Compare commits
7 Commits
7d6bcbe742
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 448d1d1772 | |||
| 4c057f44ba | |||
| c748e71a91 | |||
| 41a687a5ab | |||
| 16ec931a9a | |||
| 7094fa1cbf | |||
| 2377642bb5 |
10
.drone.yml
10
.drone.yml
@@ -15,7 +15,7 @@ trigger:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: terraform init
|
- name: terraform init
|
||||||
image: hashicorp/terraform:1.1.8
|
image: hashicorp/terraform:1.3.5
|
||||||
commands:
|
commands:
|
||||||
- echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
|
- echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
|
||||||
- chmod 600 id_rsa
|
- chmod 600 id_rsa
|
||||||
@@ -29,7 +29,7 @@ steps:
|
|||||||
from_secret: terraform-aws-secret-access-key
|
from_secret: terraform-aws-secret-access-key
|
||||||
|
|
||||||
- name: terraform plan
|
- name: terraform plan
|
||||||
image: hashicorp/terraform:1.1.8
|
image: hashicorp/terraform:1.3.5
|
||||||
commands:
|
commands:
|
||||||
- terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exitcode") -out .tfplan
|
- terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exitcode") -out .tfplan
|
||||||
environment:
|
environment:
|
||||||
@@ -46,7 +46,7 @@ steps:
|
|||||||
- main
|
- main
|
||||||
event:
|
event:
|
||||||
- push
|
- push
|
||||||
image: hashicorp/terraform:1.1.8
|
image: hashicorp/terraform:1.3.5
|
||||||
commands:
|
commands:
|
||||||
- terraform apply .tfplan
|
- terraform apply .tfplan
|
||||||
environment:
|
environment:
|
||||||
@@ -71,7 +71,7 @@ trigger:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: format and generate docs
|
- name: format and generate docs
|
||||||
image: hashicorp/terraform:1.1.8
|
image: hashicorp/terraform:1.3.5
|
||||||
commands:
|
commands:
|
||||||
- apk add bash wget
|
- apk add bash wget
|
||||||
- wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
|
- wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
|
||||||
@@ -81,6 +81,6 @@ steps:
|
|||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: 6568551142d52c579f103c5b82eb76b8dcdcbe7cc39ab467ce42b295d1865d2c
|
hmac: 31fe03c2cd0cd528698da1da29eba5be6fe33d8d32cafc4f2986156c6dc845ea
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|||||||
10
README.md
10
README.md
@@ -27,7 +27,13 @@ The following providers are used by this module:
|
|||||||
|
|
||||||
## Modules
|
## Modules
|
||||||
|
|
||||||
No modules.
|
The following Modules are called:
|
||||||
|
|
||||||
|
### <a name="module_grafana_persistance"></a> [grafana\_persistance](#module\_grafana\_persistance)
|
||||||
|
|
||||||
|
Source: git@git.thomasklein.me:thomasklein/terraform-modules//9p-persistent-volume
|
||||||
|
|
||||||
|
Version:
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
@@ -36,8 +42,6 @@ The following resources are used by this module:
|
|||||||
- [aws_cognito_user_pool_client.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client) (resource)
|
- [aws_cognito_user_pool_client.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client) (resource)
|
||||||
- [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) (resource)
|
- [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) (resource)
|
||||||
- [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) (resource)
|
- [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) (resource)
|
||||||
- [kubernetes_persistent_volume.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) (resource)
|
|
||||||
- [kubernetes_persistent_volume_claim.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) (resource)
|
|
||||||
- [aws_cognito_user_pools.thomasklein_infra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cognito_user_pools) (data source)
|
- [aws_cognito_user_pools.thomasklein_infra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cognito_user_pools) (data source)
|
||||||
- [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) (data source)
|
- [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) (data source)
|
||||||
|
|
||||||
|
|||||||
36
helm.tf
36
helm.tf
@@ -4,21 +4,29 @@ resource "helm_release" "this" {
|
|||||||
|
|
||||||
repository = "https://grafana.github.io/helm-charts"
|
repository = "https://grafana.github.io/helm-charts"
|
||||||
chart = "grafana"
|
