4 changed files with 77 additions and 10 deletions
--- a/yonote-chart/values.yaml
+++ b/yonote-chart/values.yaml
@ -659,7 +659,7 @@ minio:
    hostname: 's3.onprem-test.stands.wilix.dev'
    ingressClassName: traefik
    path: '/'
-    pathType: ImplementationSpecific
+    pathType: Prefix
    annotations:
      kubernetes.io/ingress.class: traefik
      cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
--- a/yonote-keycloak-chart/secret-values.yaml
+++ b/yonote-keycloak-chart/secret-values.yaml
@ -1,6 +1,11 @@
+global:
+  postgresql:
+    auth:
+      password: "tT9BqYdNyd1"
+
 keycloak:
  secrets:
    secrets:
      stringData:
        KEYCLOAK_ADMIN_PASSWORD: "12345"
-        KC_DB_PASSWORD: "3fWAxP6ZYp"
+        KC_DB_PASSWORD: "tT9BqYdNyd1"
--- a/yonote-keycloak-chart/traefik-forward-auth.yaml
+++ b/yonote-keycloak-chart/traefik-forward-auth.yaml
@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-forward-auth
+  namespace: yonote-develop
+  labels:
+    app: traefik-forward-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-forward-auth
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600
+  template:
+    metadata:
+      labels:
+        app: traefik-forward-auth
+    spec:
+      containers:
+        - name: traefik-forward-auth
+          image: thomseddon/traefik-forward-auth:2
+          ports:
+            - containerPort: 4181
+              protocol: TCP
+          env:
+            - name: DOMAIN
+              value: "wilix.org,wilix.dev"
+            - name: AUTH_HOST
+              value: "auth.yonote.develop.wilix.dev"
+            - name: INSECURE_COOKIE
+              value: "false"
+            - name: DEFAULT_PROVIDER
+              value: "oidc"
+            - name: PROVIDERS_OIDC_ISSUER_URL
+              value: "https://auth.yonote.develop.wilix.dev/realms/dev-forward-auth"
+            - name: PROVIDERS_OIDC_CLIENT_ID
+              value: "dev-forward-auth-client"
+            - name: PROVIDERS_OIDC_CLIENT_SECRET
+              value: "552xO2iJ70KiXU5laViGlEHavDjpSZ6X"
+            - name: SECRET
+              value: "0987654321"
+            - name: LOG_LEVEL
+              value: "debug"
+          imagePullPolicy: IfNotPresent
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 60
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
--- a/yonote-keycloak-chart/values.yaml
+++ b/yonote-keycloak-chart/values.yaml
@ -24,16 +24,17 @@ keycloak:
    - /bin/sh
    - -c
    - |
-      "/opt/keycloak/bin/kc.sh" "start"    
+      "/opt/keycloak/bin/kc.sh" "start-dev"    

  configMaps:
    configs:
      data:
+        KEYCLOAK_PROFILE: dev
        KEYCLOAK_ADMIN: root
        KC_PROXY: edge
        KC_HOSTNAME_STRICT: "false"
-        KC_HOSTNAME_ADMIN: auth.example.com/admin
-        KC_HOSTNAME: auth.example.com
+        KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev/admin
+        KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
        KC_DB: postgres
        KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
        KC_DB_URL_DATABASE: keycloak
@ -72,11 +73,17 @@ keycloak:

  ingress:
    enabled: true
-    ingressClassName: nginx
-    pathType: ImplementationSpecific
-    hostname: auth.example.com
-    path: /
-    tls: false
+    hostname: 'auth.onprem-test.stands.wilix.dev'
+    ingressClassName: traefik
+    path: '/'
+    pathType: Prefix
+    annotations:
+      kubernetes.io/ingress.class: traefik
+      cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
+    extraTls:
+    - hosts:
+        - "auth.onprem-test.stands.wilix.dev"
+      secretName: "auth.onprem-test.stands.wilix.dev"

  livenessProbe:
    enabled: true