extends keycloak-config.yaml
This commit is contained in:
parent
a2b3e0cbd3
commit
b804f2293f
2 changed files with 36 additions and 7 deletions
|
|
@ -1,9 +1,9 @@
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: gitea-credentials
|
name: forgejo-oidc
|
||||||
namespace: gitea
|
namespace: gitea
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
key: forgejo
|
key: forgejo
|
||||||
secret: nEJ7tmVYLjwuycF4vhBzCY8BVfk9LHDY
|
secret: uWEGALJKmNyUojJaK5LAK0w4OCEEDpDu
|
||||||
|
|
@ -200,10 +200,10 @@ data:
|
||||||
"oidc.ciba.grant.enabled": false
|
"oidc.ciba.grant.enabled": false
|
||||||
},
|
},
|
||||||
"alwaysDisplayInConsole": false,
|
"alwaysDisplayInConsole": false,
|
||||||
"rootUrl": "https://gitea.{{{ .Env.DOMAIN }}}",
|
"rootUrl": "https://{{{ .Env.DOMAIN_GITEA }}}:443",
|
||||||
"baseUrl": "",
|
"baseUrl": "",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"https://gitea.{{{ .Env.DOMAIN }}}/*"
|
"https://{{{ .Env.DOMAIN_GITEA }}}/*"
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"/*"
|
"/*"
|
||||||
|
|
@ -370,12 +370,39 @@ spec:
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "backstage") | .id')
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "backstage") | .id')
|
||||||
|
|
||||||
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
curl -sS -H "Content-Type: application/json" -H "Authorization: bearer ${KEYCLOAK_TOKEN}" -X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||||
|
|
||||||
BACKSTAGE_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||||
|
|
||||||
|
=$(curl -sS -H "Content-Type: application/json" \
|
||||||
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||||
|
|
||||||
|
echo "creating Forgejo client"
|
||||||
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X POST --data @/var/config/forgejo-client-payload.json \
|
||||||
|
${KEYCLOAK_URL}/admin/realms/cnoe/clients
|
||||||
|
|
||||||
|
CLIENT_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients | jq -e -r '.[] | select(.clientId == "forgejo") | .id')
|
||||||
|
|
||||||
|
CLIENT_SCOPE_GROUPS_ID=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/client-scopes | jq -e -r '.[] | select(.name == "groups") | .id')
|
||||||
|
|
||||||
|
curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X PUT ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID}/default-client-scopes/${CLIENT_SCOPE_GROUPS_ID}
|
||||||
|
|
||||||
|
FORGEJO_CLIENT_SECRET=$(curl -sS -H "Content-Type: application/json" \
|
||||||
|
-H "Authorization: bearer ${KEYCLOAK_TOKEN}" \
|
||||||
|
-X GET ${KEYCLOAK_URL}/admin/realms/cnoe/clients/${CLIENT_ID} | jq -e -r '.secret')
|
||||||
|
|
||||||
ARGOCD_PASSWORD=$(./kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password | base64decode }}')
|
ARGOCD_PASSWORD=$(./kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password | base64decode }}')
|
||||||
|
|
||||||
|
|
@ -394,6 +421,8 @@ spec:
|
||||||
ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
|
ARGOCD_SESSION_TOKEN: ${ARGOCD_SESSION_TOKEN}
|
||||||
BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
|
BACKSTAGE_CLIENT_SECRET: ${BACKSTAGE_CLIENT_SECRET}
|
||||||
BACKSTAGE_CLIENT_ID: backstage
|
BACKSTAGE_CLIENT_ID: backstage
|
||||||
|
FORGEJO_CLIENT_SECRET: ${FORGEJO_CLIENT_SECRET}
|
||||||
|
FORGEJO_CLIENT_ID: forgejo
|
||||||
" > /tmp/secret.yaml
|
" > /tmp/secret.yaml
|
||||||
|
|
||||||
./kubectl apply -f /tmp/secret.yaml
|
./kubectl apply -f /tmp/secret.yaml
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue