From 478fa7d718af6176c6a23fcf4d24fc5580ce3846 Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Thu, 16 Sep 2021 09:21:28 -0400 Subject: [PATCH 1/7] pass path variables down to the modules --- main.tf | 2 ++ modules/ambassador/variables.tf | 6 ++++++ modules/ory/kratos/variables.tf | 6 ++++++ modules/ory/main.tf | 1 + modules/ory/variables.tf | 6 ++++++ variables.tf | 14 ++++++++++++++ 6 files changed, 35 insertions(+) diff --git a/main.tf b/main.tf index 9ef7eb14..1c7dd7d5 100644 --- a/main.tf +++ b/main.tf @@ -195,6 +195,8 @@ module "ambassador" { hostname = var.hostname tls = var.protocol == "https" ? true : false enable_ory_authentication = var.enable_ory_authentication + ambassador_chart_values_path = var.ambassador_chart_values_path + kratos_chart_values_path = var.kratos_chart_values_path } diff --git a/modules/ambassador/variables.tf b/modules/ambassador/variables.tf index 14d417e6..ea6ef621 100644 --- a/modules/ambassador/variables.tf +++ b/modules/ambassador/variables.tf @@ -28,4 +28,10 @@ variable "hostname" { variable "enable_ory_authentication" { description = "Whether to enable ory_authentication" +} + +variable "ambassador_chart_values_path" { + description = "Path to custom values.yaml for Ambassador" + type = string + default = null } \ No newline at end of file diff --git a/modules/ory/kratos/variables.tf b/modules/ory/kratos/variables.tf index 27a6ae7d..ce9ffb20 100644 --- a/modules/ory/kratos/variables.tf +++ b/modules/ory/kratos/variables.tf @@ -76,3 +76,9 @@ variable "enable_verification" { description = "Bool to set to enable account registration confirmation using emails" type = bool } + +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null +} diff --git a/modules/ory/main.tf b/modules/ory/main.tf index 7d923b9f..4f2496a8 100644 --- a/modules/ory/main.tf +++ b/modules/ory/main.tf @@ -23,4 +23,5 @@ module "ory-kratos" { smtp_from_address = var.smtp_from_address app_url = "${var.protocol}://${var.hostname}" + kratos_chart_values_path = var.kratos_chart_values_path } \ No newline at end of file diff --git a/modules/ory/variables.tf b/modules/ory/variables.tf index 10cd41fe..65806535 100644 --- a/modules/ory/variables.tf +++ b/modules/ory/variables.tf @@ -69,4 +69,10 @@ variable "oauth2_providers" { variable "access_rules_path" { type = string default = null +} + +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null } \ No newline at end of file diff --git a/variables.tf b/variables.tf index 656b4d80..a136828b 100644 --- a/variables.tf +++ b/variables.tf @@ -197,6 +197,7 @@ variable "seldon_namespace" { } ## Ambassador + variable "ambassador_namespace" { default = "ambassador" } @@ -213,6 +214,13 @@ variable "tls_certificate_arn" { description = "TLS Certificate ARN" default = "" } + +variable "ambassador_chart_values_path" { + description = "Path to custom values.yaml for Ambassador" + type = string + default = null +} + ## ORY (authentication module) variable "enable_ory_authentication" { @@ -275,6 +283,12 @@ variable "enable_verification" { default = false } +variable "kratos_chart_values_path" { + description = "Path to custom values.yaml for Kratos" + type = string + default = null +} + ## Other K8S tools variable "install_metrics_server" { From 6260698a2fe7d748e45b8e6be8ff7ac36a01899d Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Thu, 16 Sep 2021 09:31:00 -0400 Subject: [PATCH 2/7] swap values.yaml if using a custom file --- modules/ambassador/main.tf | 19 ++++++++++++------- modules/ory/kratos/main.tf | 39 ++++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 25 deletions(-) diff --git a/modules/ambassador/main.tf b/modules/ambassador/main.tf index 273bf510..a6b58c9c 100644 --- a/modules/ambassador/main.tf +++ b/modules/ambassador/main.tf @@ -1,3 +1,14 @@ +data "template_file" "ambassador-chart-values"{ + template = file("%{if var.ambassador_chart_values_path == null}${path.module}/values.yaml%{else}${var.ambassador_chart_values_path}%{ endif }") + vars = { + tls_certificate_arn = var.tls_certificate_arn, + aws = var.aws + hostname = var.hostname + tls = var.tls + enable_ory_authentication = var.enable_ory_authentication + } +} + resource "helm_release" "ambassador" { count = var.ambassador_enabled ? 