infrastructure/k8s.tjo.cloud/modules/cluster-components/dashboard.tf
Tine c0254f1bb4
Some checks failed
/ lint (push) Failing after 12m52s
feat: monitoring fixes
2024-07-27 16:08:21 +02:00

138 lines
3.2 KiB
HCL

resource "helm_release" "dashboard" {
name = "kubernetes-dashboard"
repository = "https://kubernetes.github.io/dashboard"
chart = "kubernetes-dashboard"
version = "7.5.0"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
atomic = true
cleanup_on_fail = true
set {
name = "kong.enabled"
value = false
}
}
resource "kubernetes_manifest" "dashoard-http-route" {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "HTTPRoute"
metadata = {
name = "dashboard"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
parentRefs = [
{
name = kubernetes_manifest.gateway.object.metadata.name
}
]
hostnames = [
"dashboard.${var.cluster_domain}"
]
rules = [
{
matches = [
{
path : {
value : "/"
type : "PathPrefix"
}
}
]
backendRefs = [
{
name : "kubernetes-dashboard-web"
port : 8000
}
]
},
{
matches = [
{
path : {
value : "/api/v1/login"
type : "PathPrefix"
}
},
{
path : {
value : "/api/v1/csrftoken/login"
type : "PathPrefix"
}
},
{
path : {
value : "/api/v1/me"
type : "PathPrefix"
}
},
]
backendRefs = [
{
name : "kubernetes-dashboard-auth"
port : 8000
}
]
},
{
matches = [
{
path : {
value : "/api"
type : "PathPrefix"
}
}
]
backendRefs = [
{
name : "kubernetes-dashboard-api"
port : 8000
}
]
},
]
}
}
}
resource "kubernetes_secret" "dashboard-oidc" {
metadata {
name = "dashboard-oidc"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
data = {
client-secret = "null"
}
}
resource "kubernetes_manifest" "dashboard-oidc" {
manifest = {
apiVersion = "gateway.envoyproxy.io/v1alpha1"
kind = "SecurityPolicy"
metadata = {
name = "dashboard-oidc"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
targetRef = {
group : "gateway.networking.k8s.io"
kind : "HTTPRoute"
name : kubernetes_manifest.dashoard-http-route.object.metadata.name
}
oidc = {
provider = {
issuer : var.oidc_issuer_url
}
clientID : var.oidc_client_id
clientSecret : {
name : kubernetes_secret.dashboard-oidc.metadata[0].name
}
scopes : ["openid", "email", "profile"]
forwardAccessToken : true
redirectURL : "https://dashboard.${var.cluster_domain}/login"
}
}
}
}