Skip to content

Commit 90c7a02

Browse files
moabumoabu
committed
feat: add tf fargate eks
1 parent 3314c38 commit 90c7a02

25 files changed

+4639
-0
lines changed

demos/terraform-gluu-flex-eks-fargate/.gitignore

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
.terraform
2+
.terraform.lock.hcl
3+
.idea

demos/terraform-gluu-flex-eks-fargate/CHANGELOG.md

+15
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# Changelog
2+
3+
## 0.1.0 (2023-01-23)
4+
5+
6+
### Features
7+
8+
* initial structure ([40ccd10](https://github.com/techtative/terraform-gluu-flex-eks-fargate/commit/40ccd107f46ca0f898a36e38c6a14bf55ad4caa0))
9+
* initial structure ([40ccd10](https://github.com/techtative/terraform-gluu-flex-eks-fargate/commit/40ccd107f46ca0f898a36e38c6a14bf55ad4caa0))
10+
11+
12+
### Bug Fixes
13+
14+
* remove update lb ip script ([a8794f4](https://github.com/techtative/terraform-gluu-flex-eks-fargate/commit/a8794f49d624c100c0dd777d112ca6214a7573d9))
15+
* variable name and formate ([df4751c](https://github.com/techtative/terraform-gluu-flex-eks-fargate/commit/df4751ce0007c5d650709f59dd77f7581f9fc5b9))

demos/terraform-gluu-flex-eks-fargate/app-admin-ui.tf

+273
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,273 @@
1+
2+
resource "kubernetes_deployment" "admin_ui" {
3+
4+
count = var.enable_admin_ui ? 1 : 0
5+
6+
// wait for both config jobs to finish
7+
depends_on = [kubernetes_job.persistence]
8+
9+
metadata {
10+
name = "janssen-admin-ui"
11+
namespace = var.namespace
12+
labels = {
13+
app = "admin-ui"
14+
APP_NAME = "janssen-admin-ui"
15+
16+
# {{ include "admin-ui.labels" . | indent 4 }}
17+
# {{- if .Values.additionalLabels }}
18+
# {{ toYaml .Values.additionalLabels | indent 4 }}
19+
# {{- end }}
20+
}
21+
22+
#{{- if .Values.additionalAnnotations }}
23+
# annotations {
24+
#{{ toYaml .Values.additionalAnnotations | indent 4 }}
25+
# }
26+
#{{- end }}
27+
28+
}
29+
30+
spec {
31+
32+
replicas = var.admin_ui_replicas
33+
34+
selector {
35+
match_labels = {
36+
app = "admin-ui"
37+
}
38+
}
39+
40+
template {
41+
42+
metadata {
43+
labels = {
44+
app = "admin-ui"
45+
APP_NAME = "janssen-admin-ui"
46+
}
47+
}
48+
49+
spec {
50+
51+
# dns_policy = "${dns_policy}"
52+
# {{- with .Values.dnsConfig }}
53+
# dns_config {
54+
# {{ toYaml . | indent 8 }}
55+
# }
56+
# {{- end }}
57+
58+
container {
59+
name = "janssen-admin-ui"
60+
image_pull_policy = "IfNotPresent"
61+
image = "${var.admin_ui_image}:${var.admin_ui_version}"
62+
63+
security_context {
64+
run_as_user = 1000
65+
run_as_non_root = true
66+
allow_privilege_escalation = false
67+
}
68+
69+
port {
70+
name = "http-admin-ui"
71+
protocol = "TCP"
72+
container_port = 8080
73+
}
74+
75+
# env {
76+
# {{- include "admin-ui.usr-envs" . | indent 12 }}
77+
# {{- include "admin-ui.usr-secret-envs" . | indent 12 }}
78+
# }
79+
80+
env_from {
81+
config_map_ref {
82+
name = kubernetes_config_map.janssen_config.metadata[0].name
83+
}
84+
85+
#{{ if .Values.global.usrEnvs.secret }}
86+
# secret_ref {
87+
# name = "janssen-global-user-custom-envs"
88+
# }
89+
#{{ end }}
90+
91+
#{{ if .Values.global.usrEnvs.normal }}
92+
# config_map_ref {
93+
# name = "janssen-global-user-custom-envs"
94+
# }
95+
#{{ end }}
96+
}
97+
98+
# volume_mount {
99+
# {{- with .Values.volumeMounts }}
100+
# {{- toYaml . | nindent 10 }}
101+
# {{- end }}
102+
# {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
103+
# - mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
104+
# name: aws-shared-credential-file
105+
# subPath: aws_shared_credential_file
106+
# - mountPath: {{ .Values.global.cnAwsConfigFile }}
107+
# name: aws-config-file
108+
# subPath: aws_config_file
109+
# - mountPath: {{ .Values.global.cnAwsSecretsReplicaRegionsFile }}
110+
# name: aws-secrets-replica-regions
111+
# subPath: aws_secrets_replica_regions
112+
# {{- end }}
113+
# {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }}
114+
# - mountPath: {{ .Values.global.cnGoogleApplicationCredentials }}
115+
# name: google-sa
116+
# subPath: google-credentials.json
117+
# {{- end }}
118+
119+
# {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}
120+
# {{- if not .Values.global.istio.enabled }}
121+
# - name: cb-crt
122+
# mountPath: "/etc/certs/couchbase.crt"
123+
# subPath: couchbase.crt
124+
# {{- end }}
125+
# {{- end }}
126+
# }
127+
128+
resources {
129+
limits = {
130+
cpu = "2500m"
131+
memory = "2500Mi"
132+
}
133+
requests = {
134+
cpu = "2500m"
135+
memory = "2500Mi"
136+
}
137+
}
138+
139+
liveness_probe {
140+
tcp_socket {
141+
port = 8080
142+
}
143+
initial_delay_seconds = 60
144+
timeout_seconds = 5
145+
period_seconds = 25
146+
failure_threshold = 20
147+
}
148+
149+
readiness_probe {
150+
tcp_socket {
151+
port = 8080
152+
}
153+
initial_delay_seconds = 60
154+
timeout_seconds = 5
155+
period_seconds = 25
156+
failure_threshold = 20
157+
}
158+
}
159+
160+
# volume {
161+
# {{- with .Values.volumes }}
162+
# {{- toYaml . | nindent 8 }}
163+
# {{- end }}
164+
165+
# {{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
166+
# - name: aws-shared-credential-file
167+
# secret:
168+
# secretName: janssen-aws-config-creds
169+
# items:
170+
# - key: aws_shared_credential_file
171+
# path: aws_shared_credential_file
172+
# - name: aws-config-file
173+
# secret:
174+
# secretName: janssen-aws-config-creds
175+
# items:
176+
# - key: aws_config_file
177+
# path: aws_config_file
178+
# - name: aws-secrets-replica-regions
179+
# secret:
180+
# secretName: janssen-aws-config-creds
181+
# items:
182+
# - key: aws_secrets_replica_regions
183+
# path: aws_secrets_replica_regions
184+
# {{- end }}
185+
186+
# {{ if or (eq .Values.global.configSecretAdapter "google") (eq .Values.global.cnPersistenceType "spanner") }}
187+
# - name: google-sa
188+
# secret:
189+
# secretName: janssen-google-sa
190+
# {{- end }}
191+
192+
# {{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}
193+
# {{- if not .Values.global.istio.enabled }}
194+
# - name: cb-crt
195+
# secret:
196+
# secretName: janssen-cb-crt
197+
# {{- end }}
198+
# {{- end }}
199+
200+
# }
201+
202+
# host_aliases {
203+
# ip = "${ Values.global.lbIp }"
204+
# hostnames = [
205+
# "${ Values.global.fqdn }"
206+
# ]
207+
# }
208+
}
209+
}
210+
211+
}
212+
}
213+
214+
resource "kubernetes_service_v1" "admin_ui" {
215+
216+
count = var.enable_admin_ui ? 1 : 0
217+
218+
depends_on = [
219+
kubernetes_deployment.admin_ui
220+
]
221+
222+
metadata {
223+
name = "admin-ui-svc"
224+
namespace = var.namespace
225+
}
226+
227+
spec {
228+
type = "NodePort"
229+
selector = {
230+
app = "admin-ui"
231+
}
232+
233+
port {
234+
port = 80
235+
name = "http"
236+
target_port = "http-admin-ui"
237+
}
238+
}
239+
240+
}
241+
242+
resource "kubernetes_ingress_v1" "admin_ui" {
243+
244+
count = var.enable_admin_ui ? 1 : 0
245+
246+
metadata {
247+
name = "admin-ui-ing"
248+
namespace = var.namespace
249+
}
250+
251+
spec {
252+
253+
ingress_class_name = "nginx"
254+
255+
rule {
256+
# host = var.fqdn
257+
http {
258+
path {
259+
path = "/admin"
260+
backend {
261+
service {
262+
name = kubernetes_service_v1.admin_ui[0].metadata[0].name
263+
port {
264+
number = kubernetes_service_v1.admin_ui[0].spec[0].port[0].port
265+
}
266+
}
267+
}
268+
}
269+
}
270+
}
271+
}
272+
273+
}

0 commit comments

Comments
 (0)