feat: manual only deployment

helm/keycloak/values.yaml

@@ -1,46 +1,54 @@
-httpRelativePath: "/auth"
+executor: KubernetesExecutor
 
-command:
-  - "/opt/keycloak/bin/kc.sh"
-  - "start"
-
-proxy:
+dags:
+  gitSync:
     enabled: true
-  mode: xforwarded
-  http:
-    enabled: true
-
-extraEnv: |
-  - name: KEYCLOAK_ADMIN
-    value: admin
-  - name: KEYCLOAK_ADMIN_PASSWORD
-    value: changeme
-  - name: KC_HOSTNAME
-    value: "https://keycloak.idir-belfares.fr/auth"
-  - name: KC_HOSTNAME_STRICT
-    value: "true"
-  - name: KC_HOSTNAME_BACKCHANNEL_DYNAMIC
-    value: "false"
-  - name: KC_DB
-    value: postgres
-  - name: KC_DB_URL
-    value: "jdbc:postgresql://keycloak-db-postgresql.keycloak.svc.cluster.local/keycloak"
-  - name: KC_DB_USERNAME
-    value: keycloak
-  - name: KC_DB_PASSWORD
-    value: keycloak
+    repo: git@github.com:idirbfs/dags.git
+    branch: main
+    rev: HEAD
+    depth: 1
+    maxFailures: 3
+    subPath: ""
+    sshKeySecret: airflow-gitsync-ssh
+    period: 60s
 
 ingress:
+  apiServer:
     enabled: true
     ingressClassName: nginx
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt-prod
-  rules:
-    - host: keycloak.idir-belfares.fr
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - secretName: keycloak-tls
     hosts:
-        - keycloak.idir-belfares.fr
+      - name: airflow.idir-belfares.fr
+        tls:
+          enabled: true
+          secretName: airflow-tls
+    path: "/"
+    pathType: "Prefix"
+
+apiServer:
+  apiServerConfig: |
+    from flask_appbuilder.security.manager import AUTH_OAUTH
+
+    AUTH_TYPE = AUTH_OAUTH
+    AUTH_USER_REGISTRATION = True
+    AUTH_USER_REGISTRATION_ROLE = "Viewer"
+
+    OAUTH_PROVIDERS = [
+      {
+        "name": "keycloak",
+        "token_key": "access_token",
+        "icon": "fa-key",
+        "remote_app": {
+          "client_id": "airflow",
+          "client_secret": "pE1GuIVBSmy0Wy2Tcf0QbLPVGg415D6r",
+          "authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth",
+          "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token",
+          "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs",
+          "client_kwargs": {
+            "scope": "openid email profile",
+            "token_endpoint_auth_method": "client_secret_post"
+          }
+        }
+      }
+    ]