diff --git a/main.tf b/main.tf index d5b1e3ce..df3298ab 100644 --- a/main.tf +++ b/main.tf @@ -31,8 +31,8 @@ variable "drone_github_client_id" {} variable "drone_github_client_secret" {} variable "drone_rpc_secret" {} # variable "dockerhub_password" {} -variable "oauth_client_id" {} -variable "oauth_client_secret" {} +# variable "oauth_client_id" {} +# variable "oauth_client_secret" {} variable "url_shortener_mysql_password" {} variable "url_shortener_geolite_license_key" {} variable "url_shortener_api_key" {} @@ -218,8 +218,8 @@ module "kubernetes_cluster" { drone_rpc_secret = var.drone_rpc_secret # Oauth proxy - oauth_client_id = var.oauth_client_id - oauth_client_secret = var.oauth_client_secret + # oauth_client_id = var.oauth_client_id + # oauth_client_secret = var.oauth_client_secret # depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up idrac_username = var.monitoring_idrac_username diff --git a/modules/kubernetes/city-guesser/main.tf b/modules/kubernetes/city-guesser/main.tf new file mode 100644 index 00000000..5a2e1a18 --- /dev/null +++ b/modules/kubernetes/city-guesser/main.tf @@ -0,0 +1,179 @@ +variable "tls_secret_name" {} +# variable "dockerhub_password" {} + +resource "kubernetes_namespace" "city-guesser" { + metadata { + name = "city-guesser" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "city-guesser" + tls_secret_name = var.tls_secret_name +} + +# module "dockerhub_creds" { +# source = "../dockerhub_secret" +# namespace = "website" +# password = var.dockerhub_password +# } + +resource "kubernetes_deployment" "city-guesser" { + metadata { + name = "city-guesser" + namespace = "city-guesser" + labels = { + run = "city-guesser" + } + } + spec { + replicas = 1 + selector { + match_labels = { + run = "city-guesser" + } + } + template { + metadata { + labels = { + run = "city-guesser" + } + } + spec { + container { + image = "viktorbarzin/city-guesser:latest" + name = "city-guesser" + resources { + limits = { + cpu = "0.5" + memory = "512Mi" + } + requests = { + cpu = "250m" + memory = "50Mi" + } + } + port { + container_port = 80 + } + } + } + } + } +} + +resource "kubernetes_service" "city-guesser" { + metadata { + name = "city-guesser" + namespace = "city-guesser" + labels = { + "run" = "city-guesser" + } + } + + spec { + selector = { + run = "city-guesser" + } + port { + name = "http" + port = "80" + target_port = "80" + } + } +} +# resource "kubernetes_service" "city-guesser-oauth" { +# metadata { +# name = "city-guesser-oauth" +# namespace = "city-guesser" +# labels = { +# "run" = "city-guesser-oauth" +# } +# } + +# spec { +# type = "ExternalName" +# external_name = "oauth-proxy.oauth.svc.cluster.local" + +# # port { +# # name = "tcp" +# # port = "80" +# # target_port = "80" +# # } +# } +# } + +resource "kubernetes_ingress" "city-guesser" { + metadata { + name = "city-guesser-ingress" + namespace = "city-guesser" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + # "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth" + # "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri" + # "nginx.ingress.kubernetes.io/auth-response-headers" = "X-Auth-Request-User,X-Auth-Request-Email" + } + } + + spec { + tls { + hosts = ["city-guesser.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "city-guesser.viktorbarzin.me" + http { + path { + path = "/" + backend { + service_name = "city-guesser" + service_port = "80" + } + } + } + } + } +} + +# resource "kubernetes_ingress" "city-guesser-oauth" { +# metadata { +# name = "city-guesser-ingress-oauth" +# namespace = "city-guesser" +# annotations = { +# "kubernetes.io/ingress.class" = "nginx" +# } +# } + +# spec { +# tls { +# hosts = ["city-guesser.viktorbarzin.me"] +# secret_name = var.tls_secret_name +# } +# rule { +# host = "city-guesser.viktorbarzin.me" +# http { +# path { +# path = "/oauth2" +# backend { +# service_name = "city-guesser-oauth" +# service_port = "80" +# } +# } +# } +# } +# } +# } + + +module "oauth" { + source = "../oauth-proxy" + # oauth_client_id = "3d8ce4bf7b893899d967" + # oauth_client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113" + client_id = "3d8ce4bf7b893899d967" + client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113" + namespace = "city-guesser" + host = "city-guesser.viktorbarzin.me" + tls_secret_name = var.tls_secret_name + svc_name = "city-guesser-oauth" +} diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 1c583373..a8cd555b 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -19,8 +19,8 @@ variable "drone_github_client_id" {} variable "drone_github_client_secret" {} variable "drone_rpc_secret" {} # variable "dockerhub_password" {} -variable "oauth_client_id" {} -variable "oauth_client_secret" {} +# variable "oauth_client_id" {} +# variable "oauth_client_secret" {} variable "url_shortener_geolite_license_key" {} variable "url_shortener_api_key" {} variable "url_shortener_mysql_password" {} @@ -147,14 +147,14 @@ module "monitoring" { depends_on = [null_resource.core_services] } -module "oauth" { - source = "./oauth-proxy" - tls_secret_name = var.tls_secret_name - client_id = var.oauth_client_id - client_secret = var.oauth_client_secret +# module "oauth" { +# source = "./oauth-proxy" +# tls_secret_name = var.tls_secret_name +# client_id = var.oauth_client_id +# client_secret = var.oauth_client_secret - depends_on = [null_resource.core_services] -} +# depends_on = [null_resource.core_services] +# } module "openid_help_page" { source = "./openid_help_page" @@ -188,6 +188,12 @@ module "reloader" { source = "./reloader" } +module "city-guesser" { + source = "./city-guesser" + tls_secret_name = var.tls_secret_name + depends_on = [null_resource.core_services] +} + module "url" { source = "./url-shortener" tls_secret_name = var.tls_secret_name diff --git a/modules/kubernetes/oauth-proxy/main.tf b/modules/kubernetes/oauth-proxy/main.tf index fc3145f6..25d25363 100644 --- a/modules/kubernetes/oauth-proxy/main.tf +++ b/modules/kubernetes/oauth-proxy/main.tf @@ -1,19 +1,18 @@ -variable "tls_secret_name" {} +variable "namespace" { + type = string +} +variable "host" { + type = string +} +variable "tls_secret_name" { + type = string +} +variable "svc_name" { + type = string +} variable "client_id" {} variable "client_secret" {} -resource "kubernetes_namespace" "oauth" { - metadata { - name = "oauth" - } -} - -module "tls_secret" { - source = "../setup_tls_secret" - namespace = "oauth" - tls_secret_name = var.tls_secret_name -} - resource "random_password" "cookie" { length = 16 special = true @@ -23,7 +22,7 @@ resource "random_password" "cookie" { resource "kubernetes_deployment" "oauth_proxy" { metadata { name = "oauth-proxy" - namespace = "oauth" + namespace = var.namespace labels = { run = "oauth-proxy" } @@ -80,8 +79,8 @@ resource "kubernetes_deployment" "oauth_proxy" { resource "kubernetes_service" "oauth_proxy" { metadata { - name = "oauth-proxy" - namespace = "oauth" + name = var.svc_name + namespace = var.namespace labels = { run = "oauth-proxy" } @@ -102,24 +101,25 @@ resource "kubernetes_service" "oauth_proxy" { resource "kubernetes_ingress" "oauth" { metadata { name = "oauth-ingress" - namespace = "oauth" + namespace = var.namespace annotations = { - "kubernetes.io/ingress.class" = "nginx" + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/use-regex" = "true" } } spec { tls { - hosts = ["oauth.viktorbarzin.me"] + hosts = [var.host] secret_name = var.tls_secret_name } rule { - host = "oauth.viktorbarzin.me" + host = var.host http { path { - path = "/" + path = "/oauth2/.*" backend { - service_name = "oauth-proxy" + service_name = var.svc_name service_port = "80" } } diff --git a/terraform.tfvars b/terraform.tfvars index b9fdc46d..886bbf07 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