Add Nautobot

main.tf

@@ -193,3 +193,62 @@ resource "keycloak_openid_client" "gitea_client" {
     "https://git.${var.domain_suffix}/*"
   ]
 }
+
+resource "keycloak_openid_client" "nautobot_client" {
+  realm_id = keycloak_realm.realm.id
+  client_id = "nautobot"
+  enabled = true
+  access_type = "CONFIDENTIAL"
+  standard_flow_enabled = true
+  implicit_flow_enabled = true
+  client_secret = var.keycloak_nautobot_secret
+  valid_redirect_uris = [
+    "/*",
+    "https://nautobot.k8s.md1clv.im",
+    "https://nautobot.k8s.md1clv.im/*"
+  ]
+}
+
+resource "helm_release" "nautobot" {
+  name                       = "nautobot"
+  namespace                  = var.nautobot_namespace
+  repository                 = "https://nautobot.github.io/helm-charts/"
+  chart                      = "nautobot"
+  create_namespace           = true
+
+  values = [
+<<EOT
+ingress:
+  annotations:
+    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  backendProtocol: http
+  enabled: true
+  hostname: nautobot.${var.domain_suffix}
+  tls: true
+nautobot:
+  config: |
+    import os
+    import sys
+    from nautobot.core.settings import *  # noqa F401,F403
+    from nautobot.core.settings_funcs import is_truthy, parse_redis_connection
+    if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql":
+        DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
+    SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "#fdj#r@=om#sjb-odxae1w#!vy5&(6@tsog*&x31(1725#nwg)")
+    AUTHENTICATION_BACKENDS = [ "social_core.backends.keycloak.KeycloakOAuth2", "nautobot.core.authentication.ObjectPermissionBackend", "django.contrib.auth.backends.ModelBackend" ]
+    SOCIAL_AUTH_KEYCLOAK_KEY = 'nautobot'
+    SOCIAL_AUTH_KEYCLOAK_SECRET = '${var.keycloak_nautobot_secret}'
+    SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0w+FSHl757PbboHKFNwK8xEKyHwYTzDN3OCy+E0uXFBfXYf+mVqABWQaz/OwVL1H9XJzBlPZmARCIqnxB14J9QXn9ZJ42RTgXIMzJaJBUv5iKHhy4kFLAY26luzvWHZx4JYTAZ4gGOG0StapvAb5ejABcCmImP3P+PF3gZco1glZg1/wj+mMPnfD6If/uxwOb6YLHvBy6xqkfon9yyDNGGlm/6EjYJgjuoKLfw501/triw3RA4YFfZpn4z2uMqNR4tSdm5MpP84z0lDXl9KwplqI7SYvc+J9aZgBIRy+EZGplIazp3tfvKsR9910yxLxPYNzSPvOr8fJib4kqKaMQIDAQAB'
+    SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = 'https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/auth'
+    SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = 'https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/token'
+postgresql:
+  auth:
+    password: 2wsxCDE3
+  global:
+    storageClass: ${var.storageclass}
+redis:
+  auth:
+    password: 3edcVFR4
+EOT
+  ]
+}

vars.tf

@@ -17,3 +17,7 @@ variable "keycloak_namespace" {
 variable "keycloak_realm" {
   default = "DC_Cloud"
 }
+
+variable "nautobot_namespace" {
+  default = "nautobot"
+}