dan
/
dans_cloud_terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dans_cloud_terraform/main.tf

276 lines
6.3 KiB
HCL
Raw Blame History

terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "~> 2.11.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.23.0"
}
keycloak = {
source = "mrparkers/keycloak"
version = "4.3.1"
}
}
backend "kubernetes" {
secret_suffix = "tfstate"
config_path = "~/.kube/config"
namespace = "dan-terraform"
}
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
provider "keycloak" {
client_id = "terraform"
client_secret = var.keycloak_client_secret
url = "https://keycloak.${var.domain_suffix}"
}
resource "helm_release" "gitea" {
name = "gitea"
repository = "https://dl.gitea.com/charts/"
chart = "gitea"
namespace = var.gitea_namespace
create_namespace = true
set {
name = "ingress.enabled"
value = "true"
}
set {
name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\""
value = "letsencrypt-prod"
}
set {
name = "ingress.hosts[0].host"
value = "git.${var.domain_suffix}"
}
set {
name = "ingress.hosts[0].paths[0].path"
value = "/"
}
set {
name = "ingress.hosts[0].paths[0].pathType"
value = "Prefix"
}
set {
name = "ingress.tls[0].secretName"
value = "tls-gitea"
}
set {
name = "ingress.tls[0].hosts[0]"
value = "git.${var.domain_suffix}"
}
set {
name = "persistence.enabled"
value = "true"
}
set {
name = "persistence.storageClass"
value = var.storageclass
}
set {
name = "global.storageClass"
value = var.storageclass
}
set {
name = "gitea.oauth[0].name"
value = "md1clv.im"
}
set {
name = "gitea.oauth[0].provider"
value = "openidConnect"
}
set {
name = "gitea.oauth[0].key"
value = "gitea"
}
set {
name = "gitea.oauth[0].secret"
value = var.keycloak_gitea_secret
}
set {
name = "gitea.oauth[0].autoDiscoverUrl"
value = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/.well-known/openid-configuration"
}
}
resource "helm_release" "keycloak" {
name = "keycloak"
namespace = var.keycloak_namespace
repository = "https://charts.bitnami.com/bitnami/"
chart = "keycloak"
create_namespace = true
set {
name = "auth.adminPassword"
value = var.keycloak_admin_pass
}
set {
name = "auth.adminUser"
value = "admin"
}
set {
name = "global.storageClass"
value = var.storageclass
}
set {
name = "ingress.annotations.cert-manager\\.io/cluster-issuer"
value = "letsencrypt-prod"
}
set {
name = "ingress.enabled"
value = "true"
}
set {
name = "ingress.hostname"
value = "keycloak.${var.domain_suffix}"
}
set {
name = "ingress.tls"
value = "true"
}
set {
name = "postgresql.auth.password"
value = var.postgres_password
}
set {
name = "proxy"
value = "edge"
}
}
resource "keycloak_realm" "realm" {
realm = "DC_Cloud"
enabled = true
default_signature_algorithm = "RS256"
}
resource "keycloak_openid_client" "gitea_client" {
realm_id = keycloak_realm.realm.id
client_id = "gitea"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
implicit_flow_enabled = true
client_secret = var.keycloak_gitea_secret
valid_redirect_uris = [
"https://git.${var.domain_suffix}/*"
]
}
resource "keycloak_openid_client" "nautobot_client" {
realm_id = keycloak_realm.realm.id
client_id = "nautobot"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
implicit_flow_enabled = true
client_secret = var.keycloak_nautobot_secret
valid_redirect_uris = [
"/*",
"https://nautobot.k8s.md1clv.im",
"https://nautobot.k8s.md1clv.im/*"
]
}
resource "helm_release" "nautobot" {
name = "nautobot"
namespace = var.nautobot_namespace
repository = "https://nautobot.github.io/helm-charts/"
chart = "nautobot"
create_namespace = true
set {
name = "ingress.annotations.cert-manager\\.io/cluster-issuer"
value = "letsencrypt-prod"
}
set {
name = "ingress.annotations.traefik\\.ingress\\.kubernetes\\.io/router\\.middlewares"
value = "default-redirect-https@kubernetescrd"
}
set {
name = "ingress.backendProtocol"
value = "http"
}
set {
name = "ingress.enabled"
value = "true"
}
set {
name = "ingress.hostname"
value = "nautobot.${var.domain_suffix}"
}
set {
name = "ingress.tls"
value = "true"
}
set {
name = "nautobot.config"
value = <<EOF
import os
import sys
from nautobot.core.settings import *
from nautobot.core.settings_funcs import is_truthy, parse_redis_connection
if DATABASES["default"]["ENGINE"] == "django.db.backends.mysql":
DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "#fdj#r@=om#sjb-odxae1w#!vy5&(6@tsog*&x31(1725#nwg)")
AUTHENTICATION_BACKENDS = [ "social_core.backends.keycloak.KeycloakOAuth2", "nautobot.core.authentication.ObjectPermissionBackend", "django.contrib.auth.backends.ModelBackend" ]
SOCIAL_AUTH_KEYCLOAK_KEY = "nautobot"
SOCIAL_AUTH_KEYCLOAK_SECRET = "${var.keycloak_nautobot_secret}"
SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0w+FSHl757PbboHKFNwK8xEKyHwYTzDN3OCy+E0uXFBfXYf+mVqABWQaz/OwVL1H9XJzBlPZmARCIqnxB14J9QXn9ZJ42RTgXIMzJaJBUv5iKHhy4kFLAY26luzvWHZx4JYTAZ4gGOG0StapvAb5ejABcCmImP3P+PF3gZco1glZg1/wj+mMPnfD6If/uxwOb6YLHvBy6xqkfon9yyDNGGlm/6EjYJgjuoKLfw501/triw3RA4YFfZpn4z2uMqNR4tSdm5MpP84z0lDXl9KwplqI7SYvc+J9aZgBIRy+EZGplIazp3tfvKsR9910yxLxPYNzSPvOr8fJib4kqKaMQIDAQAB"
SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/auth"
SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/token"
EOF
}
set {
name = "postgresql.auth.password"
value = "2wsxCDE3"
}
set {
name = "postgress.global.storageClass"
value = var.storageclass
}
set {
name = "redis.auth.password"
value = "3edcVFR4"
}
}
Reference in New Issue View Git Blame Copy Permalink