142 lines
3.4 KiB
HCL
142 lines
3.4 KiB
HCL
terraform {
|
|
required_providers {
|
|
kubernetes = {
|
|
source = "hashicorp/kubernetes"
|
|
version = "2.31.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "fusionauth" {
|
|
metadata {
|
|
name = var.namespace
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [metadata]
|
|
}
|
|
}
|
|
|
|
data "kubernetes_secret" "bridge-tls" {
|
|
metadata {
|
|
name = "bridge-tls"
|
|
namespace = "cert-manager"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "fusionauth-tls" {
|
|
metadata {
|
|
name = "fusionauth-tls"
|
|
namespace = kubernetes_namespace.fusionauth.metadata[0].name
|
|
}
|
|
|
|
data = data.kubernetes_secret.bridge-tls.data
|
|
type = data.kubernetes_secret.bridge-tls.type
|
|
}
|
|
|
|
resource "kubernetes_secret" "postgresql-auth" {
|
|
metadata {
|
|
name = "postgresql-auth"
|
|
namespace = kubernetes_namespace.fusionauth.metadata[0].name
|
|
}
|
|
|
|
data = {
|
|
password = var.database_password
|
|
}
|
|
}
|
|
|
|
resource "random_password" "api_key" {
|
|
length = 32
|
|
special = false
|
|
}
|
|
|
|
resource "random_password" "admin" {
|
|
length = 32
|
|
special = false
|
|
}
|
|
|
|
resource "random_uuid" "default_tenant_id" {}
|
|
|
|
resource "helm_release" "fusionauth" {
|
|
depends_on = [var.wait_on, kubernetes_secret.postgresql-auth, kubernetes_secret.fusionauth-tls]
|
|
name = "fusionauth"
|
|
repository = "https://fusionauth.github.io/charts"
|
|
chart = "fusionauth"
|
|
namespace = kubernetes_namespace.fusionauth.metadata[0].name
|
|
version = "1.0.10"
|
|
create_namespace = false
|
|
wait = true
|
|
wait_for_jobs = true
|
|
|
|
values = [
|
|
templatefile("${path.module}/values.yaml", {
|
|
service_uri = local.service_uri,
|
|
database = var.database,
|
|
database_username = var.database_username,
|
|
database_root_username = var.database_root_password != null ? var.database_root_username : null,
|
|
|
|
# TODO: Add theme customization, and use as default
|
|
|
|
kickstart_json = jsonencode({
|
|
variables = {
|
|
defaultTenantId = random_uuid.default_tenant_id.result
|
|
adminEmail = "engineering@fourlights.nl"
|
|
adminPassword = random_password.admin.result
|
|
}
|
|
apiKeys = [{ key = random_password.api_key.result, description = "Terraform API Key" }],
|
|
requests = [
|
|
{
|
|
"method" : "POST",
|
|
"url" : "/api/user/registration/00000000-0000-0000-0000-000000000001",
|
|
"body" : {
|
|
"user" : {
|
|
"email" : "#{adminEmail}",
|
|
"firstName" : "Thomas",
|
|
"lastName" : "Rijpstra",
|
|
"password" : "#{adminPassword}",
|
|
"data" : {
|
|
"Company" : "Four Lights",
|
|
"user_type" : "iconclast"
|
|
}
|
|
},
|
|
"registration" : {
|
|
"applicationId" : "#{FUSIONAUTH_APPLICATION_ID}",
|
|
"roles" : [
|
|
"admin"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
],
|
|
})
|
|
})
|
|
]
|
|
}
|
|
|
|
output "installed" {
|
|
value = true
|
|
depends_on = [helm_release.fusionauth]
|
|
}
|
|
|
|
output "api_key" {
|
|
value = random_password.api_key.result
|
|
sensitive = true
|
|
}
|
|
|
|
output "admin_password" {
|
|
value = random_password.admin.result
|
|
sensitive = true
|
|
}
|
|
|
|
output "server" {
|
|
value = local.service_uri
|
|
}
|
|
|
|
output "default_tenant_id" {
|
|
value = random_uuid.default_tenant_id.result
|
|
}
|
|
|
|
output "uri" {
|
|
value = "https://${local.service_uri}"
|
|
}
|