Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Gitea Actions Bot
|
fe4c90debc |
@@ -13,7 +13,6 @@ permissions:
|
||||
jobs:
|
||||
terraform:
|
||||
name: 'Terraform'
|
||||
if: false
|
||||
runs-on: ubuntu-latest
|
||||
environment: production
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
image: &image 'pasarguard/panel:v4.0.2'
|
||||
image: &image 'pasarguard/panel:v3.1.0'
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
||||
@@ -6,8 +6,6 @@ metadata:
|
||||
app: web-petting
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: web-petting
|
||||
@@ -24,7 +22,7 @@ spec:
|
||||
claimName: web-petting-data
|
||||
containers:
|
||||
- name: web-petting
|
||||
image: ultradesu/web-petting:latest
|
||||
image: ultradesu/web-petting:0.1.0
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
# - "tail"
|
||||
|
||||
@@ -20,21 +20,8 @@ spec:
|
||||
name: web-petting
|
||||
port:
|
||||
number: 80
|
||||
- host: xn--l1acako8eb.xn--p1ai
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: web-petting
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- secretName: web-petting-tls
|
||||
hosts:
|
||||
- pet.hexor.cy
|
||||
- secretName: web-petting-murnyanya-tls
|
||||
hosts:
|
||||
- xn--l1acako8eb.xn--p1ai
|
||||
|
||||
|
||||
@@ -23,22 +23,14 @@ configs:
|
||||
admin.enabled: false
|
||||
statusbadge.enabled: true
|
||||
timeout.reconciliation: 60s
|
||||
dex.config: |
|
||||
connectors:
|
||||
- type: oidc
|
||||
id: keycloak
|
||||
name: Keycloak
|
||||
config:
|
||||
issuer: https://auth.hexor.cy/auth/realms/hexor
|
||||
clientID: $oidc-creds:id
|
||||
clientSecret: $oidc-creds:secret
|
||||
insecureEnableGroups: true
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
- offline_access
|
||||
getUserInfo: true
|
||||
oidc.config: |
|
||||
name: Keycloak
|
||||
issuer: https://auth.hexor.cy/auth/realms/hexor
|
||||
clientID: $oidc-creds:id
|
||||
clientSecret: $oidc-creds:secret
|
||||
requestedScopes: ["openid", "profile", "email", "offline_access"]
|
||||
requestedIDTokenClaims: {"groups": {"essential": true}}
|
||||
refreshTokenThreshold: 2m
|
||||
rbac:
|
||||
create: true
|
||||
policy.default: ""
|
||||
@@ -72,7 +64,7 @@ dex:
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
<<: *nodeSelector
|
||||
enabled: true
|
||||
enabled: false
|
||||
|
||||
# Standard Redis disabled because Redis HA is enabled
|
||||
redis:
|
||||
|
||||
@@ -35,6 +35,4 @@ spec:
|
||||
dnsZones:
|
||||
- "*.hexor.cy"
|
||||
- "hexor.cy"
|
||||
- "*.xn--l1acako8eb.xn--p1ai"
|
||||
- "xn--l1acako8eb.xn--p1ai"
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
|
||||
|
||||
alertmanager:
|
||||
config:
|
||||
global:
|
||||
@@ -108,27 +109,18 @@ grafana:
|
||||
|
||||
grafana.ini:
|
||||
auth:
|
||||
signout_redirect_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/logout?post_logout_redirect_uri=https%3A%2F%2Fgf.hexor.cy%2Flogin&client_id=Grafana
|
||||
oauth_allow_insecure_email_lookup: true
|
||||
signout_redirect_url: https://idm.hexor.cy/application/o/grafana/end-session/
|
||||
auth.generic_oauth:
|
||||
name: Keycloak
|
||||
name: authentik
|
||||
enabled: true
|
||||
scopes: "openid profile email"
|
||||
allow_sign_up: true
|
||||
auth_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/auth
|
||||
token_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/token
|
||||
api_url: https://auth.hexor.cy/auth/realms/hexor/protocol/openid-connect/userinfo
|
||||
email_attribute_path: email
|
||||
login_attribute_path: preferred_username
|
||||
name_attribute_path: name
|
||||
auth_url: https://idm.hexor.cy/application/o/authorize/
|
||||
token_url: https://idm.hexor.cy/application/o/token/
|
||||
api_url: https://idm.hexor.cy/application/o/userinfo/
|
||||
role_attribute_path: >-
|
||||
contains(groups[*], 'hexor-admin') && 'Admin' ||
|
||||
contains(groups[*], 'hexor-guest') && 'Viewer' ||
|
||||
'Viewer'
|
||||
role_attribute_strict: false
|
||||
log:
|
||||
level: debug
|
||||
filters: "oauth.generic_oauth:debug"
|
||||
contains(groups, 'Grafana Admin') && 'Admin' ||
|
||||
contains(groups, 'Grafana Editors') && 'Editor' ||
|
||||
contains(groups, 'Grafana Viewer') && 'Viewer'
|
||||
database:
|
||||
type: postgres
|
||||
host: psql.psql.svc:5432
|
||||
|
||||
@@ -43,6 +43,23 @@ proxy_applications = {
|
||||
access_groups = ["admins"]
|
||||
}
|
||||
|
||||
"kubernetes-secrets" = {
|
||||
name = "kubernetes-secrets"
|
||||
slug = "k8s-secret"
|
||||
group = "Core"
|
||||
external_host = "https://pass.hexor.cy"
|
||||
internal_host = "http://secret-reader.k8s-secret.svc:80"
|
||||
internal_host_ssl_validation = false
|
||||
meta_description = ""
|
||||
skip_path_regex = <<-EOT
|
||||
/webhook
|
||||
EOT
|
||||
meta_icon = "https://img.icons8.com/ios-filled/50/password.png"
|
||||
mode = "proxy"
|
||||
outpost = "kubernetes-outpost"
|
||||
create_group = true
|
||||
access_groups = ["admins"]
|
||||
}
|
||||
"mtproxy-links" = {
|
||||
name = "mtproxy-links"
|
||||
slug = "mtproxy-links"
|
||||
|
||||
@@ -167,7 +167,9 @@ resource "keycloak_openid_client_optional_scopes" "oauth2_app" {
|
||||
}
|
||||
|
||||
resource "keycloak_group" "oauth2_app" {
|
||||
for_each = var.oauth2_applications
|
||||
for_each = {
|
||||
for k, v in var.oauth2_applications : k => v if length(v.allowed_groups) > 0
|
||||
}
|
||||
|
||||
realm_id = keycloak_realm.hexor.id
|
||||
name = "app-${each.key}"
|
||||
|
||||
Reference in New Issue
Block a user