djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch oidc provider
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Danny Bessems 2023-04-09 20:04:11 +02:00
parent debe80a2a1
commit 75277e285a
1 changed files with 71 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
ansible/vars/metacluster.yml
View File

@ -39,8 +39,10 @@ platform:
helm_repositories:
- name: argo
url: https://argoproj.github.io/argo-helm
- name: dex
url: https://charts.dexidp.io
- name: codecentric
url: https://codecentric.github.io/helm-charts
# - name: dex
# url: https://charts.dexidp.io
- name: gitea-charts
url: https://dl.gitea.io/charts/
- name: harbor
@ -99,53 +101,53 @@ components:
node_template:
url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2004-kube-v1.26.3.ova
dex:
helm:
version: 0.13.0 # (= Dex 2.35.3)
chart: dex/dex
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
config:
connectors:
- type: ldap
id: ldap
name: "LDAP"
config:
host: "{{ vapp['ldap.fqdn'] }}:636"
insecureNoSSL: false
insecureSkipVerify: true
bindDN: "{{ vapp['ldap.dn'] }}"
bindPW: "{{ vapp['ldap.password'] }}"
# dex:
# helm:
# version: 0.13.0 # (= Dex 2.35.3)
# chart: dex/dex
# parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
# chart_values: !unsafe |
# config:
# connectors:
# - type: ldap
# id: ldap
# name: "LDAP"
# config:
# host: "{{ vapp['ldap.fqdn'] }}:636"
# insecureNoSSL: false
# insecureSkipVerify: true
# bindDN: "{{ vapp['ldap.dn'] }}"
# bindPW: "{{ vapp['ldap.password'] }}"
usernamePrompt: "Username"
userSearch:
baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
filter: "(objectClass=person)"
username: userPrincipalName
idAttr: DN
emailAttr: userPrincipalName
nameAttr: cn
# usernamePrompt: "Username"
# userSearch:
# baseDN: OU=Administrators,OU=Useraccounts,DC=bessems,DC=eu
# filter: "(objectClass=person)"
# username: userPrincipalName
# idAttr: DN
# emailAttr: userPrincipalName
# nameAttr: cn
groupSearch:
baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
filter: "(objectClass=group)"
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn
enablePasswordDB: true
issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
storage:
type: kubernetes
config:
inCluster: true
ingress:
enabled: true
hosts:
- host: oidc.{{ vapp['metacluster.fqdn'] }}
paths:
- path: /
pathType: Prefix
# groupSearch:
# baseDN: OU=Roles,OU=Groups,DC=bessems,DC=eu
# filter: "(objectClass=group)"
# userMatchers:
# - userAttr: DN
# groupAttr: member
# nameAttr: cn
# enablePasswordDB: true
# issuer: https://oidc.{{ vapp['metacluster.fqdn'] }}
# storage:
# type: kubernetes
# config:
# inCluster: true
# ingress:
# enabled: true
# hosts:
# - host: oidc.{{ vapp['metacluster.fqdn'] }}
# paths:
# - path: /
# pathType: Prefix
gitea:
helm:
@ -201,6 +203,28 @@ components:
registry:
size: 25Gi
keycloakx:
helm:
version: 2.1.1 # (= Keycloak 20.0.3)
chart: codecentric/keycloakx
parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
chart_values: !unsafe |
command:
- "/opt/keycloak/bin/kc.sh"
- "start"
- "--http-enabled=true"
- "--http-port=8080"
- "--hostname-strict=false"
- "--hostname-strict-https=false"
extraEnv: |
- name: KEYCLOAK_ADMIN
value: admin
- name: KEYCLOAK_ADMIN_PASSWORD
value: {{ vapp['metacluster.password'] }}
- name: JAVA_OPTS_APPEND
value: >-
-Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
kube-prometheus-stack:
helm:
version: 45.2.0