Identity Platform Juju Bundle Terraform Module

This Identity Platform Juju bundle Terraform module aims to deploy the Identity Platform Juju Bundle via Terraform.

Getting started

Prerequisites

Make sure the following software and tools are installed and running in the local environment.

• microk8s (v1.25.0+)
• juju (3.1.0+)
• terraform (v1.5.0+)

Deploy locally with Terraform

First, create Juju models for the Identity Platform and its dependencies:

juju add-model identity-platform
juju add-model core

Dependencies

Deploy the dependencies: traefik, postgresql, openfga, and a certificates charm (e.g. lego or self-signed-certificates). And make sure they provide Juju offers:

# Deploy dependencies
juju deploy traefik-k8s traefik-public --trust --channel latest/stable
juju deploy postgresql-k8s --trust --channel 14/stable
juju deploy openfga-k8s --trust --channel latest/stable
juju deploy self-signed-certificates --trust --channel latest/stable

# Add integrations
juju integrate openfga-k8s postgresql-k8s
juju integrate traefik-public self-signed-certificates:send-ca-cert

# Create the juju offers
juju offer traefik-public:ingress ingress
juju offer traefik-public:traefik-route traefik-route
juju offer postgresql-k8s:database pg-database
juju offer openfga-k8s:openfga openfga
juju offer self-signed-certificates:send-ca-cert send-ca-cert

Because the bundle uses an external identity provider (e.g. Google or Microsoft Entra ID), it needs to provide additional variables for the module to run. More information about the IdP configuration can be found here. Refer to this article to find out how to create a private client in Google.

If you want to deploy Admin UI and Kratos External IdP Integrator on top of the Identity Platform, you need to set enable_kratos_external_idp_integrator and enable_admin_ui to true.

Please create a Terraform variable definition (.tfvars) file in the root directory as follows:

# vars.tfvars
idp_provider_config = {
  client_id           = <client id>
  provider            = <provider name>  # e.g. "google"
  provider_id         = <provider id>
}

idp_provider_credentials = {
  client_secret = <client secret>
}

postgresql_offer_url = "admin/core.postgresql"
ingress_offer_url = "admin/core.ingress"
openfga_offer_url = "admin/core.openfga"
send_ca_certificate_offer_url = "admin/core.send-ca-cert"

enable_kratos_external_idp_integrator = true
enable_admin_ui = true

Run juju find-offers to fetch the offer URLs.

Identity Platform

Run the following commands to deploy the bundle:

terraform init
terraform apply -var-file="./vars.tfvars"

Run juju switch <juju model> to switch to the target Juju model.

# Observe the status of the applications and integrations
juju status --relations

Deploy to the ProdStack 6 Cloud

Please refer to the deployment documentation to learn how to deploy the module to the ProdStack Cloud.

Terraform Module Specifications

Please refer to the module specifications to learn the module specifications.

Security

Please see SECURITY.md for guidelines on reporting security issues.

Contributing

Please refer to the contribution documentation to learn how to contribute to the project.