From 807a93d57b65044bca116ae0d887002e461d29cd Mon Sep 17 00:00:00 2001 From: RaviAnand Mohabir Date: Fri, 27 Jan 2023 16:02:36 +0100 Subject: [PATCH] feat: :tada: add Chevereto Terraform Kubernetes module --- main.tf | 221 +++++++++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 9 +++ variables.tf | 151 +++++++++++++++++++++++++++++++++++ 3 files changed, 381 insertions(+) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 variables.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..4887b65 --- /dev/null +++ b/main.tf @@ -0,0 +1,221 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.13.1" + } + } +} + +locals { + match_labels = merge({ + "app.kubernetes.io/name" = "chevereto" + "app.kubernetes.io/instance" = "chevereto" + }, var.match_labels) + labels = merge(local.match_labels, var.labels) +} + +resource "kubernetes_persistent_volume_claim" "chevereto" { + metadata { + name = "chevereto-images" + namespace = var.namespace + } + spec { + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = var.storage_size + } + } + storage_class_name = var.storage_class_name + } +} + +resource "kubernetes_deployment" "chevereto" { + metadata { + name = "chevereto" + namespace = var.namespace + labels = local.labels + } + spec { + replicas = 1 + selector { + match_labels = local.labels + } + template { + metadata { + labels = local.labels + annotations = { + "ravianand.me/config-hash" = sha1(jsonencode(merge( + kubernetes_config_map.chevereto.data, + kubernetes_secret.chevereto.data + ))) + } + } + spec { + container { + image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}" + name = var.container_name + env_from { + config_map_ref { + name = kubernetes_config_map.chevereto.metadata.0.name + } + } + env { + name = "CHEVERETO_DB_PASS" + value_from { + secret_key_ref { + name = kubernetes_secret.chevereto.metadata.0.name + key = "mariadb-password" + } + } + } + env { + name = "CHEVERETO_ASSET_STORAGE_SECRET" + value_from { + secret_key_ref { + name = kubernetes_secret.chevereto.metadata.0.name + key = "s3-secret-key" + } + } + } + port { + name = "http" + container_port = 80 + } + volume_mount { + name = "images" + mount_path = "/var/www/html/images" + } + } + volume { + name = "images" + persistent_volume_claim { + claim_name = "chevereto-images" + } + } + } + } + } +} + +resource "kubernetes_service" "chevereto" { + metadata { + name = var.service_name + namespace = var.namespace + labels = local.labels + } + spec { + type = var.service_type + selector = local.match_labels + port { + name = "http" + port = 80 + target_port = "http" + } + } +} + +resource "kubernetes_cron_job_v1" "chevereto" { + metadata { + name = "chevereto-cron" + namespace = var.namespace + } + spec { + schedule = "* * * * *" + job_template { + metadata { + labels = local.labels + annotations = { + "ravianand.me/config-hash" = sha1(jsonencode(merge( + kubernetes_config_map.chevereto.data, + kubernetes_secret.chevereto.data + ))) + } + } + spec { + template { + metadata { + labels = local.labels + } + spec { + security_context { + run_as_user = 33 + } + container { + image = var.image_registry == "" ? "${var.image_repository}:${var.image_tag}" : "${var.image_registry}/${var.image_repository}:${var.image_tag}" + name = "chevereto-cron" + command = ["app/bin/legacy", "-C", "cron"] + env_from { + config_map_ref { + name = kubernetes_config_map.chevereto.metadata.0.name + } + } + env { + name = "CHEVERETO_DB_PASS" + value_from { + secret_key_ref { + name = kubernetes_secret.chevereto.metadata.0.name + key = "mariadb-password" + } + } + } + env { + name = "CHEVERETO_ASSET_STORAGE_SECRET" + value_from { + secret_key_ref { + name = kubernetes_secret.chevereto.metadata.0.name + key = "s3-secret-key" + } + } + } + volume_mount { + name = "images" + mount_path = "/var/www/html/images" + } + } + volume { + name = "images" + persistent_volume_claim { + claim_name = "chevereto-images" + } + } + } + } + } + } + } +} + +resource "kubernetes_secret" "chevereto" { + metadata { + name = "chevereto" + namespace = var.namespace + } + data = { + "mariadb-password" = var.mariadb_password + "s3-secret-key" = var.s3_secret_key + } +} + +resource "kubernetes_config_map" "chevereto" { + metadata { + name = "chevereto" + namespace = var.namespace + } + data = { + "CHEVERETO_DB_HOST" = var.mariadb_host + "CHEVERETO_DB_USER" = var.mariadb_user + "CHEVERETO_DB_PORT" = var.mariadb_port + "CHEVERETO_DB_NAME" = var.mariadb_database + "CHEVERETO_HOSTNAME" = var.host + "CHEVERETO_HOSTNAME_PATH" = var.host_path + "CHEVERETO_HTTPS" = var.https ? 