fix ssh key for git sync

2026-06-11 23:51:29 +02:00
parent 8c9458e8ee
commit fc6b6ecb9d
5 changed files with 35 additions and 32 deletions
@@ -16,18 +16,17 @@ ingress:
  apiServer:
    enabled: true
    ingressClassName: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
    hosts:
-      - name: airflow.13.140.150.2.nip.io
+      - name: airflow.idir-belfares.fr
        tls:
-          enabled: false
+          enabled: true
+          secretName: airflow-tls
    path: "/"
    pathType: "Prefix"

 apiServer:
-  hostAliases:
-    - ip: "13.140.150.2"
-      hostnames:
-        - "keycloak.13.140.150.2.nip.io"
  apiServerConfig: |
    from flask_appbuilder.security.manager import AUTH_OAUTH

@@ -43,11 +42,11 @@ apiServer:
        "remote_app": {
          "client_id": "airflow",
          "client_secret": "TEQqjspeIrGRVLSxyArkjBMF3StaltwL",
-          "api_base_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect",
+          "api_base_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect",
          "request_token_url": None,
-          "access_token_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/token",
-          "authorize_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth",
-          "jwks_uri": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/certs",
+          "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token",
+          "authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth",
+          "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs",
          "client_kwargs": {
            "scope": "openid email profile"
          }
@@ -23,9 +23,14 @@ extraEnv: |
 ingress:
  enabled: true
  ingressClassName: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
  rules:
-    - host: keycloak.13.140.150.2.nip.io
+    - host: keycloak.idir-belfares.fr
      paths:
        - path: /
          pathType: Prefix
-  tls: []
+  tls:
+    - secretName: keycloak-tls
+      hosts:
+        - keycloak.idir-belfares.fr
@@ -1,7 +1,7 @@
 hostAliases:
 - ip: "13.140.150.2"
  hostnames:
-    - "keycloak.13.140.150.2.nip.io"
+    - "keycloak.idir-belfares.fr"

 config:
  existingSecret: oauth2-proxy-alertmanager
@@ -9,12 +9,12 @@ config:
  reverse_proxy: true
  set_xauthrequest: true
  cookie_samesite: "lax"
-  redirect_url: http://alertmanager.13.140.150.2.nip.io/oauth2/callback
+  redirect_url: http://alertmanager.idir-belfares.fr/oauth2/callback

 extraArgs:
  provider: oidc
  skip-oidc-discovery: "true"
-  login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
+  login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
  redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
  oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
  oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
@@ -26,6 +26,6 @@ ingress:
  enabled: true
  className: nginx
  hosts:
-    - alertmanager.13.140.150.2.nip.io
+    - alertmanager.idir-belfares.fr
  path: /
  pathType: Prefix
@@ -1,7 +1,7 @@
 hostAliases:
 - ip: "13.140.150.2"
  hostnames:
-    - "keycloak.13.140.150.2.nip.io"
+    - "keycloak.idir-belfares.fr"

 config:
  existingSecret: oauth2-proxy-prometheus
@@ -9,12 +9,12 @@ config:
  reverse_proxy: true
  set_xauthrequest: true
  cookie_samesite: "lax"
-  redirect_url: http://prometheus.13.140.150.2.nip.io/oauth2/callback
+  redirect_url: http://prometheus.idir-belfares.fr/oauth2/callback

 extraArgs:
  provider: oidc
  skip-oidc-discovery: "true"
-  login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
+  login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
  redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
  oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
  oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
@@ -26,6 +26,6 @@ ingress:
  enabled: true
  className: nginx
  hosts:
-    - prometheus.13.140.150.2.nip.io
+    - prometheus.idir-belfares.fr
  path: /
  pathType: Prefix
@@ -1,11 +1,6 @@
 grafana:
  enabled: true

-  hostAliases:
-    - ip: "13.140.150.2"
-      hostnames:
-        - "keycloak.13.140.150.2.nip.io"
-
  extraSecretMounts:
    - name: grafana-oauth-secret
      secretName: grafana-oauth-secret
@@ -14,7 +9,7 @@ grafana:

  grafana.ini:
    server:
-      root_url: http://grafana.13.140.150.2.nip.io
+      root_url: https://grafana.idir-belfares.fr

    security:
      secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY}
@@ -29,7 +24,7 @@ grafana:
      client_id: grafana
      client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
      scopes: openid email profile
-      auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth
+      auth_url: https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth
      token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token
      api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo
      email_attribute_path: email
@@ -37,12 +32,16 @@ grafana:

  ingress:
    enabled: true
-    annotations:
-      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
-      nginx.ingress.kubernetes.io/ssl-redirect: "false"
    ingressClassName: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
    hosts:
-      - grafana.13.140.150.2.nip.io
+      - grafana.idir-belfares.fr
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - grafana.idir-belfares.fr

 prometheus:
  enabled: true
@@ -51,4 +50,4 @@ prometheus:
    podMonitorSelectorNilUsesHelmValues: false

 alertmanager:
-  enabled: true
+  enabled: true