fix
This commit is contained in:
@@ -20,35 +20,18 @@ resource "kubectl_manifest" "cm_env_back" {
|
|||||||
ENABLE_TELEMETRY: "False"
|
ENABLE_TELEMETRY: "False"
|
||||||
PUBLIC_REGISTER_ENABLED: "True"
|
PUBLIC_REGISTER_ENABLED: "True"
|
||||||
ENABLE_GITHUB_AUTH: "False"
|
ENABLE_GITHUB_AUTH: "False"
|
||||||
ENABLE_GITLAB_AUTH: "True"
|
ENABLE_GITLAB_AUTH: "False"
|
||||||
ENABLE_SLACK: "False"
|
ENABLE_SLACK: "False"
|
||||||
ENABLE_GITHUB_IMPORTER: "False"
|
ENABLE_GITHUB_IMPORTER: "False"
|
||||||
ENABLE_JIRA_IMPORTER: "False"
|
ENABLE_JIRA_IMPORTER: "False"
|
||||||
ENABLE_TRELLO_IMPORTER: "False"
|
ENABLE_TRELLO_IMPORTER: "False"
|
||||||
|
ENABLE_OIDC_AUTH: "True"
|
||||||
OPENID_CONNECT_SCOPES: "openid email profile"
|
OPENID_CONNECT_SCOPES: "openid email profile"
|
||||||
GITLAB_URL: "${module.oauth2.sso_configuration_url}"
|
OIDC_BASE_URL: "${module.oauth2.sso_configuration_url}"
|
||||||
EOF
|
OIDC_OP_JWKS_ENDPOINT:
|
||||||
}
|
OIDC_OP_AUTHORIZATION_ENDPOINT:
|
||||||
|
OIDC_OP_TOKEN_ENDPOINT:
|
||||||
resource "kubectl_manifest" "cm_events" {
|
OIDC_OP_USER_ENDPOINT:
|
||||||
yaml_body = <<-EOF
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: "${var.instance}-${var.component}-events"
|
|
||||||
labels: ${jsonencode(local.common_labels)}
|
|
||||||
namespace: ${var.namespace}
|
|
||||||
data:
|
|
||||||
start.sh: |-
|
|
||||||
#!/bin/sh
|
|
||||||
envsubst < /var/lib/env.template > /taiga-events/.env
|
|
||||||
chown -R taiga:taiga /taiga-events
|
|
||||||
exec su-exec taiga npm run start:production
|
|
||||||
env.template: |-
|
|
||||||
RABBITMQ_URL="amqp://$${RABBITMQ_USER}:$${RABBITMQ_PASS}@$${TAIGA_EVENTS_RABBITMQ_HOST}:5672/taiga"
|
|
||||||
SECRET="$${TAIGA_SECRET_KEY}"
|
|
||||||
WEB_SOCKET_SERVER_PORT=8888
|
|
||||||
APP_PORT=3023
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -75,6 +58,9 @@ resource "kubectl_manifest" "cm_env_front" {
|
|||||||
ENABLE_GITHUB_IMPORTER: "false"
|
ENABLE_GITHUB_IMPORTER: "false"
|
||||||
ENABLE_JIRA_IMPORTER: "false"
|
ENABLE_JIRA_IMPORTER: "false"
|
||||||
ENABLE_TRELLO_IMPORTER: "false"
|
ENABLE_TRELLO_IMPORTER: "false"
|
||||||
|
ENABLE_OIDC_AUTH: "true"
|
||||||
|
OIDC_BUTTON_TEXT: "vynil"
|
||||||
|
OIDC_MOUNT_POINT: "/api/oidc"
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -7,7 +7,6 @@ resource "kubectl_manifest" "Deployment_taiga-events" {
|
|||||||
labels: ${jsonencode(local.event_all_labels)}
|
labels: ${jsonencode(local.event_all_labels)}
|
||||||
namespace: ${var.namespace}
|
namespace: ${var.namespace}
|
||||||
annotations:
|
annotations:
|
||||||
configmap.reloader.stakater.com/reload: "${kubectl_manifest.cm_events.name}"
|
|
||||||
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name},${kubectl_manifest.rabbit_user_secret.name}"
|
secret.reloader.stakater.com/reload: "${kubectl_manifest.secret.name},${kubectl_manifest.rabbit_user_secret.name}"
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
@@ -71,18 +70,6 @@ resource "kubectl_manifest" "Deployment_taiga-events" {
|
|||||||
runAsUser: 99
|
runAsUser: 99
|
||||||
seccompProfile:
|
seccompProfile:
|
||||||
type: RuntimeDefault
|
type: RuntimeDefault
|
||||||
volumeMounts:
|
|
||||||
- name: files
|
|
||||||
mountPath: /var/lib/env.template
|
|
||||||
subPath: env.template
|
|
||||||
volumes:
|
|
||||||
- name: files
|
|
||||||
configMap:
|
|
||||||
name: ${kubectl_manifest.cm_events.name}
|
|
||||||
defaultMode: 0644
|
|
||||||
items:
|
|
||||||
- key: env.template
|
|
||||||
path: env.template
|
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -111,12 +98,6 @@ resource "kubectl_manifest" "Deployment_taiga-front" {
|
|||||||
- name: taiga-front
|
- name: taiga-front
|
||||||
image: "${var.images.front.registry}/${var.images.front.repository}:${var.images.front.tag}"
|
image: "${var.images.front.registry}/${var.images.front.repository}:${var.images.front.tag}"
|
||||||
imagePullPolicy: ${var.images.front.pull_policy}
|
imagePullPolicy: ${var.images.front.pull_policy}
|
||||||
env:
|
|
||||||
- name: GITLAB_CLIENT_ID
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: ${module.oauth2.secret_client_id_name}
|
|
||||||
key: ${module.oauth2.secret_client_id_key}
|
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
name: ${kubectl_manifest.cm_env_front.name}
|
name: ${kubectl_manifest.cm_env_front.name}
|
||||||
@@ -237,12 +218,12 @@ resource "kubectl_manifest" "Deployment_taiga-back" {
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: ${kubectl_manifest.rabbit_user_secret.name}
|
name: ${kubectl_manifest.rabbit_user_secret.name}
|
||||||
key: password
|
key: password
|
||||||
- name: GITLAB_API_CLIENT_ID
|
- name: OIDC_RP_CLIENT_ID
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: ${module.oauth2.secret_client_id_name}
|
name: ${module.oauth2.secret_client_id_name}
|
||||||
key: ${module.oauth2.secret_client_id_key}
|
key: ${module.oauth2.secret_client_id_key}
|
||||||
- name: GITLAB_API_CLIENT_SECRET
|
- name: OIDC_RP_CLIENT_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: ${module.oauth2.secret_client_secret_name}
|
name: ${module.oauth2.secret_client_secret_name}
|
||||||
|
|||||||
Reference in New Issue
Block a user