WIP: Federating FreeIPA and Keycloak
Dan Ankers
parent
630db7a880
commit
d89ba200ba
35
main.tf
35
main.tf
|
|
@ -24,6 +24,10 @@ terraform {
|
||||||
source = "rework-space-com/freeipa"
|
source = "rework-space-com/freeipa"
|
||||||
version = "4.0.0"
|
version = "4.0.0"
|
||||||
}
|
}
|
||||||
|
# ldap = {
|
||||||
|
# source = "l-with/ldap"
|
||||||
|
# version = ">= 0.4"
|
||||||
|
# }
|
||||||
}
|
}
|
||||||
backend "kubernetes" {
|
backend "kubernetes" {
|
||||||
secret_suffix = "tfstate"
|
secret_suffix = "tfstate"
|
||||||
|
|
@ -70,6 +74,14 @@ provider "freeipa" {
|
||||||
insecure = true
|
insecure = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#provider "ldap" {
|
||||||
|
# alias = "ldap_provisioner"
|
||||||
|
# host = "${helm_release.freeipa.name}.${var.domain_suffix}"
|
||||||
|
# bind_user = "admin"
|
||||||
|
# bind_password = "${var.freeipa_ds_password}"
|
||||||
|
# port = 389
|
||||||
|
#}
|
||||||
|
|
||||||
resource "helm_release" "keycloak" {
|
resource "helm_release" "keycloak" {
|
||||||
name = "keycloak"
|
name = "keycloak"
|
||||||
namespace = var.keycloak_namespace
|
namespace = var.keycloak_namespace
|
||||||
|
|
@ -569,15 +581,16 @@ resource "helm_release" "grafana" {
|
||||||
resource "helm_release" "freeipa" {
|
resource "helm_release" "freeipa" {
|
||||||
name = "freeipa"
|
name = "freeipa"
|
||||||
namespace = var.freeipa_namespace
|
namespace = var.freeipa_namespace
|
||||||
repository = "https://improwised.github.io/charts/"
|
# repository = "https://improwised.github.io/charts/"
|
||||||
|
repository = "https://git.k8s.md1clv.im/api/packages/dan/helm"
|
||||||
chart = "freeipa"
|
chart = "freeipa"
|
||||||
create_namespace = true
|
create_namespace = true
|
||||||
values = [
|
values = [
|
||||||
<<EOT
|
<<EOT
|
||||||
hostname: freeipa.${var.domain_suffix}
|
hostname: freeipa.${var.domain_suffix}
|
||||||
args:
|
args:
|
||||||
realm: MD1CLV.IM
|
realm: ${var.ldap.realm}
|
||||||
domain: md1clv.im
|
domain: ${var.ldap.domain}
|
||||||
dspassword: ${var.freeipa_ds_password}
|
dspassword: ${var.freeipa_ds_password}
|
||||||
adminpassword: ${var.freeipa_admin_password}
|
adminpassword: ${var.freeipa_admin_password}
|
||||||
nohostdns: true
|
nohostdns: true
|
||||||
|
|
@ -592,11 +605,6 @@ ingress:
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
tls: true
|
tls: true
|
||||||
extraPaths:
|
|
||||||
- path: /
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
port: https
|
|
||||||
backendProtocol: https
|
backendProtocol: https
|
||||||
service:
|
service:
|
||||||
annotations:
|
annotations:
|
||||||
|
|
@ -606,6 +614,17 @@ EOT
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#resource "ldap_entry" "bind_user" {
|
||||||
|
# provider = ldap.ldap_provisioner
|
||||||
|
# dn = "uid=system,cn=sysaccounts,cn=etc,${var.ldap.base_dn}"
|
||||||
|
# data_json = jsonencode({
|
||||||
|
# objectClass = ["account","simplesecurityobject"]
|
||||||
|
# uid = [var.ldap.bind_user]
|
||||||
|
# userPassword= [var.ldap.bind_password]
|
||||||
|
# })
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
# resource freeipa_user "freeipa_users" {
|
# resource freeipa_user "freeipa_users" {
|
||||||
# first_name = var.keycloak_user.firstname
|
# first_name = var.keycloak_user.firstname
|
||||||
# last_name = var.keycloak_user.lastname
|
# last_name = var.keycloak_user.lastname
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue