-
Notifications
You must be signed in to change notification settings - Fork 243
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OPSEXP-2976 Keycloak to v25 in acs-sso-example chart (#1263)
Co-authored-by: pmacius <[email protected]>
- Loading branch information
Showing
6 changed files
with
38 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,7 +6,7 @@ grand_parent: Helm | |
|
|
||
| # acs-sso-example | ||
|
|
||
|    | ||
|    | ||
|
|
||
| An example Chart to demonstrate how to compose your own Alfresco platform | ||
| with SSO on kubernetes using a nthrid party Keycloak. | ||
|
|
@@ -41,7 +41,7 @@ deployment is destroyed or rolled back! | |
| | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-content-app(alfresco-adf-app) | 0.2.0 | | ||
| | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-repository | 0.8.0 | | ||
| | https://alfresco.github.io/alfresco-helm-charts/ | alfresco-share | 1.2.0 | | ||
| | https://codecentric.github.io/helm-charts | keycloakx | 2.5.1 | | ||
| | https://codecentric.github.io/helm-charts | keycloakx | 6.0.0 | | ||
| | oci://registry-1.docker.io/bitnamicharts | repository-database(postgresql) | 13.4.0 | | ||
|
|
||
| ## Values | ||
|
|
@@ -54,9 +54,9 @@ deployment is destroyed or rolled back! | |
| | alfresco-share | object | check values.yaml | Configure the Alfresco Share as per https://github.com/Alfresco/alfresco-helm-charts/tree/alfresco-share-0.3.0/charts/alfresco-share | | ||
| | global.known_urls | list | `["http://localhost"]` | list of trusted URLs. URLs a re used to configure Cross-origin protections Also the first entry is considered the main hosting domain of the platform. | | ||
| | keycloakx | object | check values.yaml | Configure the ACS Keycloak Identity provider as per https://github.com/codecentric/helm-charts/tree/keycloakx-2.3.0 | | ||
| | keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:<br> <code>kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d</code> | | ||
| | keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}]}` | Alfresco Realm definition | | ||
| | keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"enabled":true,"username":"admin"}` | default Alfresco admin user | | ||
| | keycloakx.admin.password | string | random ascii string | Keycloak admin password. By default generated on first deployment, to get its value use:<br> <code>kubectl get secrets keycloak -o jsonpath='{@.data.KC_BOOTSTRAP_ADMIN_PASSWORD}' | base64 -d</code> | | ||
| | keycloakx.admin.realm[0] | object | `{"clients":[{"clientId":"alfresco","enabled":true,"implicitFlowEnabled":true,"publicClient":true,"redirectUris":"{{- $redirectUris := list }} {{- range (index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\") }} {{- $redirectUris = append $redirectUris (printf \"%s/*\" .) }} {{- end }} {{- $redirectUris }}","standardFlowEnabled":true,"webOrigins":"{{ index (include \"alfresco-common.known.urls\" $ | mustFromJson) \"known_urls\" }}"}],"defaultLocale":"en","enabled":true,"id":"alfresco","internationalizationEnabled":true,"loginTheme":"alfresco","realm":"alfresco","sslRequired":"none","supportedLocales":["ca","de","en","es","fr","it","ja","lt","nl","no","pt-BR","ru","sv","zh-CN"],"users":[{"credentials":[{"type":"password","value":"secret"}],"email":"[email protected]","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}]}` | Alfresco Realm definition | | ||
| | keycloakx.admin.realm[0].users[0] | object | `{"credentials":[{"type":"password","value":"secret"}],"email":"[email protected]","enabled":true,"firstName":"admin","lastName":"admin","username":"admin"}` | default Alfresco admin user | | ||
