This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 54c2852 added step-ca
54c2852 is described below
commit 54c285216577a513083ab6905233234927d9607c
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Wed Dec 4 16:17:23 2019 +0200
added step-ca
---
.../terraform/gcp/ssn-gke/main/main.tf | 1 +
.../helm_charts/dlab-ui-chart/templates/cert.yaml | 3 +-
.../modules/helm_charts/dlab-ui-chart/values.yaml | 9 ++---
.../ssn-gke/main/modules/helm_charts/dlab-ui.tf | 2 +-
.../main/modules/helm_charts/external-dns.tf | 7 +++-
.../external-dns/templates/externaldns.yaml | 26 +++++++-------
.../modules/helm_charts/external-dns/values.yaml | 4 ++-
.../ssn-gke/main/modules/helm_charts/keycloak.tf | 42 ++--------------------
.../ssn-gke/main/modules/helm_charts/variables.tf | 2 ++
.../terraform/gcp/ssn-gke/main/variables.tf | 4 +++
10 files changed, 37 insertions(+), 63 deletions(-)
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
index b5bec53..c1fe060 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
@@ -74,4 +74,5 @@ module "helm_charts" {
custom_certs_host = var.custom_certs_host
custom_key_path = var.custom_key_path
mysql_disk_size = var.mysql_disk_size
+ domain = var.domain
}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
index 7c62e8f..5762e9a 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/cert.yaml
@@ -35,11 +35,10 @@ spec:
# DNS SAN
dnsNames:
- localhost
- - dlab-ui.k8s-gcp.dlabanalytics.com
+ - {{ .Values.ui.ingress.host }}
# IP Address SAN
ipAddresses:
- "127.0.0.1"
- # - {{ .Values.ui.ingress.host }}
# Duration of the certificate
duration: 24h
# Renew 8 hours before the certificate expiration
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
index 4f62f8b..a75d1ab 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
@@ -41,8 +41,7 @@ ui:
https_port: 443
ingress:
enabled: true
- host: dlab-ui.k8s-gcp.dlabanalytics.com
- # ${ssn_k8s_alb_dns_name}
+ host: ${ssn_k8s_alb_dns_name}
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
@@ -54,10 +53,8 @@ ui:
username: ${mongo_user}
db_name: ${mongo_db_name}
keycloak:
- auth_server_url: https://dlab-ui.k8s-gcp.dlabanalytics.com/auth
- # https://${ssn_k8s_alb_dns_name}/auth
- redirect_uri: https://dlab-ui.k8s-gcp.dlabanalytics.com/
- # https://${ssn_k8s_alb_dns_name}/
+ auth_server_url: https://${ssn_k8s_alb_dns_name}/auth
+ redirect_uri: https://${ssn_k8s_alb_dns_name}/
custom_certs:
enabled: ${custom_certs_enabled}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
index 5dd911a..aef6881 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
@@ -25,7 +25,7 @@ locals {
custom_key_name = local.custom_certs_enabled == "true" ?
reverse(split("/", var.custom_key_path))[0] : "None"
custom_cert = local.custom_certs_enabled == "true" ?
base64encode(file("/tmp/${local.custom_cert_name}")) : "None"
custom_key = local.custom_certs_enabled == "true" ?
