diff --git a/CHANGELOG.md b/CHANGELOG.md index d6792ad6..7a1c6fbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.3.0 + +### Enhancements +- Allow changing values.yaml for Kratos, Oauthkeeper, and Ambassador using Terraform variables +- Upgrade Kratos to 0.7 + ## 0.2.0 ### Features diff --git a/main.tf b/main.tf index 9ef7eb14..37dcd4e4 100644 --- a/main.tf +++ b/main.tf @@ -5,8 +5,9 @@ resource "kubernetes_namespace" "daskhub_namespace" { } module "dask-jupyterhub" { - source = "./modules/dask-jupyterhub" - namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name + count = var.install_jupyterhub ? 1 : 0 + source = "./modules/dask-jupyterhub" + namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name } resource "kubernetes_service_account" "daskhub-sa" { @@ -195,6 +196,7 @@ module "ambassador" { hostname = var.hostname tls = var.protocol == "https" ? true : false enable_ory_authentication = var.enable_ory_authentication + ambassador_chart_values_path = var.ambassador_chart_values_path } @@ -223,6 +225,7 @@ module "ory" { smtp_from_address = var.smtp_from_address access_rules_path = var.access_rules_path + kratos_chart_values_path = var.kratos_chart_values_path } module "k8s_tools" { diff --git a/modules/ambassador/main.tf b/modules/ambassador/main.tf index 273bf510..867c5c48 100644 --- a/modules/ambassador/main.tf +++ b/modules/ambassador/main.tf @@ -1,3 +1,14 @@ +data "template_file" "ambassador-chart-values"{ + template = file("%{if var.ambassador_chart_values_path == null}${path.module}/values.yaml%{else}${var.ambassador_chart_values_path}%{ endif }") + vars = { + tls_certificate_arn = var.tls_certificate_arn, + aws = var.aws + hostname = var.hostname + tls = var.tls + enable_ory_authentication = var.enable_ory_authentication + } +} + resource "helm_release" "ambassador" { count = var.ambassador_enabled ? 1 : 0 repository = "https://www.getambassador.io" @@ -6,13 +17,7 @@ resource "helm_release" "ambassador" { version = "6.7.13" namespace = var.namespace - values = [templatefile("${path.module}/values.yaml", { - tls_certificate_arn = var.tls_certificate_arn, - aws = var.aws - hostname = var.hostname - tls = var.tls - enable_ory_authentication = var.enable_ory_authentication - })] + values = [data.template_file.ambassador-chart-values.rendered] set { name = "image.repository" value = "docker.io/datawire/ambassador" diff --git a/modules/ambassador/variables.tf b/modules/ambassador/variables.tf index 14d417e6..ea6ef621 100644 --- a/modules/ambassador/variables.tf +++ b/modules/ambassador/variables.tf @@ -28,4 +28,10 @@ variable "hostname" { variable "enable_ory_authentication" { description = "Whether to enable ory_authentication" +} + +variable "ambassador_chart_values_path" { + description = "Path to custom values.yaml for Ambassador" + type = string + default = null } \ No newline at end of file diff --git a/modules/ory/kratos/main.tf b/modules/ory/kratos/main.tf index bedeac8c..af846071 100644 --- a/modules/ory/kratos/main.tf +++ b/modules/ory/kratos/main.tf @@ -1,3 +1,23 @@ +data "template_file" "kratos-chart-values"{ + template = file("%{if var.kratos_chart_values_path == null}${path.module}/values.yaml%{else}${var.kratos_chart_values_path}%{ endif }") + vars = { + dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}", + app_url = var.app_url, + ui_path = local.ui_url, + smtp_connection_uri = var.smtp_connection_uri, + smtp_from_address = var.smtp_from_address, + enable_password_recovery = var.enable_password_recovery, + enable_verification = var.enable_verification, + oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", { + oauth2_providers = var.oauth2_providers + provider_paths = local.provider_paths + scopes = local.scopes + }) + cookie_secret = var.cookie_secret, + cookie_domain = var.cookie_domain + } +} + locals { ui_deployment_name = "ory-kratos-ui" ui_url = "${var.app_url}/profile" @@ -31,24 +51,7 @@ resource "helm_release" "ory-kratos" { repository = "https://k8s.ory.sh/helm/charts" chart = "kratos" - values = [ - templatefile("${path.module}/values.yaml", { - dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}", - app_url = var.app_url, - ui_path = local.ui_url, - smtp_connection_uri = var.smtp_connection_uri, - smtp_from_address = var.smtp_from_address, - enable_password_recovery = var.enable_password_recovery, - enable_verification = var.enable_verification, - oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", { - oauth2_providers = var.oauth2_providers - provider_paths = local.provider_paths - scopes = local.scopes - }) - cookie_secret = var.cookie_secret, - cookie_domain = var.cookie_domain - }) - ] + values = [data.template_file.kratos-chart-values.rendered] } resource "kubernetes_deployment" "ory-kratos-ui" { @@ -75,7 +78,7 @@ resource "kubernetes_deployment" "ory-kratos-ui" { spec { container { name = "ory-kratos-ui" - image = "oryd/kratos-selfservice-ui-node:v0.6.0-alpha.2" + image = "oryd/kratos-selfservice-ui-node:v0.7.6-alpha.1" env { name = "KRATOS_PUBLIC_URL" value = "http://${helm_release.ory-kratos.name}-public.${var.namespace}.svc.cluster.local:80" diff --git a/modules/ory/kratos/values.yaml b/modules/ory/kratos/values.yaml index 2233dbbe..da296afb 100644 --- a/modules/ory/kratos/values.yaml +++ b/modules/ory/kratos/values.yaml @@ -1,7 +1,10 @@ +image: + tag: v0.7.6-alpha.1 + kratos: # autoMigrate is relying on a simple initContainer mechanism # Do not turn it on if the replicaCount > 1 - version: v0.6.3-alpha.1 + version: v0.7.6-alpha.1 automigrate: true development: true diff --git a/modules/ory/kratos/variables.tf b/modules/ory/kratos/variables.tf index 27a6ae7d..ce9ffb20 100644 --- a/modules/ory/kratos/variables.tf +++ b/modules/ory/kratos/variables.tf @@ -76,3 +76,9 @@ variable "enable_verification" { description = "Bool to set to enable account registration confirmation using emails" type = bool } + +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null +} diff --git a/modules/ory/main.tf b/modules/ory/main.tf index 7d923b9f..4f2496a8 100644 --- a/modules/ory/main.tf +++ b/modules/ory/main.tf @@ -23,4 +23,5 @@ module "ory-kratos" { smtp_from_address = var.smtp_from_address app_url = "${var.protocol}://${var.hostname}" + kratos_chart_values_path = var.kratos_chart_values_path } \ No newline at end of file diff --git a/modules/ory/variables.tf b/modules/ory/variables.tf index 10cd41fe..65806535 100644 --- a/modules/ory/variables.tf +++ b/modules/ory/variables.tf @@ -69,4 +69,10 @@ variable "oauth2_providers" { variable "access_rules_path" { type = string default = null +} + +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 656b4d80..a136828b 100644 --- a/variables.tf +++ b/variables.tf @@ -197,6 +197,7 @@ variable "seldon_namespace" { } ## Ambassador + variable "ambassador_namespace" { default = "ambassador" } @@ -213,6 +214,13 @@ variable "tls_certificate_arn" { description = "TLS Certificate ARN" default = "" } + +variable "ambassador_chart_values_path" { + description = "Path to custom values.yaml for Ambassador" + type = string + default = null +} + ## ORY (authentication module) variable "enable_ory_authentication" { @@ -275,6 +283,12 @@ variable "enable_verification" { default = false } +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null +} + ## Other K8S tools variable "install_metrics_server" {