b242b7586d
Added `tier = var.tier` to kubernetes_namespace labels in ~73 service modules. This enables Kyverno to generate LimitRange defaults, ResourceQuotas, and PriorityClass injection for all namespaces. Previously only 11 namespaces had tier labels; now all 80 active namespaces are labeled. All pods restarted in rolling waves to pick up the new policies.
217 lines
4.7 KiB
HCL
217 lines
4.7 KiB
HCL
variable "tls_secret_name" {}
|
|
variable "tier" { type = string }
|
|
variable "postgresql_password" {}
|
|
variable "smtp_password" { type = string }
|
|
|
|
resource "kubernetes_namespace" "affine" {
|
|
metadata {
|
|
name = "affine"
|
|
labels = {
|
|
tier = var.tier
|
|
}
|
|
}
|
|
}
|
|
|
|
module "tls_secret" {
|
|
source = "../setup_tls_secret"
|
|
namespace = kubernetes_namespace.affine.metadata[0].name
|
|
tls_secret_name = var.tls_secret_name
|
|
}
|
|
|
|
locals {
|
|
common_env = [
|
|
{
|
|
name = "DATABASE_URL"
|
|
value = "postgresql://affine:${var.postgresql_password}@postgresql.dbaas.svc.cluster.local:5432/affine"
|
|
},
|
|
{
|
|
name = "REDIS_SERVER_HOST"
|
|
value = "redis.redis.svc.cluster.local"
|
|
},
|
|
{
|
|
name = "AFFINE_INDEXER_ENABLED"
|
|
value = "false"
|
|
},
|
|
{
|
|
name = "NODE_OPTIONS"
|
|
value = "--max-old-space-size=4096"
|
|
},
|
|
# Server URL configuration
|
|
{
|
|
name = "AFFINE_SERVER_EXTERNAL_URL"
|
|
value = "https://affine.viktorbarzin.me"
|
|
},
|
|
{
|
|
name = "AFFINE_SERVER_HTTPS"
|
|
value = "true"
|
|
},
|
|
# Email/SMTP configuration
|
|
{
|
|
name = "MAILER_HOST"
|
|
value = "mailserver.viktorbarzin.me"
|
|
},
|
|
{
|
|
name = "MAILER_PORT"
|
|
value = "587"
|
|
},
|
|
{
|
|
name = "MAILER_USER"
|
|
value = "info@viktorbarzin.me"
|
|
},
|
|
{
|
|
name = "MAILER_PASSWORD"
|
|
value = var.smtp_password
|
|
},
|
|
{
|
|
name = "MAILER_SENDER"
|
|
value = "AFFiNE <info@viktorbarzin.me>"
|
|
},
|
|
]
|
|
}
|
|
|
|
resource "kubernetes_deployment" "affine" {
|
|
metadata {
|
|
name = "affine"
|
|
namespace = kubernetes_namespace.affine.metadata[0].name
|
|
labels = {
|
|
app = "affine"
|
|
tier = var.tier
|
|
}
|
|
}
|
|
spec {
|
|
replicas = 1
|
|
selector {
|
|
match_labels = {
|
|
app = "affine"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "affine"
|
|
}
|
|
}
|
|
spec {
|
|
# Init container to run database migrations
|
|
init_container {
|
|
name = "migration"
|
|
image = "ghcr.io/toeverything/affine:stable"
|
|
command = ["sh", "-c", "npx prisma migrate deploy && SERVER_FLAVOR=script node ./dist/main.js run"]
|
|
|
|
dynamic "env" {
|
|
for_each = local.common_env
|
|
content {
|
|
name = env.value.name
|
|
value = env.value.value
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
name = "data"
|
|
mount_path = "/root/.affine/storage"
|
|
sub_path = "storage"
|
|
}
|
|
volume_mount {
|
|
name = "data"
|
|
mount_path = "/root/.affine/config"
|
|
sub_path = "config"
|
|
}
|
|
}
|
|
|
|
container {
|
|
name = "affine"
|
|
image = "ghcr.io/toeverything/affine:stable"
|
|
|
|
port {
|
|
container_port = 3010
|
|
}
|
|
|
|
dynamic "env" {
|
|
for_each = local.common_env
|
|
content {
|
|
name = env.value.name
|
|
value = env.value.value
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
name = "data"
|
|
mount_path = "/root/.affine/storage"
|
|
sub_path = "storage"
|
|
}
|
|
volume_mount {
|
|
name = "data"
|
|
mount_path = "/root/.affine/config"
|
|
sub_path = "config"
|
|
}
|
|
|
|
resources {
|
|
requests = {
|
|
memory = "512Mi"
|
|
cpu = "100m"
|
|
}
|
|
limits = {
|
|
memory = "4Gi"
|
|
cpu = "2"
|
|
}
|
|
}
|
|
|
|
liveness_probe {
|
|
http_get {
|
|
path = "/info"
|
|
port = 3010
|
|
}
|
|
initial_delay_seconds = 120
|
|
period_seconds = 30
|
|
timeout_seconds = 10
|
|
}
|
|
readiness_probe {
|
|
http_get {
|
|
path = "/info"
|
|
port = 3010
|
|
}
|
|
initial_delay_seconds = 60
|
|
period_seconds = 10
|
|
timeout_seconds = 5
|
|
}
|
|
}
|
|
volume {
|
|
name = "data"
|
|
nfs {
|
|
server = "10.0.10.15"
|
|
path = "/mnt/main/affine"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_service" "affine" {
|
|
metadata {
|
|
name = "affine"
|
|
namespace = kubernetes_namespace.affine.metadata[0].name
|
|
labels = {
|
|
app = "affine"
|
|
}
|
|
}
|
|
|
|
spec {
|
|
selector = {
|
|
app = "affine"
|
|
}
|
|
port {
|
|
name = "http"
|
|
port = 80
|
|
target_port = 3010
|
|
}
|
|
}
|
|
}
|
|
|
|
module "ingress" {
|
|
source = "../ingress_factory"
|
|
namespace = kubernetes_namespace.affine.metadata[0].name
|
|
name = "affine"
|
|
tls_secret_name = var.tls_secret_name
|
|
max_body_size = "500m"
|
|
}
|