base64encode(file("/tmp/${local.custom_key_name}")) : "None"
- ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host :
data.kubernetes_service.nginx_service.load_balancer_ingress.0.ip
+ ui_host = local.custom_certs_enabled == "true" ? var.custom_certs_host :
"${var.service_base_name}-ssn.${var.domain}"
}
data "template_file" "dlab_ui_values" {
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
index 34071d0..8105b5e 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns.tf
@@ -20,7 +20,12 @@
#
******************************************************************************
data "template_file" "external_dns_values" {
- template = file("./modules/helm_charts/external-dns/values.yaml")
+ template = file("./modules/helm_charts/external-dns/values.yaml")
+ vars = {
+ namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
+ project_id = var.project_id
+ domain = var.domain
+ }
}
resource "helm_release" "external_dns" {
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
index dc44629..a52bb2e 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/templates/externaldns.yaml
@@ -24,12 +24,12 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: external-dns
+ name: {{ include "external-dns.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
- name: external-dns
+ name: {{ include "external-dns.fullname" . }}
rules:
- apiGroups: [""]
resources: ["services"]
@@ -47,36 +47,36 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
- name: external-dns-viewer
+ name: {{ include "external-dns.fullname" . }}-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: external-dns
+ name: {{ include "external-dns.fullname" . }}
subjects:
- kind: ServiceAccount
- name: external-dns
- namespace: default
+ name: {{ include "external-dns.fullname" . }}
+ namespace: {{ .Values.namespace }}
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
- name: external-dns
+ name: {{ include "external-dns.fullname" . }}
spec:
strategy:
type: Recreate
template:
metadata:
labels:
- app: external-dns
+ app: {{ include "external-dns.fullname" . }}
spec:
- serviceAccountName: external-dns
+ serviceAccountName: {{ include "external-dns.fullname" . }}
containers:
- - name: external-dns
+ - name: {{ include "external-dns.fullname" . }}
image: registry.opensource.zalan.do/teapot/external-dns:latest
args:
- --source=ingress
- - --domain-filter=k8s-gcp.dlabanalytics.com
+ - --domain-filter={{ .Values.domain }}
- --provider=google
- - --google-project=or2-msq-epmc-dlab-t1iylu
+ - --google-project={{ .Values.project_id }}
- --registry=txt
- - --txt-owner-id=my-identifier
\ No newline at end of file
+ - --txt-owner-id=dlab-kubernetes-cluster
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
index b2591c4..5ed77b1 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/external-dns/values.yaml
@@ -20,4 +20,6 @@
#
******************************************************************************
replicaCount: 1
-
+namespace: ${namespace}
+domain: ${domain}
+project_id: ${project_id}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
index fedf56d..7b8e01d 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
@@ -22,7 +22,7 @@
data "template_file" "configure_keycloak" {
template = file("./modules/helm_charts/files/configure_keycloak.sh")
vars = {
- ssn_k8s_alb_dns_name = "dlab-ui.k8s-gcp.dlabanalytics.com" #
local.ui_host
+ ssn_k8s_alb_dns_name = local.ui_host
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
keycloak_client_secret = random_uuid.keycloak_client_secret.result
@@ -42,7 +42,7 @@ data "template_file" "keycloak_values" {
vars = {
keycloak_user = var.keycloak_user
keycloak_password = random_string.keycloak_password.result
- ssn_k8s_alb_dns_name = "dlab-ui.k8s-gcp.dlabanalytics.com" #
local.ui_host
+ ssn_k8s_alb_dns_name = local.ui_host
configure_keycloak_file = data.template_file.configure_keycloak.rendered
mysql_db_name = var.mysql_db_name
mysql_user = var.mysql_user
@@ -69,40 +69,4 @@ resource "helm_release" "keycloak" {
]
depends_on = [helm_release.keycloak-mysql,
kubernetes_secret.keycloak_password_secret, helm_release.nginx,
helm_release.dlab_ui]
-}
-
-//resource "kubernetes_ingress" "keycloak_ingress" {
-// metadata {
-// name = "keycloak"
-// namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
-// annotations = {
-// "kubernetes.io/ingress.class": "nginx"
-// "nginx.ingress.kubernetes.io/ssl-redirect": "true"
-// "nginx.ingress.kubernetes.io/rewrite-target": "/auth"
-// }
-// }
-//
-// spec {
-// backend {
-// service_name = "${helm_release.keycloak.name}-http"
-// service_port = 80
-// }
-//
-// rule {
-// http {
-// path {
-// backend {
-// service_name = "${helm_release.keycloak.name}-http"
-// service_port = 80
-// }
-//
-// path = "/auth"
-// }
-// }
-// }
-// tls {
-// secret_name = "${helm_release.dlab_ui.name}-tls"
-// }
-// }
-// depends_on = [helm_release.keycloak]
-//}
\ No newline at end of file
+}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
index ab2bc25..3441d1d 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
@@ -81,6 +81,8 @@ variable "custom_certs_host" {}
variable "mysql_disk_size" {}
+variable "domain" {}
+
//variable "nginx_http_port" {
// default = "31080"
// description = "Sets the nodePort that maps to the Ingress' port 80"
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
index a9a0084..9aaa84c 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
@@ -210,3 +210,7 @@ variable "custom_certs_host" {
variable "mysql_disk_size" {
default = "10"
}
+
+variable "domain" {
+ default = ""
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
