From 6e11bfd59ee0c45e3469e458ca7116f5dc46a5c3 Mon Sep 17 00:00:00 2001 From: erik Date: Wed, 9 Aug 2023 16:08:46 +0200 Subject: [PATCH] [Skip-CI] Add secrets and configmaps, add section comments --- src/main/resources/taiga/taiga-deployment.yml | 230 +++--------------- 1 file changed, 30 insertions(+), 200 deletions(-) diff --git a/src/main/resources/taiga/taiga-deployment.yml b/src/main/resources/taiga/taiga-deployment.yml index 6cdaa15..335c710 100644 --- a/src/main/resources/taiga/taiga-deployment.yml +++ b/src/main/resources/taiga/taiga-deployment.yml @@ -14,7 +14,8 @@ spec: labels: app: taiga spec: - initContainers: # ToDo: add commands to create admin user + #################### Init ######################## + initContainers: - name: taiga-manage image: taigaio/taiga-back:latest imagePullPolicy: IfNotPresent @@ -38,9 +39,9 @@ spec: - secretRef: name: taiga-rabbitmq-secret env: - - name: POSTGRES_USER # ToDo: does taiga need a specific postgres version? Maybe test this - valueFrom: - secretKeyRef: + - name: POSTGRES_USER # ToDo: Does taiga need a specific postgres version? Maybe test this + valueFrom: # ToDo: How do i reach a container from another container? + secretKeyRef: # ToDo: maybe generate container URLs at c4k level? name: postgres-secret key: postgres-user - name: POSTGRES_PASSWORD @@ -59,7 +60,9 @@ spec: value: 5432 - name: CELERY_ENABLED value: false - containers: # ToDo: Research hostname, network and dependsOn keywords of docker compose and find functional translation for kubernetes + #################### Containers ######################## + containers: # ToDo: Research dependsOn keyword of docker compose and find functional translation for kubernetes + ### taiga-back - name: taiga-back image: taigaio/taiga-back:latest imagePullPolicy: IfNotPresent @@ -78,7 +81,7 @@ spec: - secretRef: name: taiga-back-secret - secretRef: - name: taiga-rabbitmq-secret + name: taiga-rabbitmq-secret env: - name: POSTGRES_USER valueFrom: @@ -99,6 +102,7 @@ spec: value: "postgresql-service" - name: POSTGRES_PORT value: 5432 + ### taiga-async - name: taiga-async image: taigaio/taiga-back:latest imagePullPolicy: IfNotPresent @@ -139,7 +143,8 @@ spec: value: "postgresql-service" - name: POSTGRES_PORT value: 5432 - - name: taiga-async-rabbitmq # ToDo: Rabbitmq uses a hostname KW in docker-compose. Whats the equivalent expression in kubernetes? + ### taiga-async-rabbitmq + - name: taiga-async-rabbitmq image: rabbitmq:3.8-management-alpine imagePullPolicy: IfNotPresent ports: @@ -156,6 +161,7 @@ spec: value: ERLANG_COOKIE_VALUE - name: RABBITMQ_DEFAULT_VHOST value: RABBITMQ_VHOST + ### taiga-front - name: taiga-front image: taigaio/taiga-front:latest imagePullPolicy: IfNotPresent @@ -168,19 +174,21 @@ spec: value: WEBSOCKETS_SCHEME://TAIGA_DOMAIN - name: TAIGA_SUBPATH value: SUBPATH + ### taiga-events - name: taiga-events image: taigaio/taiga-events:latest imagePullPolicy: IfNotPresent ports: - containerPort: 80 - env: - - name: RABBITMQ_USER - value: RABBITMQ_USER_VALUE - - name: RABBITMQ_PASS - value: RABBITMQ_PASS_VALUE - - name: TAIGA_SECRET_KEY - value: SECRET_KEY_VALUE - - name: taiga-events-rabbitmq # ToDo: Rabbitmq uses a hostname KW in docker-compose. Whats the equivalent expression in kubernetes? + envFrom: # ToDo: check if all vars are needed + - configMapRef: + name: taiga-back-configmap + - secretRef: + name: taiga-back-secret + - secretRef: + name: taiga-rabbitmq-secret + ### taiga-events-rabbitmq + - name: taiga-events-rabbitmq image: rabbitmq:3.8-management-alpine imagePullPolicy: IfNotPresent ports: @@ -189,25 +197,26 @@ spec: - name: taiga-events-rabbitmq-data mountPath: /var/lib/rabbitmq readOnly: false + envFrom: + - secretRef: # ToDo secret key ref + name: taiga-rabbitmq-secret env: - name: RABBITMQ_ERLANG_COOKIE value: ERLANG_COOKIE_VALUE - - name: RABBITMQ_DEFAULT_USER - value: RABBITMQ_USER - - name: RABBITMQ_DEFAULT_PASS - value: RABBITMQ_PASS - name: RABBITMQ_DEFAULT_VHOST value: RABBITMQ_VHOST + ### taiga-protected - name: taiga-protected image: taigaio/taiga-protected:latest imagePullPolicy: IfNotPresent ports: - containerPort: 80 + envFrom: # ToDo secret key ref - secret_key + - secretRef: + name: taiga-back-secret env: - name: MAX_AGE value: ATTACHMENTS_MAX_AGE - - name: SECRET_KEY - value: SECRET_KEY_VALUE # - name: taiga-gateway # ToDo: How to replace the gateway in this setup? volumes: @@ -223,182 +232,3 @@ spec: - name: taiga-events-rabbitmq-data persistentVolumeClaim: claimName: taiga-events-rabbitmq-data - - -x-environment: - &default-back-environment - # These environment variables will be used by taiga-back and taiga-async. - # Database settings - POSTGRES_DB: "taiga" - POSTGRES_USER: "${POSTGRES_USER}" - POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" - POSTGRES_HOST: "taiga-db" - # Taiga settings - TAIGA_SECRET_KEY: "${SECRET_KEY}" - TAIGA_SITES_SCHEME: "${TAIGA_SCHEME}" - TAIGA_SITES_DOMAIN: "${TAIGA_DOMAIN}" - TAIGA_SUBPATH: "${SUBPATH}" - # Email settings. - EMAIL_BACKEND: "django.core.mail.backends.