scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-11-02 19:08:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(oidc): collect all oidc-clients under keycloak

Browse Source
This commit is contained in:
Vegard Hagen
2024-08-17 12:54:40 +02:00
parent d79f57efd3
commit 0048da7ffa
27 changed files with 78 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
k8s/infra/auth/keycloak/config/builtin-objects.yaml → k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml
View File

0
k8s/infra/auth/keycloak/config/client-cloudflare.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/cloudflare/client.yaml
View File

0
k8s/infra/auth/keycloak/config/cloudflare-oidc-credentials.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/cloudflare/credentials.yaml
View File

6
k8s/infra/auth/keycloak-realms/homelab/clients/cloudflare/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- client.yaml
- credentials.yaml

7
k8s/infra/auth/keycloak-realms/homelab/clients/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cloudflare
- netbird
- netbird-backend

0
k8s/infra/vpn/netbird/backend/oidc-client.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/netbird-backend/client.yaml
View File

0
k8s/infra/vpn/netbird/backend/secret-oidc-credentials.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/netbird-backend/credentials.yaml
View File

7
k8s/infra/auth/keycloak-realms/homelab/clients/netbird-backend/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- client.yaml
- credentials.yaml
- sa-role-view-users.yaml

0
k8s/infra/vpn/netbird/backend/oidc-sa-role.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/netbird-backend/sa-role-view-users.yaml
View File

1
k8s/infra/vpn/netbird/dashboard/oidc-client.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/netbird/client.yaml
View File

@@ -14,7 +14,6 @@ spec:
baseUrl: "https://netbird.stonegarden.dev" baseUrl: "https://netbird.stonegarden.dev"
validRedirectUris: validRedirectUris:
- "http://localhost:53000" - "http://localhost:53000"
- "http://localhost:8080/*"
- "https://netbird.stonegarden.dev/*" - "https://netbird.stonegarden.dev/*"
validPostLogoutRedirectUris: validPostLogoutRedirectUris:
- "https://netbird.stonegarden.dev/*" - "https://netbird.stonegarden.dev/*"

6
k8s/infra/auth/keycloak-realms/homelab/clients/netbird/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- client.yaml
- scopes.yaml

18
k8s/infra/vpn/netbird/dashboard/oidc-scopes.yaml → k8s/infra/auth/keycloak-realms/homelab/clients/netbird/scopes.yaml
View File

@@ -1,4 +1,22 @@
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1 apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientDefaultScopes
metadata:
name: netbird-default-scopes
spec:
forProvider:
defaultScopes:
- acr
- email
- profile
- roles
- web-origins
- netbird-api
clientIdRef:
name: netbird
realmIdRef:
name: homelab
---
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientScope kind: ClientScope
metadata: metadata:
name: netbird-api name: netbird-api

7
k8s/infra/auth/keycloak/config/kustomization.yaml → k8s/infra/auth/keycloak-realms/homelab/kustomization.yaml
View File

@@ -2,8 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- realms.yaml - realm.yaml
- users.yaml
- client-cloudflare.yaml
- cloudflare-oidc-credentials.yaml
- builtin-objects.yaml - builtin-objects.yaml
- clients
- users

0
k8s/infra/auth/keycloak/config/realms.yaml → k8s/infra/auth/keycloak-realms/homelab/realm.yaml
View File

5
k8s/infra/auth/keycloak-realms/homelab/users/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- veh.yaml

0
k8s/infra/auth/keycloak/config/users.yaml → k8s/infra/auth/keycloak-realms/homelab/users/veh.yaml
View File

5
k8s/infra/auth/keycloak-realms/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- homelab

4
k8s/infra/auth/keycloak/kustomization.yaml
View File

@@ -7,12 +7,12 @@ resources:
- secret-keycloak-admin.yaml - secret-keycloak-admin.yaml
- secret-keycloak-db-credentials.yaml - secret-keycloak-db-credentials.yaml
- http-route.yaml - http-route.yaml
- config
helmCharts: helmCharts:
- name: keycloak - name: keycloak
repo: oci://registry-1.docker.io/bitnamicharts repo: oci://registry-1.docker.io/bitnamicharts
releaseName: keycloak releaseName: keycloak
namespace: keycloak namespace: keycloak
version: 22.1.1 # version: 22.1.1
version: 21.5.0
valuesFile: values.yaml valuesFile: values.yaml

8
k8s/infra/auth/keycloak/values.yaml
View File

@@ -14,6 +14,13 @@ proxy: edge
ingress: ingress:
enabled: false enabled: false
resources:
requests:
cpu: 200m
memory: 640Mi
limits:
memory: 3Gi
postgresql: postgresql:
enabled: true enabled: true
auth: auth:
@@ -27,3 +34,4 @@ postgresql:
persistence: persistence:
enabled: true enabled: true
existingClaim: keycloak-db existingClaim: keycloak-db

2
k8s/infra/auth/project.yaml
View File

@@ -11,6 +11,8 @@ spec:
server: '*' server: '*'
- namespace: 'keycloak' - namespace: 'keycloak'
server: '*' server: '*'
- namespace: 'netbird'
server: '*'
clusterResourceWhitelist: clusterResourceWhitelist:
- group: '*' - group: '*'
kind: '*' kind: '*'

6
k8s/infra/crossplane-crds/config/keycloak/functions.yaml
View File

@@ -3,19 +3,19 @@ kind: Function
metadata: metadata:
name: function-extra-resources name: function-extra-resources
spec: spec:
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3 package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3 # renovate: github-releases=crossplane-contrib/function-extra-resources
--- ---
apiVersion: pkg.crossplane.io/v1beta1 apiVersion: pkg.crossplane.io/v1beta1
kind: Function kind: Function
metadata: metadata:
name: function-auto-ready name: function-auto-ready
spec: spec:
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1 package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1 # renovate: github-releases=crossplane-contrib/function-auto-ready
--- ---
apiVersion: pkg.crossplane.io/v1beta1 apiVersion: pkg.crossplane.io/v1beta1
kind: Function kind: Function
metadata: metadata:
name: function-keycloak-builtin-objects name: function-keycloak-builtin-objects
spec: spec:
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0 package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0 # renovate: gitlab-releases=corewire/images/crossplane/function-keycloak-builtin-objects
packagePullPolicy: Always packagePullPolicy: Always

3
k8s/infra/vpn/netbird/backend/kustomization.yaml
View File

@@ -3,10 +3,7 @@ kind: Kustomization
namespace: netbird namespace: netbird
resources: resources:
- oidc-client.yaml
- oidc-sa-role.yaml
- secret-coturn-credentials.yaml - secret-coturn-credentials.yaml
- secret-oidc-credentials.yaml
helmCharts: helmCharts:
- name: netbird - name: netbird

4
k8s/infra/vpn/netbird/backend/values.yaml
View File

@@ -23,7 +23,7 @@ idp:
management: management:
image: image:
tag: 0.28.4 tag: 0.28.7 # renovate: docker=netbirdio/management
nodeSelector: nodeSelector:
topology.kubernetes.io/zone: abel topology.kubernetes.io/zone: abel
ingress: ingress:
@@ -31,7 +31,7 @@ management:
signal: signal:
image: image:
tag: 0.28.4 tag: 0.28.7 # renovate: docker=netbirdio/signal
nodeSelector: nodeSelector:
topology.kubernetes.io/zone: abel topology.kubernetes.io/zone: abel
uri: netbird.stonegarden.dev:443 uri: netbird.stonegarden.dev:443

5
k8s/infra/vpn/netbird/dashboard/kustomization.yaml
View File

@@ -2,11 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: netbird namespace: netbird
resources:
- oidc-scopes.yaml
- oidc-client.yaml
- oidc-client-scopes.yaml
helmCharts: helmCharts:
- name: netbird-dashboard - name: netbird-dashboard
repo: https://charts.jaconi.io repo: https://charts.jaconi.io

17
k8s/infra/vpn/netbird/dashboard/oidc-client-scopes.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: ClientDefaultScopes
metadata:
name: netbird-default-scopes
spec:
forProvider:
defaultScopes:
- acr
- email
- profile
- roles
- web-origins
- netbird-api
clientIdRef:
name: netbird
realmIdRef:
name: homelab

2
k8s/infra/vpn/netbird/dashboard/values.yaml
View File

@@ -1,5 +1,5 @@
image: image:
tag: v2.4.1 tag: v2.5.0 # renovate: docker=netbirdio/dashboard
auth: auth:
authority: https://keycloak.stonegarden.dev/realms/homelab authority: https://keycloak.stonegarden.dev/realms/homelab

3
tofu/kubernetes/bootstrap/volumes/README.md
View File

@@ -26,6 +26,9 @@ tofu state rm "module.volumes.module.proxmox-volume[\"pv-sonarr-config\"].restap
tofu state rm "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume" tofu state rm "module.volumes.module.proxmox-volume[\"pv-plex-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume" tofu state rm "module.volumes.module.proxmox-volume[\"pv-jellyfin-config\"].restapi_object.proxmox-volume"
tofu state rm "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume" tofu state rm "module.volumes.module.proxmox-volume[\"pv-qbittorrent-config\"].restapi_object.proxmox-volume"
tofu state rm 'module.volumes.module.proxmox-volume["pv-keycloak"].restapi_object.proxmox-volume'
tofu state rm 'module.volumes.module.proxmox-volume["pv-netbird-management"].restapi_object.proxmox-volume'
tofu state rm 'module.volumes.module.proxmox-volume["pv-netbird-signal"].restapi_object.proxmox-volume'
``` ```
## import proxmox volume ## import proxmox volume