Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
f18b8d6ba9 |
@@ -6,8 +6,6 @@ metadata:
|
|||||||
app: web-petting
|
app: web-petting
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
strategy:
|
|
||||||
type: Recreate
|
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: web-petting
|
app: web-petting
|
||||||
@@ -24,7 +22,7 @@ spec:
|
|||||||
claimName: web-petting-data
|
claimName: web-petting-data
|
||||||
containers:
|
containers:
|
||||||
- name: web-petting
|
- name: web-petting
|
||||||
image: ultradesu/web-petting:latest
|
image: ultradesu/web-petting:v0.1.4
|
||||||
imagePullPolicy: Always
|
imagePullPolicy: Always
|
||||||
args:
|
args:
|
||||||
# - "tail"
|
# - "tail"
|
||||||
|
|||||||
@@ -20,21 +20,8 @@ spec:
|
|||||||
name: web-petting
|
name: web-petting
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
- host: xn--l1acako8eb.xn--p1ai
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: web-petting
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
tls:
|
tls:
|
||||||
- secretName: web-petting-tls
|
- secretName: web-petting-tls
|
||||||
hosts:
|
hosts:
|
||||||
- pet.hexor.cy
|
- pet.hexor.cy
|
||||||
- secretName: web-petting-murnyanya-tls
|
|
||||||
hosts:
|
|
||||||
- xn--l1acako8eb.xn--p1ai
|
|
||||||
|
|
||||||
|
|||||||
@@ -23,22 +23,14 @@ configs:
|
|||||||
admin.enabled: false
|
admin.enabled: false
|
||||||
statusbadge.enabled: true
|
statusbadge.enabled: true
|
||||||
timeout.reconciliation: 60s
|
timeout.reconciliation: 60s
|
||||||
dex.config: |
|
oidc.config: |
|
||||||
connectors:
|
name: Keycloak
|
||||||
- type: oidc
|
issuer: https://auth.hexor.cy/auth/realms/hexor
|
||||||
id: keycloak
|
clientID: $oidc-creds:id
|
||||||
name: Keycloak
|
clientSecret: $oidc-creds:secret
|
||||||
config:
|
requestedScopes: ["openid", "profile", "email", "offline_access"]
|
||||||
issuer: https://auth.hexor.cy/auth/realms/hexor
|
requestedIDTokenClaims: {"groups": {"essential": true}}
|
||||||
clientID: $oidc-creds:id
|
refreshTokenThreshold: 2m
|
||||||
clientSecret: $oidc-creds:secret
|
|
||||||
insecureEnableGroups: true
|
|
||||||
scopes:
|
|
||||||
- openid
|
|
||||||
- profile
|
|
||||||
- email
|
|
||||||
- offline_access
|
|
||||||
getUserInfo: true
|
|
||||||
rbac:
|
rbac:
|
||||||
create: true
|
create: true
|
||||||
policy.default: ""
|
policy.default: ""
|
||||||
@@ -72,7 +64,7 @@ dex:
|
|||||||
replicas: 1
|
replicas: 1
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
<<: *nodeSelector
|
<<: *nodeSelector
|
||||||
enabled: true
|
enabled: false
|
||||||
|
|
||||||
# Standard Redis disabled because Redis HA is enabled
|
# Standard Redis disabled because Redis HA is enabled
|
||||||
redis:
|
redis:
|
||||||
|
|||||||
@@ -35,6 +35,4 @@ spec:
|
|||||||
dnsZones:
|
dnsZones:
|
||||||
- "*.hexor.cy"
|
- "*.hexor.cy"
|
||||||
- "hexor.cy"
|
- "hexor.cy"
|
||||||
- "*.xn--l1acako8eb.xn--p1ai"
|
|
||||||
- "xn--l1acako8eb.xn--p1ai"
|
|
||||||
|
|
||||||
|
|||||||
@@ -167,7 +167,9 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "keycloak_group" "oauth2_app" {
|
resource "keycloak_group" "oauth2_app" {
|
||||||
for_each = var.oauth2_applications
|
for_each = {
|
||||||
|
for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
|
||||||
|
}
|
||||||
|
|
||||||
realm_id = keycloak_realm.hexor.id
|
realm_id = keycloak_realm.hexor.id
|
||||||
name = "app-${each.key}"
|
name = "app-${each.key}"
|
||||||
|
|||||||
Reference in New Issue
Block a user