viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

add updates for oauth2 proxy

Browse source
This commit is contained in:
Viktor Barzin 2023-10-21 22:54:45 +00:00
parent ad06021079
commit d6a54fbcbc
No known key found for this signature in database
GPG key ID: 4056458DBDBF8863
6 changed files with 34 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

6
main.tf
View file

@ -32,8 +32,8 @@ variable "drone_github_client_id" {}
variable "drone_github_client_secret" {} variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {} variable "drone_rpc_secret" {}
# variable "dockerhub_password" {} # variable "dockerhub_password" {}
# variable "oauth_client_id" {} variable "oauth2_proxy_client_id" {}
# variable "oauth_client_secret" {} variable "oauth2_proxy_client_secret" {}
variable "url_shortener_mysql_password" {} variable "url_shortener_mysql_password" {}
variable "url_shortener_geolite_license_key" {} variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {} variable "url_shortener_api_key" {}
@ -253,6 +253,8 @@ module "kubernetes_cluster" {
drone_rpc_secret = var.drone_rpc_secret drone_rpc_secret = var.drone_rpc_secret
# Oauth proxy # Oauth proxy
oauth2_proxy_client_id = var.oauth2_proxy_client_id
oauth2_proxy_client_secret = var.oauth2_proxy_client_secret
# oauth_client_id = var.oauth_client_id # oauth_client_id = var.oauth_client_id
# oauth_client_secret = var.oauth_client_secret # oauth_client_secret = var.oauth_client_secret
# depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up # depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up

22
modules/kubernetes/city-guesser/main.tf
View file

@ -170,14 +170,14 @@ resource "kubernetes_ingress_v1" "city-guesser" {
# } # }
module "oauth" { # module "oauth" {
source = "../oauth-proxy" # source = "../oauth-proxy"
# oauth_client_id = "3d8ce4bf7b893899d967" # # oauth_client_id = "3d8ce4bf7b893899d967"
# oauth_client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113" # # oauth_client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
client_id = "3d8ce4bf7b893899d967" # client_id = "3d8ce4bf7b893899d967"
client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113" # client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
namespace = "city-guesser" # namespace = "city-guesser"
host = "city-guesser.viktorbarzin.me" # host = "city-guesser.viktorbarzin.me"
tls_secret_name = var.tls_secret_name # tls_secret_name = var.tls_secret_name
svc_name = "city-guesser-oauth" # svc_name = "city-guesser-oauth"
} # }

19
modules/kubernetes/main.tf
View file

@ -19,9 +19,8 @@ variable "dbaas_root_password" {}
variable "drone_github_client_id" {} variable "drone_github_client_id" {}
variable "drone_github_client_secret" {} variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {} variable "drone_rpc_secret" {}
# variable "dockerhub_password" {} variable "oauth2_proxy_client_id" {}
# variable "oauth_client_id" {} variable "oauth2_proxy_client_secret" {}
# variable "oauth_client_secret" {}
variable "url_shortener_geolite_license_key" {} variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {} variable "url_shortener_api_key" {}
variable "url_shortener_mysql_password" {} variable "url_shortener_mysql_password" {}
@ -167,14 +166,14 @@ module "monitoring" {
depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
} }
# module "oauth" { module "oauth" {
# source = "./oauth-proxy" source = "./oauth-proxy"
# tls_secret_name = var.tls_secret_name tls_secret_name = var.tls_secret_name
# client_id = var.oauth_client_id oauth2_proxy_client_id = var.oauth2_proxy_client_id
# client_secret = var.oauth_client_secret oauth2_proxy_client_secret = var.oauth2_proxy_client_secret
# depends_on = [null_resource.core_services] depends_on = [null_resource.core_services]
# } }
module "openid_help_page" { module "openid_help_page" {
source = "./openid_help_page" source = "./openid_help_page"

12
modules/kubernetes/oauth-proxy/main.tf
View file

@ -11,6 +11,14 @@ variable "tls_secret_name" {
type = string type = string
} }
variable "oauth2_proxy_client_secret" {
type = string
}
variable "oauth2_proxy_client_id" {
type = string
}
module "tls_secret" { module "tls_secret" {
source = "../setup_tls_secret" source = "../setup_tls_secret"
namespace = "oauth2" namespace = "oauth2"
@ -109,11 +117,11 @@ resource "kubernetes_deployment" "oauth2-proxy" {
args = ["--provider=google", "--email-domain=*", "--upstream=file:///dev/null", "--upstream=http://localhost/redirect/", "--http-address=0.0.0.0:4180", "--cookie-domain=.viktorbarzin.me", "--footer=-"] args = ["--provider=google", "--email-domain=*", "--upstream=file:///dev/null", "--upstream=http://localhost/redirect/", "--http-address=0.0.0.0:4180", "--cookie-domain=.viktorbarzin.me", "--footer=-"]
env { env {
name = "OAUTH2_PROXY_CLIENT_ID" name = "OAUTH2_PROXY_CLIENT_ID"
value = "533122798643-rkefmkuegbt218bpkibbdmghb4irlrv5.apps.googleusercontent.com" value = var.oauth2_proxy_client_id
} }
env { env {
name = "OAUTH2_PROXY_CLIENT_SECRET" name = "OAUTH2_PROXY_CLIENT_SECRET"
value = "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" value = var.oauth2_proxy_client_secret
} }
env { env {
name = "OAUTH2_PROXY_COOKIE_SECRET" name = "OAUTH2_PROXY_COOKIE_SECRET"

BIN
terraform.tfstate
View file

Binary file not shown.

BIN
terraform.tfvars
View file

Binary file not shown.