136 lines
3.1 KiB
HCL
136 lines
3.1 KiB
HCL
resource "helm_release" "dashboard" {
|
|
name = "kubernetes-dashboard"
|
|
repository = "https://kubernetes.github.io/dashboard"
|
|
chart = "kubernetes-dashboard"
|
|
version = "7.5.0"
|
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
|
|
|
set {
|
|
name = "kong.enabled"
|
|
value = false
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "dashoard-http-route" {
|
|
manifest = {
|
|
apiVersion = "gateway.networking.k8s.io/v1"
|
|
kind = "HTTPRoute"
|
|
metadata = {
|
|
name = "dashboard"
|
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
|
}
|
|
spec = {
|
|
parentRefs = [
|
|
{
|
|
name : kubernetes_manifest.gateway.object.metadata.name
|
|
}
|
|
]
|
|
hostnames = [
|
|
"dashboard.${var.cluster_domain}"
|
|
]
|
|
rules = [
|
|
{
|
|
matches = [
|
|
{
|
|
path : {
|
|
value : "/"
|
|
type : "PathPrefix"
|
|
}
|
|
}
|
|
]
|
|
backendRefs = [
|
|
{
|
|
name : "kubernetes-dashboard-web"
|
|
port : 8000
|
|
}
|
|
]
|
|
},
|
|
{
|
|
matches = [
|
|
{
|
|
path : {
|
|
value : "/api/v1/login"
|
|
type : "PathPrefix"
|
|
}
|
|
},
|
|
{
|
|
path : {
|
|
value : "/api/v1/csrftoken/login"
|
|
type : "PathPrefix"
|
|
}
|
|
},
|
|
{
|
|
path : {
|
|
value : "/api/v1/me"
|
|
type : "PathPrefix"
|
|
}
|
|
},
|
|
]
|
|
backendRefs = [
|
|
{
|
|
name : "kubernetes-dashboard-auth"
|
|
port : 8000
|
|
}
|
|
]
|
|
},
|
|
{
|
|
matches = [
|
|
{
|
|
path : {
|
|
value : "/api"
|
|
type : "PathPrefix"
|
|
}
|
|
}
|
|
]
|
|
backendRefs = [
|
|
{
|
|
name : "kubernetes-dashboard-api"
|
|
port : 8000
|
|
}
|
|
]
|
|
},
|
|
]
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_secret" "dashboard-oidc" {
|
|
metadata {
|
|
name = "dashboard-oidc"
|
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
|
}
|
|
data = {
|
|
client-secret = "null"
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_manifest" "dashboard-oidc" {
|
|
manifest = {
|
|
apiVersion = "gateway.envoyproxy.io/v1alpha1"
|
|
kind = "SecurityPolicy"
|
|
metadata = {
|
|
name = "dashboard-oidc"
|
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
|
}
|
|
spec = {
|
|
targetRef = {
|
|
group : "gateway.networking.k8s.io"
|
|
kind : "HTTPRoute"
|
|
name : kubernetes_manifest.dashoard-http-route.object.metadata.name
|
|
}
|
|
oidc = {
|
|
provider = {
|
|
issuer : var.oidc_issuer_url
|
|
}
|
|
clientID : var.oidc_client_id
|
|
clientSecret : {
|
|
name : kubernetes_secret.dashboard-oidc.metadata[0].name
|
|
}
|
|
scopes : ["openid", "email", "profile"]
|
|
forwardAccessToken : true
|
|
|
|
redirectURL : "https://dashboard.${var.cluster_domain}/login"
|
|
}
|
|
}
|
|
}
|
|
}
|