-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.tf
152 lines (145 loc) · 3.87 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
resource random_string konga_name {
count = var.name == "" ? 1 : 0
length = 8
special = false
upper = false
}
resource random_string token_secret {
length = 28
special = false
}
resource random_string default_password {
length = 28
special = false
}
resource kubernetes_secret node_data {
metadata {
name = "kong-node-data"
namespace = var.namespace
}
data = {
"node-data" = <<EOF
module.exports = ${jsonencode(var.kong_endpoints)}
EOF
}
}
resource kubernetes_secret user_data {
metadata {
name = "kong-user-data"
namespace = var.namespace
}
data = {
"user-data" = <<EOF
module.exports = ${jsonencode(local.user-default)}
EOF
}
}
resource helm_release konga {
name = local.name
atomic = true
repository = var.chart_repository
chart = var.chart_name
recreate_pods = var.recreate_pods
namespace = var.namespace
set_sensitive {
name = "config.db_password"
value = var.db_pass
}
set_sensitive {
name = "ldap.bind_pass"
value = var.ldap_bind_pass
}
dynamic "set" {
for_each = var.chart_extra_set_configs
content {
name = set.value["name"]
value = set.value["value"]
}
}
values = [
yamlencode(
{
image = {
repository = local.konga_image
tag = var.konga_tag
pullSecrets = var.reg_cred
}
config = {
db_adapter = "postgres"
db_database = var.db_name
db_host = var.db_host
db_port = var.db_port
db_user = var.db_user
konga_node_data = "/etc/kong-data/kong-node.data"
konga_user_data = "/etc/kong-user-data/kong-user.data"
node_env = "production"
token_secret = random_string.token_secret.result
}
ingress = {
enabled = var.enable_ingress
annotations = var.ingress_annotations
hosts = [
{
host = var.ingress_host
paths = [var.ingress_path]
}
]
}
ldap = {
auth_provider = var.enable_ldap ? "ldap" : "local"
host = var.ldap_host
bind_dn = var.ldap_bind_dn
user_search_base = var.ldap_user_search_base
user_search_filter = var.ldap_user_search_filter
user_attrs = var.ldap_user_attrs
group_search_base = var.ldap_group_search_base
group_search_filter = var.ldap_group_search_filter
group_attrs = var.ldap_group_attrs
group_reg = var.ldap_group_reg
attr_username = var.ldap_attr_username
attr_firstname = var.ldap_attr_firstname
attr_lastname = var.ldap_attr_lastname
attr_email = var.ldap_attr_email
}
extraVolumes = [
{
name = "node-data"
secret = {
secretName = kubernetes_secret.node_data.metadata.0.name
items = [
{
key = "node-data"
path = "kong-node.data"
}
]
}
},
{
name = "user-data"
secret = {
secretName = kubernetes_secret.user_data.metadata.0.name
items = [
{
key = "user-data"
path = "kong-user.data"
}
]
}
}
]
extraVolumeMounts = [
{
name = "node-data"
mountPath = "/etc/kong-data"
},
{
name = "user-data"
mountPath = "/etc/kong-user-data"
}
]
resources = var.resources
runMigrations = true
}
)
]
}