Update k8s manifests
This commit is contained in:
ansible
parent
55dafe28df
commit
231ad99b78
@ -62,3 +62,12 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
interval: 1h
|
interval: 1h
|
||||||
url: https://guerzon.github.io/vaultwarden
|
url: https://guerzon.github.io/vaultwarden
|
||||||
|
---
|
||||||
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
|
kind: HelmRepository
|
||||||
|
metadata:
|
||||||
|
name: codecentric
|
||||||
|
namespace: flux-system
|
||||||
|
spec:
|
||||||
|
interval: 1h
|
||||||
|
url: https://codecentric.github.io/helm-charts
|
||||||
|
|||||||
@ -14,35 +14,47 @@ spec:
|
|||||||
timeout: 10m
|
timeout: 10m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: keycloak
|
chart: keycloakx
|
||||||
version: "24.0.x"
|
version: "7.1.x"
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bitnami
|
name: codecentric
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
values:
|
values:
|
||||||
global:
|
|
||||||
imageRegistry: ""
|
|
||||||
image:
|
image:
|
||||||
registry: registry.hub.docker.com
|
repository: quay.io/keycloak/keycloak
|
||||||
repository: bitnami/keycloak
|
tag: "26.5.5"
|
||||||
pullPolicy: Always
|
command:
|
||||||
replicaCount: 1
|
- "/opt/keycloak/bin/kc.sh"
|
||||||
auth:
|
args:
|
||||||
existingSecret: keycloak-admin-secret
|
- "start"
|
||||||
postgresql:
|
- "--hostname-strict=false"
|
||||||
enabled: false
|
- "--http-enabled=true"
|
||||||
externalDatabase:
|
- "--proxy-headers=xforwarded"
|
||||||
host: pgbouncer.default.svc.cluster.local
|
database:
|
||||||
|
vendor: postgres
|
||||||
|
hostname: pgbouncer.default.svc.cluster.local
|
||||||
port: 6432
|
port: 6432
|
||||||
database: keycloak
|
database: keycloak
|
||||||
existingSecret: keycloak-db-secret
|
username: keycloak
|
||||||
|
existingSecret: keycloak-secrets
|
||||||
|
existingSecretKey: db-password
|
||||||
|
http:
|
||||||
|
relativePath: "/"
|
||||||
|
extraEnvFrom: |
|
||||||
|
- secretRef:
|
||||||
|
name: keycloak-secrets
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
ingressClassName: ""
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: "n0ball-tw-issuer"
|
cert-manager.io/cluster-issuer: "n0ball-tw-issuer"
|
||||||
hostname: keycloak.n0ball.tw
|
rules:
|
||||||
tls: true
|
- host: keycloak.n0ball.tw
|
||||||
extraEnvVars:
|
paths:
|
||||||
- name: KC_PROXY
|
- path: /
|
||||||
value: edge
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- keycloak.n0ball.tw
|
||||||
|
secretName: keycloak-tls
|
||||||
|
|||||||
@ -8,4 +8,4 @@ resources:
|
|||||||
- cert-manager/helmrelease.yaml
|
- cert-manager/helmrelease.yaml
|
||||||
- observability
|
- observability
|
||||||
- openldap/helmrelease.yaml
|
- openldap/helmrelease.yaml
|
||||||
# keycloak temporarily disabled - bitnami images removed from Docker Hub
|
- keycloak/helmrelease.yaml
|
||||||
|
|||||||
@ -1,10 +1,12 @@
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-admin-secret
|
name: keycloak-secrets
|
||||||
namespace: keycloak
|
namespace: keycloak
|
||||||
stringData:
|
stringData:
|
||||||
admin-password: ENC[AES256_GCM,data:+7omuVTQ4qU9uCZEujGcoSG/h+y0WgNhNw1esbMdhI0=,iv:k3sWbvscqkjnYnAi7DOxlKbJFR5h03VxH3OFA3UfvX8=,tag:iniKOfnUXn9ypYQtjXIoJw==,type:str]
|
KEYCLOAK_ADMIN: ENC[AES256_GCM,data:o5mNx7o=,iv:soEzNScj2yrfm/2kNjVZkdLpoJ2o3WRvo3xU7uJDSoM=,tag:JU4QjCzbGQGDMXdw4CHScA==,type:str]
|
||||||
|
KEYCLOAK_ADMIN_PASSWORD: ENC[AES256_GCM,data:a7L0xjS/VJ9m4j734bYefeStDtpjWgPOywtpKHZE3tA=,iv:iwbPwrYzOCsTe5NImNgEm4pyqwFNDE39ohE7GmaTYVo=,tag:IUucbe8pdaCAzlMViVaJdA==,type:str]
|
||||||
|
