-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathistio-system.tf
54 lines (47 loc) · 1.71 KB
/
istio-system.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
resource "kubernetes_namespace" "istio-system" {
metadata {
annotations = {
name = var.istio-system_namespace
}
labels = {
istio-injection = "disabled"
istio-operator-managed = "Reconcile"
}
name = var.istio-system_namespace
}
}
module "istio" {
source = "git::https://github.com/konpyutaika/terraform-istio.git?ref=1.0.0"
istio_namespace = kubernetes_namespace.istio-system.metadata.0.name
create_istio_namespace = false
istio_operator_namespace = kubernetes_namespace.system.metadata.0.name
create_istio_operator_namespace = false
grafana_subpath = "/admin/grafana"
kiali_path = "/admin/kiali"
tracing_path = "/admin/tracing"
prometheus_path = "/admin/prometheus"
ingress_gateway_annotations = {
// "cloud.google.com/neg" = "\"{\\\"exposed_ports\\\": {\\\"80\\\":{}, \\\"443\\\":{}}}\"",
// "cloud.google.com/load-balancer-type" = "Internal"
}
// ingress_gateway_source_ranges = "192.168.0.0/16,10.0.0.0/8"
// ingress_gateway_selector
// ingress_gateway_ip
// istio_version
depends_on = [kubernetes_namespace.system, module.istio_system_external_dns]
}
module "authservice-oidc" {
source = "git::https://github.com/konpyutaika/terraform-authservice.git?ref=1.0.0"
authservice = {
client_id = var.authservice_client_id
client_secret = var.authservice_client_secret
issuer = var.authservice_issuer
auth_url = ""
redirect_url = "https://console.${var.dns_name}/login/oidc"
userid_claim = "email"
scopes = "profile email"
}
namespace = kubernetes_namespace.istio-system.metadata.0.name
userid_header = "userid"
depends_on = [module.istio]
}