From b52871ccb9c02d05320d386613f35e8503bf3759 Mon Sep 17 00:00:00 2001 From: mbelfares Date: Sun, 14 Jun 2026 18:40:41 +0200 Subject: [PATCH] Revert "feat: manual only deployment" This reverts commit e18bb49e9a3fda4baeedd8e1d6ec198db0e9df83. --- helm/keycloak/values.yaml | 92 ++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 50 deletions(-) diff --git a/helm/keycloak/values.yaml b/helm/keycloak/values.yaml index 49f8713..fdb09cd 100644 --- a/helm/keycloak/values.yaml +++ b/helm/keycloak/values.yaml @@ -1,54 +1,46 @@ -executor: KubernetesExecutor +httpRelativePath: "/auth" -dags: - gitSync: +command: + - "/opt/keycloak/bin/kc.sh" + - "start" + +proxy: + enabled: true + mode: xforwarded + http: enabled: true - repo: git@github.com:idirbfs/dags.git - branch: main - rev: HEAD - depth: 1 - maxFailures: 3 - subPath: "" - sshKeySecret: airflow-gitsync-ssh - period: 60s + +extraEnv: | + - name: KEYCLOAK_ADMIN + value: admin + - name: KEYCLOAK_ADMIN_PASSWORD + value: changeme + - name: KC_HOSTNAME + value: "https://keycloak.idir-belfares.fr/auth" + - name: KC_HOSTNAME_STRICT + value: "true" + - name: KC_HOSTNAME_BACKCHANNEL_DYNAMIC + value: "false" + - name: KC_DB + value: postgres + - name: KC_DB_URL + value: "jdbc:postgresql://keycloak-db-postgresql.keycloak.svc.cluster.local/keycloak" + - name: KC_DB_USERNAME + value: keycloak + - name: KC_DB_PASSWORD + value: keycloak ingress: - apiServer: - enabled: true - ingressClassName: nginx - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod - hosts: - - name: airflow.idir-belfares.fr - tls: - enabled: true - secretName: airflow-tls - path: "/" - pathType: "Prefix" - -apiServer: - apiServerConfig: | - from flask_appbuilder.security.manager import AUTH_OAUTH - - AUTH_TYPE = AUTH_OAUTH - AUTH_USER_REGISTRATION = True - AUTH_USER_REGISTRATION_ROLE = "Viewer" - - OAUTH_PROVIDERS = [ - { - "name": "keycloak", - "token_key": "access_token", - "icon": "fa-key", - "remote_app": { - "client_id": "airflow", - "client_secret": "pE1GuIVBSmy0Wy2Tcf0QbLPVGg415D6r", - "authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth", - "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token", - "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs", - "client_kwargs": { - "scope": "openid email profile", - "token_endpoint_auth_method": "client_secret_post" - } - } - } - ] \ No newline at end of file + enabled: true + ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + rules: + - host: keycloak.idir-belfares.fr + paths: + - path: / + pathType: Prefix + tls: + - secretName: keycloak-tls + hosts: + - keycloak.idir-belfares.fr \ No newline at end of file