Switch OIDC provider
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/push Build is failing
Details
This commit is contained in:
parent
ee08fd47b5
commit
572b7df74c
|
|
@ -3,12 +3,6 @@ platform:
|
||||||
k3s:
|
k3s:
|
||||||
version: v1.26.3+k3s1
|
version: v1.26.3+k3s1
|
||||||
|
|
||||||
# gitops:
|
|
||||||
# repository:
|
|
||||||
# uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
|
|
||||||
# # revision: v0.1.0
|
|
||||||
# revision: HEAD
|
|
||||||
|
|
||||||
packaged_components:
|
packaged_components:
|
||||||
- name: traefik
|
- name: traefik
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
|
@ -39,8 +33,10 @@ platform:
|
||||||
helm_repositories:
|
helm_repositories:
|
||||||
- name: argo
|
- name: argo
|
||||||
url: https://argoproj.github.io/argo-helm
|
url: https://argoproj.github.io/argo-helm
|
||||||
- name: codecentric
|
- name: authentik
|
||||||
url: https://codecentric.github.io/helm-charts
|
url: https://charts.goauthentik.io
|
||||||
|
# - name: codecentric
|
||||||
|
# url: https://codecentric.github.io/helm-charts
|
||||||
# - name: dex
|
# - name: dex
|
||||||
# url: https://charts.dexidp.io
|
# url: https://charts.dexidp.io
|
||||||
- name: gitea-charts
|
- name: gitea-charts
|
||||||
|
|
@ -75,6 +71,29 @@ components:
|
||||||
hosts:
|
hosts:
|
||||||
- gitops.{{ vapp['metacluster.fqdn'] }}
|
- gitops.{{ vapp['metacluster.fqdn'] }}
|
||||||
|
|
||||||
|
authentik:
|
||||||
|
helm:
|
||||||
|
version: 2023.3.1
|
||||||
|
chart: authentik/authentik
|
||||||
|
parse_logic: helm template . --set postgresql.enabled=true,redis.enabled=true | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||||
|
chart_values: !unsafe |
|
||||||
|
authentik:
|
||||||
|
secret_key: {{ lookup('ansible.builtin.password', '/dev/null length=64 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
|
||||||
|
postgresql:
|
||||||
|
password: {{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: auth.{{ vapp['metacluster.fqdn'] }}
|
||||||
|
paths:
|
||||||
|
- path: "/"
|
||||||
|
pathType: Prefix
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
postgresqlPassword: {{ lookup('ansible.builtin.password', '/dev/null length=32 chars=ascii_lowercase,digits seed=' ~ vapp['guestinfo.hostname']) }}
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
cert-manager:
|
cert-manager:
|
||||||
helm:
|
helm:
|
||||||
version: 1.11.0
|
version: 1.11.0
|
||||||
|
|
@ -203,37 +222,37 @@ components:
|
||||||
registry:
|
registry:
|
||||||
size: 25Gi
|
size: 25Gi
|
||||||
|
|
||||||
keycloakx:
|
# keycloakx:
|
||||||
helm:
|
# helm:
|
||||||
version: 2.1.1 # (= Keycloak 20.0.3)
|
# version: 2.1.1 # (= Keycloak 20.0.3)
|
||||||
chart: codecentric/keycloakx
|
# chart: codecentric/keycloakx
|
||||||
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
|
||||||
chart_values: !unsafe |
|
# chart_values: !unsafe |
|
||||||
command:
|
# command:
|
||||||
- "/opt/keycloak/bin/kc.sh"
|
# - "/opt/keycloak/bin/kc.sh"
|
||||||
- "start"
|
# - "start"
|
||||||
- "--http-enabled=true"
|
# - "--http-enabled=true"
|
||||||
- "--http-port=8080"
|
# - "--http-port=8080"
|
||||||
- "--hostname-strict=false"
|
# - "--hostname-strict=false"
|
||||||
- "--hostname-strict-https=false"
|
# - "--hostname-strict-https=false"
|
||||||
extraEnv: |
|
# extraEnv: |
|
||||||
- name: KEYCLOAK_ADMIN
|
# - name: KEYCLOAK_ADMIN
|
||||||
value: admin
|
# value: admin
|
||||||
- name: KEYCLOAK_ADMIN_PASSWORD
|
# - name: KEYCLOAK_ADMIN_PASSWORD
|
||||||
value: {{ vapp['metacluster.password'] }}
|
# value: {{ vapp['metacluster.password'] }}
|
||||||
- name: KC_PROXY
|
# - name: KC_PROXY
|
||||||
value: "passthrough"
|
# value: "passthrough"
|
||||||
- name: JAVA_OPTS_APPEND
|
# - name: JAVA_OPTS_APPEND
|
||||||
value: >-
|
# value: >-
|
||||||
-Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
|
# -Djgroups.dns.query={% raw %}{{ include "keycloak.fullname" . }}{% endraw %}-headless
|
||||||
ingress:
|
# ingress:
|
||||||
enabled: true
|
# enabled: true
|
||||||
rules:
|
# rules:
|
||||||
- host: keycloak.{{ vapp['metacluster.fqdn'] }}
|
# - host: keycloak.{{ vapp['metacluster.fqdn'] }}
|
||||||
paths:
|
# paths:
|
||||||
- path: /
|
# - path: /
|
||||||
pathType: Prefix
|
# pathType: Prefix
|
||||||
tls: []
|
# tls: []
|
||||||
|
|
||||||
kube-prometheus-stack:
|
kube-prometheus-stack:
|
||||||
helm:
|
helm:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue