add metabase secured ingress [ci skip]

modules/kubernetes/crowdsec/main.tf

@@ -69,37 +69,37 @@ resource "helm_release" "crowdsec" {
   #   values = [templatefile("${path.module}/rowdsec-ingress-bouncer.yaml", {})]
 }
 
-resource "kubernetes_ingress_v1" "metabase" {
+# resource "kubernetes_ingress_v1" "metabase" {
-  metadata {
+#   metadata {
-    name      = "metabase"
+#     name      = "metabase"
-    namespace = "crowdsec"
+#     namespace = "crowdsec"
-    annotations = {
+#     annotations = {
-      "kubernetes.io/ingress.class" = "nginx"
+#       "kubernetes.io/ingress.class" = "nginx"
-      # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+#       "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
-      # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+#       "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
-    }
+#     }
-  }
+#   }
 
-  spec {
+#   spec {
-    tls {
+#     tls {
-      hosts       = ["metabase.viktorbarzin.me"]
+#       hosts       = ["metabase.viktorbarzin.me"]
-      secret_name = var.tls_secret_name
+#       secret_name = var.tls_secret_name
-    }
+#     }
-    rule {
+#     rule {
-      host = "metabase.viktorbarzin.me"
+#       host = "metabase.viktorbarzin.me"
-      http {
+#       http {
-        path {
+#         path {
-          path = "/"
+#           path = "/"
-          backend {
+#           backend {
-            service {
+#             service {
-              name = "crowdsec-service"
+#               name = "crowdsec-service"
-              port {
+#               port {
-                number = 3000
+#                 number = 3000
-              }
+#               }
-            }
+#             }
-          }
+#           }
-        }
+#         }
-      }
+#       }
-    }
+#     }
-  }
+#   }
-}
+# }

modules/kubernetes/crowdsec/values.yaml

@@ -22,28 +22,17 @@ lapi:
     # As it's a test, we don't want to share signals with CrowdSec, so disable the Online API.
     - name: DISABLE_ONLINE_API
       value: "true"
-  ingress:
-    enabled: true
-    annotations:
-      # we only want http to the backend so we need this annotation
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-    # labels: {}
-    ingressClassName: "nginx"
-    host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com
-    tls:
-      - hosts:
-          - crowdsec.viktorbarzin.me
-        secretName: "tls-secret"
   dashboard:
-    # -- Enable Metabase Dashboard (by default disabled)
     enabled: true
-    annotations:
+    ingress:
-      # metabase only supports http so we need this annotation
+      enabled: true
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      annotations:
-    # labels: {}
+        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-    ingressClassName: "nginx" # nginx
+        nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
-    host: "crowdsec.viktorbarzin.me" # crowdsec-api.example.com
+        nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
-    tls:
+      ingressClassName: "nginx"
-      - hosts:
+      host: "crowdsec.viktorbarzin.me"
-          - crowdsec.viktorbarzin.me
+      tls:
-        secretName: "tls-secret"
+        - hosts:
+            - crowdsec.viktorbarzin.me
+          secretName: "tls-secret"