diff --git a/k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml b/k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml index 92bfc18..4bd264e 100644 --- a/k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml +++ b/k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml @@ -4,7 +4,7 @@ metadata: name: builtin-objects-homelab spec: providerConfigName: default - providerSecretName: keycloak-credentials + providerSecretName: crossplane-keycloak-credentials realm: homelab builtinAuthenticationFlows: - browser diff --git a/k8s/infra/crossplane-crds/config/keycloak/provider-config.yaml b/k8s/infra/auth/keycloak/crossplane-provider-config.yaml similarity index 70% rename from k8s/infra/crossplane-crds/config/keycloak/provider-config.yaml rename to k8s/infra/auth/keycloak/crossplane-provider-config.yaml index f2b3e20..cef348e 100644 --- a/k8s/infra/crossplane-crds/config/keycloak/provider-config.yaml +++ b/k8s/infra/auth/keycloak/crossplane-provider-config.yaml @@ -6,6 +6,6 @@ spec: credentials: source: Secret secretRef: - name: keycloak-credentials - namespace: crossplane + name: crossplane-keycloak-credentials + namespace: keycloak key: credentials diff --git a/k8s/infra/auth/keycloak/kustomization.yaml b/k8s/infra/auth/keycloak/kustomization.yaml index 74c06c7..d49f0ae 100644 --- a/k8s/infra/auth/keycloak/kustomization.yaml +++ b/k8s/infra/auth/keycloak/kustomization.yaml @@ -6,7 +6,9 @@ resources: - pvc.yaml - secret-keycloak-admin.yaml - secret-keycloak-db-credentials.yaml + - secret-crossplane-keycloak-credentials.yaml - http-route.yaml + - crossplane-provider-config.yaml helmCharts: - name: keycloak diff --git a/k8s/infra/auth/keycloak/secret-crossplane-keycloak-credentials.yaml b/k8s/infra/auth/keycloak/secret-crossplane-keycloak-credentials.yaml new file mode 100644 index 0000000..215d629 --- /dev/null +++ b/k8s/infra/auth/keycloak/secret-crossplane-keycloak-credentials.yaml @@ -0,0 +1,15 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: crossplane-keycloak-credentials + namespace: keycloak +spec: + encryptedData: + credentials: AgBtGpqs2a48qY0VVkAKvSGsbPXf5lnwBMyu55raqU1OkpBN9LdpkGxiDe49WRn7MAT6An9myVoFDZOxwYk/U2wmNao7EFgz+L27zCR3xHjKeO/XepOgpAY3ZHI+ae0Xe855MpzFYRO1y1R3p/pvZJaFh9AwY+RWwiXSXU/kQfsQw0S2HSJB+el+TgbNHBQsgODbC0TMYPn17plt/xMX/RVmCcssQTaDmMCnedr05IpZJ3+qIdTUJ+pvGBYsDovms3pO3b1UFf+YBiU67RoElQTWEczLbg142+oxJOJAZlzhmX9YtaY6K7qTCTZUvHSbDGXA8S3jKU5TCn4K/qfHxmnoh7apjSI9ISB2mw24fzbwZO/skgvWicqt/KepceAPLL799Vy8CA/c0YgpErNSOVgt8sZsGiIIubf6J/HgKHn4Ubwu8u7YATLJAqFpdku7YrRX7ic6kwvJru+xGvOmriu5WzGcak931yyKLiTR8526+cMwyrEk6f72OIezM1U+t4uMSSUbRqRtOZ1Y1vggmGOtiuFzdRBpIXb4baTpSYaZNBoC4O2W8STCbZw+iOcEu4A/z1D0umVvEHb3WNRBrhsx8yg+D/isUtiluvLecNdoUwesOa84w+gWfKA1LQhAMlnN4SSDDuP3ZUXp3lftkHrX0y6I3qUw50yIGJZlImKWjLw4f2fW1crvw9pGY7wWF4bKd4XxwB4/kZSU4luysdfTqj+jLvza45eUycmGSEjMPo371XGPehqSS0GsBDwQPj7K//JDU1VArVIvWqzfpS2K6f+zuqmmF+9yF7MKqSmW+yMPJHi9qDLajCbYghfrSS2p7ZTthyW1Kv2Ee28cx+qVLyCc/E4JywbP0R1x0xxl+GYjTDNk4ApWGt9vLlTR5Jt2dP61b+1YdiNzyAEuNEY= + template: + metadata: + labels: + type: provider-credentials + name: crossplane-keycloak-credentials + namespace: keycloak + type: Opaque diff --git a/k8s/infra/crossplane-crds/config/keycloak/keycloak-credentials.yaml b/k8s/infra/crossplane-crds/config/keycloak/keycloak-credentials.yaml deleted file mode 100644 index 3be9aa8..0000000 --- a/k8s/infra/crossplane-crds/config/keycloak/keycloak-credentials.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - name: keycloak-credentials - namespace: crossplane -spec: - encryptedData: - credentials: AgC01M3DaKy//JFVDlXhXfN24aL8vMlwtvSqBK61MIiDEqzEfWmjQq1h2dUF4+dmY5nel6165m8AEUWPhsslyUA8BMkD2XyP9rEJlsLdfcpFDUwHe0fSJDXlSho7MEllK08VVVwjk2rZnOil9LBTOGT7FFuXCuaiR5CWKjby/SLHoxynlCQqEHYMTQtT5iwwjkbrBa3LPh+VM8z2VrQzF5yx8fmundnNVxcMhV6V9fKiWj+8+gZsZtifNEcSp2MpVUQyTo1q5YExz1hGyA2LAWBqzhyoGJ+L4iqn+H2C7ZvPX+j040ZMo+d0LmiQwbrscAb/HJXv1zZFOlC0+HQecn8aLOPga+ITsAXdnNOXQ/3CjuyngwJXi6xn8aThpCNF12ut0OxvGtrPYSTs1F909c1jsHbFcpMlncxK28OMYfcO3Vhx/K+ZynCo50XhyGv52fueEvynTMv9eFQngQeX64UqXHC8P7NclbeFKswH6MMWPME9+RZLU4hHy/LuxhI5EH+9w/ucDDLpkiBTZgSfOcmGJI8h2cQERKF4Y09Br1jT/ZIYF6DSCFsmKAeFnkgBTtVsi2yr/wXeftOHUYv/WDjfPMtKQcUAdtZgZ8sdXk9wCwHcv+uTbQr6BFRX9R2oemOIiSfBXJZW79k5HAghlva2KocVCOsvydeBrWKihNf9grqO2jvEmQwjU/yb9vFXvLhdEZZkk0v3dFhE01qZOp4kqo2Z7PS5axJFGLA6NKegiWzjVlDA1E5ODBYNi9b5PHc/Jff058YU3bhQECKqm5T37+4zesfwdZ+/T/r5DU4qlS3P8hE4JAr2SORQ7ExYYCWBXUCTXOsPQobkIvvWuRrPTU3wEwgzGMuVEqn0S5Sp/fVG3M6PBIenwTvhKCOJZckpt6gwI3FyUbrr6uLvIbs= - template: - metadata: - labels: - type: provider-credentials - name: keycloak-credentials - namespace: crossplane - type: Opaque diff --git a/k8s/infra/crossplane-crds/config/keycloak/kustomization.yaml b/k8s/infra/crossplane-crds/config/keycloak/kustomization.yaml deleted file mode 100644 index b021b7d..0000000 --- a/k8s/infra/crossplane-crds/config/keycloak/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - provider-config.yaml - - keycloak-credentials.yaml diff --git a/k8s/infra/crossplane-crds/config/kustomization.yaml b/k8s/infra/crossplane-crds/config/kustomization.yaml deleted file mode 100644 index 39bbd11..0000000 --- a/k8s/infra/crossplane-crds/config/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: - - keycloak diff --git a/k8s/infra/vpn/kustomization.yaml b/k8s/infra/vpn/kustomization.yaml index d8dbc4e..3a4ad68 100644 --- a/k8s/infra/vpn/kustomization.yaml +++ b/k8s/infra/vpn/kustomization.yaml @@ -1,8 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -commonLabels: - dev.stonegarden: vpn - app.kubernetes.io/managed-by: argocd +metadata: + labels: + dev.stonegarden: vpn + app.kubernetes.io/managed-by: argocd resources: - project.yaml diff --git a/k8s/infra/vpn/netbird/backend/kustomization.yaml b/k8s/infra/vpn/netbird/backend/kustomization.yaml index 2ed0e19..55f0d83 100644 --- a/k8s/infra/vpn/netbird/backend/kustomization.yaml +++ b/k8s/infra/vpn/netbird/backend/kustomization.yaml @@ -4,8 +4,8 @@ namespace: netbird resources: - secret-coturn-credentials.yaml - - oidc-client.yaml - oidc-credentials.yaml + - x-oidc-client.yaml helmCharts: - name: netbird diff --git a/k8s/infra/vpn/netbird/backend/values.yaml b/k8s/infra/vpn/netbird/backend/values.yaml index 12af6de..32e73f8 100644 --- a/k8s/infra/vpn/netbird/backend/values.yaml +++ b/k8s/infra/vpn/netbird/backend/values.yaml @@ -1,11 +1,11 @@ auth: authority: https://keycloak.stonegarden.dev/realms/homelab - audience: netbird + audience: netbird-dashboard device: provider: hosted - audience: netbird + audience: netbird-dashboard authority: https://keycloak.stonegarden.dev/realms/homelab - clientID: netbird + clientID: