-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
constellations-keycloak-app.tf
59 lines (50 loc) · 2.15 KB
/
constellations-keycloak-app.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# The Keycloak ident/auth service for Constellations
#
# See the `README.md` in `wwt-constellations-backend` for some
# guidance about how to initialize the server.
resource "azurerm_linux_web_app" "keycloak" {
name = "${var.prefix}-keycloak"
location = azurerm_resource_group.cx_backend.location
resource_group_name = azurerm_resource_group.cx_backend.name
service_plan_id = azurerm_service_plan.cx_backend.id
app_settings = {
"KC_DB" = "postgres"
"KC_DB_URL" = "jdbc:postgresql://${azurerm_private_dns_a_record.cx_backend_sql.fqdn}/keycloak?sslmode=prefer&sslrootcert=/etc/ssl/certs/ca-bundle.crt"
"KC_DB_USERNAME" = "psqladmin@${azurerm_private_dns_a_record.cx_backend_sql.name}"
"KC_DB_PASSWORD" = var.cxsqlAdminPassword
"KC_HOSTNAME" = "https://${var.tld}/auth"
"KC_HOSTNAME_ADMIN" = "https://${var.tld}/auth"
"KC_HOSTNAME_STRICT" = "false"
"KC_HTTP_ENABLED" = "true"
"KC_HTTP_RELATIVE_PATH" = "/auth"
"KC_PROXY" = "edge" # this is deprecated -- need to figure out how to make KC not want HTTPS cert info
"KC_PROXY_HEADERS" = "xforwarded"
"KEYCLOAK_ADMIN" = "wwtadmin"
"KEYCLOAK_ADMIN_PASSWORD" = var.cxkeycloakAdminPassword
}
https_only = false
site_config {
always_on = true
ftps_state = "Disabled"
vnet_route_all_enabled = true
app_command_line = "start"
application_stack {
docker_image_name = "keycloak/keycloak:25.0.2"
docker_registry_url = "https://quay.io"
}
}
virtual_network_subnet_id = azurerm_subnet.cx_backend_keycloak.id
}
resource "azurerm_subnet" "cx_backend_keycloak" {
name = "${var.prefix}-cxbeKcSubnet"
resource_group_name = azurerm_resource_group.cx_backend.name
virtual_network_name = azurerm_virtual_network.cx_backend.name
address_prefixes = ["10.0.6.0/24"]
delegation {
name = "dlg-appServices"
service_delegation {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}