Refacto and add lb

2024-01-24 15:29:36 +01:00
parent 7c343269d6
commit 9b53fa3eac
13 changed files with 168 additions and 69 deletions
--- a/forward/forward.tf
+++ b/forward/forward.tf
@@ -1,8 +1,11 @@
 locals {
  forward_outpost_providers = jsondecode(data.http.get_forward_outpost.response_body).results[0].providers
  forward_outpost_pk        = jsondecode(data.http.get_forward_outpost.response_body).results[0].pk
-  app_name                  = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
-  main_group                = format("app-%s", local.app_name)
+  app_slug                  = "${var.instance}${var.component==""?"":"-"}${var.component}"
+  forward_labels = merge(var.labels, {
+    "app.kubernetes.io/component" = "authentik-forward"
+  })
+  main_group                = format("app-%s", var.app_name)
  external_url              = format("https://%s", var.dns_names[0])
  rules_icons = [for v in var.dns_names : {
    "host" = "${v}"
@@ -24,9 +27,9 @@ resource "kubectl_manifest" "prj_ingress_icon" {
    apiVersion: "networking.k8s.io/v1"
    kind: "Ingress"
    metadata:
-      name: "${var.instance}-icons"
+      name: "${local.app_slug}-icons"
      namespace: "${var.namespace}"
-      labels: ${jsonencode(var.labels)}
+      labels: ${jsonencode(local.forward_labels)}
    spec:
      ingressClassName: "${var.ingress_class}"
      rules: ${jsonencode(local.rules_icons)}
@@ -41,7 +44,7 @@ data "authentik_flow" "default-authorization-flow" {
 }

 resource "authentik_provider_proxy" "prj_forward" {
-  name                  = local.app_name
+  name                  = local.app_slug
  external_host         = local.external_url
  authorization_flow    = data.authentik_flow.default-authorization-flow.id
  mode                  = "forward_single"
@@ -74,9 +77,9 @@ resource "kubectl_manifest" "prj_middleware" {
    apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
-        name: "forward-${local.app_name}"
+        name: "${local.app_slug}-forward"
        namespace: "${var.namespace}"
-        labels: ${jsonencode(var.labels)}
+        labels: ${jsonencode(local.forward_labels)}
    spec:
      forwardAuth:
        address: http://ak-outpost-forward.${var.domain}-auth.svc:9000/outpost.goauthentik.io/auth/traefik