fix ssh key for git sync

helm/airflow/values.yaml

@@ -16,18 +16,17 @@ ingress:
   apiServer:
     enabled: true
     ingressClassName: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
     hosts:
-      - name: airflow.13.140.150.2.nip.io
+      - name: airflow.idir-belfares.fr
         tls:
-          enabled: false
+          enabled: true
+          secretName: airflow-tls
     path: "/"
     pathType: "Prefix"
 
 apiServer:
-  hostAliases:
-    - ip: "13.140.150.2"
-      hostnames:
-        - "keycloak.13.140.150.2.nip.io"
   apiServerConfig: |
     from flask_appbuilder.security.manager import AUTH_OAUTH
 
@@ -43,11 +42,11 @@ apiServer:
         "remote_app": {
           "client_id": "airflow",
           "client_secret": "TEQqjspeIrGRVLSxyArkjBMF3StaltwL",
-          "api_base_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect",
+          "api_base_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect",
           "request_token_url": None,
-          "access_token_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/token",
-          "authorize_url": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth",
-          "jwks_uri": "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/certs",
+          "access_token_url": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token",
+          "authorize_url": "https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth",
+          "jwks_uri": "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs",
           "client_kwargs": {
             "scope": "openid email profile"
           }

helm/keycloak/values.yaml

@@ -23,9 +23,14 @@ extraEnv: |
 ingress:
   enabled: true
   ingressClassName: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
   rules:
-    - host: keycloak.13.140.150.2.nip.io
+    - host: keycloak.idir-belfares.fr
       paths:
         - path: /
           pathType: Prefix
-  tls: []
+  tls:
+    - secretName: keycloak-tls
+      hosts:
+        - keycloak.idir-belfares.fr

helm/monitoring/oauth2-proxy-alertmanager.yaml

@@ -1,7 +1,7 @@
 hostAliases:
 - ip: "13.140.150.2"
   hostnames:
-    - "keycloak.13.140.150.2.nip.io"
+    - "keycloak.idir-belfares.fr"
 
 config:
   existingSecret: oauth2-proxy-alertmanager
@@ -9,12 +9,12 @@ config:
   reverse_proxy: true
   set_xauthrequest: true
   cookie_samesite: "lax"
-  redirect_url: http://alertmanager.13.140.150.2.nip.io/oauth2/callback
+  redirect_url: http://alertmanager.idir-belfares.fr/oauth2/callback
 
 extraArgs:
   provider: oidc
   skip-oidc-discovery: "true"
-  login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
+  login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
   redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
   oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
   oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
@@ -26,6 +26,6 @@ ingress:
   enabled: true
   className: nginx
   hosts:
-    - alertmanager.13.140.150.2.nip.io
+    - alertmanager.idir-belfares.fr
   path: /
   pathType: Prefix

helm/monitoring/oauth2-proxy-prometheus.yaml

@@ -1,7 +1,7 @@
 hostAliases:
 - ip: "13.140.150.2"
   hostnames:
-    - "keycloak.13.140.150.2.nip.io"
+    - "keycloak.idir-belfares.fr"
 
 config:
   existingSecret: oauth2-proxy-prometheus
@@ -9,12 +9,12 @@ config:
   reverse_proxy: true
   set_xauthrequest: true
   cookie_samesite: "lax"
-  redirect_url: http://prometheus.13.140.150.2.nip.io/oauth2/callback
+  redirect_url: http://prometheus.idir-belfares.fr/oauth2/callback
 
 extraArgs:
   provider: oidc
   skip-oidc-discovery: "true"
-  login-url: "http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth"
+  login-url: "http://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth"
   redeem-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token"
   oidc-issuer-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps"
   oidc-jwks-url: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/certs"
@@ -26,6 +26,6 @@ ingress:
   enabled: true
   className: nginx
   hosts:
-    - prometheus.13.140.150.2.nip.io
+    - prometheus.idir-belfares.fr
   path: /
   pathType: Prefix

helm/monitoring/values.yaml

@@ -1,11 +1,6 @@
 grafana:
   enabled: true
 
-  hostAliases:
-    - ip: "13.140.150.2"
-      hostnames:
-        - "keycloak.13.140.150.2.nip.io"
-
   extraSecretMounts:
     - name: grafana-oauth-secret
       secretName: grafana-oauth-secret
@@ -14,7 +9,7 @@ grafana:
 
   grafana.ini:
     server:
-      root_url: http://grafana.13.140.150.2.nip.io
+      root_url: https://grafana.idir-belfares.fr
 
     security:
       secret_key: $__file{/etc/secrets/GF_SECURITY_SECRET_KEY}
@@ -29,7 +24,7 @@ grafana:
       client_id: grafana
       client_secret: $__file{/etc/secrets/GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET}
       scopes: openid email profile
-      auth_url: http://keycloak.13.140.150.2.nip.io/auth/realms/k8s-apps/protocol/openid-connect/auth
+      auth_url: https://keycloak.idir-belfares.fr/auth/realms/k8s-apps/protocol/openid-connect/auth
       token_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/token
       api_url: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/realms/k8s-apps/protocol/openid-connect/userinfo
       email_attribute_path: email
@@ -37,12 +32,16 @@ grafana:
 
   ingress:
     enabled: true
-    annotations:
-      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
-      nginx.ingress.kubernetes.io/ssl-redirect: "false"
     ingressClassName: nginx
+    annotations:
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
     hosts:
-      - grafana.13.140.150.2.nip.io
+      - grafana.idir-belfares.fr
+    tls:
+      - secretName: grafana-tls
+        hosts:
+          - grafana.idir-belfares.fr
 
 prometheus:
   enabled: true