Refacto and add lb

saml/saml.tf

@@ -1,3 +1,9 @@
+locals{
+  app_slug = "${var.instance}${var.component==""?"":"-"}${var.component}"
+    saml_labels = merge(var.labels, {
+    "app.kubernetes.io/component" = "authentik-saml"
+  })
+}
 data "authentik_flow" "default-authorization-flow" {
   slug = "default-provider-authorization-implicit-consent"
 }
@@ -30,21 +36,21 @@ resource "kubectl_manifest" "saml_certificate" {
     apiVersion: "cert-manager.io/v1"
     kind: "Certificate"
     metadata:
-      name: "${var.instance}-${var.component}-saml"
+      name: "${local.app_slug}-saml"
       namespace: "${var.namespace}"
-      labels: ${jsonencode(var.labels)}
+      labels: ${jsonencode(local.saml_labels)}
     spec:
-        secretName: "${var.instance}-${var.component}-saml"
+        secretName: "${local.app_slug}-saml"
         dnsNames: ${jsonencode(var.dns_names)}
         issuerRef:
-          name: "self-sign"
+          name: "${var.issuer}"
           kind: "ClusterIssuer"
           group: "cert-manager.io"
   EOF
 }
 
 resource "authentik_provider_saml" "prj" {
-  name                = "${var.component}-${var.instance}-saml"
+  name                = "${local.app_slug}-saml"
   authentication_flow = data.authentik_flow.default-authentication-flow.id
   authorization_flow  = data.authentik_flow.default-authorization-flow.id
   acs_url             = "https://${var.dns_names[0]}/${var.acs_path}"

saml/variables.tf

@@ -4,6 +4,9 @@ variable "component" {
 variable "instance" {
   type        = string
 }
+variable "issuer" {
+  type = string
+}
 variable "dns_names" {
   type        = list(string)
 }