diff --git a/apps/taiga/taiga_ConfigMap.tf b/apps/taiga/taiga_ConfigMap.tf index 4af8ff2..ade5b7a 100644 --- a/apps/taiga/taiga_ConfigMap.tf +++ b/apps/taiga/taiga_ConfigMap.tf @@ -20,35 +20,18 @@ resource "kubectl_manifest" "cm_env_back" { ENABLE_TELEMETRY: "False" PUBLIC_REGISTER_ENABLED: "True" ENABLE_GITHUB_AUTH: "False" - ENABLE_GITLAB_AUTH: "True" + ENABLE_GITLAB_AUTH: "False" ENABLE_SLACK: "False" ENABLE_GITHUB_IMPORTER: "False" ENABLE_JIRA_IMPORTER: "False" ENABLE_TRELLO_IMPORTER: "False" + ENABLE_OIDC_AUTH: "True" OPENID_CONNECT_SCOPES: "openid email profile" - GITLAB_URL: "${module.oauth2.sso_configuration_url}" -EOF -} - -resource "kubectl_manifest" "cm_events" { - yaml_body = <<-EOF - apiVersion: v1 - kind: ConfigMap - metadata: - name: "${var.instance}-${var.component}-events" - labels: ${jsonencode(local.common_labels)} - namespace: ${var.namespace} - data: - start.sh: |- - #!/bin/sh - envsubst < /var/lib/env.template > /taiga-events/.env - chown -R taiga:taiga /taiga-events - exec su-exec taiga npm run start:production - env.template: |- - RABBITMQ_URL="amqp://$${RABBITMQ_USER}:$${RABBITMQ_PASS}@$${TAIGA_EVENTS_RABBITMQ_HOST}:5672/taiga" - SECRET="$${TAIGA_SECRET_KEY}" - WEB_SOCKET_SERVER_PORT=8888 - APP_PORT=3023 + OIDC_BASE_URL: "${module.oauth2.sso_configuration_url}" + OIDC_OP_JWKS_ENDPOINT: + OIDC_OP_AUTHORIZATION_ENDPOINT: + OIDC_OP_TOKEN_ENDPOINT: + OIDC_OP_USER_ENDPOINT: EOF } @@ -75,6 +58,9 @@ resource "kubectl_manifest" "cm_env_front" { ENABLE_GITHUB_IMPORTER: "false" ENABLE_JIRA_IMPORTER: "false" ENABLE_TRELLO_IMPORTER: "false" + ENABLE_OIDC_AUTH: "true" + OIDC_BUTTON_TEXT: "vynil" + OIDC_MOUNT_POINT: "/api/oidc" EOF } diff --git a/apps/taiga/taiga_workload.tf b/apps/taiga/taiga_workload.tf index e941c95..ed79365 100644 --- a/apps/taiga/taiga_workload.tf +++ b/apps/taiga/taiga_workload.tf @@ -7,7 +7,6 @@ resource "kubectl_manifest" "Deployment_taiga-events" { labels: ${jsonencode(local.event_all_labels)} namespace: ${var.namespace} annotations: - configmap.reloader.stakater.com/reload: "${kubectl_manifest.cm_events.name}" secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name},${kubectl_manifest.rabbit_user_secret.name}" spec: selector: @@ -71,18 +70,6 @@ resource "kubectl_manifest" "Deployment_taiga-events" { runAsUser: 99 seccompProfile: type: RuntimeDefault - volumeMounts: - - name: files - mountPath: /var/lib/env.template - subPath: env.template - volumes: - - name: files - configMap: - name: ${kubectl_manifest.cm_events.name} - defaultMode: 0644 - items: - - key: env.template - path: env.template EOF } @@ -111,12 +98,6 @@ resource "kubectl_manifest" "Deployment_taiga-front" { - name: taiga-front image: "${var.images.front.registry}/${var.images.front.repository}:${var.images.front.tag}" imagePullPolicy: ${var.images.front.pull_policy} - env: - - name: GITLAB_CLIENT_ID - valueFrom: - secretKeyRef: - name: ${module.oauth2.secret_client_id_name} - key: ${module.oauth2.secret_client_id_key} envFrom: - configMapRef: name: ${kubectl_manifest.cm_env_front.name} @@ -237,12 +218,12 @@ resource "kubectl_manifest" "Deployment_taiga-back" { secretKeyRef: name: ${kubectl_manifest.rabbit_user_secret.name} key: password - - name: GITLAB_API_CLIENT_ID + - name: OIDC_RP_CLIENT_ID valueFrom: secretKeyRef: name: ${module.oauth2.secret_client_id_name} key: ${module.oauth2.secret_client_id_key} - - name: GITLAB_API_CLIENT_SECRET + - name: OIDC_RP_CLIENT_SECRET valueFrom: secretKeyRef: name: ${module.oauth2.secret_client_secret_name}