Testing Nautobot config

2023-10-03 17:31:39 +01:00 · 2023-10-03 17:31:39 +01:00 · 43fd84c575
parent 7c46673a7a
commit 43fd84c575
2 changed files with 84 additions and 0 deletions
--- a/main.tf
+++ b/main.tf
@ -193,3 +193,83 @@ resource "keycloak_openid_client" "gitea_client" {
    "https://git.${var.domain_suffix}/*"
  ]
 }
+
+resource "keycloak_openid_client" "nautobot_client" {
+  realm_id = keycloak_realm.realm.id
+  client_id = "nautobot"
+  enabled = true
+  access_type = "CONFIDENTIAL"
+  standard_flow_enabled = true
+  implicit_flow_enabled = true
+  client_secret = var.keycloak_nautobot_secret
+  valid_redirect_uris = [
+    "/*",
+    "https://nautobot.k8s.md1clv.im",
+    "https://nautobot.k8s.md1clv.im/*"
+  ]
+}
+
+resource "helm_release" "nautobot" {
+  name                       = "nautobot"
+  namespace                  = var.nautobot_namespace
+  repository                 = "https://nautobot.github.io/helm-charts/"
+  chart                      = "nautobot"
+  create_namespace           = true
+
+  set {
+    name = "ingress.annotations.cert-manager\\.io/cluster-issuer"
+    value = "letsencrypt-prod"
+  }
+
+  set {
+    name = "ingress.annotations.traefik\\.ingress\\.kubernetes\\.io/router\\.middlewares"
+    value = "default-redirect-https@kubernetescrd"
+  }
+  
+  set {
+    name = "ingress.backendProtocol"
+    value = "http"
+  }
+  set {
+    name = "ingress.enabled"
+    value = "true"
+  }
+  set {
+    name = "ingress.hostname"
+    value = "nautobot.${var.domain_suffix}"
+  }
+  set {
+    name = "ingress.tls"
+    value = "true"
+  }
+  set {
+    name = "nautobot.config"
+    value = <<EOF
+import os
+import sys
+from nautobot.core.settings import *
+from nautobot.core.settings_funcs import is_truthy, parse_redis_connection
+if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql":
+    DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
+SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "#fdj#r@=om#sjb-odxae1w#!vy5&(6@tsog*&x31(1725#nwg)")
+AUTHENTICATION_BACKENDS = [ "social_core.backends.keycloak.KeycloakOAuth2", "nautobot.core.authentication.ObjectPermissionBackend", "django.contrib.auth.backends.ModelBackend" ]
+SOCIAL_AUTH_KEYCLOAK_KEY = "nautobot"
+SOCIAL_AUTH_KEYCLOAK_SECRET = "${var.keycloak_nautobot_secret}"
+SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0w+FSHl757PbboHKFNwK8xEKyHwYTzDN3OCy+E0uXFBfXYf+mVqABWQaz/OwVL1H9XJzBlPZmARCIqnxB14J9QXn9ZJ42RTgXIMzJaJBUv5iKHhy4kFLAY26luzvWHZx4JYTAZ4gGOG0StapvAb5ejABcCmImP3P+PF3gZco1glZg1/wj+mMPnfD6If/uxwOb6YLHvBy6xqkfon9yyDNGGlm/6EjYJgjuoKLfw501/triw3RA4YFfZpn4z2uMqNR4tSdm5MpP84z0lDXl9KwplqI7SYvc+J9aZgBIRy+EZGplIazp3tfvKsR9910yxLxPYNzSPvOr8fJib4kqKaMQIDAQAB"
+SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/auth"
+SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/token"
+EOF
+  }
+  set {
+    name = "postgresql.auth.password"
+    value = "2wsxCDE3"
+  }
+  set {
+    name = "postgress.global.storageClass"
+    value = var.storageclass
+  }
+  set {
+    name = "redis.auth.password"
+    value = "3edcVFR4"
+  }
+}
--- a/vars.tf
+++ b/vars.tf
@ -17,3 +17,7 @@ variable "keycloak_namespace" {
 variable "keycloak_realm" {
  default = "DC_Cloud"
 }
+
+variable "nautobot_namespace" {
+  default = "nautobot"
+}