Merge pull request #80 from datarevenue-berlin/pt-enable-ambassador-k…

…ratos-custom-values Enable Ambassador and Kratos custom values
datarevenue-berlin · Sep 24, 2021 · 7753695 · 7753695
2 parents 9f5bf64 + 9a69a4b
commit 7753695
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 0.3.0
+
+### Enhancements
+- Allow changing values.yaml for Kratos, Oauthkeeper, and Ambassador using Terraform variables
+- Upgrade Kratos to 0.7
+
 ## 0.2.0
 
 ### Features

diff --git a/main.tf b/main.tf
@@ -5,8 +5,9 @@ resource "kubernetes_namespace" "daskhub_namespace" {
 }
 
 module "dask-jupyterhub" {
-    source    = "./modules/dask-jupyterhub"
-    namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name
+  count = var.install_jupyterhub ? 1 : 0
+  source    = "./modules/dask-jupyterhub"
+  namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name
 }
 
 resource "kubernetes_service_account" "daskhub-sa" {
@@ -195,6 +196,7 @@ module "ambassador" {
   hostname = var.hostname
   tls = var.protocol == "https" ? true : false
   enable_ory_authentication = var.enable_ory_authentication
+  ambassador_chart_values_path = var.ambassador_chart_values_path
 }
 
 
@@ -223,6 +225,7 @@ module "ory" {
   smtp_from_address = var.smtp_from_address
 
   access_rules_path = var.access_rules_path
+  kratos_chart_values_path = var.kratos_chart_values_path
 }
 
 module "k8s_tools" {

diff --git a/modules/ambassador/main.tf b/modules/ambassador/main.tf
@@ -1,3 +1,14 @@
+data "template_file" "ambassador-chart-values"{
+  template = file("%{if var.ambassador_chart_values_path == null}${path.module}/values.yaml%{else}${var.ambassador_chart_values_path}%{ endif }")
+  vars = {
+    tls_certificate_arn = var.tls_certificate_arn,
+    aws = var.aws
+    hostname = var.hostname
+    tls = var.tls
+    enable_ory_authentication = var.enable_ory_authentication
+  }
+}
+
 resource "helm_release" "ambassador" {
   count = var.ambassador_enabled ? 1 : 0
   repository = "https://www.getambassador.io"
@@ -6,13 +17,7 @@ resource "helm_release" "ambassador" {
   version = "6.7.13"
   namespace = var.namespace
 
-  values = [templatefile("${path.module}/values.yaml", {
-    tls_certificate_arn = var.tls_certificate_arn,
-    aws = var.aws
-    hostname = var.hostname
-    tls = var.tls
-    enable_ory_authentication = var.enable_ory_authentication
-  })]
+  values = [data.template_file.ambassador-chart-values.rendered]
   set {
     name = "image.repository"
     value = "docker.io/datawire/ambassador"

diff --git a/modules/ambassador/variables.tf b/modules/ambassador/variables.tf
@@ -28,4 +28,10 @@ variable "hostname" {
 
 variable "enable_ory_authentication" {
   description = "Whether to enable ory_authentication"
+}
+
+variable "ambassador_chart_values_path" {
+  description = "Path to custom values.yaml for Ambassador"
+  type = string
+  default = null
 }
diff --git a/modules/ory/kratos/main.tf b/modules/ory/kratos/main.tf
@@ -1,3 +1,23 @@
+data "template_file" "kratos-chart-values"{
+  template = file("%{if var.kratos_chart_values_path == null}${path.module}/values.yaml%{else}${var.kratos_chart_values_path}%{ endif }")
+  vars = {
+    dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}",
+    app_url = var.app_url,
+    ui_path = local.ui_url,
+    smtp_connection_uri = var.smtp_connection_uri,
+    smtp_from_address = var.smtp_from_address,
+    enable_password_recovery = var.enable_password_recovery,
+    enable_verification = var.enable_verification,
+    oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", {
+      oauth2_providers = var.oauth2_providers
+      provider_paths = local.provider_paths
+      scopes = local.scopes
+    })
+    cookie_secret = var.cookie_secret,
+    cookie_domain = var.cookie_domain
+  }
+}
+
 locals {
   ui_deployment_name = "ory-kratos-ui"
   ui_url = "${var.app_url}/profile"
@@ -31,24 +51,7 @@ resource "helm_release" "ory-kratos" {
   repository = "https://k8s.ory.sh/helm/charts"
   chart = "kratos"
 
-  values = [
-    templatefile("${path.module}/values.yaml", {
-      dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}",
-      app_url = var.app_url,
-      ui_path = local.ui_url,
-      smtp_connection_uri = var.smtp_connection_uri,
-      smtp_from_address = var.smtp_from_address,
-      enable_password_recovery = var.enable_password_recovery,
-      enable_verification = var.enable_verification,
-      oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", {
-        oauth2_providers = var.oauth2_providers
-        provider_paths = local.provider_paths
-        scopes = local.scopes
-      })
-      cookie_secret = var.cookie_secret,
-      cookie_domain = var.cookie_domain
-    })
-  ]
+  values = [data.template_file.kratos-chart-values.rendered]
 }
 
 resource "kubernetes_deployment" "ory-kratos-ui" {
@@ -75,7 +78,7 @@ resource "kubernetes_deployment" "ory-kratos-ui" {
       spec {
         container {
           name = "ory-kratos-ui"
-          image = "oryd/kratos-selfservice-ui-node:v0.6.0-alpha.2"
+          image = "oryd/kratos-selfservice-ui-node:v0.7.6-alpha.1"
           env {
             name = "KRATOS_PUBLIC_URL"
             value = "http://${helm_release.ory-kratos.name}-public.${var.namespace}.svc.cluster.local:80"

diff --git a/modules/ory/kratos/values.yaml b/modules/ory/kratos/values.yaml
@@ -1,7 +1,10 @@
+image:
+  tag: v0.7.6-alpha.1
+
 kratos:
   # autoMigrate is relying on a simple initContainer mechanism
   # Do not turn it on if the replicaCount > 1
-  version: v0.6.3-alpha.1
+  version: v0.7.6-alpha.1
 
   automigrate: true
   development: true

diff --git a/modules/ory/kratos/variables.tf b/modules/ory/kratos/variables.tf
@@ -76,3 +76,9 @@ variable "enable_verification" {
   description = "Bool to set to enable account registration confirmation using emails"
   type = bool
 }
+
+variable "kratos_chart_values_path" {
+  description = "Path to custom values.yaml for Kratos"
+  type = string
+  default = null
+}
diff --git a/modules/ory/main.tf b/modules/ory/main.tf
@@ -23,4 +23,5 @@ module "ory-kratos" {
   smtp_from_address = var.smtp_from_address
 
   app_url = "${var.protocol}://${var.hostname}"
+  kratos_chart_values_path = var.kratos_chart_values_path
 }
diff --git a/modules/ory/variables.tf b/modules/ory/variables.tf
@@ -69,4 +69,10 @@ variable "oauth2_providers" {
 variable "access_rules_path" {
   type = string
   default = null
+}
+
+variable "kratos_chart_values_path" {
+  description = "Path to custom values.yaml for Kratos"
+  type = string
+  default = null
 }
diff --git a/variables.tf b/variables.tf
@@ -197,6 +197,7 @@ variable "seldon_namespace" {
 }
 
 ## Ambassador
+
 variable "ambassador_namespace" {
   default = "ambassador"
 }
@@ -213,6 +214,13 @@ variable "tls_certificate_arn" {
   description = "TLS Certificate ARN"
   default = ""
 }
+
+variable "ambassador_chart_values_path" {
+  description = "Path to custom values.yaml for Ambassador"
+  type = string
+  default = null
+}
+
 ## ORY (authentication module)
 
 variable "enable_ory_authentication" {
@@ -275,6 +283,12 @@ variable "enable_verification" {
   default = false
 }
 
+variable "kratos_chart_values_path" {
+  description = "Path to custom values.yaml for Kratos"
+  type = string
+  default = null
+}
+
 ## Other K8S tools
 
 variable "install_metrics_server" {