Add ak-gatekeeper
This commit is contained in:
74
ak-gatekeeper/outpost.tf
Normal file
74
ak-gatekeeper/outpost.tf
Normal file
@@ -0,0 +1,74 @@
|
||||
locals {
|
||||
request_headers = {
|
||||
"Content-Type" = "application/json"
|
||||
Authorization = "Bearer ${local.authentik_token}"
|
||||
}
|
||||
outposts = jsondecode(data.http.get_proxy_outpost.response_body).results
|
||||
outpost_providers = local.outposts[0].providers
|
||||
outpost_pk = local.outposts[0].pk
|
||||
}
|
||||
|
||||
|
||||
data "http" "get_proxy_outpost" {
|
||||
depends_on = [data.kubernetes_secret_v1.authentik]
|
||||
url = "http://authentik.${var.domain}-auth.svc/api/v3/outposts/instances/?name__iexact=${var.domain}-proxy-outpost"
|
||||
method = "GET"
|
||||
request_headers = var.request_headers
|
||||
lifecycle {
|
||||
postcondition {
|
||||
condition = contains([200], self.status_code)
|
||||
error_message = "Status code invalid"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# resource "restapi_object" "proxy_outpost_binding" {
|
||||
# path = "/outposts/instances/${local.outpost_pk}/"
|
||||
# data = jsonencode({
|
||||
# name = "${var.domain}-proxy-outpost"
|
||||
# providers = contains(local.outpost_providers, authentik_provider_proxy.app_proxy_provider.id) ? local.outpost_providers : concat(local.outpost_providers, [authentik_provider_proxy.app_proxy_provider.id])
|
||||
# })
|
||||
# }
|
||||
|
||||
# data "http" "get_local_sck" {
|
||||
# depends_on = [data.kubernetes_secret_v1.authentik]
|
||||
# url = "http://authentik-authentik.${var.namespace}.svc/api/v3/outposts/service_connections/kubernetes/?local=true"
|
||||
# method = "GET"
|
||||
# request_headers = local.request_headers
|
||||
# lifecycle {
|
||||
# postcondition {
|
||||
# condition = contains([200], self.status_code)
|
||||
# error_message = "Status code invalid"
|
||||
# }
|
||||
# }
|
||||
# }
|
||||
|
||||
# data "kubernetes_ingress_v1" "authentik" {
|
||||
# metadata {
|
||||
# name = "authentik"
|
||||
# namespace = var.namespace
|
||||
# }
|
||||
# }
|
||||
|
||||
# resource "authentik_outpost" "proxy_outpost" {
|
||||
# depends_on = [data.http.get_local_sck, data.kubernetes_ingress_v1.authentik]
|
||||
# name = "${var.domain}-proxy-outpost"
|
||||
# type = "proxy"
|
||||
# service_connection = local.local_sck[0].pk
|
||||
# config = jsonencode({
|
||||
# "log_level" : "info",
|
||||
# "authentik_host" : "http://authentik.${var.namespace}.svc",
|
||||
# "docker_map_ports" : true,
|
||||
# "kubernetes_replicas" : 1,
|
||||
# "kubernetes_namespace" : var.namespace,
|
||||
# "authentik_host_browser" : "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}",
|
||||
# "object_naming_template" : "ak-%(name)s",
|
||||
# "authentik_host_insecure" : false,
|
||||
# "kubernetes_service_type" : "ClusterIP",
|
||||
# "kubernetes_image_pull_secrets" : [],
|
||||
# "kubernetes_disabled_components" : [],
|
||||
# "kubernetes_ingress_annotations" : {},
|
||||
# })
|
||||
# protocol_providers = [authentik_provider_proxy.domain_proxy_provider.id]
|
||||
# }
|
||||
Reference in New Issue
Block a user