Compare commits
7 Commits
7d6bcbe742
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 448d1d1772 | |||
| 4c057f44ba | |||
| c748e71a91 | |||
| 41a687a5ab | |||
| 16ec931a9a | |||
| 7094fa1cbf | |||
| 2377642bb5 |
10
.drone.yml
10
.drone.yml
@@ -15,7 +15,7 @@ trigger:
|
||||
|
||||
steps:
|
||||
- name: terraform init
|
||||
image: hashicorp/terraform:1.1.8
|
||||
image: hashicorp/terraform:1.3.5
|
||||
commands:
|
||||
- echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
|
||||
- chmod 600 id_rsa
|
||||
@@ -29,7 +29,7 @@ steps:
|
||||
from_secret: terraform-aws-secret-access-key
|
||||
|
||||
- name: terraform plan
|
||||
image: hashicorp/terraform:1.1.8
|
||||
image: hashicorp/terraform:1.3.5
|
||||
commands:
|
||||
- terraform plan $([[ $${DRONE_BUILD_EVENT} = cron ]] && echo "-detailed-exitcode") -out .tfplan
|
||||
environment:
|
||||
@@ -46,7 +46,7 @@ steps:
|
||||
- main
|
||||
event:
|
||||
- push
|
||||
image: hashicorp/terraform:1.1.8
|
||||
image: hashicorp/terraform:1.3.5
|
||||
commands:
|
||||
- terraform apply .tfplan
|
||||
environment:
|
||||
@@ -71,7 +71,7 @@ trigger:
|
||||
|
||||
steps:
|
||||
- name: format and generate docs
|
||||
image: hashicorp/terraform:1.1.8
|
||||
image: hashicorp/terraform:1.3.5
|
||||
commands:
|
||||
- apk add bash wget
|
||||
- wget -q https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
|
||||
@@ -81,6 +81,6 @@ steps:
|
||||
|
||||
---
|
||||
kind: signature
|
||||
hmac: 6568551142d52c579f103c5b82eb76b8dcdcbe7cc39ab467ce42b295d1865d2c
|
||||
hmac: 31fe03c2cd0cd528698da1da29eba5be6fe33d8d32cafc4f2986156c6dc845ea
|
||||
|
||||
...
|
||||
|
||||
10
README.md
10
README.md
@@ -27,7 +27,13 @@ The following providers are used by this module:
|
||||
|
||||
## Modules
|
||||
|
||||
No modules.
|
||||
The following Modules are called:
|
||||
|
||||
### <a name="module_grafana_persistance"></a> [grafana\_persistance](#module\_grafana\_persistance)
|
||||
|
||||
Source: git@git.thomasklein.me:thomasklein/terraform-modules//9p-persistent-volume
|
||||
|
||||
Version:
|
||||
|
||||
## Resources
|
||||
|
||||
@@ -36,8 +42,6 @@ The following resources are used by this module:
|
||||
- [aws_cognito_user_pool_client.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client) (resource)
|
||||
- [helm_release.this](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) (resource)
|
||||
- [kubernetes_namespace.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) (resource)
|
||||
- [kubernetes_persistent_volume.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) (resource)
|
||||
- [kubernetes_persistent_volume_claim.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) (resource)
|
||||
- [aws_cognito_user_pools.thomasklein_infra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cognito_user_pools) (data source)
|
||||
- [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) (data source)
|
||||
|
||||
|
||||
36
helm.tf
36
helm.tf
@@ -4,21 +4,29 @@ resource "helm_release" "this" {
|
||||
|
||||
repository = "https://grafana.github.io/helm-charts"
|
||||
chart = "grafana"
|
||||
version = "10.1.4"
|
||||
|
||||
values = [
|
||||
jsonencode({
|
||||
initChownData = {
|
||||
enabled = false
|
||||
}
|
||||
}),
|
||||
jsonencode({
|
||||
ingress = {
|
||||
