "tls_secret" { resource "kubernetes_deployment" "finance_app" { metadata { name = "finance-app" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name labels = { app = "finance-app" } @@ -175,7 +175,7 @@ resource "kubernetes_deployment" "finance_app" { resource "kubernetes_deployment" "finance_app_frontend" { metadata { name = "finance-app-frontend" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name labels = { app = "finance-app-frontend" } @@ -210,7 +210,7 @@ resource "kubernetes_deployment" "finance_app_frontend" { resource "kubernetes_service" "finance_app" { metadata { name = "finance-app" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name labels = { app = "finance-app" } @@ -230,7 +230,7 @@ resource "kubernetes_service" "finance_app" { resource "kubernetes_service" "finance_app_frontend" { metadata { name = "finance-app-frontend" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name labels = { app = "finance-app-frontend" } @@ -250,7 +250,7 @@ resource "kubernetes_service" "finance_app_frontend" { resource "kubernetes_ingress_v1" "finance_app" { metadata { name = "finance-app" - namespace = "finance-app" + namespace = kubernetes_namespace.finance_app.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" #"nginx.ingress.kubernetes.io/auth-url"= "https://oauth-provider/auth" diff --git a/modules/kubernetes/forgejo/main.tf b/modules/kubernetes/forgejo/main.tf index 84aaaf24..e495b8a6 100644 --- a/modules/kubernetes/forgejo/main.tf +++ b/modules/kubernetes/forgejo/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "forgejo" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "forgejo" + namespace = kubernetes_namespace.forgejo.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "forgejo" { metadata { name = "forgejo" - namespace = "forgejo" + namespace = kubernetes_namespace.forgejo.metadata[0].name labels = { app = "forgejo" } @@ -76,7 +76,7 @@ resource "kubernetes_deployment" "forgejo" { resource "kubernetes_service" "forgejo" { metadata { name = "forgejo" - namespace = "forgejo" + namespace = kubernetes_namespace.forgejo.metadata[0].name labels = { "app" = "forgejo" } @@ -94,7 +94,7 @@ resource "kubernetes_service" "forgejo" { } module "ingress" { source = "../ingress_factory" - namespace = "forgejo" + namespace = kubernetes_namespace.forgejo.metadata[0].name name = "forgejo" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/frigate/main.tf b/modules/kubernetes/frigate/main.tf index 248696dc..261b75bb 100644 --- a/modules/kubernetes/frigate/main.tf +++ b/modules/kubernetes/frigate/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "frigate" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "frigate" { metadata { name = "frigate" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name labels = { app = "frigate" } @@ -132,7 +132,7 @@ resource "kubernetes_deployment" "frigate" { resource "kubernetes_service" "frigate" { metadata { name = "frigate" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name labels = { "app" = "frigate" } @@ -154,7 +154,7 @@ resource "kubernetes_service" "frigate" { resource "kubernetes_service" "frigate-rtsp" { metadata { name = "frigate-rtsp" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name labels = { "app" = "frigate" } @@ -184,7 +184,7 @@ resource "kubernetes_service" "frigate-rtsp" { module "ingress" { source = "../ingress_factory" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name name = "frigate" tls_secret_name = var.tls_secret_name protected = true @@ -206,7 +206,7 @@ module "ingress" { module "ingress-internal" { source = "../ingress_factory" - namespace = "frigate" + namespace = kubernetes_namespace.frigate.metadata[0].name name = "frigate-lan" host = "frigate-lan" root_domain = "viktorbarzin.lan" diff --git a/modules/kubernetes/hackmd/main.tf b/modules/kubernetes/hackmd/main.tf index 36fda63d..0d3d6490 100644 --- a/modules/kubernetes/hackmd/main.tf +++ b/modules/kubernetes/hackmd/main.tf @@ -12,14 +12,14 @@ resource "kubernetes_namespace" "hackmd" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "hackmd" + namespace = kubernetes_namespace.hackmd.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "hackmd" { metadata { name = "hackmd" - namespace = "hackmd" + namespace = kubernetes_namespace.hackmd.metadata[0].name labels = { app = "hackmd" "kubernetes.io/cluster-service" = "true" @@ -127,7 +127,7 @@ resource "kubernetes_deployment" "hackmd" { resource "kubernetes_service" "hackmd" { metadata { name = "hackmd" - namespace = "hackmd" + namespace = kubernetes_namespace.hackmd.metadata[0].name labels = { "app" = "hackmd" } @@ -145,7 +145,7 @@ resource "kubernetes_service" "hackmd" { } module "ingress" { source = "../ingress_factory" - namespace = "hackmd" + namespace = kubernetes_namespace.hackmd.metadata[0].name name = "hackmd" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/headscale/main.tf b/modules/kubernetes/headscale/main.tf index f48f9c78..9ffac4e9 100644 --- a/modules/kubernetes/headscale/main.tf +++ b/modules/kubernetes/headscale/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "headscale" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "headscale" { metadata { name = "headscale" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name labels = { app = "headscale" # scare to try but probably non-http will fail @@ -141,7 +141,7 @@ resource "kubernetes_deployment" "headscale" { resource "kubernetes_service" "headscale" { metadata { name = "headscale" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name labels = { "app" = "headscale" } @@ -184,7 +184,7 @@ resource "kubernetes_service" "headscale" { resource "kubernetes_ingress_v1" "headscale" { metadata { name = "headscale-ingress" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name annotations = { // DO NOT ADD CLIENT TLS AUTH as this breaks vpn auth "kubernetes.io/ingress.class" = "nginx" @@ -233,7 +233,7 @@ resource "kubernetes_ingress_v1" "headscale" { resource "kubernetes_service" "headscale-server" { metadata { name = "headscale-server" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name labels = { "app" = "headscale" } @@ -265,7 +265,7 @@ resource "kubernetes_service" "headscale-server" { resource "kubernetes_config_map" "headscale-config" { metadata { name = "headscale-config" - namespace = "headscale" + namespace = kubernetes_namespace.headscale.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" diff --git a/modules/kubernetes/home_assistant/main.tf b/modules/kubernetes/home_assistant/main.tf index a26f3910..38a9119b 100644 --- a/modules/kubernetes/home_assistant/main.tf +++ b/modules/kubernetes/home_assistant/main.tf @@ -11,7 +11,7 @@ resource "kubernetes_namespace" "home_assistant" { resource "kubernetes_config_map" "home_assistant_config_map" { metadata { name = "home-assistant-configmap" - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -28,12 +28,12 @@ resource "kubernetes_config_map" "home_assistant_config_map" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name tls_secret_name = var.tls_secret_name } resource "helm_release" "home_assistant" { - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name create_namespace = true name = "home-assistant" @@ -46,7 +46,7 @@ resource "helm_release" "home_assistant" { resource "kubernetes_deployment" "home_assistant" { metadata { name = "home-assistant" - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name labels = { "app.kubernetes.io/instance" = "home-assistant" @@ -158,7 +158,7 @@ resource "kubernetes_deployment" "home_assistant" { resource "kubernetes_service" "home_assistant" { metadata { name = "home-assistant" - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name labels = { "app.kubernetes.io/instance" = "home-assistant" @@ -204,7 +204,7 @@ resource "kubernetes_service" "home_assistant" { resource "kubernetes_ingress_v1" "home-assistant-ui" { metadata { name = "home-assistant-ui-ingress" - namespace = "home-assistant" + namespace = kubernetes_namespace.home_assistant.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true" diff --git a/modules/kubernetes/homepage/main.tf b/modules/kubernetes/homepage/main.tf index a61592b1..ecdc421a 100644 --- a/modules/kubernetes/homepage/main.tf +++ b/modules/kubernetes/homepage/main.tf @@ -3,7 +3,7 @@ variable "tls_secret_name" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "homepage" + namespace = kubernetes_namespace.homepage.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -17,7 +17,7 @@ resource "kubernetes_namespace" "homepage" { } resource "helm_release" "homepage" { - namespace = "homepage" + namespace = kubernetes_namespace.homepage.metadata[0].name create_namespace = false name = "homepage" atomic = true diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index 3468c1e1..19522715 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -10,7 +10,7 @@ variable "immich_version" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -23,7 +23,7 @@ resource "kubernetes_namespace" "immich" { resource "kubernetes_deployment" "immich_server" { metadata { name = "immich-server" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name labels = { app = "immich-server" @@ -215,7 +215,7 @@ resource "kubernetes_deployment" "immich_server" { resource "kubernetes_service" "immich-server" { metadata { name = "immich-server" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name labels = { "app" = "immich-server" } @@ -234,7 +234,7 @@ resource "kubernetes_service" "immich-server" { resource "kubernetes_deployment" "immich-postgres" { metadata { name = "immich-postgresql" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name } spec { replicas = 1 @@ -298,7 +298,7 @@ resource "kubernetes_deployment" "immich-postgres" { resource "kubernetes_service" "immich-postgresql" { metadata { name = "immich-postgresql" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name labels = { "app" = "immich-postgresql" } @@ -317,7 +317,7 @@ resource "kubernetes_service" "immich-postgresql" { # If you're having issuewith typesens container exiting prematurely, increase liveliness check # resource "helm_release" "immich" { -# namespace = "immich" +# namespace = kubernetes_namespace.immich.metadata[0].name # name = "immich" # repository = "https://immich-app.github.io/immich-charts" @@ -333,7 +333,7 @@ resource "kubernetes_service" "immich-postgresql" { resource "kubernetes_deployment" "immich-machine-learning" { metadata { name = "immich-machine-learning" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name } spec { replicas = 1 @@ -407,7 +407,7 @@ resource "kubernetes_deployment" "immich-machine-learning" { resource "kubernetes_service" "immich-machine-learning" { metadata { name = "immich-machine-learning" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name labels = { "app" = "immich-machine-learning" } @@ -425,7 +425,7 @@ resource "kubernetes_service" "immich-machine-learning" { resource "kubernetes_ingress_v1" "ingress" { metadata { - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name name = "immich" annotations = { # NOTE: when changing - test video playback from mobile and web! @@ -528,7 +528,7 @@ resource "kubernetes_ingress_v1" "ingress" { resource "kubernetes_cron_job_v1" "postgresql-backup" { metadata { name = "postgresql-backup" - namespace = "immich" + namespace = kubernetes_namespace.immich.metadata[0].name } spec { concurrency_policy = "Replace" @@ -581,7 +581,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { # resource "kubernetes_deployment" "powertools" { # metadata { # name = "immich-powertools" -# namespace = "immich" +# namespace = kubernetes_namespace.immich.metadata[0].name # labels = { # app = "immich-powertools" # } @@ -665,7 +665,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { # resource "kubernetes_service" "powertools" { # metadata { # name = "immich-powertools" -# namespace = "immich" +# namespace = kubernetes_namespace.immich.metadata[0].name # labels = { # "app" = "immich-powertools" # } @@ -686,7 +686,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { # module "ingress-powertools" { # source = "../ingress_factory" -# namespace = "immich" +# namespace = kubernetes_namespace.immich.metadata[0].name # name = "immich-powertools" # tls_secret_name = var.tls_secret_name # protected = true diff --git a/modules/kubernetes/isponsorblocktv/main.tf b/modules/kubernetes/isponsorblocktv/main.tf index d34c4314..40773697 100644 --- a/modules/kubernetes/isponsorblocktv/main.tf +++ b/modules/kubernetes/isponsorblocktv/main.tf @@ -15,7 +15,7 @@ resource "kubernetes_namespace" "isponsorblocktv" { resource "kubernetes_deployment" "isponsorblocktv-vermont" { metadata { name = "isponsorblocktv-vermont" - namespace = "isponsorblocktv" + namespace = kubernetes_namespace.isponsorblocktv.metadata[0].name labels = { app = "isponsorblocktv-vermont" } diff --git a/modules/kubernetes/istio/main.tf b/modules/kubernetes/istio/main.tf index 5c964582..3f3021d8 100644 --- a/modules/kubernetes/istio/main.tf +++ b/modules/kubernetes/istio/main.tf @@ -8,13 +8,13 @@ resource "kubernetes_namespace" "istio" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name tls_secret_name = var.tls_secret_name } # to delete all CRDS: kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete resource "helm_release" "istio-base" { - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name create_namespace = false name = "istio-base" atomic = true @@ -25,7 +25,7 @@ resource "helm_release" "istio-base" { } resource "helm_release" "istiod" { - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name create_namespace = false name = "istiod" atomic = true @@ -36,7 +36,7 @@ resource "helm_release" "istiod" { } resource "helm_release" "istio-gateway" { - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name create_namespace = false name = "istio-gateway" atomic = true @@ -48,7 +48,7 @@ resource "helm_release" "istio-gateway" { # Kiali dashboard resource "helm_release" "kiali" { - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name create_namespace = false name = "kiali" atomic = true @@ -71,7 +71,7 @@ resource "helm_release" "kiali" { resource "kubernetes_secret" "kiali-token" { metadata { name = "kiali-secret" - namespace = "istio-system" + namespace = kubernetes_namespace.istio.metadata[0].name annotations = { "kubernetes.io/service-account.name" : "kiali-service-account" } @@ -83,7 +83,7 @@ resource "kubernetes_secret" "kiali-token" { # resource "kubernetes_ingress_v1" "kiali" { # metadata { # name = "kiali" -# namespace = "istio-system" +# namespace = kubernetes_namespace.istio.metadata[0].name # annotations = { # "kubernetes.io/ingress.class" = "nginx" # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" diff --git a/modules/kubernetes/jellyfin/main.tf b/modules/kubernetes/jellyfin/main.tf index 664a2edb..eb7decb7 100644 --- a/modules/kubernetes/jellyfin/main.tf +++ b/modules/kubernetes/jellyfin/main.tf @@ -8,14 +8,14 @@ resource "kubernetes_namespace" "jellyfin" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "jellyfin" + namespace = kubernetes_namespace.jellyfin.