Fixing ldap conf, initializing keto, oc-auth and co

2024-12-09 15:05:29 +01:00
parent ba9a971964
commit f7ae1165b9
39 changed files with 2132 additions and 33 deletions
--- a/opencloud/templates/oc-auth/deployment.yaml
+++ b/opencloud/templates/oc-auth/deployment.yaml
@@ -0,0 +1,80 @@
+{{- if index .Values.ocAuth.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: oc-auth
+  name: {{ .Release.Name }}-oc-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: oc-auth
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: oc-auth
+    spec:
+      volumes:
+        - name: public-key-volume
+          secret:
+            secretName: public-key-secret
+        - name: private-key-volume
+          secret:
+            secretName: private-key-secret    
+      containers:
+      - image: "{{ .Values.ocAuth.image }}"
+        name: oc-auth
+        volumeMounts:
+          - name: public-key-volume
+            mountPath: /keys/public
+            subPath: public.pem
+          - name: private-key-volume
+            mountPath: /keys/private
+            subPath: private.pem
+        env:
+        - name: OCAUTH_ADMIN_ROLE
+          value: "{{ .Values.ocAuth.hydra }}"
+        - name: OCAUTH_PUBLIC_KEY_PATH
+          value: /keys/public/public.pem
+        - name: OCAUTH_PRIVATE_KEY_PATH
+          value: /keys/private/private.pem
+        - name: OCAUTH_CLIENT_SECRET
+          value: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
+        - name: OCAUTH_AUTH
+          value: "{{ .Values.ocAuth.authType }}"
+        - name: OCAUTH_AUTH_CONNECTOR_HOST
+          value: "{{ .Release.Name }}.hydra-admin.{{ .Release.Namespace }}"
+        - name: OCAUTH_AUTH_CONNECTOR_PORT
+          value: 4444
+        - name: OCAUTH_AUTH_CONNECTOR_ADMIN_PORT
+          value: 4445
+        - name: OCAUTH_PERMISSION_CONNECTOR_HOST
+          value: "{{ .Release.Name }}.keto-write.{{ .Release.Namespace }}"
+        - name: OCAUTH_PERMISSION_CONNECTOR_PORT
+          value: 80
+        - name: OCAUTH_PERMISSION_CONNECTOR_ADMIN_PORT
+          value: 80
+        - name: OCAUTH_LDAP_ENDPOINTS
+          value: "{{ .Release.Name }}-openldap.{{ .Release.Namespace }}.svc.cluster.local:389"
+        - name: OCAUTH_LDAP_BINDDN
+          value: "{{ index .Values.ocAuth.ldap.bindDn }}"
+        - name: OCAUTH_LDAP_BINDPW
+          value: "{{ index .Values.ocAuth.ldap.binPwd }}"
+        - name: OCAUTH_LDAP_BASEDN
+          value: "{{ index .Values.ocAuth.ldap.baseDn }}"
+        - name: OCAUTH_LDAP_ROLE_BASEDN
+          value: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
+        ports:
+          - name: http
+            containerPort: 80
+            protocol: TCP
+        resources:
+          limits:
+            cpu: "{{ .Values.ldapUserManager.resources.limits.cpu }}"
+            memory: "{{ .Values.ldapUserManager.resources.limits.memory }}"
+          requests:
+            cpu: "{{ .Values.ldapUserManager.resources.requests.cpu }}"
+            memory: "{{ .Values.ldapUserManager.resources.requests.memory }}"        
+{{- end }}