From 711d43f2ae9a513eed9e635e3660412300889877 Mon Sep 17 00:00:00 2001
From: "artem.drozdov" <artem.drozdow.work@yandex.ru>
Date: Tue, 13 Aug 2024 12:41:30 +0300
Subject: [PATCH] update

---
 yonote-chart/values.yaml                      |  2 +-
 yonote-keycloak-chart/secret-values.yaml      |  7 ++-
 .../traefik-forward-auth.yaml                 | 55 +++++++++++++++++++
 yonote-keycloak-chart/values.yaml             | 23 +++++---
 4 files changed, 77 insertions(+), 10 deletions(-)
 create mode 100644 yonote-keycloak-chart/traefik-forward-auth.yaml

diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml
index b3bd94d..104466f 100644
--- a/yonote-chart/values.yaml
+++ b/yonote-chart/values.yaml
@@ -659,7 +659,7 @@ minio:
     hostname: 's3.onprem-test.stands.wilix.dev'
     ingressClassName: traefik
     path: '/'
-    pathType: ImplementationSpecific
+    pathType: Prefix
     annotations:
       kubernetes.io/ingress.class: traefik
       cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
diff --git a/yonote-keycloak-chart/secret-values.yaml b/yonote-keycloak-chart/secret-values.yaml
index 548e04f..1811e2c 100644
--- a/yonote-keycloak-chart/secret-values.yaml
+++ b/yonote-keycloak-chart/secret-values.yaml
@@ -1,6 +1,11 @@
+global:
+  postgresql:
+    auth:
+      password: "tT9BqYdNyd1"
+
 keycloak:
   secrets:
     secrets:
       stringData:
         KEYCLOAK_ADMIN_PASSWORD: "12345"
-        KC_DB_PASSWORD: "3fWAxP6ZYp"
\ No newline at end of file
+        KC_DB_PASSWORD: "tT9BqYdNyd1"
\ No newline at end of file
diff --git a/yonote-keycloak-chart/traefik-forward-auth.yaml b/yonote-keycloak-chart/traefik-forward-auth.yaml
new file mode 100644
index 0000000..24bfbbb
--- /dev/null
+++ b/yonote-keycloak-chart/traefik-forward-auth.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-forward-auth
+  namespace: yonote-develop
+  labels:
+    app: traefik-forward-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-forward-auth
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+  template:
+    metadata:
+      labels:
+        app: traefik-forward-auth
+    spec:
+      containers:
+        - name: traefik-forward-auth
+          image: thomseddon/traefik-forward-auth:2
+          ports:
+            - containerPort: 4181
+              protocol: TCP
+          env:
+            - name: DOMAIN
+              value: "wilix.org,wilix.dev"
+            - name: AUTH_HOST
+              value: "auth.yonote.develop.wilix.dev"
+            - name: INSECURE_COOKIE
+              value: "false"
+            - name: DEFAULT_PROVIDER
+              value: "oidc"
+            - name: PROVIDERS_OIDC_ISSUER_URL
+              value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth"
+            - name: PROVIDERS_OIDC_CLIENT_ID
+              value: "dev-forward-auth-client"
+            - name: PROVIDERS_OIDC_CLIENT_SECRET
+              value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X"
+            - name: SECRET
+              value: "0987654321"
+            - name: LOG_LEVEL
+              value: "debug"
+          imagePullPolicy: IfNotPresent
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
\ No newline at end of file
diff --git a/yonote-keycloak-chart/values.yaml b/yonote-keycloak-chart/values.yaml
index 7725f23..e19aea7 100644
--- a/yonote-keycloak-chart/values.yaml
+++ b/yonote-keycloak-chart/values.yaml
@@ -24,16 +24,17 @@ keycloak:
     - /bin/sh
     - -c
     - |
-      "/opt/keycloak/bin/kc.sh" "start"    
+      "/opt/keycloak/bin/kc.sh" "start-dev"    
 
   configMaps:
     configs:
       data:
+        KEYCLOAK_PROFILE: dev
         KEYCLOAK_ADMIN: root
         KC_PROXY: edge
         KC_HOSTNAME_STRICT: "false"
-        KC_HOSTNAME_ADMIN: auth.example.com/admin
-        KC_HOSTNAME: auth.example.com
+        KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin
+        KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
         KC_DB: postgres
         KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
         KC_DB_URL_DATABASE: keycloak
@@ -72,11 +73,17 @@ keycloak:
 
   ingress:
     enabled: true
-    ingressClassName: nginx
-    pathType: ImplementationSpecific
-    hostname: auth.example.com
-    path: /
-    tls: false
+    hostname: 'auth.onprem-test.stands.wilix.dev'
+    ingressClassName: traefik
+    path: '/'
+    pathType: Prefix
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
+    extraTls:
+    - hosts:
+        - "auth.onprem-test.stands.wilix.dev"
+      secretName: "auth.onprem-test.stands.wilix.dev"
 
   livenessProbe:
     enabled: true