1 : 0 + "CHEVERETO_ASSET_STORAGE_TYPE" = var.enable_s3 ? "s3" : "local" + "CHEVERETO_ASSET_STORAGE_BUCKET" = var.s3_bucket + "CHEVERETO_ASSET_STORAGE_REGION" = var.s3_region + "CHEVERETO_ASSET_STORAGE_SERVER" = var.s3_host + "CHEVERETO_ASSET_STORAGE_URL" = var.s3_url + "CHEVERETO_ASSET_STORAGE_KEY" = var.s3_access_key + } +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..d319596 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,9 @@ +output "service_name" { + description = "Service name for Chevereto deployment" + value = kubernetes_service.chevereto.metadata.0.name +} + +output "service_port" { + description = "Port exposed by the service" + value = kubernetes_service.chevereto.spec.0.port.0.name +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..6255240 --- /dev/null +++ b/variables.tf @@ -0,0 +1,151 @@ +variable "namespace" { + description = "Namespace where Chevereto is deployed" + type = string + default = "default" +} + +variable "image_registry" { + description = "Image registry, e.g. gcr.io, docker.io" + type = string + default = "ghcr.io" +} + +variable "image_repository" { + description = "Image to start for this pod" + type = string + default = "chevereto/chevereto" +} + +variable "image_tag" { + description = "Image tag to use" + type = string + default = "4.0" +} + +variable "container_name" { + description = "Name of the Chevereto container" + type = string + default = "chevereto" +} + +variable "match_labels" { + description = "Match labels to add to the Chevereto deployment, will be merged with labels" + type = map(any) + default = {} +} + +variable "labels" { + description = "Labels to add to the Chevereto deployment" + type = map(any) + default = {} +} + +variable "storage_size" { + description = "Storage size for the Chevereto PVC" + type = string + default = "10Gi" +} + +variable "storage_class_name" { + description = "Storage class to use for PVCs" + type = string + default = "" +} + +variable "mariadb_host" { + description = "MariaDB or MySQL hostname" + type = string +} + +variable "mariadb_user" { + description = "User for database" + type = string +} + +variable "mariadb_password" { + description = "Password for database" + type = string +} + +variable "mariadb_port" { + description = "Port for MariaDB or MySQL" + type = number + default = 3306 +} + +variable "mariadb_database" { + description = "Database to use" + type = string +} + +variable "host" { + description = "Public facing hostname for Chevereto" + type = string + default = "localhost:80" +} + +variable "host_path" { + description = "Subpath for Chevereto" + type = string + default = "/" +} + +variable "https" { + description = "Is Chevereto deployed under HTTPS" + type = bool + default = true +} + +variable "enable_s3" { + description = "Whether S3 storage should be enabled" + type = bool + default = true +} + +variable "s3_bucket" { + description = "Bucket name for S3 storage" + type = string + default = "" +} + +variable "s3_region" { + description = "S3 storage region" + type = string + default = "us-west-2" +} + +variable "s3_host" { + description = "S3 host" + type = string + default = "" +} + +variable "s3_url" { + description = "Bucket URL for S3, including the bucket path e.g. /bucket" + type = string + default = "" +} + +variable "s3_access_key" { + description = "S3 access key" + type = string + default = "" +} + +variable "s3_secret_key" { + description = "S3 secret key" + type = string + default = "" +} + +variable "service_name" { + description = "Name of service to deploy" + type = string + default = "chevereto" +} + +variable "service_type" { + description = "Type of service to deploy" + type = string + default = "ClusterIP" +}