clear-onprem #5
|
@ -659,7 +659,7 @@ minio:
|
|||
hostname: 's3.onprem-test.stands.wilix.dev'
|
||||
ingressClassName: traefik
|
||||
path: '/'
|
||||
pathType: ImplementationSpecific
|
||||
pathType: Prefix
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
global:
|
||||
postgresql:
|
||||
auth:
|
||||
password: "tT9BqYdNyd1"
|
||||
|
||||
keycloak:
|
||||
secrets:
|
||||
secrets:
|
||||
stringData:
|
||||
KEYCLOAK_ADMIN_PASSWORD: "12345"
|
||||
KC_DB_PASSWORD: "3fWAxP6ZYp"
|
||||
KC_DB_PASSWORD: "tT9BqYdNyd1"
|
|
@ -0,0 +1,55 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: traefik-forward-auth
|
||||
namespace: yonote-develop
|
||||
labels:
|
||||
app: traefik-forward-auth
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: traefik-forward-auth
|
||||
strategy:
|
||||
type: Recreate
|
||||
revisionHistoryLimit: 10
|
||||
progressDeadlineSeconds: 600
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: traefik-forward-auth
|
||||
spec:
|
||||
containers:
|
||||
- name: traefik-forward-auth
|
||||
image: thomseddon/traefik-forward-auth:2
|
||||
ports:
|
||||
- containerPort: 4181
|
||||
protocol: TCP
|
||||
env:
|
||||
- name: DOMAIN
|
||||
value: "wilix.org,wilix.dev"
|
||||
- name: AUTH_HOST
|
||||
value: "auth.yonote.develop.wilix.dev"
|
||||
- name: INSECURE_COOKIE
|
||||
value: "false"
|
||||
- name: DEFAULT_PROVIDER
|
||||
value: "oidc"
|
||||
- name: PROVIDERS_OIDC_ISSUER_URL
|
||||
value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth"
|
||||
- name: PROVIDERS_OIDC_CLIENT_ID
|
||||
value: "dev-forward-auth-client"
|
||||
- name: PROVIDERS_OIDC_CLIENT_SECRET
|
||||
value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X"
|
||||
- name: SECRET
|
||||
value: "0987654321"
|
||||
- name: LOG_LEVEL
|
||||
value: "debug"
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
restartPolicy: Always
|
||||
terminationGracePeriodSeconds: 60
|
||||
dnsPolicy: ClusterFirst
|
||||
securityContext: {}
|
||||
schedulerName: default-scheduler
|
|
@ -24,16 +24,17 @@ keycloak:
|
|||
- /bin/sh
|
||||
- -c
|
||||
- |
|
||||
"/opt/keycloak/bin/kc.sh" "start"
|
||||
"/opt/keycloak/bin/kc.sh" "start-dev"
|
||||
|
||||
configMaps:
|
||||
configs:
|
||||
data:
|
||||
KEYCLOAK_PROFILE: dev
|
||||
KEYCLOAK_ADMIN: root
|
||||
KC_PROXY: edge
|
||||
KC_HOSTNAME_STRICT: "false"
|
||||
KC_HOSTNAME_ADMIN: auth.example.com/admin
|
||||
KC_HOSTNAME: auth.example.com
|
||||
KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin
|
||||
KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
|
||||
KC_DB_URL_DATABASE: keycloak
|
||||
|
@ -72,11 +73,17 @@ keycloak:
|
|||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: nginx
|
||||
pathType: ImplementationSpecific
|
||||
hostname: auth.example.com
|
||||
path: /
|
||||
tls: false
|
||||
hostname: 'auth.onprem-test.stands.wilix.dev'
|
||||
ingressClassName: traefik
|
||||
path: '/'
|
||||
pathType: Prefix
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
|
||||
extraTls:
|
||||
- hosts:
|
||||
- "auth.onprem-test.stands.wilix.dev"
|
||||
secretName: "auth.onprem-test.stands.wilix.dev"
|
||||
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
|
|
Loading…
Reference in New Issue