Refacto and add lb

forward/forward.tf

@@ -1,8 +1,11 @@
 locals {
   forward_outpost_providers = jsondecode(data.http.get_forward_outpost.response_body).results[0].providers
   forward_outpost_pk        = jsondecode(data.http.get_forward_outpost.response_body).results[0].pk
-  app_name                  = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
-  main_group                = format("app-%s", local.app_name)
+  app_slug                  = "${var.instance}${var.component==""?"":"-"}${var.component}"
+  forward_labels = merge(var.labels, {
+    "app.kubernetes.io/component" = "authentik-forward"
+  })
+  main_group                = format("app-%s", var.app_name)
   external_url              = format("https://%s", var.dns_names[0])
   rules_icons = [for v in var.dns_names : {
     "host" = "${v}"
@@ -24,9 +27,9 @@ resource "kubectl_manifest" "prj_ingress_icon" {
     apiVersion: "networking.k8s.io/v1"
     kind: "Ingress"
     metadata:
-      name: "${var.instance}-icons"
+      name: "${local.app_slug}-icons"
       namespace: "${var.namespace}"
-      labels: ${jsonencode(var.labels)}
+      labels: ${jsonencode(local.forward_labels)}
     spec:
       ingressClassName: "${var.ingress_class}"
       rules: ${jsonencode(local.rules_icons)}
@@ -41,7 +44,7 @@ data "authentik_flow" "default-authorization-flow" {
 }
 
 resource "authentik_provider_proxy" "prj_forward" {
-  name                  = local.app_name
+  name                  = local.app_slug
   external_host         = local.external_url
   authorization_flow    = data.authentik_flow.default-authorization-flow.id
   mode                  = "forward_single"
@@ -74,9 +77,9 @@ resource "kubectl_manifest" "prj_middleware" {
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
-        name: "forward-${local.app_name}"
+        name: "${local.app_slug}-forward"
         namespace: "${var.namespace}"
-        labels: ${jsonencode(var.labels)}
+        labels: ${jsonencode(local.forward_labels)}
     spec:
       forwardAuth:
         address: http://ak-outpost-forward.${var.domain}-auth.svc:9000/outpost.goauthentik.io/auth/traefik

forward/outputs.tf

@@ -3,5 +3,9 @@ output "provider-id" {
 }
 
 output "sso_logout" {
-  value = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/o/${var.component}-${var.instance}/end-session/"
+  value = "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/o/${local.app_slug}/end-session/"
 }
+
+output "middleware" {
+  value = "${local.app_slug}-forward"
+}

forward/variables.tf

@@ -1,33 +1,48 @@
 variable "component" {
   type = string
 }
+
 variable "instance" {
   type = string
 }
+
 variable "icon" {
   type = string
 }
+
 variable "domain" {
   type = string
 }
+
 variable "namespace" {
   type = string
 }
+
 variable "ingress_class" {
   type = string
 }
+
 variable "labels" {
   type = map(string)
 }
+
 variable "dns_names" {
   type = list(string)
 }
+
 variable "access_token_validity" {
   type    = string
   default = "hours=10" // ;minutes=10
 }
+
+variable "app_name" {
+  type = string
+  default = ""
+}
+
 variable "service" {
 }
+
 variable "request_headers" {
   type = map(string)
 }