| | keycloakx.admin.realm[0].users[0].credentials[0].value | string | `"secret"` | default Alfresco admin password | | ||
| | keycloakx.admin.username | string | `"admin"` | Keycloak admin username | | ||
| | repository-database | object | check values.yaml | Configure the ACS repository Postgres database as per https://github.com/bitnami/charts/tree/002c752f871c8fa068a770dc80fec4cf798798ab/bitnami/postgresql | | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,13 +40,15 @@ repository-database: | |
| keycloakx: | ||
| nameOverride: keycloak | ||
| image: | ||
| tag: 24.0.5 | ||
| tag: 26.0.7 | ||
| proxy: | ||
| mode: xforwarded | ||
| admin: | ||
| # -- Keycloak admin username | ||
| username: admin | ||
| # -- Keycloak admin password. | ||
| # By default generated on first deployment, to get its value use:<br> | ||
| # <code>kubectl get secrets keycloak -o jsonpath='{@.data.KEYCLOAK_ADMIN_PASSWORD}' | base64 -d</code> | ||
| # <code>kubectl get secrets keycloak -o jsonpath='{@.data.KC_BOOTSTRAP_ADMIN_PASSWORD}' | base64 -d</code> | ||
| # @default -- random ascii string | ||
| password: null | ||
| realm: | ||
|
|
@@ -74,6 +76,9 @@ keycloakx: | |
| # -- default Alfresco admin user | ||
| - username: admin | ||
| enabled: true | ||
| firstName: admin | ||
| lastName: admin | ||
| email: [email protected] | ||
| credentials: | ||
| - type: password | ||
| # -- default Alfresco admin password | ||
|
|
@@ -98,35 +103,38 @@ keycloakx: | |
| command: | ||
| - /opt/keycloak/bin/kc.sh | ||
| - start | ||
| - --hostname=http://localhost/auth | ||
| - --health-enabled=true | ||
| - --http-enabled=true | ||
| - --http-port=8080 | ||
| - --hostname-strict=false | ||
| - --hostname-strict-https=false | ||
| - --import-realm | ||
| http: | ||
| relativePath: /auth | ||
| livenessProbe: | | ||
| httpGet: | ||
| path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live' | ||
| port: http | ||
| port: http-internal | ||
| initialDelaySeconds: 0 | ||
| timeoutSeconds: 5 | ||
| readinessProbe: | | ||
| httpGet: | ||
| path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready' | ||
| port: http | ||
| port: http-internal | ||
| initialDelaySeconds: 10 | ||
| timeoutSeconds: 1 | ||
| startupProbe: | | ||
| httpGet: | ||
| path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health' | ||
| port: http | ||
| port: http-internal | ||
| initialDelaySeconds: 15 | ||
| timeoutSeconds: 1 | ||
| failureThreshold: 60 | ||
| periodSeconds: 5 | ||
| ingress: | ||
| enabled: true | ||
| ingressClassName: nginx | ||
| annotations: | ||
| nginx.ingress.kubernetes.io/proxy-buffer-size: 8k | ||
| tls: [] | ||
| rules: | ||
| - host: >- | ||
|
|
@@ -245,6 +253,11 @@ alfresco-content-app: | |
| nginx.ingress.kubernetes.io/proxy-body-size: 5g | ||
| nginx.ingress.kubernetes.io/proxy-buffer-size: 8k | ||
| tls: [] | ||
| hosts: | ||
| - host: localhost | ||
| paths: | ||
| - path: /aca | ||
| pathType: Prefix | ||
| image: | ||
| repository: alfresco/alfresco-content-app | ||
| tag: 5.2.0 | ||
|
|
@@ -254,5 +267,7 @@ alfresco-content-app: | |
| APP_CONFIG_AUTH_TYPE: OAUTH | ||
| APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" | ||
| APP_CONFIG_OAUTH2_CLIENTID: alfresco | ||
| APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" | ||
| BASE_PATH: / | ||
| APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/aca/assets/silent-refresh.html" | ||
| BASE_PATH: /aca | ||
| APP_CONFIG_OAUTH2_REDIRECT_LOGIN: /aca | ||
| APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: /aca | ||