viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drone CI Update TLS Certificates Commit

Browse source
This commit is contained in:
viktorbarzin 2021-09-19 00:03:30 +00:00
parent e61ec8dac9
commit 21dc36946f
3 changed files with 41 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
main.tf
View file

@ -31,8 +31,8 @@ variable "drone_github_client_id" {}
variable "drone_github_client_secret" {} variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {} variable "drone_rpc_secret" {}
# variable "dockerhub_password" {} # variable "dockerhub_password" {}
variable "oauth_client_id" {} # variable "oauth_client_id" {}
variable "oauth_client_secret" {} # variable "oauth_client_secret" {}
variable "url_shortener_mysql_password" {} variable "url_shortener_mysql_password" {}
variable "url_shortener_geolite_license_key" {} variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {} variable "url_shortener_api_key" {}
@ -218,8 +218,8 @@ module "kubernetes_cluster" {
drone_rpc_secret = var.drone_rpc_secret drone_rpc_secret = var.drone_rpc_secret
# Oauth proxy # Oauth proxy
oauth_client_id = var.oauth_client_id # oauth_client_id = var.oauth_client_id
oauth_client_secret = var.oauth_client_secret # oauth_client_secret = var.oauth_client_secret
# depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up # depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up
idrac_username = var.monitoring_idrac_username idrac_username = var.monitoring_idrac_username

24
modules/kubernetes/main.tf
View file

@ -19,8 +19,8 @@ variable "drone_github_client_id" {}
variable "drone_github_client_secret" {} variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {} variable "drone_rpc_secret" {}
# variable "dockerhub_password" {} # variable "dockerhub_password" {}
variable "oauth_client_id" {} # variable "oauth_client_id" {}
variable "oauth_client_secret" {} # variable "oauth_client_secret" {}
variable "url_shortener_geolite_license_key" {} variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {} variable "url_shortener_api_key" {}
variable "url_shortener_mysql_password" {} variable "url_shortener_mysql_password" {}
@ -147,14 +147,14 @@ module "monitoring" {
depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
} }
module "oauth" { # module "oauth" {
source = "./oauth-proxy" # source = "./oauth-proxy"
tls_secret_name = var.tls_secret_name # tls_secret_name = var.tls_secret_name
client_id = var.oauth_client_id # client_id = var.oauth_client_id
client_secret = var.oauth_client_secret # client_secret = var.oauth_client_secret
depends_on = [null_resource.core_services] # depends_on = [null_resource.core_services]
} # }
module "openid_help_page" { module "openid_help_page" {
source = "./openid_help_page" source = "./openid_help_page"
@ -188,6 +188,12 @@ module "reloader" {
source = "./reloader" source = "./reloader"
} }
module "city-guesser" {
source = "./city-guesser"
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "url" { module "url" {
source = "./url-shortener" source = "./url-shortener"
tls_secret_name = var.tls_secret_name tls_secret_name = var.tls_secret_name

44
modules/kubernetes/oauth-proxy/main.tf
View file

@ -1,19 +1,18 @@
variable "tls_secret_name" {} variable "namespace" {
type = string
}
variable "host" {
type = string
}
variable "tls_secret_name" {
type = string
}
variable "svc_name" {
type = string
}
variable "client_id" {} variable "client_id" {}
variable "client_secret" {} variable "client_secret" {}
resource "kubernetes_namespace" "oauth" {
metadata {
name = "oauth"
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "oauth"
tls_secret_name = var.tls_secret_name
}
resource "random_password" "cookie" { resource "random_password" "cookie" {
length = 16 length = 16
special = true special = true
@ -23,7 +22,7 @@ resource "random_password" "cookie" {
resource "kubernetes_deployment" "oauth_proxy" { resource "kubernetes_deployment" "oauth_proxy" {
metadata { metadata {
name = "oauth-proxy" name = "oauth-proxy"
namespace = "oauth" namespace = var.namespace
labels = { labels = {
run = "oauth-proxy" run = "oauth-proxy"
} }
@ -80,8 +79,8 @@ resource "kubernetes_deployment" "oauth_proxy" {
resource "kubernetes_service" "oauth_proxy" { resource "kubernetes_service" "oauth_proxy" {
metadata { metadata {
name = "oauth-proxy" name = var.svc_name
namespace = "oauth" namespace = var.namespace
labels = { labels = {
run = "oauth-proxy" run = "oauth-proxy"
} }
@ -102,24 +101,25 @@ resource "kubernetes_service" "oauth_proxy" {
resource "kubernetes_ingress" "oauth" { resource "kubernetes_ingress" "oauth" {
metadata { metadata {
name = "oauth-ingress" name = "oauth-ingress"
namespace = "oauth" namespace = var.namespace
annotations = { annotations = {
"kubernetes.io/ingress.class" = "nginx" "kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/use-regex" = "true"
} }
} }
spec { spec {
tls { tls {
hosts = ["oauth.viktorbarzin.me"] hosts = [var.host]
secret_name = var.tls_secret_name secret_name = var.tls_secret_name
} }
rule { rule {
host = "oauth.viktorbarzin.me" host = var.host
http { http {
path { path {
path = "/" path = "/oauth2/.*"
backend { backend {
service_name = "oauth-proxy" service_name = var.svc_name
service_port = "80" service_port = "80"
} }
} }