dan
/
dans_cloud_terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move all Helm configs from 'set' parameters to 'value' parameters

zot
Daniel Ankers 2023-10-04 16:33:28 +01:00
parent 9822cdecb9
commit 19ba4b813e
1 changed files with 51 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
main.tf
View File

@ -43,54 +43,30 @@ resource "helm_release" "keycloak" {
chart = "keycloak" chart = "keycloak"
create_namespace = true create_namespace = true
set { values = [
name = "auth.adminPassword" <<-EOT
value = var.keycloak_admin_pass auth:
} adminPassword: ${var.keycloak_admin_pass}
adminUser: admin
set { global:
name = "auth.adminUser" storageClass: ${var.storageclass}
value = "admin" ingress:
} annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
set { traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
name = "global.storageClass" enabled: true
value = var.storageclass hostname: keycloak.${var.domain_suffix}
} tls: true
postgresql:
set { auth:
name = "ingress.annotations.cert-manager\\.io/cluster-issuer" password: ${var.postgres_password}
value = "letsencrypt-prod" proxy: edge
} EOT
]
set {
name = "ingress.enabled"
value = "true"
}
set {
name = "ingress.hostname"
value = "keycloak.${var.domain_suffix}"
}
set {
name = "ingress.tls"
value = "true"
}
set {
name = "postgresql.auth.password"
value = var.postgres_password
}
set {
name = "proxy"
value = "edge"
}
} }
resource "keycloak_realm" "realm" { resource "keycloak_realm" "realm" {
realm = "DC_Cloud" realm = var.keycloak_realm
enabled = true enabled = true
default_signature_algorithm = "RS256" default_signature_algorithm = "RS256"
} }
@ -118,80 +94,36 @@ resource "helm_release" "gitea" {
namespace = var.gitea_namespace namespace = var.gitea_namespace
create_namespace = true create_namespace = true
set { values = [
name = "ingress.enabled" <<-EOT
value = "true" gitea:
} oauth:
- autoDiscoverUrl: https://keycloak.${var.domain_suffix}/realms/${keycloak_realm.realm.realm}/.well-known/openid-configuration
set { key: ${keycloak_openid_client.gitea_client.client_id}
name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\"" name: md1clv.im
value = "letsencrypt-prod" provider: openidConnect
} secret: ${keycloak_openid_client.gitea_client.client_secret}
global:
set { storageClass: ${var.storageclass}
name = "ingress.hosts[0].host" ingress:
value = "git.${var.domain_suffix}" annotations:
} traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
cert-manager.io/cluster-issuer: letsencrypt-prod
set { enabled: true
name = "ingress.hosts[0].paths[0].path" hosts:
value = "/" - host: git.${var.domain_suffix}
} paths:
- path: /
set { pathType: Prefix
name = "ingress.hosts[0].paths[0].pathType" tls:
value = "Prefix" - hosts:
} - git.${var.domain_suffix}
secretName: tls-gitea
set { persistence:
name = "ingress.tls[0].secretName" enabled: true
value = "tls-gitea" storageClass: ${var.storageclass}
} EOT
]
set {
name = "ingress.tls[0].hosts[0]"
value = "git.${var.domain_suffix}"
}
set {
name = "persistence.enabled"
value = "true"
}
set {
name = "persistence.storageClass"
value = var.storageclass
}
set {
name = "global.storageClass"
value = var.storageclass
}
set {
name = "gitea.oauth[0].name"
value = "md1clv.im"
}
set {
name = "gitea.oauth[0].provider"
value = "openidConnect"
}
set {
name = "gitea.oauth[0].key"
value = keycloak_openid_client.gitea_client.client_id
}
set {
name = "gitea.oauth[0].secret"
value = var.keycloak_gitea_secret
}
set {
name = "gitea.oauth[0].autoDiscoverUrl"
value = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/.well-known/openid-configuration"
}
} }
resource "keycloak_openid_client" "nautobot_client" { resource "keycloak_openid_client" "nautobot_client" {