chart = "grafana"
|
||||||
|
version = "10.1.4"
|
||||||
|
|
||||||
values = [
|
values = [
|
||||||
|
jsonencode({
|
||||||
|
initChownData = {
|
||||||
|
enabled = false
|
||||||
|
}
|
||||||
|
}),
|
||||||
jsonencode({
|
jsonencode({
|
||||||
ingress = {
|
ingress = {
|
||||||
enabled = true
|
enabled = true
|
||||||
hosts = [local.ingress_domain]
|
hosts = [local.ingress_domain]
|
||||||
|
ingressClassName = "traefik"
|
||||||
annotations = {
|
annotations = {
|
||||||
"kubernetes.io/ingress.class" = "traefik"
|
"cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
|
||||||
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
|
|
||||||
"traefik.ingress.kubernetes.io/router.tls" = "true"
|
|
||||||
"traefik.ingress.kubernetes.io/router.tls.certresolver" = "acme-thomasklein-me"
|
|
||||||
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
|
|
||||||
"traefik.ingress.kubernetes.io/router.middlewares" = "redirect-metrics@file" # hide /metrics from the internet
|
|
||||||
}
|
}
|
||||||
labels = {}
|
labels = {}
|
||||||
|
tls = [
|
||||||
|
{
|
||||||
|
hosts = [local.ingress_domain]
|
||||||
|
secretName = "grafana-thomasklein-me-tls"
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
}),
|
}),
|
||||||
|
|
||||||
@@ -26,7 +34,7 @@ resource "helm_release" "this" {
|
|||||||
persistence = {
|
persistence = {
|
||||||
enabled = "true"
|
enabled = "true"
|
||||||
type = "pvc"
|
type = "pvc"
|
||||||
existingClaim = kubernetes_persistent_volume_claim.this.metadata.0.name
|
existingClaim = module.grafana_persistance.pvc_name
|
||||||
}
|
}
|
||||||
}),
|
}),
|
||||||
|
|
||||||
@@ -40,6 +48,12 @@ resource "helm_release" "this" {
|
|||||||
org_role = "Viewer"
|
org_role = "Viewer"
|
||||||
hide_version = true
|
hide_version = true
|
||||||
}
|
}
|
||||||
|
"smtp" = {
|
||||||
|
enabled = true
|
||||||
|
host = "smtp.lawndale.:25"
|
||||||
|
from = "noreply@grafana.thomasklein.me"
|
||||||
|
from_name = "Grafana"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}),
|
}),
|
||||||
|
|
||||||
@@ -52,6 +66,10 @@ resource "helm_release" "this" {
|
|||||||
// below, the `?` is necessary to fix a bad assumtion on grafana's side
|
// below, the `?` is necessary to fix a bad assumtion on grafana's side
|
||||||
GF_AUTH_GENERIC_OAUTH_API_URL = "${local.cognito_userinfo_url}?"
|
GF_AUTH_GENERIC_OAUTH_API_URL = "${local.cognito_userinfo_url}?"
|
||||||
GF_AUTH_GENERIC_OAUTH_SCOPES = "email openid profile"
|
GF_AUTH_GENERIC_OAUTH_SCOPES = "email openid profile"
|
||||||
|
// https://github.com/grafana/grafana/issues/70203#issuecomment-1603895013
|
||||||
|
// https://github.com/advisories/GHSA-mpv3-g8m3-3fjc
|
||||||
|
// https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/#enable-email-lookup
|
||||||
|
GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP = "true"
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
|
|||||||
38
volume.tf
38
volume.tf
@@ -1,36 +1,8 @@
|
|||||||
locals {
|
module "grafana_persistance" {
|
||||||
|
source = "git@git.thomasklein.me:thomasklein/terraform-modules//9p-persistent-volume"
|
||||||
|
|
||||||
|
namespace = kubernetes_namespace.this.metadata.0.name
|
||||||
|
name = "grafana"
|
||||||
volume_storage_capacity = "1Gi"
|
volume_storage_capacity = "1Gi"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_persistent_volume" "this" {
|
|
||||||
metadata {
|
|
||||||
name = "pv-p9hostpath-grafana"
|
|
||||||
}
|
|
||||||
spec {
|
|
||||||
capacity = {
|
|
||||||
storage = local.volume_storage_capacity
|
|
||||||
}
|
|
||||||
access_modes = ["ReadWriteMany"]
|
|
||||||
persistent_volume_source {
|
|
||||||
host_path {
|
|
||||||
path = "/mnt/datastore/grafana"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "kubernetes_persistent_volume_claim" "this" {
|
|
||||||
metadata {
|
|
||||||
name = "grafana"
|
|
||||||
namespace = kubernetes_namespace.this.metadata.0.name
|
|
||||||
}
|
|
||||||
spec {
|
|
||||||
access_modes = ["ReadWriteMany"]
|
|
||||||
resources {
|
|
||||||
requests = {
|
|
||||||
storage = local.volume_storage_capacity
|
|
||||||
}
|
|
||||||
}
|
|
||||||
volume_name = kubernetes_persistent_volume.this.metadata.0.name
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
Reference in New Issue
Block a user