fix ssh key for git sync
This commit is contained in:
@@ -16,18 +16,17 @@ ingress:
|
|||||||
apiServer:
|
apiServer:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
hosts:
|
hosts:
|
||||||
- name: airflow.13.140.150.2.nip.io
|
- name: airflow.idir-belfares.fr
|
||||||
tls:
|
tls:
|
||||||
enabled: false
|
enabled: true
|
||||||
|
secretName: airflow-tls
|
||||||
path: "/"
|
path: "/"
|
||||||
pathType: "Prefix"
|
pathType: "Prefix"
|
||||||
|
|
||||||
apiServer:
|
apiServer:
|
||||||
hostAliases:
|
|
||||||
- ip: "13.140.150.2"
|
|
||||||
hostnames:
|
|
||||||
- "keycloak.13.140.150.2.nip.io"
|
|
||||||
apiServerConfig: |
|
apiServerConfig: |
|
||||||
from flask_appbuilder.security.manager import AUTH_OAUTH
|
from flask_appbuilder.security.manager import AUTH_OAUTH
|
||||||
|
|
||||||
@@ -43,11 +42,11 @@ apiServer:
|
|||||||
"remote_app": {
|
"remote_app": {
|
||||||
"client_id": "airflow",
|
"client_id": "airflow",
|
||||||
"client_secret": "TEQqjspeIrGRVLSxyArkjBMF3StaltwL",
|
"client_secret": "TEQqjspeIrGRVLSxyArkjBMF3StaltwL",
|
||||||
"api_base_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect",
|
"api_base_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect",
|
||||||
"request_token_url": None,
|
"request_token_url": None,
|
||||||
"access_token_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/token",
|
"access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token",
|
||||||
"authorize_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth",
|
"authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth",
|
||||||
"jwks_uri": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/certs",
|
"jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs",
|
||||||
"client_kwargs": {
|
"client_kwargs": {
|
||||||
"scope": "openid email profile"
|
"scope": "openid email profile"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,9 +23,14 @@ extraEnv: |
|
|||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
rules:
|
rules:
|
||||||
- host: keycloak.13.140.150.2.nip.io
|
- host: keycloak.idir-belfares.fr
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
tls: []
|
tls:
|
||||||
|
- secretName: keycloak-tls
|
||||||
|
hosts:
|
||||||
|
- keycloak.idir-belfares.fr
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
hostAliases:
|
hostAliases:
|
||||||
- ip: "13.140.150.2"
|
- ip: "13.140.150.2"
|
||||||
hostnames:
|
hostnames:
|
||||||
- "keycloak.13.140.150.2.nip.io"
|
- "keycloak.idir-belfares.fr"
|
||||||
|
|
||||||
config:
|
config:
|
||||||
existingSecret: oauth2-proxy-alertmanager
|
existingSecret: oauth2-proxy-alertmanager
|
||||||
@@ -9,12 +9,12 @@ config:
|
|||||||
reverse_proxy: true
|
reverse_proxy: true
|
||||||
set_xauthrequest: true
|
set_xauthrequest: true
|
||||||
cookie_samesite: "lax"
|
cookie_samesite: "lax"
|
||||||
redirect_url: http://alertmanager.13.140.150.2.nip.io/oauth2/callback
|
redirect_url: http://alertmanager.idir-belfares.fr/oauth2/callback
|
||||||
|
|
||||||
extraArgs:
|
extraArgs:
|
||||||
provider: oidc
|
provider: oidc
|
||||||
skip-oidc-discovery: "true"
|
skip-oidc-discovery: "true"
|
||||||
login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
|
login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
|
||||||
redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
|
redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
|
||||||
oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
|
oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
|
||||||
oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
|
oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
|
||||||
@@ -26,6 +26,6 @@ ingress:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- alertmanager.13.140.150.2.nip.io
|
- alertmanager.idir-belfares.fr
|
||||||
path: /
|
path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
hostAliases:
|
hostAliases:
|
||||||
- ip: "13.140.150.2"
|
- ip: "13.140.150.2"
|
||||||
