Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content
Snippets Groups Projects
Commit dbe08748 authored by David Parimucha's avatar David Parimucha
Browse files

Merge branch 'feature-keycloak-tls' into 'main'

Feature keycloak tls

See merge request simpl/Operations/terraform-modules!3
parents 09ba7b81 e33c9ee1
Branches
1 merge request!3Feature keycloak tls
......@@ -15,5 +15,13 @@ resource "ovh_cloud_project_database" "this" {
subnet_id = nodes.value["database-project-nodes-subnet-id"]
}
}
dynamic "ip_restrictions" {
for_each = each.value["custom-ip-restriction"]
content {
description = ip_restrictions.value["database-ip-restriction-description"]
ip = ip_restrictions.value["database-ip-restriction-ip"]
}
}
}
resource "ovh_cloud_project_database_postgresql_user" "this" {
for_each = var.database-postgresql-users
name = each.value["database-postgresql-user-name"]
cluster_id = ovh_cloud_project_database.this[each.value["database-key"]].id
service_name = ovh_cloud_project_database.this[each.value["database-key"]].service_name
roles = each.value["database-postgresql-user-roles"]
depends_on = [ovh_cloud_project_database.this]
}
resource "ovh_cloud_project_database_postgresql_connection_pool" "this" {
for_each = var.database-postgresql-connection-pool
service_name = ovh_cloud_project_database.this[each.value["database-key"]].service_name
cluster_id = ovh_cloud_project_database.this[each.value["database-key"]].id
database_id = ovh_cloud_project_database_database.this[each.value["database-database-key"]].id
user_id = ovh_cloud_project_database_postgresql_user.this[each.value["database-postgresql-user-key"]].id
name = each.value["database-postgresql-connection-pool-name"]
mode = each.value["database-postgresql-connection-pool-mode"]
size = each.value["database-postgresql-connection-pool-size"]
}
resource "ovh_cloud_project_database_database" "this" {
for_each = var.database-database
service_name = ovh_cloud_project_database.this[each.value["database-key"]].service_name
engine = ovh_cloud_project_database.this[each.value["database-key"]].engine
cluster_id = ovh_cloud_project_database.this[each.value["database-key"]].id
name = each.value["database-database-name"]
}
output "database-postgresql-user-password-output" {
value = [for user in ovh_cloud_project_database_postgresql_user.this : user.password]
sensitive = true
depends_on = [ovh_cloud_project_database.this, ovh_cloud_project_database_database.this, ovh_cloud_project_database_postgresql_user.this]
}
output "database-postgresql-user-name-output" {
value = [for user in ovh_cloud_project_database_postgresql_user.this : user.name]
depends_on = [ovh_cloud_project_database.this, ovh_cloud_project_database_database.this, ovh_cloud_project_database_postgresql_user.this]
}
output "database-database-name-output" {
value = [for database in ovh_cloud_project_database_database.this : database.name]
depends_on = [ovh_cloud_project_database.this, ovh_cloud_project_database_database.this, ovh_cloud_project_database_postgresql_user.this]
}
output "database-project-endpoints-domain" {
value = [for database_project in ovh_cloud_project_database.this : database_project.endpoints[0].domain]
}
output "database-project-endpoints-port" {
value = [for database_project in ovh_cloud_project_database.this : database_project.endpoints[0].port]
}
output "database-project-endpoints-scheme" {
value = [for database_project in ovh_cloud_project_database.this : database_project.endpoints[0].scheme]
}
......@@ -7,6 +7,39 @@ variable "database-project" {
database-project-version = string
database-project-plan = string
database-project-flavor = string
custom-ip-restriction = map(object({
database-ip-restriction-description = string
database-ip-restriction-ip = string
}))
}))
}
variable "database-postgresql-connection-pool" {
description = "connection pool for user to connect to database"
type = map(object({
database-key = string
database-database-key = string
database-postgresql-user-key = string
database-postgresql-connection-pool-size = number
database-postgresql-connection-pool-name = string
database-postgresql-connection-pool-mode = string
}))
}
variable "database-database" {
description = "instances of databases in database"
type = map(object({
database-database-name = string
database-key = string
}))
}
variable "database-postgresql-users" {
description = "map of users created in postgresql database"
type = map(object({
database-postgresql-user-name = string
database-postgresql-user-roles = list(string)
database-key = string
}))
}
......@@ -19,18 +52,3 @@ variable "custom-nodes" {
}))
}
# variable "database-project-nodes-region" {
# description = "region for database nodes block"
# type = string
# }
#
# variable "database-project-nodes-network-id" {
# description = "network id for database nodes block"
# type = string
# }
#
# variable "database-project-nodes-subnet-id" {
# description = "subnet id for database nodes block"
# type = string
# }
#
......@@ -8,9 +8,12 @@ resource "helm_release" "this" {
create_namespace = each.value["helm-release-create-namespace"]
values = each.value["helm-release-custom-config-files"]
# [
# file("${path.module}/config/cert-manager-values.yaml"),
# file("${path.module}/config/issuer.yaml"),
# ]
dynamic "set" {
for_each = each.value["custom-sets"]
content {
name = set.value["set-name"]
value = set.value["set-value"]
}
}
}
......@@ -28,5 +28,9 @@ variable "helm-release" {
helm-release-repository = string
helm-release-name = string
helm-release-custom-config-files = list(string)
custom-sets = map(object({
set-name = string
set-value = string
}))
}))
}
......@@ -6,5 +6,6 @@ resource "ovh_cloud_project_kube_nodepool" "this" {
desired_nodes = var.k8s-project-nodepool-desired-nodes
max_nodes = var.k8s-project-nodepool-max-nodes
min_nodes = var.k8s-project-nodepool-min-nodes
autoscale = var.k8s-project-nodepool-autoscale
depends_on = [ovh_cloud_project_kube.this]
}
# Managed Kubenetes Service
variable "k8s-project-nodepool-autoscale" {
description = "switch for autoscale feature"
type = bool
}
variable "k8s-project-nodepool-flavor-name" {
description = "Name for the nodepool flavor"
type = string
......
terraform {
required_version = ">= 1.0"
required_providers {
ovh = {
source = "ovh/ovh"
version = "~>0.40"
}
kubectl = {
source = "gavinbunney/kubectl"
version = "~>1.14.0"
}
}
}
provider "kubectl" {
host = var.kubectl-host
client_certificate = var.kubectl-client-certificate
client_key = var.kubectl-client-key
cluster_ca_certificate = var.kubectl-cluster-ca-certificate
load_config_file = false
}
data "kubectl_path_documents" "this" {
pattern = "${path.module}/${var.kubectl-manifest-config-path}"
}
resource "kubectl_manifest" "this" {
for_each = toset(data.kubectl_path_documents.this.documents)
yaml_body = each.value
}
variable "kubectl-manifest-config-path" {
description = "Path to custom yaml kubernetes config file"
type = string
}
variable "kubectl-host" {
description = "host of k8s cluster"
type = string
}
variable "kubectl-client-certificate" {
description = "k8s cluster client certificate"
type = string
}
variable "kubectl-client-key" {
description = "k8s cluster client key"
type = string
}
variable "kubectl-cluster-ca-certificate" {
description = "k8s cluster ca-certificate"
type = string
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment