scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-31 09:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(keycloak): move crossplane-keycloak-credentials to keycloak from crossplane namespace

Browse Source
This commit is contained in:
Vegard Hagen
2025-01-03 18:17:02 +01:00
parent aa1a078294
commit 5ecf061fc3
15 changed files with 42 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
k8s/infra/auth/keycloak-realms/homelab/builtin-objects.yaml
View File

@@ -4,7 +4,7 @@ metadata:
name: builtin-objects-homelab name: builtin-objects-homelab
spec: spec:
providerConfigName: default providerConfigName: default
providerSecretName: keycloak-credentials providerSecretName: crossplane-keycloak-credentials
realm: homelab realm: homelab
builtinAuthenticationFlows: builtinAuthenticationFlows:
- browser - browser

4
k8s/infra/crossplane-crds/config/keycloak/provider-config.yaml → k8s/infra/auth/keycloak/crossplane-provider-config.yaml
View File

@@ -6,6 +6,6 @@ spec:
credentials: credentials:
source: Secret source: Secret
secretRef: secretRef:
name: keycloak-credentials name: crossplane-keycloak-credentials
namespace: crossplane namespace: keycloak
key: credentials key: credentials

2
k8s/infra/auth/keycloak/kustomization.yaml
View File

@@ -6,7 +6,9 @@ resources:
- pvc.yaml - pvc.yaml
- secret-keycloak-admin.yaml - secret-keycloak-admin.yaml
- secret-keycloak-db-credentials.yaml - secret-keycloak-db-credentials.yaml
- secret-crossplane-keycloak-credentials.yaml
- http-route.yaml - http-route.yaml
- crossplane-provider-config.yaml
helmCharts: helmCharts:
- name: keycloak - name: keycloak

15
k8s/infra/auth/keycloak/secret-crossplane-keycloak-credentials.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: crossplane-keycloak-credentials
namespace: keycloak
spec:
encryptedData:
credentials: AgBtGpqs2a48qY0VVkAKvSGsbPXf5lnwBMyu55raqU1OkpBN9LdpkGxiDe49WRn7MAT6An9myVoFDZOxwYk/U2wmNao7EFgz+L27zCR3xHjKeO/XepOgpAY3ZHI+ae0Xe855MpzFYRO1y1R3p/pvZJaFh9AwY+RWwiXSXU/kQfsQw0S2HSJB+el+TgbNHBQsgODbC0TMYPn17plt/xMX/RVmCcssQTaDmMCnedr05IpZJ3+qIdTUJ+pvGBYsDovms3pO3b1UFf+YBiU67RoElQTWEczLbg142+oxJOJAZlzhmX9YtaY6K7qTCTZUvHSbDGXA8S3jKU5TCn4K/qfHxmnoh7apjSI9ISB2mw24fzbwZO/skgvWicqt/KepceAPLL799Vy8CA/c0YgpErNSOVgt8sZsGiIIubf6J/HgKHn4Ubwu8u7YATLJAqFpdku7YrRX7ic6kwvJru+xGvOmriu5WzGcak931yyKLiTR8526+cMwyrEk6f72OIezM1U+t4uMSSUbRqRtOZ1Y1vggmGOtiuFzdRBpIXb4baTpSYaZNBoC4O2W8STCbZw+iOcEu4A/z1D0umVvEHb3WNRBrhsx8yg+D/isUtiluvLecNdoUwesOa84w+gWfKA1LQhAMlnN4SSDDuP3ZUXp3lftkHrX0y6I3qUw50yIGJZlImKWjLw4f2fW1crvw9pGY7wWF4bKd4XxwB4/kZSU4luysdfTqj+jLvza45eUycmGSEjMPo371XGPehqSS0GsBDwQPj7K//JDU1VArVIvWqzfpS2K6f+zuqmmF+9yF7MKqSmW+yMPJHi9qDLajCbYghfrSS2p7ZTthyW1Kv2Ee28cx+qVLyCc/E4JywbP0R1x0xxl+GYjTDNk4ApWGt9vLlTR5Jt2dP61b+1YdiNzyAEuNEY=
template:
metadata:
labels:
type: provider-credentials
name: crossplane-keycloak-credentials
namespace: keycloak
type: Opaque

15
k8s/infra/crossplane-crds/config/keycloak/keycloak-credentials.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
name: keycloak-credentials
namespace: crossplane
spec:
encryptedData:
credentials: AgC01M3DaKy//JFVDlXhXfN24aL8vMlwtvSqBK61MIiDEqzEfWmjQq1h2dUF4+dmY5nel6165m8AEUWPhsslyUA8BMkD2XyP9rEJlsLdfcpFDUwHe0fSJDXlSho7MEllK08VVVwjk2rZnOil9LBTOGT7FFuXCuaiR5CWKjby/SLHoxynlCQqEHYMTQtT5iwwjkbrBa3LPh+VM8z2VrQzF5yx8fmundnNVxcMhV6V9fKiWj+8+gZsZtifNEcSp2MpVUQyTo1q5YExz1hGyA2LAWBqzhyoGJ+L4iqn+H2C7ZvPX+j040ZMo+d0LmiQwbrscAb/HJXv1zZFOlC0+HQecn8aLOPga+ITsAXdnNOXQ/3CjuyngwJXi6xn8aThpCNF12ut0OxvGtrPYSTs1F909c1jsHbFcpMlncxK28OMYfcO3Vhx/K+ZynCo50XhyGv52fueEvynTMv9eFQngQeX64UqXHC8P7NclbeFKswH6MMWPME9+RZLU4hHy/LuxhI5EH+9w/ucDDLpkiBTZgSfOcmGJI8h2cQERKF4Y09Br1jT/ZIYF6DSCFsmKAeFnkgBTtVsi2yr/wXeftOHUYv/WDjfPMtKQcUAdtZgZ8sdXk9wCwHcv+uTbQr6BFRX9R2oemOIiSfBXJZW79k5HAghlva2KocVCOsvydeBrWKihNf9grqO2jvEmQwjU/yb9vFXvLhdEZZkk0v3dFhE01qZOp4kqo2Z7PS5axJFGLA6NKegiWzjVlDA1E5ODBYNi9b5PHc/Jff058YU3bhQECKqm5T37+4zesfwdZ+/T/r5DU4qlS3P8hE4JAr2SORQ7ExYYCWBXUCTXOsPQobkIvvWuRrPTU3wEwgzGMuVEqn0S5Sp/fVG3M6PBIenwTvhKCOJZckpt6gwI3FyUbrr6uLvIbs=
template:
metadata:
labels:
type: provider-credentials
name: keycloak-credentials
namespace: crossplane
type: Opaque

6
k8s/infra/crossplane-crds/config/keycloak/kustomization.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- provider-config.yaml
- keycloak-credentials.yaml

5
k8s/infra/crossplane-crds/config/kustomization.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- keycloak

3
k8s/infra/vpn/kustomization.yaml
View File

@@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
commonLabels: metadata:
labels:
dev.stonegarden: vpn dev.stonegarden: vpn
app.kubernetes.io/managed-by: argocd app.kubernetes.io/managed-by: argocd

2
k8s/infra/vpn/netbird/backend/kustomization.yaml
View File

@@ -4,8 +4,8 @@ namespace: netbird
resources: resources:
- secret-coturn-credentials.yaml - secret-coturn-credentials.yaml
- oidc-client.yaml
- oidc-credentials.yaml - oidc-credentials.yaml
- x-oidc-client.yaml
helmCharts: helmCharts:
- name: netbird - name: netbird

6
k8s/infra/vpn/netbird/backend/values.yaml
View File

@@ -1,11 +1,11 @@
auth: auth:
authority: https://keycloak.stonegarden.dev/realms/homelab authority: https://keycloak.stonegarden.dev/realms/homelab
audience: netbird audience: netbird-dashboard
device: device:
provider: hosted provider: hosted
audience: netbird audience: netbird-dashboard
authority: https://keycloak.stonegarden.dev/realms/homelab authority: https://keycloak.stonegarden.dev/realms/homelab
clientID: netbird clientID: netbird-dashboard
deviceAuthorizationEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/auth deviceAuthorizationEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/auth
tokenEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/token tokenEndpoint: https://keycloak.stonegarden.dev/realms/homelab/protocol/openid-connect/token
scope: openid scope: openid

6
k8s/infra/vpn/netbird/backend/oidc-client.yaml → k8s/infra/vpn/netbird/backend/x-oidc-client.yaml
View File

@@ -3,13 +3,14 @@ kind: XOidcClient
metadata: metadata:
name: netbird-backend name: netbird-backend
spec: spec:
realm: homelab
clientId: netbird-backend clientId: netbird-backend
displayName: Netbird Backend
description: Netbird Backend Client
clientSecretSecretRef: clientSecretSecretRef:
name: netbird-backend-oidc-credentials name: netbird-backend-oidc-credentials
namespace: netbird namespace: netbird
key: clientSecret key: clientSecret
description: Netbird Backend Client
displayName: Netbird Backend
type: CONFIDENTIAL type: CONFIDENTIAL
grantTypes: grantTypes:
- client_credentials - client_credentials
@@ -24,4 +25,3 @@ spec:
- realm: homelab - realm: homelab
client: builtin-homelab-realm-management client: builtin-homelab-realm-management
role: view-users role: view-users
realm: homelab

2
k8s/infra/vpn/netbird/dashboard/kustomization.yaml
View File

@@ -3,7 +3,7 @@ kind: Kustomization
namespace: netbird namespace: netbird
resources: resources:
- oidc-client.yaml - x-oidc-client.yaml
- oidc-scopes.yaml - oidc-scopes.yaml
helmCharts: helmCharts:

5
k8s/infra/vpn/netbird/dashboard/values.yaml
View File

@@ -3,9 +3,10 @@ image:
auth: auth:
authority: https://keycloak.stonegarden.dev/realms/homelab authority: https://keycloak.stonegarden.dev/realms/homelab
audience: netbird audience: netbird-dashboard
clientID: netbird clientID: netbird-dashboard
supportedScopes: openid profile email offline_access netbird-api supportedScopes: openid profile email offline_access netbird-api
userIDClaim: sub
netbird: netbird:
managementApiEndpoint: https://netbird.stonegarden.dev managementApiEndpoint: https://netbird.stonegarden.dev

10
k8s/infra/vpn/netbird/dashboard/oidc-client.yaml → k8s/infra/vpn/netbird/dashboard/x-oidc-client.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: oidc.homelab.olav.ninja/v1alpha1 apiVersion: oidc.homelab.olav.ninja/v1alpha1
kind: XOidcClient kind: XOidcClient
metadata: metadata:
name: netbird name: netbird-dashboard
spec: spec:
displayName: Netbird realm: homelab
clientId: netbird-dashboard
displayName: Netbird Dashboard
description: Netbird Dashboard Client
type: PUBLIC type: PUBLIC
clientId: netbird
description: Netbird Client
defaultScopes: defaultScopes:
- acr - acr
- basic - basic
@@ -27,4 +28,3 @@ spec:
- "https://netbird.stonegarden.dev/*" - "https://netbird.stonegarden.dev/*"
webOrigins: webOrigins:
- "+" - "+"
realm: homelab

4
tofu/kubernetes/main.tf
View File

@@ -138,11 +138,11 @@ module "volumes" {
} }
pv-netbird-signal = { pv-netbird-signal = {
node = "abel" node = "abel"
size = "1G" size = "512M"
} }
pv-netbird-management = { pv-netbird-management = {
node = "abel" node = "abel"
size = "1G" size = "512M"
} }
pv-plex = { pv-plex = {
node = "abel" node = "abel"