domain/share/wildduck/scimgateway.tf

locals {
  scimgateway-labels = merge(local.common_labels, {
    "app.kubernetes.io/component" = "scimgateway"
  })
}

resource "kubectl_manifest" "scimgateway_deploy" {
  yaml_body  = <<-EOF
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: "${var.instance}-scimgateway"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.scimgateway-labels)}
    spec:
      replicas: 1
      selector:
        matchLabels: ${jsonencode(local.scimgateway-labels)}
      template:
        metadata:
          labels: ${jsonencode(local.scimgateway-labels)}
        spec:
          securityContext:
            fsGroup: 1000
          containers:
          - name: scimgateway
            securityContext:
              capabilities:
                drop:
                - ALL
              readOnlyRootFilesystem: true
              runAsNonRoot: true
              runAsUser: 1000
            image: "${var.images.scimgateway.registry}/${var.images.scimgateway.repository}:${var.images.scimgateway.tag}"
            imagePullPolicy: "${var.images.scimgateway.pull_policy}"
            ports:
            - name: http
              containerPort: 8880
              protocol: TCP
            livenessProbe:
              httpGet:
                path: /ping
                port: http
                scheme: HTTP
            readinessProbe:
              httpGet:
                path: /ping
                port: http
                scheme: HTTP
            resources:
              {}
            env:
            - name: "LOG_LEVEL"
              value: "info"
            - name: "PORT"
              value: "8880"
            - name: "WILDDUCK_DOMAIN"
              value: "${var.domain_name}"
            - name: "WILDDUCK_API"
              value: "http://${var.instance}-wildduck-api.${var.namespace}.svc"
            - name: SEED
              valueFrom:
                secretKeyRef:
                  name: "${var.instance}"
                  key: scim-seed
            - name: OID_TOKEN
              valueFrom:
                secretKeyRef:
                  name: "${var.instance}"
                  key: authentik
            - name: WILDDUCK_TOKEN
              valueFrom:
                secretKeyRef:
                  name: "${var.instance}"
                  key: access
            - name: WILDDUCK_INITIAL_PASSWD
              valueFrom:
                secretKeyRef:
                  name: "${var.instance}"
                  key: default
  EOF
}
resource "kubectl_manifest" "scimgateway_service" {
  yaml_body  = <<-EOF
    apiVersion: v1
    kind: Service
    metadata:
      name: "${var.instance}-scimgateway"
      namespace: "${var.namespace}"
      labels: ${jsonencode(local.scimgateway-labels)}
    spec:
      type: ClusterIP
      ports:
      - port: 80
        targetPort: http
        protocol: TCP
        name: http
      selector: ${jsonencode(local.scimgateway-labels)}
  EOF
}