hostnames:
|
hostnames:
|
||||||
- "keycloak.13.140.150.2.nip.io"
|
- "keycloak.idir-belfares.fr"
|
||||||
|
|
||||||
config:
|
config:
|
||||||
existingSecret: oauth2-proxy-prometheus
|
existingSecret: oauth2-proxy-prometheus
|
||||||
@@ -9,12 +9,12 @@ config:
|
|||||||
reverse_proxy: true
|
reverse_proxy: true
|
||||||
set_xauthrequest: true
|
set_xauthrequest: true
|
||||||
cookie_samesite: "lax"
|
cookie_samesite: "lax"
|
||||||
redirect_url: http://prometheus.13.140.150.2.nip.io/oauth2/callback
|
redirect_url: http://prometheus.idir-belfares.fr/oauth2/callback
|
||||||
|
|
||||||
extraArgs:
|
extraArgs:
|
||||||
provider: oidc
|
provider: oidc
|
||||||
skip-oidc-discovery: "true"
|
skip-oidc-discovery: "true"
|
||||||
login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
|
login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
|
||||||
redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
|
redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
|
||||||
oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
|
oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
|
||||||
oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
|
oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
|
||||||
@@ -26,6 +26,6 @@ ingress:
|
|||||||
enabled: true
|
enabled: true
|
||||||
className: nginx
|
className: nginx
|
||||||
hosts:
|
hosts:
|
||||||
- prometheus.13.140.150.2.nip.io
|
- prometheus.idir-belfares.fr
|
||||||
path: /
|
path: /
|
||||||
pathType: Prefix
|
pathType: Prefix
|
||||||
|
|||||||
+11
-12
@@ -1,11 +1,6 @@
|
|||||||
grafana:
|
grafana:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
hostAliases:
|
|
||||||
- ip: "13.140.150.2"
|
|
||||||
hostnames:
|
|
||||||
- "keycloak.13.140.150.2.nip.io"
|
|
||||||
|
|
||||||
extraSecretMounts:
|
extraSecretMounts:
|
||||||
- name: grafana-oauth-secret
|
- name: grafana-oauth-secret
|
||||||
secretName: grafana-oauth-secret
|
secretName: grafana-oauth-secret
|
||||||
@@ -14,7 +9,7 @@ grafana:
|
|||||||
|
|
||||||
grafana.ini:
|
grafana.ini:
|
||||||
server:
|
server:
|
||||||
root_url: http://grafana.13.140.150.2.nip.io
|
root_url: https://grafana.idir-belfares.fr
|
||||||
|
|
||||||
security:
|
security:
|
||||||
secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY}
|
secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY}
|
||||||
@@ -29,7 +24,7 @@ grafana:
|
|||||||
client_id: grafana
|
client_id: grafana
|
||||||
client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
|
client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
|
||||||
scopes: openid email profile
|
scopes: openid email profile
|
||||||
auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth
|
auth_url: https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth
|
||||||
token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token
|
token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token
|
||||||
api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo
|
api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo
|
||||||
email_attribute_path: email
|
email_attribute_path: email
|
||||||
@@ -37,12 +32,16 @@ grafana:
|
|||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
|
||||||
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
|
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||||
|
nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
|
||||||
hosts:
|
hosts:
|
||||||
- grafana.13.140.150.2.nip.io
|
- grafana.idir-belfares.fr
|
||||||
|
tls:
|
||||||
|
- secretName: grafana-tls
|
||||||
|
hosts:
|
||||||
|
- grafana.idir-belfares.fr
|
||||||
|
|
||||||
prometheus:
|
prometheus:
|
||||||
enabled: true
|
enabled: true
|
||||||
@@ -51,4 +50,4 @@ prometheus:
|
|||||||
podMonitorSelectorNilUsesHelmValues: false
|
podMonitorSelectorNilUsesHelmValues: false
|
||||||
|
|
||||||
alertmanager:
|
alertmanager:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
Reference in New Issue
Block a user