From 711d43f2ae9a513eed9e635e3660412300889877 Mon Sep 17 00:00:00 2001 From: "artem.drozdov" Date: Tue, 13 Aug 2024 12:41:30 +0300 Subject: [PATCH] update --- yonote-chart/values.yaml | 2 +- yonote-keycloak-chart/secret-values.yaml | 7 ++- .../traefik-forward-auth.yaml | 55 +++++++++++++++++++ yonote-keycloak-chart/values.yaml | 23 +++++--- 4 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 yonote-keycloak-chart/traefik-forward-auth.yaml diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index b3bd94d..104466f 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -659,7 +659,7 @@ minio: hostname: 's3.onprem-test.stands.wilix.dev' ingressClassName: traefik path: '/' - pathType: ImplementationSpecific + pathType: Prefix annotations: kubernetes.io/ingress.class: traefik cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev diff --git a/yonote-keycloak-chart/secret-values.yaml b/yonote-keycloak-chart/secret-values.yaml index 548e04f..1811e2c 100644 --- a/yonote-keycloak-chart/secret-values.yaml +++ b/yonote-keycloak-chart/secret-values.yaml @@ -1,6 +1,11 @@ +global: + postgresql: + auth: + password: "tT9BqYdNyd1" + keycloak: secrets: secrets: stringData: KEYCLOAK_ADMIN_PASSWORD: "12345" - KC_DB_PASSWORD: "3fWAxP6ZYp" \ No newline at end of file + KC_DB_PASSWORD: "tT9BqYdNyd1" \ No newline at end of file diff --git a/yonote-keycloak-chart/traefik-forward-auth.yaml b/yonote-keycloak-chart/traefik-forward-auth.yaml new file mode 100644 index 0000000..24bfbbb --- /dev/null +++ b/yonote-keycloak-chart/traefik-forward-auth.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: traefik-forward-auth + namespace: yonote-develop + labels: + app: traefik-forward-auth +spec: + replicas: 1 + selector: + matchLabels: + app: traefik-forward-auth + strategy: + type: Recreate + revisionHistoryLimit: 10 + progressDeadlineSeconds: 600 + template: + metadata: + labels: + app: traefik-forward-auth + spec: + containers: + - name: traefik-forward-auth + image: thomseddon/traefik-forward-auth:2 + ports: + - containerPort: 4181 + protocol: TCP + env: + - name: DOMAIN + value: "wilix.org,wilix.dev" + - name: AUTH_HOST + value: "auth.yonote.develop.wilix.dev" + - name: INSECURE_COOKIE + value: "false" + - name: DEFAULT_PROVIDER + value: "oidc" + - name: PROVIDERS_OIDC_ISSUER_URL + value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth" + - name: PROVIDERS_OIDC_CLIENT_ID + value: "dev-forward-auth-client" + - name: PROVIDERS_OIDC_CLIENT_SECRET + value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X" + - name: SECRET + value: "0987654321" + - name: LOG_LEVEL + value: "debug" + imagePullPolicy: IfNotPresent + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + restartPolicy: Always + terminationGracePeriodSeconds: 60 + dnsPolicy: ClusterFirst + securityContext: {} + schedulerName: default-scheduler \ No newline at end of file diff --git a/yonote-keycloak-chart/values.yaml b/yonote-keycloak-chart/values.yaml index 7725f23..e19aea7 100644 --- a/yonote-keycloak-chart/values.yaml +++ b/yonote-keycloak-chart/values.yaml @@ -24,16 +24,17 @@ keycloak: - /bin/sh - -c - | - "/opt/keycloak/bin/kc.sh" "start" + "/opt/keycloak/bin/kc.sh" "start-dev" configMaps: configs: data: + KEYCLOAK_PROFILE: dev KEYCLOAK_ADMIN: root KC_PROXY: edge KC_HOSTNAME_STRICT: "false" - KC_HOSTNAME_ADMIN: auth.example.com/admin - KC_HOSTNAME: auth.example.com + KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin + KC_HOSTNAME: auth.onprem-test.stands.wilix.dev KC_DB: postgres KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak KC_DB_URL_DATABASE: keycloak @@ -72,11 +73,17 @@ keycloak: ingress: enabled: true - ingressClassName: nginx - pathType: ImplementationSpecific - hostname: auth.example.com - path: / - tls: false + hostname: 'auth.onprem-test.stands.wilix.dev' + ingressClassName: traefik + path: '/' + pathType: Prefix + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + extraTls: + - hosts: + - "auth.onprem-test.stands.wilix.dev" + secretName: "auth.onprem-test.stands.wilix.dev" livenessProbe: enabled: true