Update k8s manifests
This commit is contained in:
ansible
parent
4677f30f49
commit
c43f6e8f70
@ -18,6 +18,15 @@ spec:
|
|||||||
type: postgresql
|
type: postgresql
|
||||||
existingSecret: vaultwarden-db-secret
|
existingSecret: vaultwarden-db-secret
|
||||||
existingSecretKey: DATABASE_URL
|
existingSecretKey: DATABASE_URL
|
||||||
|
sso:
|
||||||
|
enabled: true
|
||||||
|
authority: https://keycloak.n0ball.tw/realms/homelab
|
||||||
|
existingSecret: vaultwarden-oidc-secret
|
||||||
|
clientId:
|
||||||
|
existingSecretKey: SSO_CLIENT_ID
|
||||||
|
clientSecret:
|
||||||
|
existingSecretKey: SSO_CLIENT_SECRET
|
||||||
|
signupsMatchEmail: true
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
class: traefik
|
class: traefik
|
||||||
|
|||||||
@ -44,6 +44,19 @@ spec:
|
|||||||
existingSecret: grafana-admin-secret
|
existingSecret: grafana-admin-secret
|
||||||
userKey: admin-user
|
userKey: admin-user
|
||||||
passwordKey: admin-password
|
passwordKey: admin-password
|
||||||
|
envFromSecret: grafana-oidc-secret
|
||||||
|
grafana.ini:
|
||||||
|
server:
|
||||||
|
root_url: https://grafana.n0ball.tw
|
||||||
|
auth.generic_oauth:
|
||||||
|
enabled: true
|
||||||
|
name: Keycloak
|
||||||
|
allow_sign_up: true
|
||||||
|
scopes: openid email profile
|
||||||
|
auth_url: https://keycloak.n0ball.tw/realms/homelab/protocol/openid-connect/auth
|
||||||
|
token_url: https://keycloak.n0ball.tw/realms/homelab/protocol/openid-connect/token
|
||||||
|
api_url: https://keycloak.n0ball.tw/realms/homelab/protocol/openid-connect/userinfo
|
||||||
|
role_attribute_path: "contains(realm_access.roles[*], 'admin') && 'Admin' || 'Viewer'"
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
|
|||||||
28
k8s/infrastructure/sops/grafana-oidc-secret.yaml
Normal file
28
k8s/infrastructure/sops/grafana-oidc-secret.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: grafana-oidc-secret
|
||||||
|
namespace: observability
|
||||||
|
stringData:
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: ENC[AES256_GCM,data:bhyVGB1e/A==,iv:R9XIDtOmeXU8rWOEP2RxmROI7YCqblfE5CW1ZQd3jlM=,tag:jaD3DbE9HrtsrU1WxEi/Eg==,type:str]
|
||||||
|
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:g1y/QQbZxs4enuAghoH9GgGr+SVZgO65lVIjWyz0srw=,iv:DW8rxat3vPKdrE4q2yLOinFEXbCsslXGhsiSPxCgHlk=,tag:JCcwCCTBN1gZT1Mch8dhaQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2b0F1M01md3lSQ2FhVXRC
|
||||||
|
Y0QyMmQyMDNNbDlNOUVlT2VEZXh1U3lmUEFNCjJlWlVidDFaM3ZiM3BtZmRtbVZx
|
||||||
|
V3NuSEV6RTR2YlFYRmxnZ1hvMWNReEkKLS0tIE0zTFFhQ00zZWRKMVljKzRKellu
|
||||||
|
aU43UWhhTGZ1STFsS2dQR0lhR1c2UGsKRl5Ov3hML+6scbjxG+rBaL3Ipj2ps9em
|
||||||
|
9f82eb5fYmcDhOSEgOzTnNbuCT8ZK/lIta5Ta4pgJ+yOCiTUWMvx7A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-03-10T10:25:23Z"
|
||||||
|
mac: ENC[AES256_GCM,data:rDA3B6jCnkAQw/AgT6vGu5w/3zDpQ8p5jwgCq68RvGsYWDaYPvQTCnDV7oFBVZ1HoU3HxxqkhinpHgX/cOy1BdeO6kAyU4ZXDTGBHBL6T5eeiRnIL82L9dZo9lY2LYdyy0CrB50UmeVv5xCJd8AMB6WKKrVXF3RlVQ/c34xprbM=,iv:aQNsNWZv7KsLmtUahjSEQOmP8Mv5ibIv8fPQoprd1JU=,tag:BxjJXQIVkt55MXCIQbAyeA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.9.4
|
||||||
@ -6,3 +6,5 @@ resources:
|
|||||||
- keycloak-secrets.yaml
|
- keycloak-secrets.yaml
|
||||||
- openldap-admin-secret.yaml
|
- openldap-admin-secret.yaml
|
||||||
- vaultwarden-db-secret.yaml
|
- vaultwarden-db-secret.yaml
|
||||||
|
- grafana-oidc-secret.yaml
|
||||||
|
- vaultwarden-oidc-secret.yaml
|
||||||
|
|||||||
28
k8s/infrastructure/sops/vaultwarden-oidc-secret.yaml
Normal file
28
k8s/infrastructure/sops/vaultwarden-oidc-secret.yaml
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: vaultwarden-oidc-secret
|
||||||
|
namespace: vaultwarden
|
||||||
|
stringData:
|
||||||
|
SSO_CLIENT_ID: ENC[AES256_GCM,data:al29aDaBitn+d+8=,iv:eGkdS/9EF1x5ZU9jD7c/mbRDPHwnUzNC3QlafQkF3Vg=,tag:qBQ2RDpXMcVBxYyuk7VDVQ==,type:str]
|
||||||
|
SSO_CLIENT_SECRET: ENC[AES256_GCM,data:y2X1NMtDOF0Mx9O5/4HNXSvA4FJLLDICjGh/MtXJGpE=,iv:yOX+VEs9Prnw8c2QtiKlC7/xQof5rPwStA+oAWPGEo4=,tag:54gC2Y3gqNfmi9C0MO0gHg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlQTA5bVZXUXBMbml5VUJj
|
||||||
|
ZlhsM0RYL2trRUdZcHhickFKQjZhYThBT1FnCk1FQlpGeDlGRDdMaG43TFZ0ZlNM
|
||||||
|
QVltV0JmVVZkYk14Skx6b0MvNkowU0UKLS0tIFVFU1VaSnJTK01rVmNQOVZMdkFn
|
||||||
|
bVFsMVdtVDhyTEJFUmdLMEVnajlCZlkKMnkDbLjZ/iZUGFE0RKbfN3LvE13l552j
|
||||||
|
Knf31Bkb/HX1rm+qHxd3sCEvwHQqT/Q8sqKXucT6OEsqds2NeGXtWg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-03-10T10:26:41Z"
|
||||||
|
mac: ENC[AES256_GCM,data:b3Wr2mTjmlIES6FXyzz1zGZhg/Ps+D+lX+M9lyTUEcpQWYv0ym1GkqivbrV/mkJGeYS6nZVOpirf+mr/Kw5gilBhGCFCr9z/8lOm/cxdIUEByhNrHggwQl+Dk4CRPFshiTQ7dHrvVpcInkATsRL4ij9ORvlEYYw5rjjfoH32pks=,iv:Q33i5HXxk5uVVW9A8Hi9pL5B8s3yJX2jsrHOCHA5q8o=,tag:wOxFQKv1SXkFuL2zA2K33g==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.9.4
|
||||||
Loading…
x
Reference in New Issue
Block a user