91 lines
2.2 KiB
HCL
91 lines
2.2 KiB
HCL
terraform {
|
|
required_providers {
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = "2.31.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "zitadel" {
|
|
count = var.enabled ? 1 : 0
|
|
metadata {
|
|
name = var.namespace
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [metadata]
|
|
}
|
|
}
|
|
|
|
resource "random_password" "zitadel_masterkey" {
|
|
length = 32
|
|
special = true
|
|
}
|
|
|
|
resource "kubernetes_secret" "zitadel" {
|
|
count = var.enabled ? 1 : 0
|
|
metadata {
|
|
name = "zitadel"
|
|
namespace = kubernetes_namespace.zitadel[count.index].metadata[0].name
|
|
}
|
|
data = {
|
|
masterkey = random_password.zitadel_masterkey.result
|
|
}
|
|
}
|
|
|
|
resource "helm_release" "zitadel" {
|
|
count = var.enabled ? 1 : 0
|
|
depends_on = [var.wait_on, kubernetes_secret.zitadel]
|
|
name = "zitadel"
|
|
repository = "https://charts.zitadel.com"
|
|
chart = "zitadel"
|
|
namespace = kubernetes_namespace.zitadel[count.index].metadata[0].name
|
|
version = "8.12.0"
|
|
create_namespace = false
|
|
wait = true
|
|
wait_for_jobs = true
|
|
|
|
values = [
|
|
templatefile("${path.module}/values.yaml.tftpl", {
|
|
service_uri = local.service_uri,
|
|
database = var.database,
|
|
database_username = var.database_username,
|
|
database_password = var.database_password,
|
|
database_root_username = var.database_root_password != null ? var.database_root_username : null,
|
|
database_root_password = var.database_root_password
|
|
display_on_homepage = var.display_on_homepage
|
|
})
|
|
]
|
|
}
|
|
|
|
data "kubernetes_secret" "zitadel_admin" {
|
|
depends_on = [helm_release.zitadel]
|
|
metadata {
|
|
name = "zitadel-admin-sa"
|
|
namespace = var.namespace
|
|
}
|
|
}
|
|
|
|
resource "local_file" "zitadel_jwt_profile_file" {
|
|
content = data.kubernetes_secret.zitadel_admin.data["zitadel-admin-sa.json"]
|
|
filename = format("%s/%s", path.root, "zitadel-admin-sa.json")
|
|
}
|
|
|
|
output "jwt_profile_file" {
|
|
value = local_file.zitadel_jwt_profile_file.filename
|
|
}
|
|
|
|
output "installed" {
|
|
value = true
|
|
depends_on = [helm_release.zitadel, local_file.zitadel_jwt_profile_file]
|
|
}
|
|
|
|
output "server" {
|
|
value = local.service_uri
|
|
}
|
|
|
|
output "uri" {
|
|
value = "https://${local.service_uri}"
|
|
}
|