1 : 0 repository = "https://www.getambassador.io" @@ -6,13 +17,7 @@ resource "helm_release" "ambassador" { version = "6.7.13" namespace = var.namespace - values = [templatefile("${path.module}/values.yaml", { - tls_certificate_arn = var.tls_certificate_arn, - aws = var.aws - hostname = var.hostname - tls = var.tls - enable_ory_authentication = var.enable_ory_authentication - })] + values = [data.template_file.ambassador-chart-values] set { name = "image.repository" value = "docker.io/datawire/ambassador" diff --git a/modules/ory/kratos/main.tf b/modules/ory/kratos/main.tf index bedeac8c..7ff48d58 100644 --- a/modules/ory/kratos/main.tf +++ b/modules/ory/kratos/main.tf @@ -1,3 +1,23 @@ +data "template_file" "kratos-chart-values"{ + template = file("%{if var.kratos_chart_values_path == null}${path.module}/values.yaml%{else}${var.kratos_chart_values_path}%{ endif }") + vars = { + dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}", + app_url = var.app_url, + ui_path = local.ui_url, + smtp_connection_uri = var.smtp_connection_uri, + smtp_from_address = var.smtp_from_address, + enable_password_recovery = var.enable_password_recovery, + enable_verification = var.enable_verification, + oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", { + oauth2_providers = var.oauth2_providers + provider_paths = local.provider_paths + scopes = local.scopes + }) + cookie_secret = var.cookie_secret, + cookie_domain = var.cookie_domain + } +} + locals { ui_deployment_name = "ory-kratos-ui" ui_url = "${var.app_url}/profile" @@ -31,24 +51,7 @@ resource "helm_release" "ory-kratos" { repository = "https://k8s.ory.sh/helm/charts" chart = "kratos" - values = [ - templatefile("${path.module}/values.yaml", { - dsn = "postgres://${var.db_username}:${urlencode(var.db_password)}@${module.kratos-postgres.db_host}:5432/${var.database_name}", - app_url = var.app_url, - ui_path = local.ui_url, - smtp_connection_uri = var.smtp_connection_uri, - smtp_from_address = var.smtp_from_address, - enable_password_recovery = var.enable_password_recovery, - enable_verification = var.enable_verification, - oidc_providers_config = templatefile("${path.module}/oidc_providers.yaml.tmpl", { - oauth2_providers = var.oauth2_providers - provider_paths = local.provider_paths - scopes = local.scopes - }) - cookie_secret = var.cookie_secret, - cookie_domain = var.cookie_domain - }) - ] + values = [data.template_file.kratos-chart-values] } resource "kubernetes_deployment" "ory-kratos-ui" { From b133b55c96b7176799e376c3578a6309ef7f4fc0 Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Thu, 16 Sep 2021 11:05:02 -0400 Subject: [PATCH 3/7] fix few errors in using the template_file --- main.tf | 2 +- modules/ambassador/main.tf | 2 +- modules/ory/kratos/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 1c7dd7d5..377931b2 100644 --- a/main.tf +++ b/main.tf @@ -196,7 +196,6 @@ module "ambassador" { tls = var.protocol == "https" ? true : false enable_ory_authentication = var.enable_ory_authentication ambassador_chart_values_path = var.ambassador_chart_values_path - kratos_chart_values_path = var.kratos_chart_values_path } @@ -225,6 +224,7 @@ module "ory" { smtp_from_address = var.smtp_from_address access_rules_path = var.access_rules_path + kratos_chart_values_path = var.kratos_chart_values_path } module "k8s_tools" { diff --git a/modules/ambassador/main.tf