${EMAIL_BACKEND}.EmailBackend" - DEFAULT_FROM_EMAIL: "${EMAIL_DEFAULT_FROM}" - EMAIL_USE_TLS: "${EMAIL_USE_TLS}" - EMAIL_USE_SSL: "${EMAIL_USE_SSL}" - EMAIL_HOST: "${EMAIL_HOST}" - EMAIL_PORT: "${EMAIL_PORT}" - EMAIL_HOST_USER: "${EMAIL_HOST_USER}" - EMAIL_HOST_PASSWORD: "${EMAIL_HOST_PASSWORD}" - # Rabbitmq settings - RABBITMQ_USER: "${RABBITMQ_USER}" - RABBITMQ_PASS: "${RABBITMQ_PASS}" - # Telemetry settings - ENABLE_TELEMETRY: "${ENABLE_TELEMETRY}" - # ...your customizations go here - -x-volumes: - &default-back-volumes - # These volumens will be used by taiga-back and taiga-async. - - taiga-static-data:/taiga-back/static - - taiga-media-data:/taiga-back/media - # - ./config.py:/taiga-back/settings/config.py - -services: - taiga-db: - image: postgres:12.3 - environment: - POSTGRES_DB: "taiga" - POSTGRES_USER: "${POSTGRES_USER}" - POSTGRES_PASSWORD: "${POSTGRES_PASSWORD}" - healthcheck: - test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] - interval: 2s - timeout: 15s - retries: 5 - start_period: 3s - volumes: - - taiga-db-data:/var/lib/postgresql/data - networks: - - taiga - - taiga-back: - image: taigaio/taiga-back:latest - environment: *default-back-environment - volumes: *default-back-volumes - networks: - - taiga - depends_on: - taiga-db: - condition: service_healthy - taiga-events-rabbitmq: - condition: service_healthy - taiga-async-rabbitmq: - condition: service_healthy - - taiga-async: - image: taigaio/taiga-back:latest - entrypoint: ["/taiga-back/docker/async_entrypoint.sh"] - environment: *default-back-environment - volumes: *default-back-volumes - networks: - - taiga - depends_on: - taiga-db: - condition: service_healthy - taiga-events-rabbitmq: - condition: service_healthy - taiga-async-rabbitmq: - condition: service_healthy - - taiga-async-rabbitmq: - image: rabbitmq:3.8-management-alpine - environment: - RABBITMQ_ERLANG_COOKIE: "${RABBITMQ_ERLANG_COOKIE}" - RABBITMQ_DEFAULT_USER: "${RABBITMQ_USER}" - RABBITMQ_DEFAULT_PASS: "${RABBITMQ_PASS}" - RABBITMQ_DEFAULT_VHOST: "${RABBITMQ_VHOST}" - hostname: "taiga-async-rabbitmq" - healthcheck: - test: rabbitmq-diagnostics -q ping - interval: 2s - timeout: 15s - retries: 5 - start_period: 3s - volumes: - - taiga-async-rabbitmq-data:/var/lib/rabbitmq - networks: - - taiga - - taiga-front: - image: taigaio/taiga-front:latest - environment: - TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}" - TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}" - TAIGA_SUBPATH: "${SUBPATH}" - # ...your customizations go here - networks: - - taiga - # volumes: - # - ./conf.json:/usr/share/nginx/html/conf.json - - taiga-events: - image: taigaio/taiga-events:latest - environment: - RABBITMQ_USER: "${RABBITMQ_USER}" - RABBITMQ_PASS: "${RABBITMQ_PASS}" - TAIGA_SECRET_KEY: "${SECRET_KEY}" - networks: - - taiga - depends_on: - taiga-events-rabbitmq: - condition: service_healthy - - taiga-events-rabbitmq: - image: rabbitmq:3.8-management-alpine - environment: - RABBITMQ_ERLANG_COOKIE: "${RABBITMQ_ERLANG_COOKIE}" - RABBITMQ_DEFAULT_USER: "${RABBITMQ_USER}" - RABBITMQ_DEFAULT_PASS: "${RABBITMQ_PASS}" - RABBITMQ_DEFAULT_VHOST: "${RABBITMQ_VHOST}" - hostname: "taiga-events-rabbitmq" - healthcheck: - test: rabbitmq-diagnostics -q ping - interval: 2s - timeout: 15s - retries: 5 - start_period: 3s - volumes: - - taiga-events-rabbitmq-data:/var/lib/rabbitmq - networks: - - taiga - - taiga-protected: - image: taigaio/taiga-protected:latest - environment: - MAX_AGE: "${ATTACHMENTS_MAX_AGE}" - SECRET_KEY: "${SECRET_KEY}" - networks: - - taiga - - taiga-gateway: - image: nginx:1.19-alpine - ports: - - "9000:80" - volumes: - - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf - - taiga-static-data:/taiga/static - - taiga-media-data:/taiga/media - networks: - - taiga - depends_on: - - taiga-front - - taiga-back - - taiga-events - -volumes: - taiga-static-data: - taiga-media-data: - taiga-db-data: - taiga-async-rabbitmq-data: - taiga-events-rabbitmq-data: - -networks: - taiga: