update

yonote-chart/values.yaml

@@ -659,7 +659,7 @@ minio:
     hostname: 's3.onprem-test.stands.wilix.dev'
     ingressClassName: traefik
     path: '/'
-    pathType: ImplementationSpecific
+    pathType: Prefix
     annotations:
       kubernetes.io/ingress.class: traefik
       cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev

yonote-keycloak-chart/secret-values.yaml

@@ -1,6 +1,11 @@
+global:
+  postgresql:
+    auth:
+      password: "tT9BqYdNyd1"
+
 keycloak:
   secrets:
     secrets:
       stringData:
         KEYCLOAK_ADMIN_PASSWORD: "12345"
-        KC_DB_PASSWORD: "3fWAxP6ZYp"
+        KC_DB_PASSWORD: "tT9BqYdNyd1"

yonote-keycloak-chart/traefik-forward-auth.yaml

@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-forward-auth
+  namespace: yonote-develop
+  labels:
+    app: traefik-forward-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-forward-auth
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+  template:
+    metadata:
+      labels:
+        app: traefik-forward-auth
+    spec:
+      containers:
+        - name: traefik-forward-auth
+          image: thomseddon/traefik-forward-auth:2
+          ports:
+            - containerPort: 4181
+              protocol: TCP
+          env:
+            - name: DOMAIN
+              value: "wilix.org,wilix.dev"
+            - name: AUTH_HOST
+              value: "auth.yonote.develop.wilix.dev"
+            - name: INSECURE_COOKIE
+              value: "false"
+            - name: DEFAULT_PROVIDER
+              value: "oidc"
+            - name: PROVIDERS_OIDC_ISSUER_URL
+              value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth"
+            - name: PROVIDERS_OIDC_CLIENT_ID
+              value: "dev-forward-auth-client"
+            - name: PROVIDERS_OIDC_CLIENT_SECRET
+              value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X"
+            - name: SECRET
+              value: "0987654321"
+            - name: LOG_LEVEL
+              value: "debug"
+          imagePullPolicy: IfNotPresent
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler

yonote-keycloak-chart/values.yaml

@@ -24,16 +24,17 @@ keycloak:
     - /bin/sh
     - -c
     - |
-      "/opt/keycloak/bin/kc.sh" "start"    
+      "/opt/keycloak/bin/kc.sh" "start-dev"    
 
   configMaps:
     configs:
       data:
+        KEYCLOAK_PROFILE: dev
         KEYCLOAK_ADMIN: root
         KC_PROXY: edge
         KC_HOSTNAME_STRICT: "false"
-        KC_HOSTNAME_ADMIN: auth.example.com/admin
+        KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin
-        KC_HOSTNAME: auth.example.com
+        KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
         KC_DB: postgres
         KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
         KC_DB_URL_DATABASE: keycloak
@@ -72,11 +73,17 @@ keycloak:
 
   ingress:
     enabled: true
-    ingressClassName: nginx
+    hostname: 'auth.onprem-test.stands.wilix.dev'
-    pathType: ImplementationSpecific
+    ingressClassName: traefik
-    hostname: auth.example.com
+    path: '/'
-    path: /
+    pathType: Prefix
-    tls: false
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
+    extraTls:
+    - hosts:
+        - "auth.onprem-test.stands.wilix.dev"
+      secretName: "auth.onprem-test.stands.wilix.dev"
 
   livenessProbe:
     enabled: true