From fc6b6ecb9d28ea9803ec8d8747c602666d5519ba Mon Sep 17 00:00:00 2001 From: mbelfares Date: Thu, 11 Jun 2026 23:51:29 +0200 Subject: [PATCH] fix ssh key for git sync --- helm/airflow/values.yaml | 19 ++++++++------- helm/keycloak/values.yaml | 9 ++++++-- .../monitoring/oauth2-proxy-alertmanager.yaml | 8 +++---- helm/monitoring/oauth2-proxy-prometheus.yaml | 8 +++---- helm/monitoring/values.yaml | 23 +++++++++---------- 5 files changed, 35 insertions(+), 32 deletions(-) diff --git a/helm/airflow/values.yaml b/helm/airflow/values.yaml index 317c1d2..946a6c7 100644 --- a/helm/airflow/values.yaml +++ b/helm/airflow/values.yaml @@ -16,18 +16,17 @@ ingress: apiServer: enabled: true ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod hosts: - - name: airflow.13.140.150.2.nip.io + - name: airflow.idir-belfares.fr tls: - enabled: false + enabled: true + secretName: airflow-tls path: "/" pathType: "Prefix" apiServer: - hostAliases: - - ip: "13.140.150.2" - hostnames: - - "keycloak.13.140.150.2.nip.io" apiServerConfig: | from flask_appbuilder.security.manager import AUTH_OAUTH @@ -43,11 +42,11 @@ apiServer: "remote_app": { "client_id": "airflow", "client_secret": "TEQqjspeIrGRVLSxyArkjBMF3StaltwL", - "api_base_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect", + "api_base_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect", "request_token_url": None, - "access_token_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/token", - "authorize_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth", - "jwks_uri": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/certs", + "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token", + "authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth", + "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs", "client_kwargs": { "scope": "openid email profile" } diff --git a/helm/keycloak/values.yaml b/helm/keycloak/values.yaml index 91de8a9..e5149b5 100644 --- a/helm/keycloak/values.yaml +++ b/helm/keycloak/values.yaml @@ -23,9 +23,14 @@ extraEnv: | ingress: enabled: true ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod rules: - - host: keycloak.13.140.150.2.nip.io + - host: keycloak.idir-belfares.fr paths: - path: / pathType: Prefix - tls: [] + tls: + - secretName: keycloak-tls + hosts: + - keycloak.idir-belfares.fr diff --git a/helm/monitoring/oauth2-proxy-alertmanager.yaml b/helm/monitoring/oauth2-proxy-alertmanager.yaml index 8222f15..61ce676 100644 --- a/helm/monitoring/oauth2-proxy-alertmanager.yaml +++ b/helm/monitoring/oauth2-proxy-alertmanager.yaml @@ -1,7 +1,7 @@ hostAliases: - ip: "13.140.150.2" hostnames: - - "keycloak.13.140.150.2.nip.io" + - "keycloak.idir-belfares.fr" config: existingSecret: oauth2-proxy-alertmanager @@ -9,12 +9,12 @@ config: reverse_proxy: true set_xauthrequest: true cookie_samesite: "lax" - redirect_url: http://alertmanager.13.140.150.2.nip.io/oauth2/callback + redirect_url: http://alertmanager.idir-belfares.fr/oauth2/callback extraArgs: provider: oidc skip-oidc-discovery: "true" - login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth" + login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth" redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token" oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps" oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs" @@ -26,6 +26,6 @@ ingress: enabled: true className: nginx hosts: - - alertmanager.13.140.150.2.nip.io + - alertmanager.idir-belfares.fr path: / pathType: Prefix diff --git a/helm/monitoring/oauth2-proxy-prometheus.yaml b/helm/monitoring/oauth2-proxy-prometheus.yaml index eac802a..51c9404 100644 --- a/helm/monitoring/oauth2-proxy-prometheus.yaml +++ b/helm/monitoring/oauth2-proxy-prometheus.yaml @@ -1,7 +1,7 @@ hostAliases: - ip: "13.140.150.2" hostnames: - - "keycloak.13.140.150.2.nip.io" + - "keycloak.idir-belfares.fr" config: existingSecret: oauth2-proxy-prometheus @@ -9,12 +9,12 @@ config: reverse_proxy: true set_xauthrequest: true cookie_samesite: "lax" - redirect_url: http://prometheus.13.140.150.2.nip.io/oauth2/callback + redirect_url: http://prometheus.idir-belfares.fr/oauth2/callback extraArgs: provider: oidc skip-oidc-discovery: "true" - login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth" + login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth" redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token" oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps" oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs" @@ -26,6 +26,6 @@ ingress: enabled: true className: nginx hosts: - - prometheus.13.140.150.2.nip.io + - prometheus.idir-belfares.fr path: / pathType: Prefix diff --git a/helm/monitoring/values.yaml b/helm/monitoring/values.yaml index 3c9e4cd..1065ce5 100644 --- a/helm/monitoring/values.yaml +++ b/helm/monitoring/values.yaml @@ -1,11 +1,6 @@ grafana: enabled: true - hostAliases: - - ip: "13.140.150.2" - hostnames: - - "keycloak.13.140.150.2.nip.io" - extraSecretMounts: - name: grafana-oauth-secret secretName: grafana-oauth-secret @@ -14,7 +9,7 @@ grafana: grafana.ini: server: - root_url: http://grafana.13.140.150.2.nip.io + root_url: https://grafana.idir-belfares.fr security: secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY} @@ -29,7 +24,7 @@ grafana: client_id: grafana client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET} scopes: openid email profile - auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth + auth_url: https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo email_attribute_path: email @@ -37,12 +32,16 @@ grafana: ingress: enabled: true - annotations: - nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" - nginx.ingress.kubernetes.io/ssl-redirect: "false" ingressClassName: nginx + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + nginx.ingress.kubernetes.io/proxy-buffer-size: "8k" hosts: - - grafana.13.140.150.2.nip.io + - grafana.idir-belfares.fr + tls: + - secretName: grafana-tls + hosts: + - grafana.idir-belfares.fr prometheus: enabled: true @@ -51,4 +50,4 @@ prometheus: podMonitorSelectorNilUsesHelmValues: false alertmanager: - enabled: true \ No newline at end of file + enabled: true