db-password: ENC[AES256_GCM,data:p8P9v+NFdSEO26eiOqhoY4w3Rrk1w0rC0U6xz/rv1UB9g+BwOLeGVtD7Qg==,iv:IXbRV5pV2psDHzRbJh1ce/+SMev2WPHe+704+GjsjpY=,tag:MKSdpDjt378Z+xZQVykE8g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -14,43 +16,14 @@ sops:
|
|||||||
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYXpsUWx6YmlqR1B4djJo
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdWpnTjIzMk9OYkhCY0xN
|
||||||
Tm9XcjQ4VmU4TU9heUpHU3lkSk1ESTY1cEFrClRPeWtaUFdxOHlrYUxmdVo5UVNV
|
SkxqZE0vRmFwQ1RHenFxWlFNenpGUllUUlJFCm1ZWnY3NlZKY01DY2Z0c1N2aDgx
|
||||||
WkNXaE5XbThjU1ZwZ1VqNDF1MnFNdDQKLS0tIEFvYkQyemZZaEsvMmJaYkJMTTVK
|
Tkx2QnNBcXM1ajFWQUlmSWIwVHRYNW8KLS0tIEVYQi9zV3JkT2xLQXRZeTlJVHhG
|
||||||
cklsUElqZ05DN290T2h5dlZTbjFvM1EKCxexgWQdHMAEHxoZaTvLcYZev0llmPwq
|
TnQxd1hkR3Jva3BhSWZSaU85UlZCakUKoqHAYMdFkntk/8C3Kt4x1CoJ0NtPdvv1
|
||||||
GsFTPX9yb2HvIP5WVg16Pe2snhyObUwK86yh9ELkH+646gFnEfNFtg==
|
6NR0YFmmg2+426Bh54+s0QN8wPgszNKmI8wWc6T3CcU6n2why58kQw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2026-03-10T05:17:08Z"
|
lastmodified: "2026-03-10T06:43:24Z"
|
||||||
mac: ENC[AES256_GCM,data:JUnkiyPDixjze1A/xe2n9JntotPStrSiq9gjJLs0tT90QMtGCbo63FE8tNUHtRt7tAasDdc7fC0iKUoo1ZRhmZErVr0VxUOk7WTBUedi35W577XRw4hfjF1UiSI5ZGJatZh3LAtBpmOfyeLMYL+tG6NlgVj6ekKD6gubQXQ0REQ=,iv:1nUt5xPpXS0Fqn31LYpeILpB+2TUd0UElvZh+OIGcBg=,tag:hyAIjSFwgiQmXZDP9zn7BA==,type:str]
|
mac: ENC[AES256_GCM,data:g0Dg0oUsqt9np2ijA0eskVN9ijbfQMEkTI6wZUS5hqXMzImyJIbsmvM4/C5puns9gKNa56Xz4RzBTk1GMVqjwOSBcm5+SFEwpTfxOT8BWw3qAMcAJJoohqVA3whRErJSjmuvXeGnLYvK4mHeE6jL28uZOBiMUV04Sb0Wq+S8R7s=,iv:9EO/G0+x40oh8okCOLtxfC3RBiGbossYOx3opuu0K7w=,tag:P07TV0CBuec3doo4YDj6vQ==,type:str]
|
||||||
pgp: []
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.4
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: keycloak-db-secret
|
|
||||||
namespace: keycloak
|
|
||||||
stringData:
|
|
||||||
password: ENC[AES256_GCM,data:odKIDsYeo1Q/mSHfAK3AUJxUZD91nouEx6ox7wIbfKka+7+Q4gJDGryGzg==,iv:v2havxWV5OA9iab3sPe0wvdLw18BaUl5vaV1+IBnEE0=,tag:Lh4VZ2mEPozA0VZico5SYA==,type:str]
|
|
||||||
db-password: ENC[AES256_GCM,data:WqDfJASxz7/Oyz31L4xBj4mQvNczN6Pdd9s0FobjWilGz8L49uZkZtEChg==,iv:CgeiQ14EP2LYjMvJwZDi3b7pHgVn58tgpcbec2kqxAY=,tag:cRJV9KzWjkLzcqzVsXrmcQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYXpsUWx6YmlqR1B4djJo
|
|
||||||
Tm9XcjQ4VmU4TU9heUpHU3lkSk1ESTY1cEFrClRPeWtaUFdxOHlrYUxmdVo5UVNV
|
|
||||||
WkNXaE5XbThjU1ZwZ1VqNDF1MnFNdDQKLS0tIEFvYkQyemZZaEsvMmJaYkJMTTVK
|
|
||||||
cklsUElqZ05DN290T2h5dlZTbjFvM1EKCxexgWQdHMAEHxoZaTvLcYZev0llmPwq
|
|
||||||
GsFTPX9yb2HvIP5WVg16Pe2snhyObUwK86yh9ELkH+646gFnEfNFtg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2026-03-10T05:17:08Z"
|
|
||||||
mac: ENC[AES256_GCM,data:JUnkiyPDixjze1A/xe2n9JntotPStrSiq9gjJLs0tT90QMtGCbo63FE8tNUHtRt7tAasDdc7fC0iKUoo1ZRhmZErVr0VxUOk7WTBUedi35W577XRw4hfjF1UiSI5ZGJatZh3LAtBpmOfyeLMYL+tG6NlgVj6ekKD6gubQXQ0REQ=,iv:1nUt5xPpXS0Fqn31LYpeILpB+2TUd0UElvZh+OIGcBg=,tag:hyAIjSFwgiQmXZDP9zn7BA==,type:str]
|
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.9.4
|
version: 3.9.4
|
||||||
|
|||||||
@ -3,6 +3,6 @@ kind: Kustomization
|
|||||||
resources:
|
resources:
|
||||||
- cloudflare-api-token-secret.yaml
|
- cloudflare-api-token-secret.yaml
|
||||||
- grafana-admin-secret.yaml
|
- grafana-admin-secret.yaml
|
||||||
# keycloak-secrets.yaml temporarily disabled - keycloak chart unavailable
|
- keycloak-secrets.yaml
|
||||||
- openldap-admin-secret.yaml
|
- openldap-admin-secret.yaml
|
||||||
- vaultwarden-db-secret.yaml
|
- vaultwarden-db-secret.yaml
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user