Switch OIDC provider
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Danny Bessems 2023-04-13 10:11:13 +02:00
parent ee08fd47b5
commit 572b7df74c

View File

@ -3,12 +3,6 @@ platform:
k3s:
version: v1.26.3+k3s1
# gitops:
# repository:
# uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
# # revision: v0.1.0
# revision: HEAD
packaged_components:
- name: traefik
namespace: kube-system
@ -39,8 +33,10 @@ platform:
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: codecentric
url: https://codecentric.github.io/helm-charts
- name: authentik
url: https://charts.goauthentik.io
# - name: codecentric
# url: https://codecentric.github.io/helm-charts
# - name: dex
# url: https://charts.dexidp.io
- name: gitea-charts
@ -75,6 +71,29 @@ components:
hosts:
- gitops.{{ vapp['metacluster.fqdn'] }}
authentik:
helm:
version: 2023.3.1
chart: authentik/authentik
parse_logic: helm template . --set postgresql.enabled=true,redis.enabled=true | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
authentik:
secret_key: {{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
postgresql:
password: {{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
ingress:
enabled: true
hosts:
- host: auth.{{ vapp['metacluster.fqdn'] }}
paths:
- path: "/"
pathType: Prefix
postgresql:
enabled: true
postgresqlPassword: {{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
redis:
enabled: true
cert-manager:
helm:
version: 1.11.0
@ -203,37 +222,37 @@ components:
registry:
size: 25Gi
keycloakx:
helm:
version: 2.1.1 # (= Keycloak 20.0.3)
chart: codecentric/keycloakx
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
command:
- "/opt/keycloak/bin/kc.sh"
- "start"
- "--http-enabled=true"
- "--http-port=8080"
- "--hostname-strict=false"
- "--hostname-strict-https=false"
extraEnv: |
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
value: {{ vapp['metacluster.password'] }}
- name: KC_PROXY
value: "passthrough"
- name: JAVA_OPTS_APPEND
value: >-
-Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
ingress:
enabled: true
rules:
- host: keycloak.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
tls: []
# keycloakx:
# helm:
# version: 2.1.1 # (= Keycloak 20.0.3)
# chart: codecentric/keycloakx
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# command:
# - "/opt/keycloak/bin/kc.sh"
# - "start"
# - "--http-enabled=true"
# - "--http-port=8080"
# - "--hostname-strict=false"
# - "--hostname-strict-https=false"
# extraEnv: |
# - name: KEYCLOAK_ADMIN
# value: admin
# - name: KEYCLOAK_ADMIN_PASSWORD
# value: {{ vapp['metacluster.password'] }}
# - name: KC_PROXY
# value: "passthrough"
# - name: JAVA_OPTS_APPEND
# value: >-
# -Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
# ingress:
# enabled: true
# rules:
# - host: keycloak.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
# tls: []
kube-prometheus-stack:
helm: