diff --git a/main.tf b/main.tf index 831174c..eee547a 100644 --- a/main.tf +++ b/main.tf @@ -43,54 +43,30 @@ resource "helm_release" "keycloak" { chart = "keycloak" create_namespace = true - set { - name = "auth.adminPassword" - value = var.keycloak_admin_pass - } - - set { - name = "auth.adminUser" - value = "admin" - } - - set { - name = "global.storageClass" - value = var.storageclass - } - - set { - name = "ingress.annotations.cert-manager\\.io/cluster-issuer" - value = "letsencrypt-prod" - } - - set { - name = "ingress.enabled" - value = "true" - } - - set { - name = "ingress.hostname" - value = "keycloak.${var.domain_suffix}" - } - - set { - name = "ingress.tls" - value = "true" - } - - set { - name = "postgresql.auth.password" - value = var.postgres_password - } - - set { - name = "proxy" - value = "edge" - } + values = [ + <<-EOT + auth: + adminPassword: ${var.keycloak_admin_pass} + adminUser: admin + global: + storageClass: ${var.storageclass} + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd + enabled: true + hostname: keycloak.${var.domain_suffix} + tls: true + postgresql: + auth: + password: ${var.postgres_password} + proxy: edge + EOT + ] } resource "keycloak_realm" "realm" { - realm = "DC_Cloud" + realm = var.keycloak_realm enabled = true default_signature_algorithm = "RS256" } @@ -118,80 +94,36 @@ resource "helm_release" "gitea" { namespace = var.gitea_namespace create_namespace = true - set { - name = "ingress.enabled" - value = "true" - } - - set { - name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\"" - value = "letsencrypt-prod" - } - - set { - name = "ingress.hosts[0].host" - value = "git.${var.domain_suffix}" - } - - set { - name = "ingress.hosts[0].paths[0].path" - value = "/" - } - - set { - name = "ingress.hosts[0].paths[0].pathType" - value = "Prefix" - } - - set { - name = "ingress.tls[0].secretName" - value = "tls-gitea" - } - - set { - name = "ingress.tls[0].hosts[0]" - value = "git.${var.domain_suffix}" - } - - set { - name = "persistence.enabled" - value = "true" - } - - set { - name = "persistence.storageClass" - value = var.storageclass - } - - set { - name = "global.storageClass" - value = var.storageclass - } - - set { - name = "gitea.oauth[0].name" - value = "md1clv.im" - } - - set { - name = "gitea.oauth[0].provider" - value = "openidConnect" - } - - set { - name = "gitea.oauth[0].key" - value = keycloak_openid_client.gitea_client.client_id - } - - set { - name = "gitea.oauth[0].secret" - value = var.keycloak_gitea_secret - } - - set { - name = "gitea.oauth[0].autoDiscoverUrl" - value = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/.well-known/openid-configuration" - } + values = [ + <<-EOT + gitea: + oauth: + - autoDiscoverUrl: https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/.well-known/openid-configuration + key: ${keycloak_openid_client.gitea_client.client_id} + name: md1clv.im + provider: openidConnect + secret: ${keycloak_openid_client.gitea_client.client_secret} + global: + storageClass: ${var.storageclass} + ingress: + annotations: + traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd + cert-manager.io/cluster-issuer: letsencrypt-prod + enabled: true + hosts: + - host: git.${var.domain_suffix} + paths: + - path: / + pathType: Prefix + tls: + - hosts: + - git.${var.domain_suffix} + secretName: tls-gitea + persistence: + enabled: true + storageClass: ${var.storageclass} + EOT + ] } resource "keycloak_openid_client" "nautobot_client" {