155 lines
2.7 KiB
HCL
155 lines
2.7 KiB
HCL
terraform {
|
|
required_providers {
|
|
helm = {
|
|
source = "hashicorp/helm"
|
|
version = "~> 2.11.0"
|
|
}
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = "~> 2.23.0"
|
|
}
|
|
keycloak = {
|
|
source = "mrparkers/keycloak"
|
|
version = "4.3.1"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "kubernetes" {
|
|
config_path = "~/.kube/config"
|
|
}
|
|
|
|
provider "helm" {
|
|
kubernetes {
|
|
config_path = "~/.kube/config"
|
|
}
|
|
}
|
|
|
|
provider "keycloak" {
|
|
client_id = "terraform"
|
|
client_secret = var.keycloak_client_secret
|
|
url = "https://keycloak.${var.domain_suffix}"
|
|
}
|
|
|
|
resource "kubernetes_namespace" "gitea_ns" {
|
|
metadata {
|
|
name = var.gitea_namespace
|
|
}
|
|
}
|
|
|
|
resource "helm_release" "gitea" {
|
|
name = "gitea"
|
|
|
|
repository = "https://dl.gitea.com/charts/"
|
|
chart = "gitea"
|
|
namespace = var.gitea_namespace
|
|
|
|
set {
|
|
name = "ingress.enabled"
|
|
value = "true"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\""
|
|
value = "letsencrypt-prod"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.hosts[0].host"
|
|
value = "git.${var.domain_suffix}"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.hosts[0].paths[0].path"
|
|
value = "/"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.hosts[0].paths[0].pathType"
|
|
value = "Prefix"
|
|
}
|
|
|
|
set {
|
|
name = "persistence.enabled"
|
|
value = "true"
|
|
}
|
|
|
|
set {
|
|
name = "global.storageClass"
|
|
value = var.storageclass
|
|
}
|
|
}
|
|
|
|
resource "helm_release" "keycloak" {
|
|
name = "keycloak"
|
|
namespace = var.keycloak_namespace
|
|
repository = "https://charts.bitnami.com/bitnami/"
|
|
chart = "keycloak"
|
|
create_namespace = true
|
|
|
|
set {
|
|
name = "auth.adminPassword"
|
|
value = var.keycloak_admin_pass
|
|
}
|
|
|
|
set {
|
|
name = "auth.adminUser"
|
|
value = "admin"
|
|
}
|
|
|
|
set {
|
|
name = "global.storageClass"
|
|
value = var.storageclass
|
|
}
|
|
|
|
set {
|
|
name = "ingress.annotations.cert-manager\\.io/cluster-issuer"
|
|
value = "letsencrypt-prod"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.enabled"
|
|
value = "true"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.hostname"
|
|
value = "keycloak.${var.domain_suffix}"
|
|
}
|
|
|
|
set {
|
|
name = "ingress.tls"
|
|
value = "true"
|
|
}
|
|
|
|
set {
|
|
name = "postgresql.auth.password"
|
|
value = var.postgres_password
|
|
}
|
|
|
|
set {
|
|
name = "proxy"
|
|
value = "edge"
|
|
}
|
|
}
|
|
|
|
resource "keycloak_realm" "realm" {
|
|
realm = "DC_Cloud"
|
|
enabled = true
|
|
default_signature_algorithm = "RS256"
|
|
}
|
|
|
|
resource "keycloak_openid_client" "gitea_client" {
|
|
realm_id = keycloak_realm.realm.id
|
|
client_id = "gitea"
|
|
|
|
enabled = true
|
|
|
|
access_type = "CONFIDENTIAL"
|
|
standard_flow_enabled = true
|
|
implicit_flow_enabled = true
|
|
valid_redirect_uris = [
|
|
"https://gitea.${var.domain_suffix}/*"
|
|
]
|
|
}
|