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "jellyfin" { metadata { name = "jellyfin" - namespace = "jellyfin" + namespace = kubernetes_namespace.jellyfin.metadata[0].name labels = { app = "jellyfin" } @@ -89,7 +89,7 @@ resource "kubernetes_deployment" "jellyfin" { resource "kubernetes_service" "jellyfin" { metadata { name = "jellyfin" - namespace = "jellyfin" + namespace = kubernetes_namespace.jellyfin.metadata[0].name labels = { "app" = "jellyfin" } @@ -111,7 +111,7 @@ resource "kubernetes_service" "jellyfin" { resource "kubernetes_ingress_v1" "jellyfin" { metadata { name = "jellyfin" - namespace = "jellyfin" + namespace = kubernetes_namespace.jellyfin.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" diff --git a/modules/kubernetes/jsoncrack/main.tf b/modules/kubernetes/jsoncrack/main.tf index ee08b9f2..db5d8df3 100644 --- a/modules/kubernetes/jsoncrack/main.tf +++ b/modules/kubernetes/jsoncrack/main.tf @@ -10,14 +10,14 @@ resource "kubernetes_namespace" "jsoncrack" { } module "tls_secret" { source = "../setup_tls_secret" - namespace = "jsoncrack" + namespace = kubernetes_namespace.jsoncrack.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "jsoncrack" { metadata { name = "jsoncrack" - namespace = "jsoncrack" + namespace = kubernetes_namespace.jsoncrack.metadata[0].name labels = { app = "jsoncrack" } @@ -51,7 +51,7 @@ resource "kubernetes_deployment" "jsoncrack" { resource "kubernetes_service" "jsoncrack" { metadata { name = "json" - namespace = "jsoncrack" + namespace = kubernetes_namespace.jsoncrack.metadata[0].name labels = { "app" = "jsoncrack" } @@ -72,7 +72,7 @@ resource "kubernetes_service" "jsoncrack" { module "ingress" { source = "../ingress_factory" - namespace = "jsoncrack" + namespace = kubernetes_namespace.jsoncrack.metadata[0].name name = "json" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index 91de202b..ac815daf 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -32,12 +32,12 @@ resource "kubernetes_namespace" "k8s-dashboard" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name tls_secret_name = var.tls_secret_name } resource "helm_release" "kubernetes-dashboard" { - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name name = "kubernetes-dashboard" repository = "https://kubernetes.github.io/dashboard/" @@ -68,7 +68,7 @@ resource "helm_release" "kubernetes-dashboard" { # resource "kubernetes_secret" "dashboard-token" { # metadata { # name = "dashboard-secret" -# namespace = "kubernetes-dashboard" +# namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name # annotations = { # "kubernetes.io/service-account.name" : "kubernetes-dashboard" # } @@ -79,7 +79,7 @@ resource "helm_release" "kubernetes-dashboard" { module "ingress" { source = "../ingress_factory" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name name = "kubernetes-dashboard" service_name = "kubernetes-dashboard-kong-proxy" host = "k8s" @@ -94,7 +94,7 @@ module "ingress" { resource "kubernetes_service_account" "kubernetes-dashboard" { metadata { name = "kubernetes-dashboard" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name } } @@ -111,7 +111,7 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" { subject { kind = "ServiceAccount" name = "kubernetes-dashboard" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name } # depends_on = [module.dashboard] } @@ -119,7 +119,7 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" { resource "kubernetes_secret" "kubernetes-dashboard-admin-token" { metadata { name = "kubernetes-dashboard-admin" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name annotations = { "kubernetes.io/service-account.name" : "kubernetes-dashboard" } @@ -213,21 +213,21 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard-viewonly" { subject { kind = "ServiceAccount" name = "kubernetes-dashboard-viewonly" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name } } resource "kubernetes_service_account" "kubernetes-dashboard-viewonly" { metadata { name = "kubernetes-dashboard-viewonly" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name } } resource "kubernetes_secret" "kubernetes-dashboard-viewonly-token" { metadata { name = "kubernetes-dashboard-viewonly" - namespace = "kubernetes-dashboard" + namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name annotations = { "kubernetes.io/service-account.name" : "kubernetes-dashboard-viewonly" } diff --git a/modules/kubernetes/kafka/main.tf b/modules/kubernetes/kafka/main.tf index 7d5e746c..51e15d5c 100644 --- a/modules/kubernetes/kafka/main.tf +++ b/modules/kubernetes/kafka/main.tf @@ -3,12 +3,12 @@ variable "client_certificate_secret_name" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "kafka" + namespace = kubernetes_namespace.kafka.metadata[0].name tls_secret_name = var.tls_secret_name } resource "helm_release" "kafka" { - namespace = "kafka" + namespace = kubernetes_namespace.kafka.metadata[0].name create_namespace = true name = "kafka" @@ -21,7 +21,7 @@ resource "helm_release" "kafka" { resource "kubernetes_deployment" "kafka-ui" { metadata { name = "kafka-ui" - namespace = "kafka" + namespace = kubernetes_namespace.kafka.metadata[0].name labels = { run = "kafka-ui" } @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "kafka-ui" { resource "kubernetes_service" "kafka-ui" { metadata { name = "kafka-ui" - namespace = "kafka" + namespace = kubernetes_namespace.kafka.metadata[0].name labels = { "run" = "kafka-ui" } @@ -108,7 +108,7 @@ resource "kubernetes_service" "kafka-ui" { resource "kubernetes_ingress_v1" "kafka-ui" { metadata { name = "kafka-ui-ingress" - namespace = "kafka" + namespace = kubernetes_namespace.kafka.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/force-ssl-redirect" = "true" diff --git a/modules/kubernetes/kms/main.tf b/modules/kubernetes/kms/main.tf index ebecd53d..4d6d703b 100644 --- a/modules/kubernetes/kms/main.tf +++ b/modules/kubernetes/kms/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "kms" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_config_map" "kms-web-page" { metadata { name = "kms-web-page-config" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name } data = { "index.html" = var.index_html @@ -28,7 +28,7 @@ resource "kubernetes_config_map" "kms-web-page" { resource "kubernetes_deployment" "kms-web-page" { metadata { name = "kms-web-page" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name labels = { "app" = "kms-web-page" "kubernetes.io/cluster-service" = "true" @@ -92,7 +92,7 @@ resource "kubernetes_deployment" "kms-web-page" { resource "kubernetes_service" "kms-web-page" { metadata { name = "kms" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name labels = { "app" = "kms-web-page" } @@ -111,7 +111,7 @@ resource "kubernetes_service" "kms-web-page" { module "ingress" { source = "../ingress_factory" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name name = "kms" tls_secret_name = var.tls_secret_name } @@ -119,7 +119,7 @@ module "ingress" { resource "kubernetes_deployment" "windows_kms" { metadata { name = "kms" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name labels = { app = "kms-service" } @@ -163,7 +163,7 @@ resource "kubernetes_deployment" "windows_kms" { resource "kubernetes_service" "windows_kms" { metadata { name = "windows-kms" - namespace = "kms" + namespace = kubernetes_namespace.kms.metadata[0].name labels = { app = "kms-service" } diff --git a/modules/kubernetes/kured/main.tf b/modules/kubernetes/kured/main.tf index f179524c..4e997fa7 100644 --- a/modules/kubernetes/kured/main.tf +++ b/modules/kubernetes/kured/main.tf @@ -12,12 +12,12 @@ resource "kubernetes_namespace" "kured" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "kured" + namespace = kubernetes_namespace.kured.metadata[0].name tls_secret_name = var.tls_secret_name } resource "helm_release" "kured" { - namespace = "kured" + namespace = kubernetes_namespace.kured.metadata[0].name create_namespace = false name = "kured" diff --git a/modules/kubernetes/linkwarden/main.tf b/modules/kubernetes/linkwarden/main.tf index f92d2725..b16a3fff 100644 --- a/modules/kubernetes/linkwarden/main.tf +++ b/modules/kubernetes/linkwarden/main.tf @@ -11,7 +11,7 @@ resource "kubernetes_namespace" "linkwarden" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "linkwarden" + namespace = kubernetes_namespace.linkwarden.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -24,7 +24,7 @@ resource "random_string" "secret" { resource "kubernetes_deployment" "linkwarden" { metadata { name = "linkwarden" - namespace = "linkwarden" + namespace = kubernetes_namespace.linkwarden.metadata[0].name labels = { app = "linkwarden" } @@ -93,7 +93,7 @@ resource "kubernetes_deployment" "linkwarden" { resource "kubernetes_service" "linkwarden" { metadata { name = "linkwarden" - namespace = "linkwarden" + namespace = kubernetes_namespace.linkwarden.metadata[0].name labels = { app = "linkwarden" } @@ -113,7 +113,7 @@ resource "kubernetes_service" "linkwarden" { module "ingress" { source = "../ingress_factory" - namespace = "linkwarden" + namespace = kubernetes_namespace.linkwarden.metadata[0].name name = "linkwarden" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf index 50521baf..2e1b3805 100644 --- a/modules/kubernetes/mailserver/main.tf +++ b/modules/kubernetes/mailserver/main.tf @@ -16,14 +16,14 @@ resource "kubernetes_namespace" "mailserver" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_config_map" "mailserver_env_config" { metadata { name = "mailserver.env.config" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { app = "mailserver" } @@ -61,7 +61,7 @@ resource "kubernetes_config_map" "mailserver_env_config" { resource "kubernetes_config_map" "mailserver_config" { metadata { name = "mailserver.config" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { app = "mailserver" @@ -98,7 +98,7 @@ resource "kubernetes_config_map" "mailserver_config" { # resource "kubernetes_config_map" "user_patches" { # metadata { # name = "user-patches" -# namespace = "mailserver" +# namespace = kubernetes_namespace.mailserver.metadata[0].name # labels = { # "app" = "mailserver" # } @@ -116,7 +116,7 @@ resource "kubernetes_config_map" "mailserver_config" { resource "kubernetes_secret" "opendkim_key" { metadata { name = "mailserver.opendkim.key" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { "app" = "mailserver" } @@ -131,7 +131,7 @@ resource "kubernetes_secret" "opendkim_key" { resource "kubernetes_deployment" "mailserver" { metadata { name = "mailserver" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { "app" = "mailserver" } @@ -383,7 +383,7 @@ resource "kubernetes_deployment" "mailserver" { resource "kubernetes_service" "mailserver" { metadata { name = "mailserver" - namespace = "mailserver" + namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { app = "mailserver" diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 40670cae..dbbf5bf9 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -122,17 +122,20 @@ variable "defcon_level" { } locals { defcon_modules = { - 1 : ["wireguard", "technitium", "headscale", "nginx-ingress", "xray", "authentik", "cloudflare", "authelia"], # Critical connectivity services - 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec"], # Storage and other db services - 3 : ["k8s-dashboard", "reverse-proxy"], # Cluster admin services - 4 : ["mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud"], # Nice to have services + 1 : ["wireguard", "technitium", "headscale", "nginx-ingress", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services + 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec"], # Storage and other db services + 3 : ["k8s-dashboard", "reverse-proxy"], # Cluster admin services + 4 : [ + "mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud", + "calibre", "onlyoffice", "f1-stream", "rybbit", "isponsorblocktv", "actualbudget" + ], # Activel used services # Optional services 5 : [ - "blog", "descheduler", "drone", "f1-stream", "hackmd", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo" - , "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "isponsorblocktv", "stirling-pdf", - "networking-toolbox", "navidrome", "freshrss", "forgejo", "onlyoffice", "tor-proxy", "real-estate-crawler", "n8n", "tnadoor", - "changedetection", "actualbudget", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", - "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "calibre", "tandoor" + "blog", "descheduler", "drone", "hackmd", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo", + "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf", + "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n", + "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", + "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor" ], } active_modules = distinct(flatten([ @@ -143,7 +146,11 @@ locals { resource "null_resource" "core_services" { # List all the core modules that must be provisioned first - depends_on = [module.metallb] + depends_on = [ + module.metallb, module.dbaas, module.technitium, module.vaultwarden, module.reverse-proxy, + module.redis, module.nginx-ingress, module.crowdsec, module.cloudflared, module.metrics-server, module.authentik, + module.nvidia, + ] } module "blog" { @@ -172,8 +179,9 @@ module "dbaas" { } module "descheduler" { - source = "./descheduler" - for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {} + source = "./descheduler" + for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {} + depends_on = [null_resource.core_services] } # module "dnscrypt" { @@ -255,6 +263,7 @@ module "metallb" { module "monitoring" { source = "./monitoring" tls_secret_name = var.tls_secret_name + for_each = contains(local.active_modules, "monitoring") ? { monitoring = true } : {} alertmanager_account_password = var.alertmanager_account_password idrac_username = var.idrac_username idrac_password = var.idrac_password @@ -263,8 +272,6 @@ module "monitoring" { haos_api_token = var.haos_api_token pve_password = var.pve_password grafana_db_password = var.grafana_db_password - - depends_on = [null_resource.core_services] } # module "oauth" { @@ -305,17 +312,23 @@ module "vault" { source = "./vault" for_each = contains(local.active_modules, "vault") ? { vault = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "reloader" { source = "./reloader" for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {} + + depends_on = [null_resource.core_services] } module "shadowsocks" { source = "./shadowsocks" for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {} password = var.shadowsocks_password + + depends_on = [null_resource.core_services] } module "city-guesser" { @@ -339,6 +352,8 @@ module "url" { geolite_license_key = var.url_shortener_geolite_license_key api_key = var.url_shortener_api_key mysql_password = var.url_shortener_mysql_password + + depends_on = [null_resource.core_services] } module "webhook_handler" { @@ -363,6 +378,8 @@ module "wireguard" { wg_0_conf = var.wireguard_wg_0_conf wg_0_key = var.wireguard_wg_0_key firewall_sh = var.wireguard_firewall_sh + + depends_on = [null_resource.core_services] } # module "home_assistant" { @@ -386,6 +403,8 @@ module "excalidraw" { source = "./excalidraw" for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "infra-maintenance" { @@ -400,6 +419,8 @@ module "travel_blog" { source = "./travel_blog" for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "technitium" { @@ -415,12 +436,16 @@ module "headscale" { tls_secret_name = var.tls_secret_name headscale_config = var.headscale_config headscale_acl = var.headscale_acl + + depends_on = [null_resource.core_services] } module "dashy" { source = "./dashy" for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } # module "localai" { @@ -448,6 +473,8 @@ module "send" { source = "./send" for_each = contains(local.active_modules, "send") ? { send = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "redis" { @@ -460,6 +487,8 @@ module "ytdlp" { source = "./youtube_dl" for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "immich" { @@ -469,6 +498,8 @@ module "immich" { postgresql_password = var.immich_postgresql_password frame_api_key = var.immich_frame_api_key homepage_token = var.homepage_credentials["immich"]["token"] + + depends_on = [null_resource.core_services] } module "nginx-ingress" { @@ -505,6 +536,8 @@ module "uptime-kuma" { source = "./uptime-kuma" for_each = contains(local.active_modules, "uptime-kuma") ? { uptime-kuma = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "calibre" { @@ -513,6 +546,8 @@ module "calibre" { tls_secret_name = var.tls_secret_name homepage_username = var.homepage_credentials["calibre-web"]["username"] homepage_password = var.homepage_credentials["calibre-web"]["password"] + + depends_on = [null_resource.core_services] } # Audiobooks are served using audiobookshelf; still looking for a usecawe for JF @@ -525,12 +560,16 @@ module "audiobookshelf" { source = "./audiobookshelf" for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "frigate" { source = "./frigate" for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } # TODO: Currently very unstable and half of the functionality does not work: @@ -586,18 +625,24 @@ module "paperless-ngx" { # homepage_token = var.homepage_credentials["paperless-ngx"]["token"] homepage_username = var.homepage_credentials["paperless-ngx"]["username"] homepage_password = var.homepage_credentials["paperless-ngx"]["password"] + + depends_on = [null_resource.core_services] } module "jsoncrack" { source = "./jsoncrack" for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "servarr" { source = "./servarr" for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } # module "dnscat2" { @@ -609,18 +654,24 @@ module "ollama" { # Disabled as it requires too much resources... source = "./ollama" for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "ntfy" { source = "./ntfy" for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "cyberchef" { source = "./cyberchef" for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "diun" { @@ -629,12 +680,16 @@ module "diun" { tls_secret_name = var.tls_secret_name diun_nfty_token = var.diun_nfty_token diun_slack_url = var.diun_slack_url + + depends_on = [null_resource.core_services] } module "meshcentral" { source = "./meshcentral" for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } # module "netbox" { # source = "./netbox" @@ -646,18 +701,24 @@ module "nextcloud" { for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {} tls_secret_name = var.tls_secret_name db_password = var.nextcloud_db_password + + depends_on = [null_resource.core_services] } module "homepage" { source = "./homepage" for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "matrix" { source = "./matrix" for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "authentik" { @@ -675,12 +736,16 @@ module "linkwarden" { postgresql_password = var.linkwarden_postgresql_password authentik_client_id = var.linkwarden_authentik_client_id authentik_client_secret = var.linkwarden_authentik_client_secret + + depends_on = [null_resource.core_services] } module "actualbudget" { source = "./actualbudget" for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "owntracks" { @@ -688,6 +753,8 @@ module "owntracks" { for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {} tls_secret_name = var.tls_secret_name owntracks_credentials = var.owntracks_credentials + + depends_on = [null_resource.core_services] } module "dawarich" { @@ -696,12 +763,16 @@ module "dawarich" { tls_secret_name = var.tls_secret_name database_password = var.dawarich_database_password geoapify_api_key = var.geoapify_api_key + + depends_on = [null_resource.core_services] } module "changedetection" { source = "./changedetection" for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "tandoor" { source = "./tandoor" @@ -709,6 +780,8 @@ module "tandoor" { tls_secret_name = var.tls_secret_name tandoor_database_password = var.tandoor_database_password tandoor_email_password = var.tandoor_email_password + + depends_on = [null_resource.core_services] } module "n8n" { @@ -716,6 +789,8 @@ module "n8n" { for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.n8n_postgresql_password + + depends_on = [null_resource.core_services] } module "real-estate-crawler" { @@ -724,12 +799,16 @@ module "real-estate-crawler" { tls_secret_name = var.tls_secret_name db_password = var.realestate_crawler_db_password notification_settings = var.realestate_crawler_notification_settings + + depends_on = [null_resource.core_services] } module "tor-proxy" { source = "./tor-proxy" for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } # module "kured" { @@ -744,6 +823,8 @@ module "onlyoffice" { tls_secret_name = var.tls_secret_name db_password = var.onlyoffice_db_password jwt_token = var.onlyoffice_jwt_token + + depends_on = [null_resource.core_services] } @@ -751,6 +832,8 @@ module "forgejo" { source = "./forgejo" for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "xray" { @@ -761,24 +844,32 @@ module "xray" { xray_reality_clients = var.xray_reality_clients xray_reality_private_key = var.xray_reality_private_key xray_reality_short_ids = var.xray_reality_short_ids + + depends_on = [null_resource.core_services] } module "freshrss" { source = "./freshrss" for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "navidrome" { source = "./navidrome" for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "networking-toolbox" { source = "./networking-toolbox" for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "tuya-bridge" { @@ -790,6 +881,8 @@ module "tuya-bridge" { tiny_tuya_api_secret = var.tiny_tuya_api_secret tiny_tuya_service_secret = var.tiny_tuya_service_secret slack_url = var.tiny_tuya_slack_url + + depends_on = [null_resource.core_services] } @@ -797,11 +890,15 @@ module "stirling-pdf" { source = "./stirling-pdf" for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {} tls_secret_name = var.tls_secret_name + + depends_on = [null_resource.core_services] } module "isponsorblocktv" { source = "./isponsorblocktv" for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {} + + depends_on = [null_resource.core_services] } module "nvidia" { @@ -821,6 +918,8 @@ module "rybbit" { tls_secret_name = var.tls_secret_name clickhouse_password = var.clickhouse_password postgres_password = var.clickhouse_postgres_password + + depends_on = [null_resource.core_services] } module "wealthfolio" { @@ -828,4 +927,6 @@ module "wealthfolio" { for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {} tls_secret_name = var.tls_secret_name wealthfolio_password_hash = var.wealthfolio_password_hash + + depends_on = [null_resource.core_services] } diff --git a/modules/kubernetes/matrix/main.tf b/modules/kubernetes/matrix/main.tf index b15cb947..bd025f73 100644 --- a/modules/kubernetes/matrix/main.tf +++ b/modules/kubernetes/matrix/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "matrix" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "matrix" + namespace = kubernetes_namespace.matrix.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "matrix" { metadata { name = "matrix" - namespace = "matrix" + namespace = kubernetes_namespace.matrix.metadata[0].name labels = { app = "matrix" } @@ -71,7 +71,7 @@ resource "kubernetes_deployment" "matrix" { resource "kubernetes_service" "matrix" { metadata { name = "matrix" - namespace = "matrix" + namespace = kubernetes_namespace.matrix.metadata[0].name labels = { "app" = "matrix" } @@ -91,7 +91,7 @@ resource "kubernetes_service" "matrix" { module "ingress" { source = "../ingress_factory" - namespace = "matrix" + namespace = kubernetes_namespace.matrix.metadata[0].name name = "matrix" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/meshcentral/main.tf b/modules/kubernetes/meshcentral/main.tf index 37bce988..12609f05 100644 --- a/modules/kubernetes/meshcentral/main.tf +++ b/modules/kubernetes/meshcentral/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "meshcentral" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "meshcentral" + namespace = kubernetes_namespace.meshcentral.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "meshcentral" { metadata { name = "meshcentral" - namespace = "meshcentral" + namespace = kubernetes_namespace.meshcentral.metadata[0].name labels = { app = "meshcentral" } @@ -120,7 +120,7 @@ resource "kubernetes_deployment" "meshcentral" { resource "kubernetes_service" "meshcentral" { metadata { name = "meshcentral" - namespace = "meshcentral" + namespace = kubernetes_namespace.meshcentral.metadata[0].name labels = { "app" = "meshcentral" } @@ -140,7 +140,7 @@ resource "kubernetes_service" "meshcentral" { module "ingress" { source = "../ingress_factory" - namespace = "meshcentral" + namespace = kubernetes_namespace.meshcentral.metadata[0].name name = "meshcentral" tls_secret_name = var.tls_secret_name port = 443 diff --git a/modules/kubernetes/metrics-server/main.tf b/modules/kubernetes/metrics-server/main.tf index 7de0347f..8e1d0257 100644 --- a/modules/kubernetes/metrics-server/main.tf +++ b/modules/kubernetes/metrics-server/main.tf @@ -11,14 +11,12 @@ resource "kubernetes_namespace" "metrics-server" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "metrics-server" + namespace = kubernetes_namespace.metrics-server.metadata[0].name tls_secret_name = var.tls_secret_name - - depends_on = [kubernetes_namespace.metrics-server] } resource "helm_release" "metrics-server" { - namespace = "metrics-server" + namespace = kubernetes_namespace.metrics-server.metadata[0].name create_namespace = false name = "metrics-server" atomic = true @@ -27,6 +25,4 @@ resource "helm_release" "metrics-server" { chart = "metrics-server" values = [templatefile("${path.module}/values.yaml", {})] - - depends_on = [kubernetes_namespace.metrics-server] } diff --git a/modules/kubernetes/monitoring/dashboards/registry.json b/modules/kubernetes/monitoring/dashboards/registry.json index e9d904c7..cf10800f 100644 --- a/modules/kubernetes/monitoring/dashboards/registry.json +++ b/modules/kubernetes/monitoring/dashboards/registry.json @@ -18,7 +18,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 24, + "id": 0, "links": [], "panels": [ { @@ -182,10 +182,12 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, + "editorMode": "code", "expr": "registry_registry_storage_cache_total{instance=\"$instance\",type=\"Request\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ type }}", + "range": true, "refId": "A" } ], @@ -260,10 +262,12 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, + "editorMode": "code", "expr": "registry_registry_storage_cache_total{instance=\"$instance\",type=\"Hit\"}", "format": "time_series", "intervalFactor": 1, "legendFormat": "{{ type }}", + "range": true, "refId": "A" } ], @@ -353,38 +357,30 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, - "description": "Process Resident Memory Usage", "fieldConfig": { "defaults": { "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" + "mode": "thresholds" }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], + "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { - "color": "green", + "color": "dark-red", "value": 0 }, { - "color": "red", - "value": 80 + "color": "#EAB839", + "value": 0.3 + }, + { + "color": "green", + "value": 0.8 } ] }, - "unit": "decbytes" + "unit": "percentunit" }, "overrides": [] }, @@ -394,17 +390,16 @@ "x": 19, "y": 1 }, - "id": 24, - "maxDataPoints": 100, + "id": 45, "options": { - "colorMode": "none", + "colorMode": "value", "graphMode": "area", "justifyMode": "auto", - "orientation": "horizontal", + "orientation": "auto", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ - "mean" + "lastNotNull" ], "fields": "", "values": false @@ -421,15 +416,14 @@ "uid": "PBFA97CFB590B2093" }, "editorMode": "code", - "expr": "avg(registry_process_resident_memory_bytes{instance=\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", + "expr": "(sum by (job) (rate(registry_registry_storage_cache_total{type=\"Hit\"}[15m]))) / (sum by (job) (rate(registry_registry_storage_cache_total{type=\"Request\"}[15m])))", + "instant": false, + "legendFormat": "__auto", "range": true, "refId": "A" } ], - "title": "Resident Memory Usage", + "title": "Cache Hit Rate", "type": "stat" }, { @@ -784,48 +778,24 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, - "description": "The HTTP requests", + "description": "Process Resident Memory Usage", "fieldConfig": { "defaults": { "color": { - "mode": "palette-classic" + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "barWidthFactor": 0.6, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 3, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "showValues": false, - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" } - }, - "mappings": [], - "min": 0, + ], "thresholds": { "mode": "absolute", "steps": [ @@ -839,31 +809,34 @@ } ] }, - "unit": "short" + "unit": "decbytes" }, "overrides": [] }, "gridPos": { - "h": 8, + "h": 5, "w": 8, "x": 0, "y": 12 }, - "id": 26, + "id": 24, + "maxDataPoints": 100, "options": { - "legend": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { "calcs": [ - "lastNotNull" + "mean" ], - "displayMode": "list", - "placement": "bottom", - "showLegend": true + "fields": "", + "values": false }, - "tooltip": { - "hideZeros": false, - "mode": "multi", - "sort": "none" - } + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true }, "pluginVersion": "12.3.0", "targets": [ @@ -872,15 +845,17 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, - "expr": "ceil(rate(registry_registry_http_requests_total{instance=\"$instance\"}[5m]))", + "editorMode": "code", + "expr": "avg(registry_process_resident_memory_bytes{instance=\"$instance\"})", "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ handler }}", + "intervalFactor": 2, + "legendFormat": "", + "range": true, "refId": "A" } ], - "title": "HTTP Requests", - "type": "timeseries" + "title": "Resident Memory Usage", + "type": "stat" }, { "datasource": { @@ -1091,6 +1066,7 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, + "description": "The HTTP requests", "fieldConfig": { "defaults": { "color": { @@ -1114,7 +1090,7 @@ }, "insertNulls": false, "lineInterpolation": "linear", - "lineWidth": 1, + "lineWidth": 3, "pointSize": 5, "scaleDistribution": { "type": "linear" @@ -1124,7 +1100,7 @@ "spanNulls": false, "stacking": { "group": "A", - "mode": "normal" + "mode": "none" }, "thresholdsStyle": { "mode": "off" @@ -1145,28 +1121,30 @@ } ] }, - "unit": "s" + "unit": "short" }, "overrides": [] }, "gridPos": { - "h": 7, + "h": 8, "w": 8, "x": 0, - "y": 20 + "y": 17 }, - "id": 44, + "id": 26, "options": { "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "multi", - "sort": "desc" + "sort": "none" } }, "pluginVersion": "12.3.0", @@ -1176,17 +1154,14 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, - "expr": "increase(registry_registry_storage_action_seconds_sum{instance=\"$instance\"}[2m]) * 1000", + "expr": "ceil(rate(registry_registry_http_requests_total{instance=\"$instance\"}[5m]))", "format": "time_series", - "instant": false, - "intervalFactor": 2, - "legendFormat": "{{ action }}", - "refId": "A", - "step": 10, - "target": "" + "intervalFactor": 1, + "legendFormat": "{{ handler }}", + "refId": "A" } ], - "title": "Registry Action Latency", + "title": "HTTP Requests", "type": "timeseries" }, { @@ -1364,16 +1339,59 @@ }, "fieldConfig": { "defaults": { + "color": { + "mode": "palette-classic" + }, "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, "scaleDistribution": { "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" } - } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" }, "overrides": [] }, @@ -1381,46 +1399,20 @@ "h": 7, "w": 8, "x": 0, - "y": 27 + "y": 25 }, - "id": 2, + "id": 44, "options": { - "calculate": true, - "calculation": {}, - "cellGap": 2, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#b4ff00", - "mode": "scheme", - "reverse": false, - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, "legend": { - "show": false + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true }, - "rowsFrame": { - "layout": "auto" - }, - "showValue": "never", "tooltip": { - "mode": "single", - "showColorScale": false, - "yHistogram": false - }, - "yAxis": { - "axisPlacement": "left", - "min": "0", - "reverse": false, - "unit": "short" + "hideZeros": false, + "mode": "multi", + "sort": "desc" } }, "pluginVersion": "12.3.0", @@ -1430,16 +1422,18 @@ "type": "prometheus", "uid": "PBFA97CFB590B2093" }, - "editorMode": "code", - "expr": "rate(registry_http_request_duration_seconds_bucket{handler=\"blob_upload\"}[10m])", - "format": "heatmap", - "intervalFactor": 1, - "range": true, - "refId": "A" + "expr": "increase(registry_registry_storage_action_seconds_sum{instance=\"$instance\"}[2m]) * 1000", + "format": "time_series", + "instant": false, + "intervalFactor": 2, + "legendFormat": "{{ action }}", + "refId": "A", + "step": 10, + "target": "" } ], - "title": "Upload HTTP Request Latencies in seconds (blob_upload)", - "type": "heatmap" + "title": "Registry Action Latency", + "type": "timeseries" }, { "datasource": { @@ -1606,6 +1600,90 @@ ], "title": "Catalog HTTP Request Latencies in seconds (catalog)", "type": "heatmap" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 32 + }, + "id": 2, + "options": { + "calculate": true, + "calculation": {}, + "cellGap": 2, + "cellValues": {}, + "color": { + "exponent": 0.5, + "fill": "#b4ff00", + "mode": "scheme", + "reverse": false, + "scale": "exponential", + "scheme": "Oranges", + "steps": 128 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": false + }, + "rowsFrame": { + "layout": "auto" + }, + "showValue": "never", + "tooltip": { + "mode": "single", + "showColorScale": false, + "yHistogram": false + }, + "yAxis": { + "axisPlacement": "left", + "min": "0", + "reverse": false, + "unit": "short" + } + }, + "pluginVersion": "12.3.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "code", + "expr": "rate(registry_http_request_duration_seconds_bucket{handler=\"blob_upload\"}[10m])", + "format": "heatmap", + "intervalFactor": 1, + "range": true, + "refId": "A" + } + ], + "title": "Upload HTTP Request Latencies in seconds (blob_upload)", + "type": "heatmap" } ], "preload": false, @@ -1675,12 +1753,12 @@ ] }, "time": { - "from": "now-6h", + "from": "now-12h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Docker Registry", "uid": "CoBSgj8iz", - "version": 6 + "version": 10 } diff --git a/modules/kubernetes/monitoring/grafana.tf b/modules/kubernetes/monitoring/grafana.tf index e31ce1a9..9e96247f 100644 --- a/modules/kubernetes/monitoring/grafana.tf +++ b/modules/kubernetes/monitoring/grafana.tf @@ -43,7 +43,7 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" { # resource "kubernetes_persistent_volume_claim" "grafana_pvc" { # metadata { # name = "grafana-pvc" -# namespace = "monitoring" +# namespace = kubernetes_namespace.monitoring.metadata[0].name # } # spec { # access_modes = ["ReadWriteOnce"] @@ -56,7 +56,7 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" { # } resource "helm_release" "grafana" { - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name create_namespace = true name = "grafana" atomic = true diff --git a/modules/kubernetes/monitoring/idrac.tf b/modules/kubernetes/monitoring/idrac.tf index c527afd3..b539a863 100644 --- a/modules/kubernetes/monitoring/idrac.tf +++ b/modules/kubernetes/monitoring/idrac.tf @@ -2,7 +2,7 @@ resource "kubernetes_config_map" "redfish-config" { metadata { name = "redfish-exporter-config" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -28,7 +28,7 @@ resource "kubernetes_config_map" "redfish-config" { resource "kubernetes_deployment" "idrac-redfish" { metadata { name = "idrac-redfish-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { app = "idrac-redfish-exporter" } @@ -78,7 +78,7 @@ resource "kubernetes_deployment" "idrac-redfish" { resource "kubernetes_service" "idrac-redfish-exporter" { metadata { name = "idrac-redfish-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { "app" = "idrac-redfish-exporter" } @@ -103,7 +103,7 @@ resource "kubernetes_service" "idrac-redfish-exporter" { module "idrac-redfish-exporter-ingress" { source = "../ingress_factory" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name name = "idrac-redfish-exporter" root_domain = "viktorbarzin.lan" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/monitoring/loki.tf b/modules/kubernetes/monitoring/loki.tf index ef782552..2be69371 100644 --- a/modules/kubernetes/monitoring/loki.tf +++ b/modules/kubernetes/monitoring/loki.tf @@ -1,5 +1,5 @@ # resource "helm_release" "loki" { -# namespace = "monitoring" +# namespace = kubernetes_namespace.monitoring.metadata[0].name # create_namespace = true # name = "loki" @@ -54,7 +54,7 @@ # https://grafana.com/docs/alloy/latest/configure/kubernetes/ # resource "helm_release" "alloy" { -# namespace = "monitoring" +# namespace = kubernetes_namespace.monitoring.metadata[0].name # create_namespace = true # name = "alloy" @@ -71,7 +71,7 @@ # for n in $(kbn | awk '{print $1}'); do echo $n; s wizard@$n 'sudo sysctl -w fs.inotify.max_user_watches=2099999999; sudo sysctl -w fs.inotify.max_user_instances=2099999999;sudo sysctl -w fs.inotify.max_queued_events=2099999999'; done # resource "helm_release" "k8s-monitoring" { -# namespace = "monitoring" +# namespace = kubernetes_namespace.monitoring.metadata[0].name # create_namespace = true # name = "k8s-monitoring" diff --git a/modules/kubernetes/monitoring/main.tf b/modules/kubernetes/monitoring/main.tf index 2dc87f89..af3d253b 100644 --- a/modules/kubernetes/monitoring/main.tf +++ b/modules/kubernetes/monitoring/main.tf @@ -15,14 +15,23 @@ variable "haos_api_token" { type = string } variable "pve_password" { type = string } variable "grafana_db_password" { type = string } +resource "kubernetes_namespace" "monitoring" { + metadata { + name = "monitoring" + labels = { + "istio-injection" : "disabled" + } + } +} + module "tls_secret" { source = "../setup_tls_secret" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name tls_secret_name = var.tls_secret_name } # Terraform get angry with the 30k values file :/ use ansible until solved # resource "helm_release" "ups_prometheus_snmp_exporter" { -# namespace = "monitoring" +# namespace = kubernetes_namespace.monitoring.metadata[0].name # create_namespace = true # name = "ups_prometheus_exporter" @@ -67,7 +76,7 @@ resource "kubernetes_cron_job_v1" "monitor_prom" { resource "kubernetes_ingress_v1" "status" { metadata { name = "hetrix-redirect-ingress" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/permanent-redirect" = "https://hetrixtools.com/r/38981b548b5d38b052aca8d01285a3f3/" @@ -101,7 +110,7 @@ resource "kubernetes_ingress_v1" "status" { resource "kubernetes_ingress_v1" "status_yotovski" { metadata { name = "hetrix-yotovski-redirect-ingress" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/permanent-redirect" = "https://hetrixtools.com/r/2ba9d7a5e017794db0fd91f0115a8b3b/" diff --git a/modules/kubernetes/monitoring/prometheus.tf b/modules/kubernetes/monitoring/prometheus.tf index 9f714192..12a00b66 100644 --- a/modules/kubernetes/monitoring/prometheus.tf +++ b/modules/kubernetes/monitoring/prometheus.tf @@ -2,7 +2,7 @@ resource "kubernetes_persistent_volume_claim" "prometheus_server_pvc" { metadata { name = "prometheus-iscsi-pvc" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name } spec { @@ -45,7 +45,7 @@ resource "kubernetes_persistent_volume" "prometheus_server_pvc" { } resource "helm_release" "prometheus" { - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name create_namespace = true name = "prometheus" diff --git a/modules/kubernetes/monitoring/prometheus_chart_values.tpl b/modules/kubernetes/monitoring/prometheus_chart_values.tpl index 9a68aef0..6b5466d8 100644 --- a/modules/kubernetes/monitoring/prometheus_chart_values.tpl +++ b/modules/kubernetes/monitoring/prometheus_chart_values.tpl @@ -168,15 +168,82 @@ serverFiles: # targets: "alertmanager.viktorbarzin.lan" alerting_rules.yml: groups: - - name: Cluster + - name: R730 Host rules: - - alert: LowVoltage - expr: ups_upsInputVoltage < 205 + - alert: HighCPUTemperature + expr: node_hwmon_temp_celsius{instance="pve-node-r730"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance="pve-node-r730"} > 75 + for: 30m + labels: + severity: page + annotations: + summary: "High CPU Temperature: {{ $value }}." + - alert: SSDHighWriteRate + expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdb"}[2m]) / 1024 / 1024 > 2 # sdb is SSD; value in MB for: 10m labels: severity: page annotations: - summary: "Low input voltage - {{ $value }}" + summary: "High write rate on SSD - {{ $value }}MB" + - alert: HDDHighWriteRate + expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdc"}[2m]) / 1024 / 1024 > 10 # sdc is 11TB HDD; value in MB + for: 20m + labels: + severity: page + annotations: + summary: "High write rate on HDD - {{ $value }}MB" + - alert: NoiDRACData + expr: (max(r730_idrac_idrac_system_health + 1) or on() vector(0)) == 0 + for: 30m + labels: + severity: page + annotations: + summary: No iDRAC amperage reading. Can signal that prometheus is not scraping + - alert: HighRAMUsage + expr: clamp_min((1 - (node_memory_MemAvailable_bytes{instance="pve-node-r730"} / node_memory_MemTotal_bytes{instance="pve-node-r730"})) * 100, 0) > 90 + for: 30m + labels: + severity: page + annotations: + summary: "High memory usage: {{ $value }}. Risk of OOM-ing." + - alert: HighSystemLoad + expr: scalar(node_load1{instance="pve-node-r730"}) * 100 / count(count(node_cpu_seconds_total{instance="pve-node-r730"}) by (cpu)) > 50 + for: 30m + labels: + severity: page + annotations: + summary: "High system load: {{ $value }}. Can signal runaway process." + - name: Nvidia Tesla T4 GPU + rules: + - alert: HighGPUTemp + expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_TEMP > 65 + for: 1m + labels: + severity: page + annotations: + summary: "High GPU Temperature {{$value}}" + - alert: HighPowerUsage + expr: nvidia_tesla_t4_DCGM_FI_DEV_POWER_USAGE > 50 + for: 30m + labels: + severity: page + annotations: + summary: "High GPU power usage {{$value}}" + - alert: HighUtilization + expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_UTIL > 50 + for: 30m + labels: + severity: page + annotations: + summary: "High GPU utilization {{$value}}" + - alert: HighMemoryUsage + expr: nvidia_tesla_t4_DCGM_FI_DEV_FB_USED / 1024 > 12 + for: 5m + labels: + severity: page + annotations: + summary: "High VRAM usage {{$value}}" + - name: Power + rules: - alert: OnBattery expr: ups_upsSecondsOnBattery > 0 for: 30m @@ -184,13 +251,35 @@ serverFiles: severity: critical annotations: summary: "UPS on battery for {{ $value }} seconds" - - alert: LowUPBattery + - alert: LowUPSBattery expr: ups_upsEstimatedMinutesRemaining < 25 and on(instance) ups_upsInputVoltage < 150 for: 1m labels: severity: critical annotations: summary: "UPS battery running out - {{ $value }} minutes remaining" + - alert: PowerOutage + expr: ups_upsInputVoltage < 150 + labels: + severity: page + annotations: + summary: Power voltage on a power supply is {{ $value }} indicating power outage. + - alert: HighPowerUsage + expr: r730_idrac_idrac_power_control_consumed_watts > 200 + for: 60m + labels: + severity: page + annotations: + summary: "High server power usage - {{$value}} watts" + - alert: UsingInverterEnergyForTooLong + expr: automatic_transfer_switch_power_mode > 0 # 1 = Inverter; 0 = Grid + for: 24h + labels: + severity: page + annotations: + summary: "Running on inverter for too long: {{ $value }}%. Maybe switching to grid does not work." + - name: Cluster + rules: - alert: NodeDown expr: (up{job="kubernetes-nodes"} or on() vector(0)) == 0 for: 1m @@ -198,6 +287,20 @@ serverFiles: severity: page annotations: summary: Node {{$labels.instance}} down. + - alert: DockerRegistryDown + expr: (registry_process_start_time_seconds or on() vector(0)) == 0 + for: 10m + labels: + severity: page + annotations: + summary: "Docker registry is down" + - alert: RegistryLowCacheHitRate + expr: (sum by (job) (rate(registry_registry_storage_cache_total{type="Hit"}[15m]))) / (sum by (job) (rate(registry_registry_storage_cache_total{type="Request"}[15m]))) * 100 < 50 + for: 12h + labels: + severity: page + annotations: + summary: "Low registry cache hit rate" - alert: NodeHighCPUUsage expr: node_load1{instance!="pve-node-r730"} > 2 for: 20m @@ -212,13 +315,6 @@ serverFiles: severity: page annotations: summary: "Low free memory on {{ $labels.node }} - {{ $value }}" - - alert: SSDHighWriteRate - expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdb"}[2m]) / 1024 / 1024 > 2 # sdb is SSD; value in MB - for: 10m - labels: - severity: page - annotations: - summary: "High write rate on SSD - {{ $value }}MB" # - name: PodStuckNotReady # rules: # - alert: PodStuckNotReady @@ -235,26 +331,6 @@ serverFiles: # severity: page # annotations: # summary: Number of ready pods in {{ $labels.deployment }} is less than what is defined in spec. - - alert: PowerOutage - expr: ups_upsInputVoltage < 150 - labels: - severity: page - annotations: - summary: Power voltage on a power supply is {{ $value }} indicating power outage. - - alert: HighGPUTemp - expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_TEMP > 65 - for: 1m - labels: - severity: page - annotations: - summary: "High GPU Temperature {{$value}}" - - alert: HighPowerUsage - expr: r730_idrac_idrac_power_control_consumed_watts > 200 - for: 60m - labels: - severity: page - annotations: - summary: "High server power usage - {{$value}} watts" - alert: NoNodeLoadData expr: (node_load1 OR on() vector(0)) == 0 for: 10m @@ -262,13 +338,6 @@ serverFiles: severity: page annotations: summary: No node load data. Can signal that prometheus is not scraping - - alert: NoiDRACData - expr: (max(r730_idrac_idrac_system_health + 1) or on() vector(0)) == 0 - for: 30m - labels: - severity: page - annotations: - summary: No iDRAC amperage reading. Can signal that prometheus is not scraping - alert: HighIngressPermissionErrors expr: (sum(rate(nginx_ingress_controller_requests{status=~"4.*", ingress!="nextcloud", ingress!="grafana"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests[2m])) by (ingress) * 100) > 10 for: 20m @@ -283,20 +352,6 @@ serverFiles: severity: page annotations: summary: "High server failiure rate for {{ $labels.ingress }}: {{ $value }}%." - - alert: UsingInverterEnergyForTooLong - expr: automatic_transfer_switch_power_mode > 0 # 1 = Inverter; 0 = Grid - for: 24h - labels: - severity: page - annotations: - summary: "Running on inverter for too long: {{ $value }}%. Maybe switching to grid does not work." - - alert: DockerRegistryDown - expr: (registry_process_start_time_seconds or on() vector(0)) == 0 - for: 10m - labels: - severity: page - annotations: - summary: "Docker registry is down" # - alert: OpenWRT High Memory Usage # expr: 100 - ((openwrt_node_memory_MemAvailable_bytes * 100) / openwrt_node_memory_MemTotal_bytes) > 90 # for: 10m diff --git a/modules/kubernetes/monitoring/pve_exporter.tf b/modules/kubernetes/monitoring/pve_exporter.tf index 0803176e..af20cd19 100644 --- a/modules/kubernetes/monitoring/pve_exporter.tf +++ b/modules/kubernetes/monitoring/pve_exporter.tf @@ -2,7 +2,7 @@ resource "kubernetes_secret" "pve_exporter_config" { metadata { name = "pve-exporter-config" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name } data = { @@ -19,7 +19,7 @@ resource "kubernetes_secret" "pve_exporter_config" { resource "kubernetes_deployment" "pve_exporter" { metadata { name = "proxmox-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name } spec { @@ -72,7 +72,7 @@ resource "kubernetes_deployment" "pve_exporter" { resource "kubernetes_service" "proxmox-exporter" { metadata { name = "proxmox-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { "app" = "proxmox-exporter" } diff --git a/modules/kubernetes/monitoring/snmp_exporter.tf b/modules/kubernetes/monitoring/snmp_exporter.tf index cf632db9..f8c3eeb3 100644 --- a/modules/kubernetes/monitoring/snmp_exporter.tf +++ b/modules/kubernetes/monitoring/snmp_exporter.tf @@ -12,7 +12,7 @@ https://sbcode.net/prometheus/snmp-generate-huawei/ resource "kubernetes_config_map" "snmp-exporter-yaml" { metadata { name = "snmp-exporter-yaml" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -27,7 +27,7 @@ resource "kubernetes_config_map" "snmp-exporter-yaml" { resource "kubernetes_deployment" "snmp-exporter" { metadata { name = "snmp-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { app = "snmp-exporter" } @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "snmp-exporter" { resource "kubernetes_service" "snmp-exporter" { metadata { name = "snmp-exporter" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { "app" = "snmp-exporter" } @@ -102,7 +102,7 @@ resource "kubernetes_service" "snmp-exporter" { module "snmp-exporter-ingress" { source = "../ingress_factory" - namespace = "monitoring" + namespace = kubernetes_namespace.monitoring.metadata[0].name name = "snmp-exporter" root_domain = "viktorbarzin.lan" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/n8n/main.tf b/modules/kubernetes/n8n/main.tf index 8aa8d13b..29cd54d0 100644 --- a/modules/kubernetes/n8n/main.tf +++ b/modules/kubernetes/n8n/main.tf @@ -3,11 +3,11 @@ variable "postgresql_password" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "n8n" + namespace = kubernetes_namespace.n8n.metadata[0].name tls_secret_name = var.tls_secret_name } -resource "kubernetes_namespace" "immich" { +resource "kubernetes_namespace" "n8n" { metadata { name = "n8n" } @@ -16,7 +16,7 @@ resource "kubernetes_namespace" "immich" { resource "kubernetes_deployment" "n8n" { metadata { name = "n8n" - namespace = "n8n" + namespace = kubernetes_namespace.n8n.metadata[0].name labels = { app = "n8n" } @@ -112,7 +112,7 @@ resource "kubernetes_deployment" "n8n" { resource "kubernetes_service" "n8n" { metadata { name = "n8n" - namespace = "n8n" + namespace = kubernetes_namespace.n8n.metadata[0].name labels = { "app" = "n8n" } @@ -130,7 +130,7 @@ resource "kubernetes_service" "n8n" { } module "ingress" { source = "../ingress_factory" - namespace = "n8n" + namespace = kubernetes_namespace.n8n.metadata[0].name name = "n8n" tls_secret_name = var.tls_secret_name extra_annotations = { diff --git a/modules/kubernetes/navidrome/main.tf b/modules/kubernetes/navidrome/main.tf index 3fcb9d2c..b1597eaa 100644 --- a/modules/kubernetes/navidrome/main.tf +++ b/modules/kubernetes/navidrome/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "navidrome" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "navidrome" + namespace = kubernetes_namespace.navidrome.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "navidrome" { metadata { name = "navidrome" - namespace = "navidrome" + namespace = kubernetes_namespace.navidrome.metadata[0].name labels = { app = "navidrome" "kubernetes.io/cluster-service" = "true" @@ -94,7 +94,7 @@ resource "kubernetes_deployment" "navidrome" { resource "kubernetes_service" "navidrome" { metadata { name = "navidrome" - namespace = "navidrome" + namespace = kubernetes_namespace.navidrome.metadata[0].name labels = { "app" = "navidrome" } @@ -112,7 +112,7 @@ resource "kubernetes_service" "navidrome" { } module "ingress" { source = "../ingress_factory" - namespace = "navidrome" + namespace = kubernetes_namespace.navidrome.metadata[0].name name = "navidrome" tls_secret_name = var.tls_secret_name rybbit_site_id = "8a3844ff75ba" diff --git a/modules/kubernetes/netbox/main.tf b/modules/kubernetes/netbox/main.tf index 4be28ee8..46c9f58a 100644 --- a/modules/kubernetes/netbox/main.tf +++ b/modules/kubernetes/netbox/main.tf @@ -8,14 +8,14 @@ resource "kubernetes_namespace" "netbox" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "netbox" + namespace = kubernetes_namespace.netbox.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "netbox" { metadata { name = "netbox" - namespace = "netbox" + namespace = kubernetes_namespace.netbox.metadata[0].name labels = { app = "netbox" } @@ -118,7 +118,7 @@ resource "kubernetes_deployment" "netbox" { resource "kubernetes_service" "netbox" { metadata { name = "netbox" - namespace = "netbox" + namespace = kubernetes_namespace.netbox.metadata[0].name labels = { "app" = "netbox" } @@ -138,7 +138,7 @@ resource "kubernetes_service" "netbox" { } module "ingress" { source = "../ingress_factory" - namespace = "netbox" + namespace = kubernetes_namespace.netbox.metadata[0].name name = "netbox" tls_secret_name = var.tls_secret_name protected = true diff --git a/modules/kubernetes/networking-toolbox/main.tf b/modules/kubernetes/networking-toolbox/main.tf index e7cf3771..56abc187 100644 --- a/modules/kubernetes/networking-toolbox/main.tf +++ b/modules/kubernetes/networking-toolbox/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "networking-toolbox" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "networking-toolbox" + namespace = kubernetes_namespace.networking-toolbox.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "networking-toolbox" { metadata { name = "networking-toolbox" - namespace = "networking-toolbox" + namespace = kubernetes_namespace.networking-toolbox.metadata[0].name labels = { app = "networking-toolbox" } @@ -52,7 +52,7 @@ resource "kubernetes_deployment" "networking-toolbox" { resource "kubernetes_service" "networking-toolbox" { metadata { name = "networking-toolbox" - namespace = "networking-toolbox" + namespace = kubernetes_namespace.networking-toolbox.metadata[0].name labels = { "app" = "networking-toolbox" } @@ -72,7 +72,7 @@ resource "kubernetes_service" "networking-toolbox" { module "ingress" { source = "../ingress_factory" - namespace = "networking-toolbox" + namespace = kubernetes_namespace.networking-toolbox.metadata[0].name name = "networking-toolbox" tls_secret_name = var.tls_secret_name protected = true diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf index 04757403..e33fef1a 100644 --- a/modules/kubernetes/nextcloud/main.tf +++ b/modules/kubernetes/nextcloud/main.tf @@ -3,7 +3,7 @@ variable "db_password" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -17,7 +17,7 @@ resource "kubernetes_namespace" "nextcloud" { } resource "helm_release" "nextcloud" { - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name name = "nextcloud" repository = "https://nextcloud.github.io/helm/" @@ -32,7 +32,7 @@ resource "helm_release" "nextcloud" { # resource "kubernetes_config_map" "config" { # metadata { # name = "config" -# namespace = "nextcloud" +# namespace = kubernetes_namespace.nextcloud.metadata[0].name # annotations = { # "reloader.stakater.com/match" = "true" @@ -47,7 +47,7 @@ resource "helm_release" "nextcloud" { resource "kubernetes_deployment" "whiteboard" { metadata { name = "whiteboard" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name labels = { app = "whiteboard" } @@ -93,7 +93,7 @@ resource "kubernetes_deployment" "whiteboard" { resource "kubernetes_service" "whiteboard" { metadata { name = "whiteboard" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name labels = { app = "whiteboard" } @@ -132,7 +132,7 @@ resource "kubernetes_persistent_volume" "nextcloud-data-pv" { resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" { metadata { name = "nextcloud-data-pvc" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name } spec { access_modes = ["ReadWriteOnce"] @@ -147,7 +147,7 @@ resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" { module "ingress" { source = "../ingress_factory" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name name = "nextcloud" tls_secret_name = var.tls_secret_name port = 8080 @@ -162,7 +162,7 @@ module "ingress" { module "whiteboard_ingress" { source = "../ingress_factory" - namespace = "nextcloud" + namespace = kubernetes_namespace.nextcloud.metadata[0].name name = "whiteboard" tls_secret_name = var.tls_secret_name port = 80 diff --git a/modules/kubernetes/ntfy/main.tf b/modules/kubernetes/ntfy/main.tf index a2e6fb9f..7a7d9a5d 100644 --- a/modules/kubernetes/ntfy/main.tf +++ b/modules/kubernetes/ntfy/main.tf @@ -7,14 +7,14 @@ resource "kubernetes_namespace" "ntfy" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "ntfy" + namespace = kubernetes_namespace.ntfy.