b/modules/ambassador/main.tf index a6b58c9c..867c5c48 100644 --- a/modules/ambassador/main.tf +++ b/modules/ambassador/main.tf @@ -17,7 +17,7 @@ resource "helm_release" "ambassador" { version = "6.7.13" namespace = var.namespace - values = [data.template_file.ambassador-chart-values] + values = [data.template_file.ambassador-chart-values.rendered] set { name = "image.repository" value = "docker.io/datawire/ambassador" diff --git a/modules/ory/kratos/main.tf b/modules/ory/kratos/main.tf index 7ff48d58..bab53fb2 100644 --- a/modules/ory/kratos/main.tf +++ b/modules/ory/kratos/main.tf @@ -51,7 +51,7 @@ resource "helm_release" "ory-kratos" { repository = "https://k8s.ory.sh/helm/charts" chart = "kratos" - values = [data.template_file.kratos-chart-values] + values = [data.template_file.kratos-chart-values.rendered] } resource "kubernetes_deployment" "ory-kratos-ui" { From 63521a0be04aff8aba9fac4f2a5504b056c1d8ed Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Thu, 16 Sep 2021 16:41:52 -0400 Subject: [PATCH 4/7] allow disabling daskhub installation --- main.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 377931b2..e5a95c23 100644 --- a/main.tf +++ b/main.tf @@ -1,12 +1,14 @@ resource "kubernetes_namespace" "daskhub_namespace" { + count = var.install_jupyterhub ? 1 : 0 metadata { name = "daskhub" } } module "dask-jupyterhub" { - source = "./modules/dask-jupyterhub" - namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name + count = var.install_jupyterhub ? 1 : 0 + source = "./modules/dask-jupyterhub" + namespace = kubernetes_namespace.daskhub_namespace.metadata[0].name } resource "kubernetes_service_account" "daskhub-sa" { From bdbc2b0451e98a733e38301e9458d7272121778f Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Thu, 16 Sep 2021 16:44:56 -0400 Subject: [PATCH 5/7] allow disabling daskhub installation --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index e5a95c23..37dcd4e4 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,4 @@ resource "kubernetes_namespace" "daskhub_namespace" { - count = var.install_jupyterhub ? 1 : 0 metadata { name = "daskhub" } From 68cca5f1c3e6d020ed4ce0161eaca196fd969c16 Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Fri, 17 Sep 2021 12:22:45 -0400 Subject: [PATCH 6/7] upgrade kratos to 0.7 --- modules/ory/kratos/main.tf | 2 +- modules/ory/kratos/values.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/ory/kratos/main.tf b/modules/ory/kratos/main.tf index bab53fb2..af846071 100644 --- a/modules/ory/kratos/main.tf +++ b/modules/ory/kratos/main.tf @@ -78,7 +78,7 @@ resource "kubernetes_deployment" "ory-kratos-ui" { spec { container { name = "ory-kratos-ui" - image = "oryd/kratos-selfservice-ui-node:v0.6.0-alpha.2" + image = "oryd/kratos-selfservice-ui-node:v0.7.6-alpha.1" env { name = "KRATOS_PUBLIC_URL" value = "http://${helm_release.ory-kratos.name}-public.${var.namespace}.svc.cluster.local:80" diff --git a/modules/ory/kratos/values.yaml b/modules/ory/kratos/values.yaml index 2233dbbe..da296afb 100644 --- a/modules/ory/kratos/values.yaml +++ b/modules/ory/kratos/values.yaml @@ -1,7 +1,10 @@ +image: + tag: v0.7.6-alpha.1 + kratos: # autoMigrate is relying on a simple initContainer mechanism # Do not turn it on if the replicaCount > 1 - version: v0.6.3-alpha.1 + version: v0.7.6-alpha.1 automigrate: true development: true From 9a69a4bec6a016db2846b1b84a0b2bc5a8efe8ba Mon Sep 17 00:00:00 2001 From: Pat Thontirawong Date: Fri, 17 Sep 2021 12:22:55 -0400 Subject: [PATCH 7/7] update changelog for 0.3.0 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d6792ad6..7a1c6fbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.3.0 + +### Enhancements +- Allow changing values.yaml for Kratos, Oauthkeeper, and Ambassador using Terraform variables +- Upgrade Kratos to 0.7 + ## 0.2.0 ### Features