From 6eb84da3eb2a238db5ba5040fb559d2730bbc177 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Wed, 18 Oct 2023 17:58:26 +0200 Subject: [PATCH] fix --- apps/dbgate/application.tf | 18 +-- apps/dbgate/index.yaml | 196 ++++++++++++++--------------- modules/application/application.tf | 2 +- modules/application/outputs.tf | 3 + modules/forward/forward.tf | 9 +- modules/forward/variables.tf | 10 +- 6 files changed, 122 insertions(+), 116 deletions(-) create mode 100644 modules/application/outputs.tf diff --git a/apps/dbgate/application.tf b/apps/dbgate/application.tf index f20598c..2900b7b 100644 --- a/apps/dbgate/application.tf +++ b/apps/dbgate/application.tf @@ -1,10 +1,17 @@ locals { dns-name = "${var.sub-domain}.${var.domain-name}" dns-names = [local.dns-name] + icon = "logo192.png" request_headers = { "Content-Type" = "application/json" Authorization = "Bearer ${data.kubernetes_secret_v1.authentik.data["AUTHENTIK_BOOTSTRAP_TOKEN"]}" } + service = { + "name" = "${var.component}-${var.instance}" + "port" = { + "number" = 80 + } + } } @@ -29,12 +36,7 @@ module "ingress" { labels = local.common-labels dns-names = local.dns-names middlewares = ["${var.instance}-https"] - service = { - "name" = "${var.component}-${var.instance}" - "port" = { - "number" = 80 - } - } + service = local.service providers = { kubectl = kubectl } @@ -47,7 +49,7 @@ module "application" { app-group = var.app-group sub-domain = var.sub-domain domain-name = var.domain-name - icon = "logo192.png" + icon = local.icon protocol_provider = var.use-oauth?module.oauth2.provider-id:module.forward.provider-id providers = { authentik = authentik @@ -79,6 +81,8 @@ module "forward" { ingress-class = var.ingress-class labels = local.common-labels dns-names = local.dns-names + service = local.service + icon = local.icon providers = { restapi = restapi http = http diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index c9acd95..3d64c27 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -6,94 +6,11 @@ metadata: name: dbgate description: null options: - domain-name: - default: your_company.com + use-oauth: + default: false examples: - - your_company.com - type: string - app-group: - default: dev - examples: - - dev - type: string - mongo: - default: [] - examples: - - [] - items: - properties: - dbname: - default: '' - type: string - name: - default: '' - type: string - namespace: - default: '' - type: string - secret: - properties: - key: - default: '' - type: string - name: - default: '' - type: string - type: object - username: - default: '' - type: string - type: object - type: array - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - images: - default: - dbgate: - pullPolicy: IfNotPresent - registry: docker.io - repository: dbgate/dbgate - tag: 5.2.7-alpine - examples: - - dbgate: - pullPolicy: IfNotPresent - registry: docker.io - repository: dbgate/dbgate - tag: 5.2.7-alpine - properties: - dbgate: - default: - pullPolicy: IfNotPresent - registry: docker.io - repository: dbgate/dbgate - tag: 5.2.7-alpine - properties: - pullPolicy: - default: IfNotPresent - enum: - - Always - - Never - - IfNotPresent - type: string - registry: - default: docker.io - type: string - repository: - default: dbgate/dbgate - type: string - tag: - default: 5.2.7-alpine - type: string - type: object - type: object - domain: - default: your-company - examples: - - your-company - type: string + - false + type: boolean storage: default: accessMode: ReadWriteOnce @@ -121,17 +38,7 @@ options: - Block type: string type: object - sub-domain: - default: dbgate - examples: - - dbgate - type: string - use-oauth: - default: false - examples: - - false - type: boolean - pg: + mongo: default: [] examples: - [] @@ -189,11 +96,104 @@ options: type: string type: object type: array + images: + default: + dbgate: + pullPolicy: IfNotPresent + registry: docker.io + repository: dbgate/dbgate + tag: 5.2.7-alpine + examples: + - dbgate: + pullPolicy: IfNotPresent + registry: docker.io + repository: dbgate/dbgate + tag: 5.2.7-alpine + properties: + dbgate: + default: + pullPolicy: IfNotPresent + registry: docker.io + repository: dbgate/dbgate + tag: 5.2.7-alpine + properties: + pullPolicy: + default: IfNotPresent + enum: + - Always + - Never + - IfNotPresent + type: string + registry: + default: docker.io + type: string + repository: + default: dbgate/dbgate + type: string + tag: + default: 5.2.7-alpine + type: string + type: object + type: object ingress-class: default: traefik examples: - traefik type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + app-group: + default: dev + examples: + - dev + type: string + sub-domain: + default: dbgate + examples: + - dbgate + type: string + domain: + default: your-company + examples: + - your-company + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + pg: + default: [] + examples: + - [] + items: + properties: + dbname: + default: '' + type: string + name: + default: '' + type: string + namespace: + default: '' + type: string + secret: + properties: + key: + default: '' + type: string + name: + default: '' + type: string + type: object + username: + default: '' + type: string + type: object + type: array dependencies: - dist: null category: share diff --git a/modules/application/application.tf b/modules/application/application.tf index 6548bb7..09ae832 100644 --- a/modules/application/application.tf +++ b/modules/application/application.tf @@ -13,7 +13,7 @@ resource "authentik_group" "groups" { resource "authentik_group" "subgroup" { count = length(var.sub-groups) name = format("%s-%s", local.app-name, var.sub-groups[count.index]) - parent = authentik_group.prj_users.id + parent = authentik_group.groups.id } resource "authentik_application" "prj_app" { diff --git a/modules/application/outputs.tf b/modules/application/outputs.tf new file mode 100644 index 0000000..f70b80c --- /dev/null +++ b/modules/application/outputs.tf @@ -0,0 +1,3 @@ +output "provider-id" { + value = authentik_provider_proxy.prj_forward.id +} \ No newline at end of file diff --git a/modules/forward/forward.tf b/modules/forward/forward.tf index 3c8423b..f84ac8e 100644 --- a/modules/forward/forward.tf +++ b/modules/forward/forward.tf @@ -9,7 +9,7 @@ locals { "http" = { "paths" = [{ "backend" = { - "service" = local.service + "service" = var.service } "path" = "/${var.icon}" "pathType" = "Prefix" @@ -37,7 +37,6 @@ resource "kubectl_manifest" "prj_ingress_icon" { } data "authentik_flow" "default-authorization-flow" { - depends_on = [authentik_group.prj_users] slug = "default-provider-authorization-implicit-consent" } @@ -48,9 +47,9 @@ resource "authentik_provider_proxy" "prj_forward" { mode = "forward_single" access_token_validity = var.access-token-validity } - - - +data "authentik_group" "vynil-admin" { + name = "vynil-forward-admins" +} resource "authentik_policy_binding" "prj_access_users" { target = authentik_application.prj_application.uuid policy = authentik_policy_expression.policy.id diff --git a/modules/forward/variables.tf b/modules/forward/variables.tf index aeb1756..63b057a 100644 --- a/modules/forward/variables.tf +++ b/modules/forward/variables.tf @@ -4,6 +4,9 @@ variable "component" { variable "instance" { type = string } +variable "icon" { + type = string +} variable "domain" { type = string } @@ -13,12 +16,9 @@ variable "namespace" { variable "ingress-class" { type = string } - - variable "labels" { type = map(string) } - variable "dns-names" { type = list(string) } @@ -26,5 +26,5 @@ variable "access-token-validity" { type = string default = "hours=10" // ;minutes=10 } - - +variable "service" { +}