219 lines
5.5 KiB
HCL
219 lines
5.5 KiB
HCL
locals {
|
|
tld = "fourlights.dev"
|
|
cluster_shortname = "365zon"
|
|
cluster_dns = "${local.cluster_shortname}.${local.tld}"
|
|
node_count = 3
|
|
bridge_dns = "bridge.${local.tld}"
|
|
}
|
|
|
|
module "cluster-init" {
|
|
source = "../../modules/cluster/init-rke2"
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
}
|
|
|
|
module "minio" {
|
|
source = "../../modules/minio"
|
|
wait_on = module.cluster-init.installed
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
server_dns = local.cluster_dns
|
|
service_name = "storage"
|
|
namespace = "minio"
|
|
mode = "distributed"
|
|
replicas = local.node_count
|
|
|
|
admin_server_dns = local.cluster_dns # Restricted admin access, access via bridge
|
|
|
|
tls = false # TLS termination happens on the bridge ingress
|
|
admin = true
|
|
ingressClass = "nginx"
|
|
storageSize = "20Gi"
|
|
}
|
|
|
|
module "mongodb" {
|
|
source = "../../modules/mongodb"
|
|
wait_on = module.cluster-init.installed
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
namespace = "mongodb"
|
|
replicas = local.node_count
|
|
}
|
|
|
|
#module "frontend-minio" {
|
|
# source = "../../modules/minio/overlay"
|
|
# wait_on = module.minio.installed
|
|
#
|
|
# name = "frontend"
|
|
# server = module.minio.minio_server
|
|
# access_key = module.minio.minio_access_key
|
|
# secret_key = module.minio.minio_secret_key
|
|
#}
|
|
|
|
module "rabbitmq" {
|
|
source = "../../modules/rabbitmq"
|
|
wait_on = module.cluster-init.installed
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
server_dns = "local" # Restricted admin access, access via bridge
|
|
|
|
service_name = "rabbitmq"
|
|
namespace = "rabbitmq"
|
|
|
|
tls = false # TLS termination happens on the bridge ingress
|
|
admin = true
|
|
ingressClass = "nginx"
|
|
}
|
|
|
|
|
|
module "postgresql" {
|
|
source = "../../modules/postgresql"
|
|
|
|
namespace = "postgresql"
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
username = "bridge"
|
|
}
|
|
|
|
module "zitadel-db" {
|
|
source = "../../modules/postgresql/tenant"
|
|
wait_on = module.postgresql.installed
|
|
|
|
name = "zitadel"
|
|
root_password = module.postgresql.root_password
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
}
|
|
|
|
module "zitadel" {
|
|
source = "../../modules/zitadel"
|
|
wait_on = module.zitadel-db.installed
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
server_dns = local.cluster_dns
|
|
|
|
service_name = "zitadel"
|
|
namespace = "zitadel"
|
|
|
|
database_password = module.zitadel-db.password
|
|
database_root_password = module.postgresql.root_password
|
|
|
|
display_on_homepage = true
|
|
ingressClass = "nginx"
|
|
}
|
|
|
|
module "zitadel-bootstrap" {
|
|
source = "../../tenants/fourlights/zitadel"
|
|
|
|
domain = module.zitadel.server
|
|
jwt_profile_file = module.zitadel.jwt_profile_file
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
}
|
|
|
|
module "redis" {
|
|
source = "../../modules/redis"
|
|
|
|
namespace = "redis"
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
}
|
|
|
|
module "tenant-365zon" {
|
|
source = "../../tenants/365zon"
|
|
|
|
wait_on = module.minio.installed
|
|
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
org_id = module.zitadel-bootstrap.org_id
|
|
user_id = module.zitadel-bootstrap.user_id
|
|
domain = module.zitadel.server
|
|
jwt_profile_file = module.zitadel.jwt_profile_file
|
|
|
|
minio_access_key = module.minio.minio_access_key
|
|
minio_secret_key = module.minio.minio_secret_key
|
|
minio_server = module.minio.minio_server
|
|
minio_api_uri = module.minio.minio_api_uri
|
|
|
|
mongodb_connection_string = module.mongodb.connection_string
|
|
rabbitmq_connection_string = module.rabbitmq.connection_string
|
|
}
|
|
|
|
module "zitadel-argocd" {
|
|
source = "../../tenants/argocd/zitadel"
|
|
|
|
org_id = module.zitadel-bootstrap.org_id
|
|
user_id = module.zitadel-bootstrap.user_id
|
|
domain = module.zitadel.server
|
|
jwt_profile_file = module.zitadel.jwt_profile_file
|
|
|
|
argocd_service_domain = "argocd.${ local.cluster_dns}"
|
|
}
|
|
|
|
module "argocd" {
|
|
source = "../../modules/argocd"
|
|
wait_on = module.zitadel-argocd.installed
|
|
|
|
namespace = "argocd"
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
redis_db_start_index = 0
|
|
redis_password = module.redis.password
|
|
server_dns = local.cluster_dns
|
|
|
|
oauth_uri = module.zitadel.server
|
|
oauth_client_id = module.zitadel-argocd.client_id
|
|
oauth_client_secret = module.zitadel-argocd.client_secret
|
|
oauth_redirect_uri = "https://${module.zitadel.server}/${module.zitadel-argocd.logoutSuffix}"
|
|
oauth_issuer = "https://${module.zitadel.server}"
|
|
|
|
ingressClass = "nginx"
|
|
}
|
|
|
|
module "monitoring" {
|
|
source = "../../modules/monitoring"
|
|
wait_on = module.argocd.installed
|
|
|
|
namespace = "monitoring"
|
|
k8s_config_yaml = local.k8s_config_yaml
|
|
|
|
server_dns = local.cluster_dns
|
|
ingressClass = "nginx"
|
|
}
|
|
|
|
output "argocd-root-password" {
|
|
value = module.argocd.admin_password
|
|
sensitive = true
|
|
}
|
|
|
|
output "mongodb-connection-string" {
|
|
value = module.mongodb.connection_string
|
|
sensitive = true
|
|
}
|
|
|
|
output "rabbitmq-connection-string" {
|
|
value = module.rabbitmq.connection_string
|
|
sensitive = true
|
|
}
|
|
|
|
output "minio-access-key" {
|
|
value = module.tenant-365zon.minio_access_key
|
|
sensitive = true
|
|
}
|
|
|
|
output "minio-secret-key" {
|
|
value = module.tenant-365zon.minio_secret_key
|
|
sensitive = true
|
|
}
|
|
|
|
output "monitoring" {
|
|
value = module.monitoring.access_instructions
|
|
sensitive = true
|
|
}
|
|
|
|
output "minio-root-access-key" {
|
|
value = module.minio.minio_access_key
|
|
sensitive = true
|
|
}
|
|
|
|
output "minio-root-secret-key" {
|
|
value = module.minio.minio_secret_key
|
|
sensitive = true
|
|
}
|
|
|