+37
-45
@@ -1,54 +1,46 @@
|
|||||||
executor: KubernetesExecutor
|
httpRelativePath: "/auth"
|
||||||
|
|
||||||
dags:
|
command:
|
||||||
gitSync:
|
- "/opt/keycloak/bin/kc.sh"
|
||||||
|
- "start"
|
||||||
|
|
||||||
|
proxy:
|
||||||
enabled: true
|
enabled: true
|
||||||
repo: git@github.com:idirbfs/dags.git
|
mode: xforwarded
|
||||||
branch: main
|
http:
|
||||||
rev: HEAD
|
enabled: true
|
||||||
depth: 1
|
|
||||||
maxFailures: 3
|
extraEnv: |
|
||||||
subPath: ""
|
- name: KEYCLOAK_ADMIN
|
||||||
sshKeySecret: airflow-gitsync-ssh
|
value: admin
|
||||||
period: 60s
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
||||||
|
value: changeme
|
||||||
|
- name: KC_HOSTNAME
|
||||||
|
value: "https://keycloak.idir-belfares.fr/auth"
|
||||||
|
- name: KC_HOSTNAME_STRICT
|
||||||
|
value: "true"
|
||||||
|
- name: KC_HOSTNAME_BACKCHANNEL_DYNAMIC
|
||||||
|
value: "false"
|
||||||
|
- name: KC_DB
|
||||||
|
value: postgres
|
||||||
|
- name: KC_DB_URL
|
||||||
|
value: "jdbc:postgresql://keycloak-db-postgresql.keycloak.svc.cluster.local/keycloak"
|
||||||
|
- name: KC_DB_USERNAME
|
||||||
|
value: keycloak
|
||||||
|
- name: KC_DB_PASSWORD
|
||||||
|
value: keycloak
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
apiServer:
|
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
hosts:
|
rules:
|
||||||
- name: airflow.idir-belfares.fr
|
- host: keycloak.idir-belfares.fr
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
tls:
|
tls:
|
||||||
enabled: true
|
- secretName: keycloak-tls
|
||||||
secretName: airflow-tls
|
hosts:
|
||||||
path: "/"
|
- keycloak.idir-belfares.fr
|
||||||
pathType: "Prefix"
|
|
||||||
|
|
||||||
apiServer:
|
|
||||||
apiServerConfig: |
|
|
||||||
from flask_appbuilder.security.manager import AUTH_OAUTH
|
|
||||||
|
|
||||||
AUTH_TYPE = AUTH_OAUTH
|
|
||||||
AUTH_USER_REGISTRATION = True
|
|
||||||
AUTH_USER_REGISTRATION_ROLE = "Viewer"
|
|
||||||
|
|
||||||
OAUTH_PROVIDERS = [
|
|
||||||
{
|
|
||||||
"name": "keycloak",
|
|
||||||
"token_key": "access_token",
|
|
||||||
"icon": "fa-key",
|
|
||||||
"remote_app": {
|
|
||||||
"client_id": "airflow",
|
|
||||||
"client_secret": "pE1GuIVBSmy0Wy2Tcf0QbLPVGg415D6r",
|
|
||||||
"authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth",
|
|
||||||
"access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token",
|
|
||||||
"jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs",
|
|
||||||
"client_kwargs": {
|
|
||||||
"scope": "openid email profile",
|
|
||||||
"token_endpoint_auth_method": "client_secret_post"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
Reference in New Issue
Block a user