enabled = true
|
||||
hosts = [local.ingress_domain]
|
||||
enabled = true
|
||||
hosts = [local.ingress_domain]
|
||||
ingressClassName = "traefik"
|
||||
annotations = {
|
||||
"kubernetes.io/ingress.class" = "traefik"
|
||||
"traefik.ingress.kubernetes.io/router.entrypoints" = "websecure"
|
||||
"traefik.ingress.kubernetes.io/router.tls" = "true"
|
||||
"traefik.ingress.kubernetes.io/router.tls.certresolver" = "acme-thomasklein-me"
|
||||
"traefik.ingress.kubernetes.io/router.tls.domains.0.main" = local.ingress_domain
|
||||
"traefik.ingress.kubernetes.io/router.middlewares" = "redirect-metrics@file" # hide /metrics from the internet
|
||||
"cert-manager.io/cluster-issuer" = "acme-thomasklein-me"
|
||||
}
|
||||
labels = {}
|
||||
tls = [
|
||||
{
|
||||
hosts = [local.ingress_domain]
|
||||
secretName = "grafana-thomasklein-me-tls"
|
||||
}
|
||||
]
|
||||
}
|
||||
}),
|
||||
|
||||
@@ -26,7 +34,7 @@ resource "helm_release" "this" {
|
||||
persistence = {
|
||||
enabled = "true"
|
||||
type = "pvc"
|
||||
existingClaim = kubernetes_persistent_volume_claim.this.metadata.0.name
|
||||
existingClaim = module.grafana_persistance.pvc_name
|
||||
}
|
||||
}),
|
||||
|
||||
@@ -40,6 +48,12 @@ resource "helm_release" "this" {
|
||||
org_role = "Viewer"
|
||||
hide_version = true
|
||||
}
|
||||
"smtp" = {
|
||||
enabled = true
|
||||
host = "smtp.lawndale.:25"
|
||||
from = "noreply@grafana.thomasklein.me"
|
||||
from_name = "Grafana"
|
||||
}
|
||||
}
|
||||
}),
|
||||
|
||||
@@ -52,6 +66,10 @@ resource "helm_release" "this" {
|
||||
// below, the `?` is necessary to fix a bad assumtion on grafana's side
|
||||
GF_AUTH_GENERIC_OAUTH_API_URL = "${local.cognito_userinfo_url}?"
|
||||
GF_AUTH_GENERIC_OAUTH_SCOPES = "email openid profile"
|
||||
// https://github.com/grafana/grafana/issues/70203#issuecomment-1603895013
|
||||
// https://github.com/advisories/GHSA-mpv3-g8m3-3fjc
|
||||
// https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/#enable-email-lookup
|
||||
GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP = "true"
|
||||
}
|
||||
})
|
||||
]
|
||||
|
||||
38
volume.tf
38
volume.tf
@@ -1,36 +1,8 @@
|
||||
locals {
|
||||
module "grafana_persistance" {
|
||||
source = "git@git.thomasklein.me:thomasklein/terraform-modules//9p-persistent-volume"
|
||||
|
||||
namespace = kubernetes_namespace.this.metadata.0.name
|
||||
name = "grafana"
|
||||
volume_storage_capacity = "1Gi"
|
||||
}
|
||||
|
||||
resource "kubernetes_persistent_volume" "this" {
|
||||
metadata {
|
||||
name = "pv-p9hostpath-grafana"
|
||||
}
|
||||
spec {
|
||||
capacity = {
|
||||
storage = local.volume_storage_capacity
|
||||
}
|
||||
access_modes = ["ReadWriteMany"]
|
||||
persistent_volume_source {
|
||||
host_path {
|
||||
path = "/mnt/datastore/grafana"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_persistent_volume_claim" "this" {
|
||||
metadata {
|
||||
name = "grafana"
|
||||
namespace = kubernetes_namespace.this.metadata.0.name
|
||||
}
|
||||
spec {
|
||||
access_modes = ["ReadWriteMany"]
|
||||
resources {
|
||||
requests = {
|
||||
storage = local.volume_storage_capacity
|
||||
}
|
||||
}
|
||||
volume_name = kubernetes_persistent_volume.this.metadata.0.name
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user