Add Nautobot
Dan Ankers
parent
7c46673a7a
commit
485ec348d6
59
main.tf
59
main.tf
|
|
@ -193,3 +193,62 @@ resource "keycloak_openid_client" "gitea_client" {
|
||||||
"https://git.${var.domain_suffix}/*"
|
"https://git.${var.domain_suffix}/*"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "keycloak_openid_client" "nautobot_client" {
|
||||||
|
realm_id = keycloak_realm.realm.id
|
||||||
|
client_id = "nautobot"
|
||||||
|
enabled = true
|
||||||
|
access_type = "CONFIDENTIAL"
|
||||||
|
standard_flow_enabled = true
|
||||||
|
implicit_flow_enabled = true
|
||||||
|
client_secret = var.keycloak_nautobot_secret
|
||||||
|
valid_redirect_uris = [
|
||||||
|
"/*",
|
||||||
|
"https://nautobot.k8s.md1clv.im",
|
||||||
|
"https://nautobot.k8s.md1clv.im/*"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "helm_release" "nautobot" {
|
||||||
|
name = "nautobot"
|
||||||
|
namespace = var.nautobot_namespace
|
||||||
|
repository = "https://nautobot.github.io/helm-charts/"
|
||||||
|
chart = "nautobot"
|
||||||
|
create_namespace = true
|
||||||
|
|
||||||
|
values = [
|
||||||
|
<<EOT
|
||||||
|
ingress:
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
|
backendProtocol: http
|
||||||
|
enabled: true
|
||||||
|
hostname: nautobot.${var.domain_suffix}
|
||||||
|
tls: true
|
||||||
|
nautobot:
|
||||||
|
config: |
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
from nautobot.core.settings import * # noqa F401,F403
|
||||||
|
from nautobot.core.settings_funcs import is_truthy, parse_redis_connection
|
||||||
|
if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql":
|
||||||
|
DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
|
||||||
|
SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "#fdj#r@=om#sjb-odxae1w#!vy5&(6@tsog*&x31(1725#nwg)")
|
||||||
|
AUTHENTICATION_BACKENDS = [ "social_core.backends.keycloak.KeycloakOAuth2", "nautobot.core.authentication.ObjectPermissionBackend", "django.contrib.auth.backends.ModelBackend" ]
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_KEY = 'nautobot'
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_SECRET = '${var.keycloak_nautobot_secret}'
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0w+FSHl757PbboHKFNwK8xEKyHwYTzDN3OCy+E0uXFBfXYf+mVqABWQaz/OwVL1H9XJzBlPZmARCIqnxB14J9QXn9ZJ42RTgXIMzJaJBUv5iKHhy4kFLAY26luzvWHZx4JYTAZ4gGOG0StapvAb5ejABcCmImP3P+PF3gZco1glZg1/wj+mMPnfD6If/uxwOb6YLHvBy6xqkfon9yyDNGGlm/6EjYJgjuoKLfw501/triw3RA4YFfZpn4z2uMqNR4tSdm5MpP84z0lDXl9KwplqI7SYvc+J9aZgBIRy+EZGplIazp3tfvKsR9910yxLxPYNzSPvOr8fJib4kqKaMQIDAQAB'
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = 'https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/auth'
|
||||||
|
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = 'https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/token'
|
||||||
|
postgresql:
|
||||||
|
auth:
|
||||||
|
password: 2wsxCDE3
|
||||||
|
global:
|
||||||
|
storageClass: ${var.storageclass}
|
||||||
|
redis:
|
||||||
|
auth:
|
||||||
|
password: 3edcVFR4
|
||||||
|
EOT
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue