Fix

2023-07-14 12:53:52 +02:00
parent 284dc650c4
commit 4c33e34f45
13 changed files with 204 additions and 128 deletions
--- a/apps/k8s-api/datas.tf
+++ b/apps/k8s-api/datas.tf
@@ -0,0 +1,22 @@
+locals {
+  common-labels = {
+    "vynil.solidite.fr/owner-name" = var.instance
+    "vynil.solidite.fr/owner-namespace" = var.namespace
+    "vynil.solidite.fr/owner-category" = var.category
+    "vynil.solidite.fr/owner-component" = var.component
+    "app.kubernetes.io/managed-by" = "vynil"
+    "app.kubernetes.io/name" = var.component
+    "app.kubernetes.io/instance" = var.instance
+  }
+}
+
+data "kubernetes_secret_v1" "authentik" {
+  metadata {
+    name      = "authentik"
+    namespace = "${var.domain}-auth"
+  }
+}
+
+data "kustomization_overlay" "data" {
+  resources = []
+}
--- a/apps/k8s-api/index.yaml
+++ b/apps/k8s-api/index.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: apps
+metadata:
+  name: k8s-api
+  description: Access to the kubernetes api
+options:
+  sub-domain:
+    default: api
+    examples:
+    - api
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+dependencies:
+- dist: null
+  category: share
+  component: authentik-forward
+providers:
+  kubernetes: true
+  authentik: true
+  kubectl: true
+  postgresql: null
+  restapi: true
+  http: true
--- a/apps/k8s-api/ingress.tf
+++ b/apps/k8s-api/ingress.tf
@@ -0,0 +1,51 @@
+locals {
+    dns-names = ["${var.sub-domain}.${var.domain-name}"]
+    middlewares = []
+    services = [{
+      "kind" = "Service"
+      "name" = "kubernetes"
+      "namespace"  = "default"
+      "port"       = 443
+    }]
+    routes = [ for v in local.dns-names : {
+      "kind"         = "Rule"
+      "match"        = "Host(`${v}`)"
+      "middlewares"  = local.middlewares
+      "services"     = local.services
+    }]
+}
+
+resource "kubectl_manifest" "prj_certificate" {
+  yaml_body  = <<-EOF
+    apiVersion: "cert-manager.io/v1"
+    kind: "Certificate"
+    metadata:
+      name: "${var.instance}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+        secretName: "${var.instance}-cert"
+        dnsNames: ${jsonencode(local.dns-names)}
+        issuerRef:
+          name: "${var.issuer}"
+          kind: "ClusterIssuer"
+          group: "cert-manager.io"
+  EOF
+}
+
+resource "kubectl_manifest" "prj_ingress" {
+  force_conflicts = true
+  yaml_body  = <<-EOF
+    apiVersion: "traefik.containo.us/v1alpha1"
+    kind: "IngressRoute"
+    metadata:
+      name: "${var.instance}"
+      namespace: "${var.namespace}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      entryPoints: ["websecure"]
+      routes: ${jsonencode(local.routes)}
+      tls:
+        secretName: "${var.instance}-cert"
+  EOF
+}