Four-Lights
/
devops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
devops/shuttles/terraform-configure/main.tf

175 lines
4.3 KiB
HCL
Raw Blame History

locals {
tld = "fourlights.dev"
cluster_dns = "venus.${local.tld}"
bridge_dns = "bridge.${local.cluster_dns}"
is_installed = true
node_count = 3
}
resource "kubernetes_manifest" "preserve-host-middleware" {
depends_on = [local.is_installed]
manifest = {
apiVersion = "traefik.io/v1alpha1"
kind = "Middleware"
metadata = {
name = "preserve-host-headers"
namespace = "default" # NOTE: Hardcoded by design
}
spec = {
headers = {
customRequestHeaders = {
"X-Forwarded-Proto" = "https"
"X-Forwarded-Port" = "443"
}
}
}
}
}
resource "kubernetes_manifest" "https-redirect-middleware" {
depends_on = [local.is_installed]
manifest = {
apiVersion = "traefik.io/v1alpha1"
kind = "Middleware"
metadata = {
name = "redirect-to-https"
namespace = "default" # NOTE: Hardcoded by design
}
spec = {
redirectScheme = {
permanent = true
scheme = "https"
}
}
}
}
module "homepage" {
source = "../../infra/modules/homepage"
wait_on = local.is_installed
k8s_config_yaml = local.k8s_config_yaml
server_dns = local.cluster_dns
service_name = "homepage"
service_uri = local.cluster_dns
namespace = "homepage"
}
module "minio" {
source = "../../infra/modules/minio"
wait_on = local.is_installed
k8s_config_yaml = local.k8s_config_yaml
server_dns = local.cluster_dns
service_name = "storage"
namespace = "minio"
admin_server_dns = local.cluster_dns # Restricted admin access, access via bridge
tls = false
admin = true
ingressClass = "traefik"
storageSize = "10Gi"
displayOnHomepage = true
}
module "mongodb" {
source = "../../infra/modules/mongodb"
wait_on = local.is_installed
k8s_config_yaml = local.k8s_config_yaml
namespace = "mongodb"
replicas = local.node_count
}
module "rabbitmq" {
source = "../../infra/modules/rabbitmq"
wait_on = local.is_installed
k8s_config_yaml = local.k8s_config_yaml
server_dns = "local" # Restricted admin access, access via bridge
service_name = "rabbitmq"
namespace = "rabbitmq"
tls = false
admin = true
ingressClass = "traefik"
}
module "postgresql" {
source = "../../infra/modules/postgresql"
namespace = "postgresql"
k8s_config_yaml = local.k8s_config_yaml
username = "bridge"
}
module "zitadel-db" {
source = "../../infra/modules/postgresql/tenant"
wait_on = module.postgresql.installed
name = "zitadel"
root_password = module.postgresql.root_password
k8s_config_yaml = local.k8s_config_yaml
}
module "zitadel" {
source = "../../infra/modules/zitadel"
wait_on = module.zitadel-db.installed
k8s_config_yaml = local.k8s_config_yaml
server_dns = local.cluster_dns
service_name = "zitadel"
namespace = "zitadel"
database_password = module.zitadel-db.password
database_root_password = module.postgresql.root_password
display_on_homepage = true
}
module "zitadel-tenant" {
source = "../../infra/modules/zitadel/tenant"
wait_on = module.zitadel.installed
domain = module.zitadel.server
name = "fourlights"
jwt_profile_file = module.zitadel.jwt_profile_file
}
module "zitadel-idp-google" {
source = "../../infra/modules/zitadel/identity-provider/google"
wait_on = module.zitadel-tenant.installed
domain = module.zitadel.server
jwt_profile_file = module.zitadel.jwt_profile_file
org_id = module.zitadel-tenant.org_id
client_id = "783390190667-0nkts50perpmhott4i7ro1ob5n7koi5i.apps.googleusercontent.com"
client_secret = "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"
options = {
scopes = ["openid", "profile", "email"]
is_auto_creation = true
is_auto_update = true
is_creation_allowed = true
is_linking_allowed = false
auto_linking = "AUTO_LINKING_OPTION_USERNAME"
}
}
// module "zitadel-machine-user" {
// source = "../../infra/modules/zitadel/tenant"
// wait_on = module.zitadel.installed
// k8s_config_yaml = local.k8s_config_yaml
//
// domain = module.zitadel.server
// secret = "zitadel-admin-sa"
// namespace = "zitadel"
// name = "fourlights"
// }
Reference in New Issue View Git Blame Copy Permalink