DevFW-CICD/stacks
12
0
Fork 1
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions

Compare commits

base: DevFW-CICD:cce8c51b75a4fd4ca7bc4b4bab7eceecd94c7e57
Branches Tags
DevFW-CICD:development
DevFW-CICD:IPCEICIS-2297_working_oidc
DevFW-CICD:IPCEICIS-2952
DevFW-CICD:modularise_edp
DevFW-CICD:michals-silly-game
DevFW-CICD:keycloak_update_test
DevFW-CICD:django-backstage-template
DevFW-CICD:IPCEICIS-2293_oidc_in_forgejo
DevFW-CICD:IPCEICIS-3256
DevFW-CICD:kindserver_development
DevFW-CICD:update_provider_argocd
DevFW-CICD:IPCEICIS-2951
DevFW-CICD:IPCEICIS-3110
DevFW-CICD:IPCEICIS-3111
DevFW-CICD:shipping_openbao_logs
DevFW-CICD:feature/IPCEICIS-2435_oidc_in_argocd
DevFW-CICD:alloy_implementation
DevFW-CICD:openbao_logs_second_way
DevFW-CICD:root_path_argocd_test
DevFW-CICD:IPCEICIS-2751_backstage
DevFW-CICD:forgego_10_update
DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain
DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first
DevFW-CICD:runner-tags
DevFW-CICD:dns_splitting
DevFW-CICD:forgejo_runner_configuration_test
DevFW-CICD:helm_hydrate
DevFW-CICD:feature/externaldns_certmanager_test
DevFW-CICD:main
DevFW-CICD:dns_ssl_test
DevFW-CICD:1.2.0
DevFW-CICD:1.1.1
DevFW-CICD:1.1.0
DevFW-CICD:1.0.0
...
compare: DevFW-CICD:0668eb7c5f7b018730fe735be2dc0b106df37b9e
Branches Tags
DevFW-CICD:IPCEICIS-2297_working_oidc
DevFW-CICD:IPCEICIS-2952
DevFW-CICD:modularise_edp
DevFW-CICD:development
DevFW-CICD:michals-silly-game
DevFW-CICD:keycloak_update_test
DevFW-CICD:django-backstage-template
DevFW-CICD:IPCEICIS-2293_oidc_in_forgejo
DevFW-CICD:IPCEICIS-3256
DevFW-CICD:kindserver_development
DevFW-CICD:update_provider_argocd
DevFW-CICD:IPCEICIS-2951
DevFW-CICD:IPCEICIS-3110
DevFW-CICD:IPCEICIS-3111
DevFW-CICD:shipping_openbao_logs
DevFW-CICD:feature/IPCEICIS-2435_oidc_in_argocd
DevFW-CICD:alloy_implementation
DevFW-CICD:openbao_logs_second_way
DevFW-CICD:root_path_argocd_test
DevFW-CICD:IPCEICIS-2751_backstage
DevFW-CICD:forgego_10_update
DevFW-CICD:IPCEICIS-2435_change_argocd_path_routing_to_domain
DevFW-CICD:IPCEICIS-2643_install_keycloak_and_eso_first
DevFW-CICD:runner-tags
DevFW-CICD:dns_splitting
DevFW-CICD:forgejo_runner_configuration_test
DevFW-CICD:helm_hydrate
DevFW-CICD:feature/externaldns_certmanager_test
DevFW-CICD:main
DevFW-CICD:dns_ssl_test
DevFW-CICD:1.2.0
DevFW-CICD:1.1.1
DevFW-CICD:1.1.0
DevFW-CICD:1.0.0

2 commits
cce8c51b75 ... 0668eb7c5f

Author SHA1 Message Date
franz.germann
0668eb7c5f Merge branch 'IPCEICIS-2297_working_oidc' of https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks into IPCEICIS-2297_working_oidc 2025-04-17 12:59:21 +02:00
franz.germann
74523447ae adds the correct secrets 2025-04-17 12:56:58 +02:00
2 changed files with 30 additions and 4 deletions
Show stats Expand all files Collapse all files

14
template/stacks/core/argocd-sso/argocd-sso-config.yaml
View file

@ -22,6 +22,16 @@ spec:
secretKeyRef: secretKeyRef:
name: auth-generic-oauth-secret name: auth-generic-oauth-secret
key: client_secret key: client_secret
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
# envFrom: # envFrom:
# - secretRef: # - secretRef:
# name: auth-generic-oauth-secret # thats the external secret the job should wait for # name: auth-generic-oauth-secret # thats the external secret the job should wait for
@ -46,14 +56,14 @@ spec:
DOMAIN=192-168-197-2.c-one-infra.de DOMAIN=192-168-197-2.c-one-infra.de
GIT_USERNAME=giteaAdmin GIT_USERNAME=giteaAdmin
GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3
git config --global user.email "bot@bots.de" git config --global user.email "bot@bots.de"
git config --global user.name "bot" git config --global user.name "bot"
git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
cd edfbuilder cd edfbuilder
yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://${DOMAIN}/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml yq eval '.configs.cm."oidc.config" = "name: Keycloak\nissuer: https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe\nclientID: argocd\nclientSecret: $auth-generic-oauth-secret:client_secret\nrequestedScopes: [\"openid\", \"profile\", \"email\", \"groups\"]"' -i stacks/core/argocd/values.yaml
git add stacks/core/argocd/values.yaml git add stacks/core/argocd/values.yaml
git commit -m "adds Forgejo SSO config" git commit -m "adds Forgejo SSO config"

20
template/stacks/core/forgejo-sso/forgejo-sso-config.yaml
View file

@ -16,6 +16,22 @@ spec:
containers: containers:
- name: push - name: push
image: docker.io/library/ubuntu:22.04 image: docker.io/library/ubuntu:22.04
env:
- name: FORGEJO_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: auth-generic-oauth-secret
key: client_secret
- name: FORGEJO_USER
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_username
- name: FORGEJO_TOKEN
valueFrom:
secretKeyRef:
name: forgejo-access-token
key: forgejo_token
# envFrom: # envFrom:
# - secretRef: # - secretRef:
# name: auth-generic-oauth-secret # thats the external secret the job should wait for # name: auth-generic-oauth-secret # thats the external secret the job should wait for
@ -45,7 +61,7 @@ spec:
DOMAIN=192-168-197-2.c-one-infra.de DOMAIN=192-168-197-2.c-one-infra.de
GIT_USERNAME=giteaAdmin GIT_USERNAME=giteaAdmin
GIT_PASSWORD=a618f97ca89714d894d5bfc7ac47d0b76a7ec35a GIT_PASSWORD=2d3a114ddfb6059929cc6d97451201e361a524f3
git config --global user.email "bot@bots.de" git config --global user.email "bot@bots.de"
git config --global user.name "giteaAdmin" git config --global user.name "giteaAdmin"
@ -57,7 +73,7 @@ spec:
\"name\": \"Keycloak\", \"name\": \"Keycloak\",
\"provider\": \"openidConnect\", \"provider\": \"openidConnect\",
\"existingSecret\": \"auth-generic-oauth-secret\", \"existingSecret\": \"auth-generic-oauth-secret\",
\"autoDiscoverUrl\": \"https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration\" \"autoDiscoverUrl\": \"https://192-168-197-2.c-one-infra.de/keycloak/realms/cnoe/.well-known/openid-configuration\"
} }
] | ] |
(.gitea.oauth[] | .name) |= (. style=\"single\") (.gitea.oauth[] | .name) |= (. style=\"single\")