locals { scimgateway-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "scimgateway" }) } resource "kubectl_manifest" "scimgateway_deploy" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.instance}-scimgateway" namespace: "${var.namespace}" labels: ${jsonencode(local.scimgateway-labels)} spec: replicas: 1 selector: matchLabels: ${jsonencode(local.scimgateway-labels)} template: metadata: labels: ${jsonencode(local.scimgateway-labels)} spec: securityContext: fsGroup: 1000 containers: - name: scimgateway securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 image: "${var.images.scimgateway.registry}/${var.images.scimgateway.repository}:${var.images.scimgateway.tag}" imagePullPolicy: "${var.images.scimgateway.pullPolicy}" ports: - name: http containerPort: 8880 protocol: TCP livenessProbe: httpGet: path: /ping port: http scheme: HTTP readinessProbe: httpGet: path: /ping port: http scheme: HTTP resources: {} env: - name: "LOG_LEVEL" value: "info" - name: "PORT" value: "8880" - name: "WILDDUCK_DOMAIN" value: "${var.domain_name}" - name: "WILDDUCK_API" value: "http://${var.instance}-wildduck-api.${var.namespace}.svc" - name: SEED valueFrom: secretKeyRef: name: "${var.instance}" key: scim-seed - name: OID_TOKEN valueFrom: secretKeyRef: name: "${var.instance}" key: authentik - name: WILDDUCK_TOKEN valueFrom: secretKeyRef: name: "${var.instance}" key: access - name: WILDDUCK_INITIAL_PASSWD valueFrom: secretKeyRef: name: "${var.instance}" key: default EOF } resource "kubectl_manifest" "scimgateway_service" { yaml_body = <<-EOF apiVersion: v1 kind: Service metadata: name: "${var.instance}-scimgateway" namespace: "${var.namespace}" labels: ${jsonencode(local.scimgateway-labels)} spec: type: ClusterIP ports: - port: 80 targetPort: http protocol: TCP name: http selector: ${jsonencode(local.scimgateway-labels)} EOF }