add vpn cli checks

2021-03-24 21:24:27 +00:00 · 2021-03-24 21:24:27 +00:00 · f52f85bf83
commit f52f85bf83
parent aa7e3b6cb6
3 changed files with 21 additions and 3 deletions
--- a/modules/kubernetes/kafka/main.tf
+++ b/modules/kubernetes/kafka/main.tf
@ -1,4 +1,5 @@
 variable "tls_secret_name" {}
+variable "client_certificate_secret_name" {}

 module "tls_secret" {
  source          = "../setup_tls_secret"
@ -109,7 +110,10 @@ resource "kubernetes_ingress" "kafka-ui" {
    name      = "kafka-ui-ingress"
    namespace = "kafka"
    annotations = {
-      "kubernetes.io/ingress.class" = "nginx"
+      "kubernetes.io/ingress.class"                        = "nginx"
+      "nginx.ingress.kubernetes.io/force-ssl-redirect"     = "true"
+      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name
    }
  }

--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -84,8 +84,9 @@ module "hackmd" {
 # }

 module "kafka" {
-  source          = "./kafka"
-  tls_secret_name = var.tls_secret_name
+  source                         = "./kafka"
+  client_certificate_secret_name = var.client_certificate_secret_name
+  tls_secret_name                = var.tls_secret_name
 }

 module "kms" {