infrastructure/k8s.tjo.cloud/modules/cluster-components/dashboard.tf

139 lines
3.2 KiB
Terraform
Raw Normal View History

resource "helm_release" "dashboard" {
2024-07-26 21:40:38 +00:00
name = "kubernetes-dashboard"
repository = "https://kubernetes.github.io/dashboard"
chart = "kubernetes-dashboard"
version = "7.5.0"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
atomic = true
cleanup_on_fail = true
set {
name = "kong.enabled"
value = false
}
}
resource "kubernetes_manifest" "dashoard-http-route" {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "HTTPRoute"
metadata = {
name = "dashboard"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
parentRefs = [
{
2024-07-26 21:40:38 +00:00
name = kubernetes_manifest.gateway.object.metadata.name
}
]
hostnames = [
2024-07-20 11:09:30 +00:00
"dashboard.${var.cluster_domain}"
]
rules = [
{
matches = [
{
path : {
value : "/"
type : "PathPrefix"
}
}
]
backendRefs = [
{
name : "kubernetes-dashboard-web"
port : 8000
}
]
},
{
matches = [
{
path : {
value : "/api/v1/login"
type : "PathPrefix"
}
},
{
path : {
value : "/api/v1/csrftoken/login"
type : "PathPrefix"
}
},
{
path : {
value : "/api/v1/me"
type : "PathPrefix"
}
},
]
backendRefs = [
{
name : "kubernetes-dashboard-auth"
port : 8000
}
]
},
{
matches = [
{
path : {
value : "/api"
type : "PathPrefix"
}
}
]
backendRefs = [
{
name : "kubernetes-dashboard-api"
port : 8000
}
]
},
]
}
}
}
resource "kubernetes_secret" "dashboard-oidc" {
metadata {
name = "dashboard-oidc"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
data = {
client-secret = "null"
}
}
resource "kubernetes_manifest" "dashboard-oidc" {
manifest = {
apiVersion = "gateway.envoyproxy.io/v1alpha1"
kind = "SecurityPolicy"
metadata = {
name = "dashboard-oidc"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
targetRef = {
group : "gateway.networking.k8s.io"
kind : "HTTPRoute"
2024-07-19 20:48:07 +00:00
name : kubernetes_manifest.dashoard-http-route.object.metadata.name
}
oidc = {
provider = {
issuer : var.oidc_issuer_url
}
clientID : var.oidc_client_id
clientSecret : {
2024-07-19 20:48:07 +00:00
name : kubernetes_secret.dashboard-oidc.metadata[0].name
}
scopes : ["openid", "email", "profile"]
forwardAccessToken : true
2024-07-20 11:09:30 +00:00
redirectURL : "https://dashboard.${var.cluster_domain}/login"
}
}
}
}