diff --git a/yonote-chart/Chart.lock b/yonote-chart/Chart.lock index c67545f..a2def7a 100644 --- a/yonote-chart/Chart.lock +++ b/yonote-chart/Chart.lock @@ -20,8 +20,14 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami version: 16.12.1 +- name: app + repository: https://dysnix.github.io/charts + version: 0.3.15 +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 11.6.2 - name: minio repository: https://charts.bitnami.com/bitnami version: 14.6.20 -digest: sha256:ac298eab717f006b97255703008f8d675b5e0603afa5b755673455012d6d3693 -generated: "2024-07-16T12:06:23.7878103+03:00" +digest: sha256:c5b8b9e07fb2f98522c86c4b5e0758d5adecd9d2493fa65d942c5fbcca316a9b +generated: "2024-08-14T15:35:18.751768537+03:00" diff --git a/yonote-chart/Chart.yaml b/yonote-chart/Chart.yaml index 25064f6..3e128c0 100644 --- a/yonote-chart/Chart.yaml +++ b/yonote-chart/Chart.yaml @@ -47,8 +47,20 @@ dependencies: condition: yonote-redis.enabled alias: yonote-redis + - name: app + version: "0.3.15" + repository: https://dysnix.github.io/charts + condition: keycloak.enabled + alias: keycloak + + - name: postgresql + version: "11.6.2" + repository: https://charts.bitnami.com/bitnami + condition: keycloak.keycloak-database.enabled + alias: keycloak-database + - name: minio version: "14.6.20" repository: https://charts.bitnami.com/bitnami condition: minio.enabled - alias: minio \ No newline at end of file + alias: minio \ No newline at end of file diff --git a/yonote-chart/charts/postgresql-11.6.2.tgz b/yonote-chart/charts/postgresql-11.6.2.tgz new file mode 100644 index 0000000..64e0267 Binary files /dev/null and b/yonote-chart/charts/postgresql-11.6.2.tgz differ diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index 4d73ce3..b4a765f 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -27,5 +27,16 @@ global: password: "wsGZ6kXhr5" postgresPassword: "QQYw4UjOU" - +keycloak-app: + global: + postgresql: + auth: + password: "tT9BqYdNyd1" + + keycloak: + secrets: + secrets: + stringData: + KEYCLOAK_ADMIN_PASSWORD: "12345" + KC_DB_PASSWORD: "tT9BqYdNyd1" \ No newline at end of file diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index 104466f..4d99778 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -1,5 +1,4 @@ global: - name: yonote-app postgresql: auth: database: yonote @@ -678,4 +677,104 @@ minio: buckets: - name: yonote-bucket - policy: none \ No newline at end of file + policy: none + +keycloak-database: + enabled: true + name: keycloak-database + fullnameOverride: yonote-keycloak-db + nameOverride: db + primary: + persistence: + size: 512Mi + +keycloak: + global: + postgresql: + auth: + database: keycloak + username: keycloak + + enabled: true + name: yonote-keycloak + fullnameOverride: yonote-keycloak + image: + registry: images.updates.yonote.ru + repository: yonote-keycloak + tag: 19-0.1.1 + command: + - /bin/sh + - -c + - /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug + - /opt/keycloak/bin/kc.sh start + configMaps: + configs: + data: + KEYCLOAK_ADMIN: root + KC_PROXY: edge + KC_HOSTNAME_STRICT: "false" + KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev + KC_HOSTNAME: auth.onprem-test.stands.wilix.dev + KC_DB: postgres + KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak + # KC_DB_URL_DATABASE: keycloak + KC_DB_USERNAME: keycloak + KC_HOSTNAME_STRICT_HTTPS: "false" + KC_HOSTNAME_PATH: "/" + envFrom: + - configMapRef: + name: '{{ template "app.fullname" . }}-configs' + - secretRef: + name: '{{ template "app.fullname" . }}-secrets' + checksums: + - secrets.yaml + - configmaps.yaml + containerPorts: + - containerPort: 8080 + name: app + protocol: TCP + + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 150m + memory: 128Mi + service: + type: ClusterIP + port: 8080 + targetPort: 8080 + ingress: + enabled: true + hostname: 'auth.onprem-test.stands.wilix.dev' + ingressClassName: traefik + path: '/' + pathType: Prefix + annotations: + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + extraTls: + - hosts: + - "auth.onprem-test.stands.wilix.dev" + secretName: "auth.onprem-test.stands.wilix.dev" + # livenessProbe: + # enabled: true + # failureThreshold: 6 + # initialDelaySeconds: 60 + # periodSeconds: 15 + # successThreshold: 1 + # timeoutSeconds: 5 + # httpGet: + # path: / + # port: app + # readinessProbe: + # enabled: true + # failureThreshold: 6 + # initialDelaySeconds: 60 + # periodSeconds: 15 + # successThreshold: 1 + # timeoutSeconds: 5 + # httpGet: + # path: / + # port: app \ No newline at end of file diff --git a/yonote-keycloak-chart/Chart.lock b/yonote-keycloak-chart/Chart.lock index 41178bd..6351f72 100644 --- a/yonote-keycloak-chart/Chart.lock +++ b/yonote-keycloak-chart/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 11.6.2 digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58 -generated: "2024-07-16T12:04:39.863844193+03:00" +generated: "2024-08-13T16:19:44.489332745+03:00" diff --git a/yonote-keycloak-chart/secret-values.yaml b/yonote-keycloak-chart/secret-values.yaml index 1811e2c..a445ec8 100644 --- a/yonote-keycloak-chart/secret-values.yaml +++ b/yonote-keycloak-chart/secret-values.yaml @@ -8,4 +8,5 @@ keycloak: secrets: stringData: KEYCLOAK_ADMIN_PASSWORD: "12345" - KC_DB_PASSWORD: "tT9BqYdNyd1" \ No newline at end of file + KC_DB_PASSWORD: "tT9BqYdNyd1" + \ No newline at end of file diff --git a/yonote-keycloak-chart/traefik-forward-auth.yaml b/yonote-keycloak-chart/traefik-forward-auth.yaml index 24bfbbb..8dbb376 100644 --- a/yonote-keycloak-chart/traefik-forward-auth.yaml +++ b/yonote-keycloak-chart/traefik-forward-auth.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: traefik-forward-auth - namespace: yonote-develop + namespace: yonote-onprem labels: app: traefik-forward-auth spec: @@ -35,11 +35,11 @@ spec: - name: DEFAULT_PROVIDER value: "oidc" - name: PROVIDERS_OIDC_ISSUER_URL - value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth" + value: "https://auth.onprem-test.stands.wilix.dev/realms/yonote" - name: PROVIDERS_OIDC_CLIENT_ID - value: "dev-forward-auth-client" + value: "admin" - name: PROVIDERS_OIDC_CLIENT_SECRET - value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X" + value: "12345" - name: SECRET value: "0987654321" - name: LOG_LEVEL @@ -52,4 +52,38 @@ spec: terminationGracePeriodSeconds: 60 dnsPolicy: ClusterFirst securityContext: {} - schedulerName: default-scheduler \ No newline at end of file + schedulerName: default-scheduler + + +--- + +apiVersion: v1 +kind: Service +metadata: + name: traefik-forward-auth + namespace: yonote-onprem + labels: + app: traefik-forward-auth +spec: + ports: + - name: auth-http + protocol: TCP + port: 4181 + targetPort: 4181 + selector: + app: traefik-forward-auth + type: ClusterIP + sessionAffinity: None + +--- + +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: traefik-forward-auth +spec: + forwardAuth: + address: https://auth.onprem-test.stands.wilix.dev:4181 + authResponseHeaders: + - X-Forwarded-User + diff --git a/yonote-keycloak-chart/values.yaml b/yonote-keycloak-chart/values.yaml index e19aea7..ab61bf3 100644 --- a/yonote-keycloak-chart/values.yaml +++ b/yonote-keycloak-chart/values.yaml @@ -18,26 +18,25 @@ keycloak: image: registry: images.updates.yonote.ru repository: yonote-keycloak - tag: latest + tag: 19-0.1.1 command: - /bin/sh - -c - - | - "/opt/keycloak/bin/kc.sh" "start-dev" + - /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug + - /opt/keycloak/bin/kc.sh start configMaps: configs: data: - KEYCLOAK_PROFILE: dev KEYCLOAK_ADMIN: root KC_PROXY: edge KC_HOSTNAME_STRICT: "false" - KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin + KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev KC_HOSTNAME: auth.onprem-test.stands.wilix.dev KC_DB: postgres KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak - KC_DB_URL_DATABASE: keycloak + # KC_DB_URL_DATABASE: keycloak KC_DB_USERNAME: keycloak KC_HOSTNAME_STRICT_HTTPS: "false" KC_HOSTNAME_PATH: "/" @@ -66,7 +65,6 @@ keycloak: memory: 128Mi service: - service: type: ClusterIP port: 8080 targetPort: 8080 @@ -85,24 +83,24 @@ keycloak: - "auth.onprem-test.stands.wilix.dev" secretName: "auth.onprem-test.stands.wilix.dev" - livenessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: / - port: app + # livenessProbe: + # enabled: true + # failureThreshold: 6 + # initialDelaySeconds: 60 + # periodSeconds: 15 + # successThreshold: 1 + # timeoutSeconds: 5 + # httpGet: + # path: / + # port: app - readinessProbe: - enabled: true - failureThreshold: 6 - initialDelaySeconds: 60 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: / - port: app \ No newline at end of file + # readinessProbe: + # enabled: true + # failureThreshold: 6 + # initialDelaySeconds: 60 + # periodSeconds: 15 + # successThreshold: 1 + # timeoutSeconds: 5 + # httpGet: + # path: / + # port: app \ No newline at end of file