netbird-dashboard deviceAuthorizationEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/auth tokenEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/token scope: openid diff --git a/k8s/infra/vpn/netbird/backend/oidc-client.yaml b/k8s/infra/vpn/netbird/backend/x-oidc-client.yaml similarity index 100% rename from k8s/infra/vpn/netbird/backend/oidc-client.yaml rename to k8s/infra/vpn/netbird/backend/x-oidc-client.yaml index 6a6e683..1f1c7b7 100644 --- a/k8s/infra/vpn/netbird/backend/oidc-client.yaml +++ b/k8s/infra/vpn/netbird/backend/x-oidc-client.yaml @@ -3,13 +3,14 @@ kind: XOidcClient metadata: name: netbird-backend spec: + realm: homelab clientId: netbird-backend + displayName: Netbird Backend + description: Netbird Backend Client clientSecretSecretRef: name: netbird-backend-oidc-credentials namespace: netbird key: clientSecret - description: Netbird Backend Client - displayName: Netbird Backend type: CONFIDENTIAL grantTypes: - client_credentials @@ -24,4 +25,3 @@ spec: - realm: homelab client: builtin-homelab-realm-management role: view-users - realm: homelab diff --git a/k8s/infra/vpn/netbird/dashboard/kustomization.yaml b/k8s/infra/vpn/netbird/dashboard/kustomization.yaml index ac34e96..f83e3ca 100644 --- a/k8s/infra/vpn/netbird/dashboard/kustomization.yaml +++ b/k8s/infra/vpn/netbird/dashboard/kustomization.yaml @@ -3,7 +3,7 @@ kind: Kustomization namespace: netbird resources: - - oidc-client.yaml + - x-oidc-client.yaml - oidc-scopes.yaml helmCharts: diff --git a/k8s/infra/vpn/netbird/dashboard/values.yaml b/k8s/infra/vpn/netbird/dashboard/values.yaml index 08e2273..f0f102d 100644 --- a/k8s/infra/vpn/netbird/dashboard/values.yaml +++ b/k8s/infra/vpn/netbird/dashboard/values.yaml @@ -3,9 +3,10 @@ image: auth: authority: https://keycloak.stonegarden.dev/realms/homelab - audience: netbird - clientID: netbird + audience: netbird-dashboard + clientID: netbird-dashboard supportedScopes: openid profile email offline_access netbird-api + userIDClaim: sub netbird: managementApiEndpoint: https://netbird.stonegarden.dev diff --git a/k8s/infra/vpn/netbird/dashboard/oidc-client.yaml b/k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml similarity index 79% rename from k8s/infra/vpn/netbird/dashboard/oidc-client.yaml rename to k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml index f64e715..a0ef3d6 100644 --- a/k8s/infra/vpn/netbird/dashboard/oidc-client.yaml +++ b/k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml @@ -1,12 +1,13 @@ apiVersion: oidc.homelab.olav.ninja/v1alpha1 kind: XOidcClient metadata: - name: netbird + name: netbird-dashboard spec: - displayName: Netbird + realm: homelab + clientId: netbird-dashboard + displayName: Netbird Dashboard + description: Netbird Dashboard Client type: PUBLIC - clientId: netbird - description: Netbird Client defaultScopes: - acr - basic @@ -27,4 +28,3 @@ spec: - "https://netbird.stonegarden.dev/*" webOrigins: - "+" - realm: homelab diff --git a/tofu/kubernetes/main.tf b/tofu/kubernetes/main.tf index e9f0cd7..39987a3 100644 --- a/tofu/kubernetes/main.tf +++ b/tofu/kubernetes/main.tf @@ -138,11 +138,11 @@ module "volumes" { } pv-netbird-signal = { node = "abel" - size = "1G" + size = "512M" } pv-netbird-management = { node = "abel" - size = "1G" + size = "512M" } pv-plex = { node = "abel"