aner/homey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
51336c32132e0af0337b488422a64e418e610183
homey/templates/auth.yaml
T
Aner Zakobar 51336c3213 Wow I am making way too many changes for my own good
2023-02-25 22:58:21 +02:00

268 lines
7.3 KiB
YAML
Raw Blame History

---
{{- define "homey.auth.ingress.annotations" }}
nginx.ingress.kubernetes.io/auth-url: "https://git.zakobar.com/oauth/authorize"
nginx.ingress.kubernetes.io/auth-signin: "https://git.zakobar.com/login"
# nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Email
# nginx.ingress.kubernetes.io/configuration-snippet: |-
# proxy_set_header X-Ldap-URL "ldap://openldap";
# proxy_set_header X-Ldap-BaseDN "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
# proxy_set_header X-Ldap-BindDN "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
# proxy_set_header X-Ldap-BindPass {{ (get (get (lookup "v1" "Secret" .Release.Namespace "openldap-ro") "data") "password") | b64dec | quote}};
# proxy_set_header X-CookieName "homey.auth.cookie";
# proxy_set_header Cookie $cookie_homey.auth.cookie;
# proxy_set_header X-Remote-User $remote_user;
# proxy_set_header X-Forwarded-Method $request_method;
# proxy_set_header X-Ldap-Template "(uid=%(username)s)";
{{- end }}
---
{{ template "homey.randomsecret" (merge (dict "secretname" "openldap-admin") $) }}
# ---
{{ template "homey.randomsecret" (merge (dict "secretname" "openldap-config") $) }}
# ---
{{ template "homey.randomsecret" (merge (dict "secretname" "openldap-ro") $) }}
---
# {{ template "homey.randomsecret" (merge (dict "secretname" "keycloak-pass") $) }}
---
# {{ template "homey.randomsecret" (merge (dict "secretname" "keycloak-db-pass") $) }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
selector:
matchLabels:
app.kubernetes.io/name: openldap
replicas: 1
template:
metadata:
labels:
app.kubernetes.io/name: openldap
spec:
# securityContext:
# fsGroup: 0
containers:
- name: openldap
image: osixia/openldap
imagePullPolicy: "Always"
env:
- name: LDAP_ORGANISATION
value: {{ .Values.homey.organization }}
- name: LDAP_DOMAIN
value: {{ .Values.homey.url | quote}}
- name: LDAP_ADMIN_USERNAME
value: "admin"
- name: LDAP_READONLY_USER
value: "true"
- name: LDAP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-admin
- name: LDAP_CONFIG_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-config
- name: LDAP_READONLY_USER_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: openldap-ro
ports:
- name: tcp-ldap
containerPort: 389
- name: ssl-ldap
containerPort: 636
volumeMounts:
- mountPath: /etc/ldap/slapd.d
subPath: openldap/etc/ldap/slapd.d
name: openldap-volume
- mountPath: /var/lib/ldap
subPath: openldap/var/lib/ldap
name: openldap-volume
volumes:
- name: openldap-volume
persistentVolumeClaim:
claimName: homey-pvc-nfs
---
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
app.kubernetes.io/name: openldap
spec:
type: ClusterIP
ports:
- name: tcp-ldap
port: 389
targetPort: tcp-ldap
- name: ssl-ldap
port: 636
targetPort: ssl-ldap
selector:
app.kubernetes.io/name: openldap
---
# ---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: keycloak-postgres-config
# labels:
# app: keycloak-postgres
# data:
# POSTGRES_DB: keycloak-db
# POSTGRES_USER: keycloak-admin
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: keycloak-postgres
# labels:
# app: keycloak-postgres
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: keycloak-postgres
# template:
# metadata:
# labels:
# app: keycloak-postgres
# name: keycloak-postgres
# spec:
# containers:
# - name: postgres
# image: postgres:10.4
# imagePullPolicy: "IfNotPresent"
# ports:
# - containerPort: 5432
# envFrom:
# - configMapRef:
# name: keycloak-postgres-config
# env:
# - name: POSTGRES_PASSWORD
# valueFrom:
# secretKeyRef:
# name: keycloak-db-pass
# key: password
# volumeMounts:
# - mountPath: /var/lib/postgresql/data
# subPath: keycloak/db/data
# name: keycloak-postgresdb
# volumes:
# - name: keycloak-postgresdb
# persistentVolumeClaim:
# claimName: homey-pvc-nfs
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: keycloak-postgres-service
# labels:
# app: keycloak-postgres
# spec:
# ports:
# - port: 5432
# selector:
# app: keycloak-postgres
# ---
# apiVersion: apps/v1
# kind: Deployment
# metadata:
# name: keycloak
# labels:
# app: keycloak
# spec:
# replicas: 1
# selector:
# matchLabels:
# app: keycloak
# template:
# metadata:
# labels:
# app: keycloak
# spec:
# containers:
# - name: keycloak
# image: mihaibob/keycloak:18.0.2-legacy
# env:
# - name: KEYCLOAK_USER
# value: "admin"
# - name: KEYCLOAK_PASSWORD
# valueFrom:
# secretKeyRef:
# name: keycloak-pass
# key: password
# - name: PROXY_ADDRESS_FORWARDING
# value: "true"
# - name: DB_ADDR
# value: keycloak-postgres-service
# - name: DB_DATABASE
# value: "keycloak-db"
# - name: DB_VENDOR
# value: postgres
# - name: DB_USER
# value: keycloak-admin
# - name: DB_PASSWORD
# valueFrom:
# secretKeyRef:
# name: keycloak-db-pass
# key: password
# ports:
# - name: http
# containerPort: 8080
# readinessProbe:
# failureThreshold: 3
# httpGet:
# path: /auth/realms/master/
# port: http
# initialDelaySeconds: 240
# timeoutSeconds: 240
# livenessProbe:
# failureThreshold: 3
# httpGet:
# path: /auth/
# port: http
# initialDelaySeconds: 240
# timeoutSeconds: 240
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: keycloak-web
# labels:
# app: keycloak
# spec:
# ports:
# - name: http
# port: 8080
# targetPort: http
# selector:
# app: keycloak
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: keycloak
# spec:
# ingressClassName: {{ .Values.homey.ingress_class }}
# tls:
# - hosts:
# - keycloak.{{ .Values.homey.url }}
# secretName: {{ .Values.homey.certname }}
# rules:
# - host: keycloak.{{ .Values.homey.url }}
# http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: keycloak-web
# port:
# number: 8080
Reference in New Issue View Git Blame Copy Permalink