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "ntfy" { metadata { name = "ntfy" - namespace = "ntfy" + namespace = kubernetes_namespace.ntfy.metadata[0].name labels = { app = "ntfy" } @@ -96,7 +96,7 @@ resource "kubernetes_deployment" "ntfy" { resource "kubernetes_service" "ntfy" { metadata { name = "ntfy" - namespace = "ntfy" + namespace = kubernetes_namespace.ntfy.metadata[0].name labels = { "app" = "ntfy" } @@ -121,7 +121,7 @@ resource "kubernetes_service" "ntfy" { module "ingress" { source = "../ingress_factory" - namespace = "ntfy" + namespace = kubernetes_namespace.ntfy.metadata[0].name name = "ntfy" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/nvidia/main.tf b/modules/kubernetes/nvidia/main.tf index 1bd3f4b2..1948e58e 100644 --- a/modules/kubernetes/nvidia/main.tf +++ b/modules/kubernetes/nvidia/main.tf @@ -2,7 +2,7 @@ variable "tls_secret_name" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -21,7 +21,7 @@ resource "kubernetes_namespace" "nvidia" { resource "kubernetes_config_map" "time_slicing_config" { metadata { name = "time-slicing-config" - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name } data = { @@ -41,7 +41,7 @@ resource "kubernetes_config_map" "time_slicing_config" { } resource "helm_release" "nvidia-gpu-operator" { - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name name = "nvidia-gpu-operator" repository = "https://helm.ngc.nvidia.com/nvidia" @@ -57,7 +57,7 @@ resource "helm_release" "nvidia-gpu-operator" { resource "kubernetes_deployment" "nvidia-exporter" { metadata { name = "nvidia-exporter" - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name labels = { app = "nvidia-exporter" } @@ -106,7 +106,7 @@ resource "kubernetes_deployment" "nvidia-exporter" { resource "kubernetes_service" "nvidia-exporter" { metadata { name = "nvidia-exporter" - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name labels = { "app" = "nvidia-exporter" } @@ -127,7 +127,7 @@ resource "kubernetes_service" "nvidia-exporter" { module "ingress" { source = "../ingress_factory" - namespace = "nvidia" + namespace = kubernetes_namespace.nvidia.metadata[0].name name = "nvidia-exporter" root_domain = "viktorbarzin.lan" tls_secret_name = var.tls_secret_name @@ -138,7 +138,7 @@ module "ingress" { # resource "kubernetes_ingress_v1" "nvidia-exporter" { # metadata { # name = "nvidia-exporter" -# namespace = "nvidia" +# namespace = kubernetes_namespace.nvidia.metadata[0].name # annotations = { # "kubernetes.io/ingress.class" = "nginx" # "nginx.ingress.kubernetes.io/whitelist-source-range" : "192.168.1.0/24, 10.0.0.0/8" diff --git a/modules/kubernetes/ollama/main.tf b/modules/kubernetes/ollama/main.tf index 1ff00895..9a4de923 100644 --- a/modules/kubernetes/ollama/main.tf +++ b/modules/kubernetes/ollama/main.tf @@ -8,13 +8,13 @@ resource "kubernetes_namespace" "ollama" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_persistent_volume_claim" "ollama-pvc" { metadata { name = "ollama-pvc" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name } spec { @@ -47,7 +47,7 @@ resource "kubernetes_persistent_volume" "ollama-pv" { } # resource "helm_release" "ollama" { -# namespace = "ollama" +# namespace = kubernetes_namespace.ollama.metadata[0].name # name = "ollama" # repository = "https://otwld.github.io/ollama-helm/" @@ -62,7 +62,7 @@ resource "kubernetes_persistent_volume" "ollama-pv" { resource "kubernetes_deployment" "ollama" { metadata { name = "ollama" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name labels = { app = "ollama" } @@ -126,7 +126,7 @@ resource "kubernetes_deployment" "ollama" { resource "kubernetes_service" "ollama" { metadata { name = "ollama" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name labels = { app = "ollama" } @@ -146,7 +146,7 @@ resource "kubernetes_service" "ollama" { # Allow ollama to be connected to from external apps module "ollama-ingress" { source = "../ingress_factory" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name name = "ollama-server" service_name = "ollama" root_domain = "viktorbarzin.lan" @@ -160,7 +160,7 @@ module "ollama-ingress" { resource "kubernetes_deployment" "ollama-ui" { metadata { name = "ollama-ui" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name labels = { app = "ollama-ui" } @@ -211,7 +211,7 @@ resource "kubernetes_deployment" "ollama-ui" { resource "kubernetes_service" "ollama-ui" { metadata { name = "ollama-ui" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name labels = { app = "dashy" } @@ -231,7 +231,7 @@ resource "kubernetes_service" "ollama-ui" { module "ingress" { source = "../ingress_factory" - namespace = "ollama" + namespace = kubernetes_namespace.ollama.metadata[0].name name = "ollama" service_name = "ollama-ui" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/onlyoffice/main.tf b/modules/kubernetes/onlyoffice/main.tf index 51c5560d..c3c26811 100644 --- a/modules/kubernetes/onlyoffice/main.tf +++ b/modules/kubernetes/onlyoffice/main.tf @@ -13,14 +13,14 @@ resource "kubernetes_namespace" "onlyoffice" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "onlyoffice" + namespace = kubernetes_namespace.onlyoffice.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "onlyoffice-document-server" { metadata { name = "onlyoffice-document-server" - namespace = "onlyoffice" + namespace = kubernetes_namespace.onlyoffice.metadata[0].name labels = { app = "onlyoffice-document-server" } @@ -104,7 +104,7 @@ resource "kubernetes_deployment" "onlyoffice-document-server" { resource "kubernetes_service" "onlyoffice" { metadata { name = "onlyoffice-document-server" - namespace = "onlyoffice" + namespace = kubernetes_namespace.onlyoffice.metadata[0].name labels = { "app" = "onlyoffice-document-server" } @@ -121,7 +121,7 @@ resource "kubernetes_service" "onlyoffice" { } module "ingress" { source = "../ingress_factory" - namespace = "onlyoffice" + namespace = kubernetes_namespace.onlyoffice.metadata[0].name name = "onlyoffice" service_name = "onlyoffice-document-server" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/owntracks/main.tf b/modules/kubernetes/owntracks/main.tf index d589c75d..6e9cce09 100644 --- a/modules/kubernetes/owntracks/main.tf +++ b/modules/kubernetes/owntracks/main.tf @@ -17,7 +17,7 @@ resource "kubernetes_namespace" "owntracks" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "owntracks" + namespace = kubernetes_namespace.owntracks.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -29,7 +29,7 @@ locals { resource "kubernetes_secret" "basic_auth" { metadata { name = "basic-auth-secret" - namespace = "owntracks" + namespace = kubernetes_namespace.owntracks.metadata[0].name } data = { @@ -45,7 +45,7 @@ resource "kubernetes_secret" "basic_auth" { resource "kubernetes_deployment" "owntracks" { metadata { name = "owntracks" - namespace = "owntracks" + namespace = kubernetes_namespace.owntracks.metadata[0].name labels = { app = "owntracks" } @@ -112,7 +112,7 @@ resource "kubernetes_deployment" "owntracks" { resource "kubernetes_service" "owntracks" { metadata { name = "owntracks" - namespace = "owntracks" + namespace = kubernetes_namespace.owntracks.metadata[0].name labels = { "app" = "owntracks" } @@ -133,7 +133,7 @@ resource "kubernetes_service" "owntracks" { module "ingress" { source = "../ingress_factory" - namespace = "owntracks" + namespace = kubernetes_namespace.owntracks.metadata[0].name name = "owntracks" tls_secret_name = var.tls_secret_name port = 443 diff --git a/modules/kubernetes/paperless-ngx/main.tf b/modules/kubernetes/paperless-ngx/main.tf index 67c1ad4f..e847a4f4 100644 --- a/modules/kubernetes/paperless-ngx/main.tf +++ b/modules/kubernetes/paperless-ngx/main.tf @@ -15,7 +15,7 @@ resource "kubernetes_namespace" "paperless-ngx" { } module "tls_secret" { source = "../setup_tls_secret" - namespace = "paperless-ngx" + namespace = kubernetes_namespace.paperless-ngx.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -23,7 +23,7 @@ module "tls_secret" { resource "kubernetes_deployment" "paperless-ngx" { metadata { name = "paperless-ngx" - namespace = "paperless-ngx" + namespace = kubernetes_namespace.paperless-ngx.metadata[0].name labels = { app = "paperless-ngx" } @@ -124,7 +124,7 @@ resource "kubernetes_deployment" "paperless-ngx" { resource "kubernetes_service" "paperless-ngx" { metadata { name = "paperless-ngx" - namespace = "paperless-ngx" + namespace = kubernetes_namespace.paperless-ngx.metadata[0].name labels = { "app" = "paperless-ngx" } @@ -145,7 +145,7 @@ resource "kubernetes_service" "paperless-ngx" { module "ingress" { source = "../ingress_factory" - namespace = "paperless-ngx" + namespace = kubernetes_namespace.paperless-ngx.metadata[0].name name = "paperless-ngx" service_name = "paperless-ngx" host = "pdf" diff --git a/modules/kubernetes/pihole/main.tf b/modules/kubernetes/pihole/main.tf index c7254648..1dc39eb6 100644 --- a/modules/kubernetes/pihole/main.tf +++ b/modules/kubernetes/pihole/main.tf @@ -9,7 +9,7 @@ resource "kubernetes_namespace" "pihole" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -17,7 +17,7 @@ module "tls_secret" { resource "kubernetes_config_map" "external_conf" { metadata { name = "external-conf" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name labels = { app = "pihole" @@ -31,7 +31,7 @@ resource "kubernetes_config_map" "external_conf" { resource "kubernetes_deployment" "pihole" { metadata { name = "pihole" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name labels = { app = "pihole" } @@ -118,7 +118,7 @@ resource "kubernetes_deployment" "pihole" { resource "kubernetes_service" "pihole-dns" { metadata { name = "pihole-dns" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name labels = { "app" = "pihole" } @@ -144,7 +144,7 @@ resource "kubernetes_service" "pihole-dns" { resource "kubernetes_service" "pihole-web" { metadata { name = "pihole-web" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name labels = { "app" = "pihole" } @@ -167,7 +167,7 @@ resource "kubernetes_service" "pihole-web" { resource "kubernetes_ingress_v1" "pihole" { metadata { name = "pihole-ingress" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on" diff --git a/modules/kubernetes/privatebin/main.tf b/modules/kubernetes/privatebin/main.tf index 7ec3186f..36f63c27 100644 --- a/modules/kubernetes/privatebin/main.tf +++ b/modules/kubernetes/privatebin/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "privatebin" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "privatebin" + namespace = kubernetes_namespace.privatebin.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "privatebin" { metadata { name = "privatebin" - namespace = "privatebin" + namespace = kubernetes_namespace.privatebin.metadata[0].name labels = { app = "privatebin" "kubernetes.io/cluster-service" = "true" @@ -71,7 +71,7 @@ resource "kubernetes_deployment" "privatebin" { resource "kubernetes_service" "privatebin" { metadata { name = "privatebin" - namespace = "privatebin" + namespace = kubernetes_namespace.privatebin.metadata[0].name labels = { "app" = "privatebin" } @@ -90,7 +90,7 @@ resource "kubernetes_service" "privatebin" { module "ingress" { source = "../ingress_factory" - namespace = "privatebin" + namespace = kubernetes_namespace.privatebin.metadata[0].name name = "privatebin" host = "pb" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/real-estate-crawler/main.tf b/modules/kubernetes/real-estate-crawler/main.tf index 099902a6..38d1d628 100644 --- a/modules/kubernetes/real-estate-crawler/main.tf +++ b/modules/kubernetes/real-estate-crawler/main.tf @@ -17,14 +17,14 @@ resource "kubernetes_namespace" "realestate-crawler" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "realestate-crawler-ui" { metadata { name = "realestate-crawler-ui" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { app = "realestate-crawler-ui" } @@ -68,7 +68,7 @@ resource "kubernetes_deployment" "realestate-crawler-ui" { resource "kubernetes_service" "realestate-crawler-ui" { metadata { name = "realestate-crawler-ui" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { "app" = "realestate-crawler-ui" } @@ -85,7 +85,7 @@ resource "kubernetes_service" "realestate-crawler-ui" { } # module "ingress" { # source = "../ingress_factory" -# namespace = "realestate-crawler" +# namespace = kubernetes_namespace.realestate-crawler.metadata[0].name # name = "wrongmove" # service_name = "realestate-crawler-ui" # tls_secret_name = var.tls_secret_name @@ -95,7 +95,7 @@ resource "kubernetes_service" "realestate-crawler-ui" { resource "kubernetes_deployment" "realestate-crawler-api" { metadata { name = "realestate-crawler-api" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { app = "realestate-crawler-api" } @@ -179,7 +179,7 @@ resource "kubernetes_deployment" "realestate-crawler-api" { resource "kubernetes_service" "realestate-crawler-api" { metadata { name = "realestate-crawler-api" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { "app" = "realestate-crawler-api" } @@ -197,7 +197,7 @@ resource "kubernetes_service" "realestate-crawler-api" { } # module "ingress-api" { # source = "../ingress_factory" -# namespace = "realestate-crawler" +# namespace = kubernetes_namespace.realestate-crawler.metadata[0].name # name = "wrongmove-api" # service_name = "realestate-crawler-api" # tls_secret_name = var.tls_secret_name @@ -206,7 +206,7 @@ resource "kubernetes_service" "realestate-crawler-api" { resource "kubernetes_ingress_v1" "proxied-ingress" { metadata { name = "realestate-crawler" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" "nginx.ingress.kubernetes.io/backend-protocol" = "http" @@ -278,7 +278,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { resource "kubernetes_cron_job_v1" "scrape-rightmove" { metadata { name = "scrape-rightmove" - namespace = "realestate-crawler" + namespace = kubernetes_namespace.realestate-crawler.metadata[0].name } spec { concurrency_policy = "Replace" diff --git a/modules/kubernetes/redis/main.tf b/modules/kubernetes/redis/main.tf index d4cf7d64..7750d447 100644 --- a/modules/kubernetes/redis/main.tf +++ b/modules/kubernetes/redis/main.tf @@ -8,14 +8,14 @@ resource "kubernetes_namespace" "redis" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "redis" + namespace = kubernetes_namespace.redis.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "redis" { metadata { name = "redis" - namespace = "redis" + namespace = kubernetes_namespace.redis.metadata[0].name labels = { app = "redis" } @@ -69,7 +69,7 @@ resource "kubernetes_deployment" "redis" { resource "kubernetes_service" "redis" { metadata { name = "redis" - namespace = "redis" + namespace = kubernetes_namespace.redis.metadata[0].name labels = { app = "redis" } @@ -91,7 +91,7 @@ resource "kubernetes_service" "redis" { } module "ingress" { source = "../ingress_factory" - namespace = "redis" + namespace = kubernetes_namespace.redis.metadata[0].name name = "redis" tls_secret_name = var.tls_secret_name protected = true diff --git a/modules/kubernetes/resume/main.tf b/modules/kubernetes/resume/main.tf index f1ac8b04..f4f6cba1 100644 --- a/modules/kubernetes/resume/main.tf +++ b/modules/kubernetes/resume/main.tf @@ -4,7 +4,7 @@ variable "redis_url" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "resume" + namespace = kubernetes_namespace.resume.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -17,7 +17,7 @@ resource "kubernetes_namespace" "resume" { resource "kubernetes_deployment" "resume" { metadata { name = "resume" - namespace = "resume" + namespace = kubernetes_namespace.resume.metadata[0].name labels = { app = "resume" } diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf index a3d8ad69..1c3c9af3 100644 --- a/modules/kubernetes/reverse_proxy/factory/main.tf +++ b/modules/kubernetes/reverse_proxy/factory/main.tf @@ -75,8 +75,10 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { # "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" : null - "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null - # "nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null + # "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null + # "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri" : null + "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$escaped_request_uri" : null + "nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null "nginx.ingress.kubernetes.io/auth-snippet" : var.protected ? "proxy_set_header X-Forwarded-Host $http_host;" : null "nginx.ingress.kubernetes.io/proxy-body-size" : var.max_body_size diff --git a/modules/kubernetes/rybbit/main.tf b/modules/kubernetes/rybbit/main.tf index 796a7771..51d212a3 100644 --- a/modules/kubernetes/rybbit/main.tf +++ b/modules/kubernetes/rybbit/main.tf @@ -10,7 +10,7 @@ resource "kubernetes_namespace" "rybbit" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -27,7 +27,7 @@ locals { resource "kubernetes_deployment" "clickhouse" { metadata { name = "clickhouse" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { app = "clickhouse" } @@ -86,7 +86,7 @@ resource "kubernetes_deployment" "clickhouse" { resource "kubernetes_service" "clickhouse" { metadata { name = "clickhouse" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { "app" = "clickhouse" } @@ -108,7 +108,7 @@ resource "kubernetes_service" "clickhouse" { resource "kubernetes_deployment" "rybbit" { metadata { name = "rybbit" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { app = "rybbit" } @@ -199,7 +199,7 @@ resource "kubernetes_deployment" "rybbit" { resource "kubernetes_service" "rybbit" { metadata { name = "rybbit" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { "app" = "rybbit" } @@ -220,7 +220,7 @@ resource "kubernetes_service" "rybbit" { resource "kubernetes_deployment" "rybbit-client" { metadata { name = "rybbit-client" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { app = "rybbit-client" } @@ -264,7 +264,7 @@ resource "kubernetes_deployment" "rybbit-client" { resource "kubernetes_service" "rybbit-client" { metadata { name = "rybbit-client" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { "app" = "rybbit-client" } @@ -286,7 +286,7 @@ resource "kubernetes_service" "rybbit-client" { resource "kubernetes_ingress_v1" "rybbit" { metadata { name = "rybbit" - namespace = "rybbit" + namespace = kubernetes_namespace.rybbit.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" diff --git a/modules/kubernetes/send/main.tf b/modules/kubernetes/send/main.tf index e08f63c9..bf4773f9 100644 --- a/modules/kubernetes/send/main.tf +++ b/modules/kubernetes/send/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "send" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "send" + namespace = kubernetes_namespace.send.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "send" { metadata { name = "send" - namespace = "send" + namespace = kubernetes_namespace.send.metadata[0].name labels = { app = "send" } @@ -90,7 +90,7 @@ resource "kubernetes_deployment" "send" { resource "kubernetes_service" "send" { metadata { name = "send" - namespace = "send" + namespace = kubernetes_namespace.send.metadata[0].name labels = { app = "send" } @@ -108,7 +108,7 @@ resource "kubernetes_service" "send" { } module "ingress" { source = "../ingress_factory" - namespace = "send" + namespace = kubernetes_namespace.send.metadata[0].name name = "send" tls_secret_name = var.tls_secret_name port = 1443 diff --git a/modules/kubernetes/servarr/main.tf b/modules/kubernetes/servarr/main.tf index 97b06a35..7604b8d4 100644 --- a/modules/kubernetes/servarr/main.tf +++ b/modules/kubernetes/servarr/main.tf @@ -8,7 +8,7 @@ resource "kubernetes_namespace" "servarr" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "servarr" + namespace = kubernetes_namespace.servarr.metadata[0].name tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/shadowsocks/main.tf b/modules/kubernetes/shadowsocks/main.tf index fe5f0fed..6dd980e9 100644 --- a/modules/kubernetes/shadowsocks/main.tf +++ b/modules/kubernetes/shadowsocks/main.tf @@ -3,7 +3,7 @@ variable "method" { default = "chacha20-ietf-poly1305" } -resource "kubernetes_namespace" "mailserver" { +resource "kubernetes_namespace" "shadowsocks" { metadata { name = "shadowsocks" # TLS termination seems iffy - I get pfsense MiTM-ing @@ -16,7 +16,7 @@ resource "kubernetes_namespace" "mailserver" { resource "kubernetes_deployment" "shadowsocks" { metadata { name = "shadowsocks" - namespace = "shadowsocks" + namespace = kubernetes_namespace.shadowsocks.metadata[0].name labels = { "app" = "shadowsocks" } @@ -67,7 +67,7 @@ resource "kubernetes_deployment" "shadowsocks" { resource "kubernetes_service" "mailserver" { metadata { name = "shadowsocks" - namespace = "shadowsocks" + namespace = kubernetes_namespace.shadowsocks.metadata[0].name labels = { app = "shadowsocks" diff --git a/modules/kubernetes/stirling-pdf/main.tf b/modules/kubernetes/stirling-pdf/main.tf index 16958bd8..319285e9 100644 --- a/modules/kubernetes/stirling-pdf/main.tf +++ b/modules/kubernetes/stirling-pdf/main.tf @@ -11,14 +11,14 @@ resource "kubernetes_namespace" "stirling-pdf" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "stirling-pdf" + namespace = kubernetes_namespace.stirling-pdf.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "stirling-pdf" { metadata { name = "stirling-pdf" - namespace = "stirling-pdf" + namespace = kubernetes_namespace.stirling-pdf.metadata[0].name labels = { app = "stirling-pdf" } @@ -63,7 +63,7 @@ resource "kubernetes_deployment" "stirling-pdf" { resource "kubernetes_service" "stirling-pdf" { metadata { name = "stirling-pdf" - namespace = "stirling-pdf" + namespace = kubernetes_namespace.stirling-pdf.metadata[0].name labels = { "app" = "stirling-pdf" } @@ -83,7 +83,7 @@ resource "kubernetes_service" "stirling-pdf" { module "ingress" { source = "../ingress_factory" - namespace = "stirling-pdf" + namespace = kubernetes_namespace.stirling-pdf.metadata[0].name name = "stirling-pdf" tls_secret_name = var.tls_secret_name rybbit_site_id = "a55ac54ec749" diff --git a/modules/kubernetes/tandoor/main.tf b/modules/kubernetes/tandoor/main.tf index 984181af..d1aa6c5e 100644 --- a/modules/kubernetes/tandoor/main.tf +++ b/modules/kubernetes/tandoor/main.tf @@ -17,14 +17,14 @@ resource "random_password" "secret_key" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "tandoor" + namespace = kubernetes_namespace.tandoor.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "tandoor" { metadata { name = "tandoor" - namespace = "tandoor" + namespace = kubernetes_namespace.tandoor.metadata[0].name labels = { app = "tandoor" } @@ -144,7 +144,7 @@ resource "kubernetes_deployment" "tandoor" { resource "kubernetes_service" "tandoor" { metadata { name = "tandoor" - namespace = "tandoor" + namespace = kubernetes_namespace.tandoor.metadata[0].name labels = { "app" = "tandoor" } @@ -163,7 +163,7 @@ resource "kubernetes_service" "tandoor" { module "ingress" { source = "../ingress_factory" - namespace = "tandoor" + namespace = kubernetes_namespace.tandoor.metadata[0].name name = "tandoor" tls_secret_name = var.tls_secret_name } diff --git a/modules/kubernetes/technitium/main.tf b/modules/kubernetes/technitium/main.tf index cbca9e40..b3376443 100644 --- a/modules/kubernetes/technitium/main.tf +++ b/modules/kubernetes/technitium/main.tf @@ -13,7 +13,7 @@ resource "kubernetes_namespace" "technitium" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -21,7 +21,7 @@ resource "kubernetes_deployment" "technitium" { # resource "kubernetes_daemonset" "technitium" { metadata { name = "technitium" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name labels = { app = "technitium" } @@ -103,7 +103,7 @@ resource "kubernetes_deployment" "technitium" { resource "kubernetes_service" "technitium-web" { metadata { name = "technitium-web" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name labels = { "app" = "technitium" } @@ -134,7 +134,7 @@ resource "kubernetes_service" "technitium-web" { resource "kubernetes_service" "technitium-dns" { metadata { name = "technitium-dns" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name labels = { "app" = "technitium" } @@ -162,7 +162,7 @@ resource "kubernetes_service" "technitium-dns" { } module "ingress" { source = "../ingress_factory" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name name = "technitium" tls_secret_name = var.tls_secret_name port = 5380 @@ -185,7 +185,7 @@ module "ingress" { module "ingress-doh" { source = "../ingress_factory" - namespace = "technitium" + namespace = kubernetes_namespace.technitium.metadata[0].name name = "technitium-doh" tls_secret_name = var.tls_secret_name host = "dns" diff --git a/modules/kubernetes/travel_blog/main.tf b/modules/kubernetes/travel_blog/main.tf index e70faec1..067838c4 100644 --- a/modules/kubernetes/travel_blog/main.tf +++ b/modules/kubernetes/travel_blog/main.tf @@ -11,20 +11,20 @@ resource "kubernetes_namespace" "travel-blog" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "travel-blog" + namespace = kubernetes_namespace.travel-blog.metadata[0].name tls_secret_name = var.tls_secret_name } # module "dockerhub_creds" { # source = "../dockerhub_secret" -# namespace = "website" +# namespace = kubernetes_namespace.travel.metadata[0].name # password = var.dockerhub_password # } resource "kubernetes_deployment" "blog" { metadata { name = "travel-blog" - namespace = "travel-blog" + namespace = kubernetes_namespace.travel-blog.metadata[0].name labels = { run = "travel-blog" } @@ -77,7 +77,7 @@ resource "kubernetes_deployment" "blog" { resource "kubernetes_service" "travel-blog" { metadata { name = "travel-blog" - namespace = "travel-blog" + namespace = kubernetes_namespace.travel-blog.metadata[0].name labels = { "run" = "travel-blog" } @@ -107,7 +107,7 @@ resource "kubernetes_service" "travel-blog" { module "ingress" { source = "../ingress_factory" - namespace = "travel-blog" + namespace = kubernetes_namespace.travel-blog.metadata[0].name name = "travel" tls_secret_name = var.tls_secret_name service_name = "travel-blog" diff --git a/modules/kubernetes/tuya-bridge/main.tf b/modules/kubernetes/tuya-bridge/main.tf index 6e461e63..9545ebf7 100644 --- a/modules/kubernetes/tuya-bridge/main.tf +++ b/modules/kubernetes/tuya-bridge/main.tf @@ -15,14 +15,14 @@ resource "kubernetes_namespace" "tuya-bridge" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "tuya-bridge" + namespace = kubernetes_namespace.tuya-bridge.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "tuya-bridge" { metadata { name = "tuya-bridge" - namespace = "tuya-bridge" + namespace = kubernetes_namespace.tuya-bridge.metadata[0].name labels = { app = "tuya-bridge" } @@ -72,7 +72,7 @@ resource "kubernetes_deployment" "tuya-bridge" { resource "kubernetes_service" "tuya-bridge" { metadata { name = "tuya-bridge" - namespace = "tuya-bridge" + namespace = kubernetes_namespace.tuya-bridge.metadata[0].name labels = { "app" = "tuya-bridge" } @@ -92,7 +92,7 @@ resource "kubernetes_service" "tuya-bridge" { module "ingress" { source = "../ingress_factory" - namespace = "tuya-bridge" + namespace = kubernetes_namespace.tuya-bridge.metadata[0].name name = "tuya-bridge" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/uptime-kuma/main.tf b/modules/kubernetes/uptime-kuma/main.tf index ee76a93e..19641350 100644 --- a/modules/kubernetes/uptime-kuma/main.tf +++ b/modules/kubernetes/uptime-kuma/main.tf @@ -1,11 +1,5 @@ variable "tls_secret_name" {} -module "tls_secret" { - source = "../setup_tls_secret" - namespace = "uptime-kuma" - tls_secret_name = var.tls_secret_name -} - resource "kubernetes_namespace" "uptime-kuma" { metadata { name = "uptime-kuma" @@ -15,10 +9,16 @@ resource "kubernetes_namespace" "uptime-kuma" { } } +module "tls_secret" { + source = "../setup_tls_secret" + namespace = kubernetes_namespace.uptime-kuma.metadata[0].name + tls_secret_name = var.tls_secret_name +} + resource "kubernetes_deployment" "uptime-kuma" { metadata { name = "uptime-kuma" - namespace = "uptime-kuma" + namespace = kubernetes_namespace.uptime-kuma.metadata[0].name labels = { app = "uptime-kuma" } @@ -73,7 +73,7 @@ resource "kubernetes_deployment" "uptime-kuma" { resource "kubernetes_service" "uptime-kuma" { metadata { name = "uptime-kuma" - namespace = "uptime-kuma" + namespace = kubernetes_namespace.uptime-kuma.metadata[0].name labels = { "app" = "uptime-kuma" } @@ -91,7 +91,7 @@ resource "kubernetes_service" "uptime-kuma" { } module "ingress" { source = "../ingress_factory" - namespace = "uptime-kuma" + namespace = kubernetes_namespace.uptime-kuma.metadata[0].name name = "uptime" tls_secret_name = var.tls_secret_name service_name = "uptime-kuma" @@ -114,7 +114,7 @@ module "ingress" { # resource "kubernetes_cron_job_v1" "sqlite-backup" { # metadata { # name = "backup" -# namespace = "uptime-kuma" +# namespace = kubernetes_namespace.uptime-kuma.metadata[0].name # } # spec { # concurrency_policy = "Replace" diff --git a/modules/kubernetes/url-shortener/main.tf b/modules/kubernetes/url-shortener/main.tf index e781fa83..157844e8 100644 --- a/modules/kubernetes/url-shortener/main.tf +++ b/modules/kubernetes/url-shortener/main.tf @@ -23,14 +23,14 @@ resource "kubernetes_namespace" "shlink" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_secret" "mysql_config" { metadata { name = "mysql-config" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" } @@ -48,12 +48,12 @@ resource "kubernetes_secret" "mysql_config" { # kind: MysqlUser # metadata: # name: shlink -# namespace: url +# namespace = kubernetes_namespace.shlink.metadata[0].name # spec: # user: shlink # clusterRef: # name: mysql-cluster -# namespace: dbaas +# namespace = kubernetes_namespace.shlink.metadata[0].name # password: # name: mysql-config # key: password @@ -74,7 +74,7 @@ resource "kubernetes_secret" "mysql_config" { resource "kubernetes_deployment" "shlink" { metadata { name = "shlink" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name labels = { run = "shlink" } @@ -152,7 +152,7 @@ resource "kubernetes_deployment" "shlink" { resource "kubernetes_service" "shlink" { metadata { name = "shlink" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name labels = { "run" = "shlink" } @@ -172,7 +172,7 @@ resource "kubernetes_service" "shlink" { module "ingress" { source = "../ingress_factory" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name name = "url" service_name = "shlink" tls_secret_name = var.tls_secret_name @@ -192,7 +192,7 @@ module "ingress" { resource "kubernetes_config_map" "shlink-web" { metadata { name = "shlink-web-servers" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -211,7 +211,7 @@ resource "kubernetes_config_map" "shlink-web" { resource "kubernetes_deployment" "shlink-web" { metadata { name = "shlink-web" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name labels = { run = "shlink-web" } @@ -269,7 +269,7 @@ resource "kubernetes_deployment" "shlink-web" { resource "kubernetes_service" "shlink-web" { metadata { name = "shlink-web" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name labels = { "run" = "shlink-web" } @@ -289,7 +289,7 @@ resource "kubernetes_service" "shlink-web" { module "ingress-web" { source = "../ingress_factory" - namespace = "url" + namespace = kubernetes_namespace.shlink.metadata[0].name name = "shlink" service_name = "shlink-web" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/vault/main.tf b/modules/kubernetes/vault/main.tf index 8839a717..4f2bde8a 100644 --- a/modules/kubernetes/vault/main.tf +++ b/modules/kubernetes/vault/main.tf @@ -11,7 +11,7 @@ resource "kubernetes_namespace" "vault" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "vault" + namespace = kubernetes_namespace.vault.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -33,8 +33,8 @@ resource "kubernetes_persistent_volume" "vault_data" { } } -resource "helm_release" "prometheus" { - namespace = "vault" +resource "helm_release" "vault" { + namespace = kubernetes_namespace.vault.metadata[0].name create_namespace = true name = "vault" @@ -48,7 +48,7 @@ resource "helm_release" "prometheus" { module "ingress" { source = "../ingress_factory" - namespace = "vault" + namespace = kubernetes_namespace.vault.metadata[0].name name = "vault" service_name = "vault-ui" port = 8200 diff --git a/modules/kubernetes/vaultwarden/main.tf b/modules/kubernetes/vaultwarden/main.tf index 7d053959..62214392 100644 --- a/modules/kubernetes/vaultwarden/main.tf +++ b/modules/kubernetes/vaultwarden/main.tf @@ -12,14 +12,14 @@ resource "kubernetes_namespace" "vaultwarden" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "vaultwarden" + namespace = kubernetes_namespace.vaultwarden.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "vaultwarden" { metadata { name = "vaultwarden" - namespace = "vaultwarden" + namespace = kubernetes_namespace.vaultwarden.metadata[0].name labels = { app = "vaultwarden" } @@ -104,7 +104,7 @@ resource "kubernetes_deployment" "vaultwarden" { resource "kubernetes_service" "vaultwarden" { metadata { name = "vaultwarden" - namespace = "vaultwarden" + namespace = kubernetes_namespace.vaultwarden.metadata[0].name labels = { "app" = "vaultwarden" } @@ -124,7 +124,7 @@ resource "kubernetes_service" "vaultwarden" { module "ingress" { source = "../ingress_factory" - namespace = "vaultwarden" + namespace = kubernetes_namespace.vaultwarden.metadata[0].name name = "vaultwarden" tls_secret_name = var.tls_secret_name rybbit_site_id = "b8fc85e18683" diff --git a/modules/kubernetes/vikunja/main.tf b/modules/kubernetes/vikunja/main.tf index 6cf326f2..15360429 100644 --- a/modules/kubernetes/vikunja/main.tf +++ b/modules/kubernetes/vikunja/main.tf @@ -8,14 +8,14 @@ resource "kubernetes_namespace" "vikunja" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "vikunja" + namespace = kubernetes_namespace.vikunja.metadata[0].name tls_secret_name = var.tls_secret_name } resource "kubernetes_deployment" "vikunja" { metadata { name = "vikunja" - namespace = "vikunja" + namespace = kubernetes_namespace.vikunja.metadata[0].name labels = { app = "vikunja" } @@ -154,7 +154,7 @@ resource "kubernetes_deployment" "vikunja" { resource "kubernetes_service" "vikunja" { metadata { name = "vikunja" - namespace = "vikunja" + namespace = kubernetes_namespace.vikunja.metadata[0].name labels = { "app" = "vikunja" } @@ -176,7 +176,7 @@ resource "kubernetes_service" "vikunja" { resource "kubernetes_service" "api" { metadata { name = "api" - namespace = "vikunja" + namespace = kubernetes_namespace.vikunja.metadata[0].name labels = { "app" = "vikunja" } @@ -198,7 +198,7 @@ resource "kubernetes_service" "api" { resource "kubernetes_ingress_v1" "vikunja" { metadata { name = "vikunja" - namespace = "vikunja" + namespace = kubernetes_namespace.vikunja.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" } diff --git a/modules/kubernetes/wealthfolio/main.tf b/modules/kubernetes/wealthfolio/main.tf index 6a64417d..30c146d0 100644 --- a/modules/kubernetes/wealthfolio/main.tf +++ b/modules/kubernetes/wealthfolio/main.tf @@ -19,7 +19,7 @@ resource "kubernetes_namespace" "wealthfolio" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "wealthfolio" + namespace = kubernetes_namespace.wealthfolio.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -31,7 +31,7 @@ resource "random_string" "random" { resource "kubernetes_deployment" "wealthfolio" { metadata { name = "wealthfolio" - namespace = "wealthfolio" + namespace = kubernetes_namespace.wealthfolio.metadata[0].name labels = { app = "wealthfolio" } @@ -100,7 +100,7 @@ resource "kubernetes_deployment" "wealthfolio" { resource "kubernetes_service" "wealthfolio" { metadata { name = "wealthfolio" - namespace = "wealthfolio" + namespace = kubernetes_namespace.wealthfolio.metadata[0].name labels = { "app" = "wealthfolio" } @@ -120,7 +120,7 @@ resource "kubernetes_service" "wealthfolio" { module "ingress" { source = "../ingress_factory" - namespace = "wealthfolio" + namespace = kubernetes_namespace.wealthfolio.metadata[0].name name = "wealthfolio" tls_secret_name = var.tls_secret_name protected = true diff --git a/modules/kubernetes/webhook_handler/main.tf b/modules/kubernetes/webhook_handler/main.tf index 7af21d5e..b670285f 100644 --- a/modules/kubernetes/webhook_handler/main.tf +++ b/modules/kubernetes/webhook_handler/main.tf @@ -16,7 +16,7 @@ resource "kubernetes_namespace" "webhook-handler" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -40,7 +40,7 @@ resource "kubernetes_cluster_role_binding" "update_deployment_binding" { subject { kind = "ServiceAccount" name = "default" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name } role_ref { @@ -54,7 +54,7 @@ resource "kubernetes_cluster_role_binding" "update_deployment_binding" { resource "kubernetes_secret" "ssh-key" { metadata { name = "ssh-key" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -68,7 +68,7 @@ resource "kubernetes_secret" "ssh-key" { resource "kubernetes_deployment" "webhook_handler" { metadata { name = "webhook-handler" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name labels = { app = "webhook-handler" } @@ -170,7 +170,7 @@ resource "kubernetes_deployment" "webhook_handler" { resource "kubernetes_service" "webhook_handler" { metadata { name = "webhook-handler" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name labels = { "app" = "webhook-handler" } @@ -190,7 +190,7 @@ resource "kubernetes_service" "webhook_handler" { resource "kubernetes_ingress_v1" "webhook_handler" { metadata { name = "webhook-handler-ingress" - namespace = "webhook-handler" + namespace = kubernetes_namespace.webhook-handler.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" } diff --git a/modules/kubernetes/wireguard/main.tf b/modules/kubernetes/wireguard/main.tf index c1b69b34..8b3c577a 100644 --- a/modules/kubernetes/wireguard/main.tf +++ b/modules/kubernetes/wireguard/main.tf @@ -5,7 +5,7 @@ variable "wg_0_key" {} module "tls_secret" { source = "../setup_tls_secret" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -17,7 +17,7 @@ resource "kubernetes_namespace" "wireguard" { resource "kubernetes_config_map" "wg_0_conf" { metadata { name = "wg0-conf" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name labels = { app = "wireguard" @@ -36,7 +36,7 @@ resource "kubernetes_config_map" "wg_0_conf" { resource "kubernetes_secret" "wg_0_key" { metadata { name = "wg0-key" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name annotations = { "reloader.stakater.com/match" = "true" @@ -54,7 +54,7 @@ resource "kubernetes_secret" "wg_0_key" { resource "kubernetes_deployment" "wireguard" { metadata { name = "wireguard" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name labels = { app = "wireguard" } @@ -177,7 +177,7 @@ resource "kubernetes_deployment" "wireguard" { resource "kubernetes_service" "wireguard" { metadata { name = "wireguard" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name annotations = { "metallb.universe.tf/allow-shared-ip" = "shared" } @@ -203,7 +203,7 @@ resource "kubernetes_service" "wireguard" { resource "kubernetes_service" "wireguard_exporter" { metadata { name = "wireguard-exporter" - namespace = "wireguard" + namespace = kubernetes_namespace.wireguard.metadata[0].name labels = { "app" = "wireguard-exporter" } diff --git a/modules/kubernetes/xray/main.tf b/modules/kubernetes/xray/main.tf index 6b12c596..1234c0bf 100644 --- a/modules/kubernetes/xray/main.tf +++ b/modules/kubernetes/xray/main.tf @@ -11,7 +11,7 @@ variable "xray_reality_short_ids" { type = list(string) } module "tls_secret" { source = "../setup_tls_secret" - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -24,7 +24,7 @@ resource "kubernetes_namespace" "xray" { resource "kubernetes_config_map" "xray_config" { metadata { name = "xray-config" - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name labels = { app = "xray" @@ -46,7 +46,7 @@ resource "kubernetes_config_map" "xray_config" { resource "kubernetes_deployment" "xray" { metadata { name = "xray" - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name labels = { app = "xray" } @@ -131,7 +131,7 @@ resource "kubernetes_deployment" "xray" { resource "kubernetes_service" "xray" { metadata { name = "xray" - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name labels = { "app" = "xray" } @@ -162,7 +162,7 @@ resource "kubernetes_service" "xray" { resource "kubernetes_service" "xray-reality" { metadata { name = "xray-reality" - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name labels = { "app" = "xray" } @@ -183,7 +183,7 @@ resource "kubernetes_service" "xray-reality" { resource "kubernetes_ingress_v1" "ingress" { metadata { - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name name = "xray" annotations = { "kubernetes.io/ingress.class" = "nginx" @@ -219,7 +219,7 @@ resource "kubernetes_ingress_v1" "ingress" { resource "kubernetes_ingress_v1" "ingress-grpc" { metadata { - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name name = "xray-grpc" annotations = { "kubernetes.io/ingress.class" = "nginx" @@ -257,7 +257,7 @@ resource "kubernetes_ingress_v1" "ingress-grpc" { resource "kubernetes_ingress_v1" "ingress-vless" { metadata { - namespace = "xray" + namespace = kubernetes_namespace.xray.metadata[0].name name = "xray-vless" annotations = { "kubernetes.io/ingress.class" = "nginx" diff --git a/modules/kubernetes/youtube_dl/main.tf b/modules/kubernetes/youtube_dl/main.tf index ff84e5d6..0693de7f 100644 --- a/modules/kubernetes/youtube_dl/main.tf +++ b/modules/kubernetes/youtube_dl/main.tf @@ -11,7 +11,7 @@ resource "kubernetes_namespace" "ytdlp" { module "tls_secret" { source = "../setup_tls_secret" - namespace = "ytdlp" + namespace = kubernetes_namespace.ytdlp.metadata[0].name tls_secret_name = var.tls_secret_name } @@ -19,7 +19,7 @@ resource "kubernetes_deployment" "ytdlp" { # resource "kubernetes_daemonset" "technitium" { metadata { name = "ytdlp" - namespace = "ytdlp" + namespace = kubernetes_namespace.ytdlp.metadata[0].name labels = { app = "ytdlp" } @@ -97,7 +97,7 @@ resource "kubernetes_deployment" "ytdlp" { resource "kubernetes_service" "ytdlp" { metadata { name = "ytdlp" - namespace = "ytdlp" + namespace = kubernetes_namespace.ytdlp.metadata[0].name labels = { "app" = "ytdlp" } @@ -117,7 +117,7 @@ resource "kubernetes_service" "ytdlp" { } module "ingress" { source = "../ingress_factory" - namespace = "ytdlp" + namespace = kubernetes_namespace.ytdlp.metadata[0].name name = "ytdlp" tls_secret_name = var.tls_secret_name host = "yt" diff --git a/terraform.tfstate b/terraform.tfstate index c3825fc0..5b056f64 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 599fe477..6c4b31d9 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