fix: helm auth and args

Author: jsbroks

examples/basic/main.tf

@@ -10,6 +10,16 @@ provider "google-beta" {
   zone    = var.zone
 }
 
+data "google_client_config" "current" {}
+
+provider "helm" {
+  kubernetes {
+    host                   = "https://${module.ctrlplane.cluster_endpoint}"
+    cluster_ca_certificate = base64decode(module.ctrlplane.cluster_ca_certificate)
+    token                  = data.google_client_config.current.access_token
+  }
+}
+
 module "ctrlplane" {
   source    = "../../"
   namespace = var.namespace

modules/gke/outputs.tf

@@ -1 +1,9 @@
 
+output "cluster_ca_certificate" {
+  value     = google_container_cluster.this.master_auth.0.cluster_ca_certificate
+  sensitive = true
+}
+
+output "cluster_endpoint" {
+  value = google_container_cluster.this.endpoint
+}

modules/gke/variables.tf

@@ -18,3 +18,4 @@ variable "deletion_protection" {
   type        = bool
   default     = true
 }
+

modules/helm_release/main.tf

@@ -2,73 +2,103 @@ resource "helm_release" "this" {
   name       = "ctrlplane"
   chart      = "ctrlplane"
   repository = "https://charts.ctrlplane.dev/"
+  version    = "0.1.13"
 
+  set {
+    name  = "migrations.image.tag"
+    value = "bf077e5"
+  }
+
+
+  set {
+    name  = "webservice.image.tag"
+    value = "72ce135"
+  }
+
+
+  set {
+    name  = "event-worker.image.tag"
+    value = "72ce135"
+  }
+
+
+  set {
+    name  = "job-policy-checker.image.tag"
+    value = "72ce135"
+  }
+
+  set {
+    name  = "global.postgresql.user"
+    value = var.postgres_user
+  }
+
+  set {
+    name  = "global.postgresql.password"
+    value = var.postgres_password
+  }
+
+  set {
+    name  = "global.postgresql.host"
+    value = var.postgres_host
+  }
+
+  set {
+    name  = "global.postgresql.port"
+    value = var.postgres_port
+  }
+
+  set {
+    name  = "global.postgresql.database"
+    value = var.postgres_database
+  }
+
+  set {
+    name  = "global.redis.host"
+    value = var.redis_host
+  }
+
+  set {
+    name  = "global.redis.password"
+    value = var.redis_password
+  }
+
+  set {
+    name  = "global.redis.port"
+    value = var.redis_port
+  }
+
+  set {
+    name  = "ingress.annotations.kubernetes\\.io/ingress\\.class"
+    value = "gce"
+  }
+
+  set {
+    name  = "ingress.annotations.kubernetes\\.io/ingress\\.global-static-ip-name"
+    value = var.global_static_ip_name
+  }
+
+  set {
+    name = "ingress.annotations.ingress\\.gcp\\.kubernetes\\.io/pre-shared-cert"
+    value = var.pre_shared_cert
+  }
+
+  # set {
+  #   name  = "ingress.annotations.kubernetes\\.io/ingress\\.allow-http"
+  #   value = "true " # idk how to make this a string not a booleaning
+  # }
+
+  set {
+    name  = "webservice.annotations.iam\\.gke\\.io/gcp-service-account"
+    value = var.service_account_email
+  }
+
+  set {
+    name  = "job-policy-checker.annotations.iam\\.gke\\.io/gcp-service-account"
+    value = var.service_account_email
+  }
 
   set {
-    name = "global"
-    value = yamlencode({
-      "postgres" = {
-        "user"     = var.postgres_user
-        "password" = var.postgres_password
-        "host"     = var.postgres_host
-        "port"     = var.postgres_port
-        "database" = var.postgres_database
-      }
-
-      "reds" = {
-        "host"     = var.redis_host
-        "port"     = var.redis_port
-        "password" = var.redis_password
-      }
-    })
-  }
-
-  set {
-    name = "ingress"
-    value = yamlencode({
-      "enabled" = true
-      "annotations" = {
-        "kubernetes.io/ingress.class"                 = "gce"
-        "kubernetes.io/ingress.global-static-ip-name" = var.global_static_ip_name
-        "ingress.gcp.kubernetes.io/pre-shared-cert"   = var.pre_shared_cert
-        "kubernetes.io/ingress.allow-http"            = "false"
-      }
-    })
-  }
-
-  set {
-    name = "webservice"
-    value = yamlencode({
-      "serviceAccount" = {
-        "create" = true
-        "annotations" = {
-          "iam.gke.io/gcp-service-account" = var.service_account_email
-        }
-      }
-    })
-  }
-
-  set {
-    name = "job-policy-checker"
-    value = yamlencode({
-      "serviceAccount" = {
-        "create" = true
-        "annotations" = {
-          "iam.gke.io/gcp-service-account" = var.service_account_email
-        }
-      }
-    })
-  }
-
-  set {
-    name = "migrations"
-    value = yamlencode({
-      "serviceAccount" = {
-        "create" = true
-        "annotations" = {
-          "iam.gke.io/gcp-service-account" = var.service_account_email
-        }
-      }
-    })
+    name  = "migrations.annotations.iam\\.gke\\.io/gcp-service-account"
+    value = var.service_account_email
   }
 }

outputs.tf

@@ -32,3 +32,17 @@ output "redis_port" {
   value       = module.redis.redis_port
   description = "The port of the Redis instance."
 }
+
+output "cluster_ca_certificate" {
+  value     = module.gke.cluster_ca_certificate
+  sensitive = true
+}
+
+output "cluster_endpoint" {
+  value     = module.gke.cluster_endpoint
+  sensitive = true
+}
+
+output "ip" {
+  value = google_compute_global_address.this.address
+}

variables.tf

@@ -42,5 +42,4 @@ variable "deletion_protection" {
 variable "domains" {
   description = "The domains to use for the SSL certificate."
   type        = list(string)
-
-}
+}