aws-eks-self-hosted/secrets.tf at main · secoda/aws-eks-self-hosted · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
resource "random_password" "database_password" {
  length  = 16
  special = false
}

resource "random_password" "es_password" {
  length           = 16
  special          = true
  min_lower        = 1
  min_upper        = 1
  min_numeric      = 1
  min_special      = 1
  override_special = "_"
}

resource "tls_private_key" "jwt" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

resource "random_uuid" "secret_key" {}

resource "kubernetes_secret" "secoda" {
  metadata {
    name      = "secoda-dockerhub"
    namespace = kubernetes_namespace.app.metadata.0.name
  }

  type = "kubernetes.io/dockerconfigjson"

  data = {
    ".dockerconfigjson" = jsonencode({
      auths = {
        "${var.docker_server}" = {
          "username" = var.docker_username
          "password" = var.docker_password
          "email"    = var.docker_email
          "auth"     = base64encode("${var.docker_username}:${var.docker_password}")
        }
      }
    })
  }
}

resource "kubernetes_secret" "keycloak_password" {
  metadata {
    name      = "secoda-keycloak-password"
    namespace = kubernetes_namespace.app.metadata.0.name
  }

  type = "Opaque"

  data = {
    DB_PASSWORD       = random_password.database_password.result
    ES_PASSWORD       = random_password.es_password.result
    PRIVATE_KEY       = base64encode(tls_private_key.jwt.private_key_pem)
    PUBLIC_KEY        = base64encode(tls_private_key.jwt.public_key_pem)
    APISERVICE_SECRET = random_uuid.secret_key.result
  }
}