Skip to content

Commit

Permalink
chore: Bump keycloak-operator version(#38)
Browse files Browse the repository at this point in the history
* moved mainRealm creation from keycloak values to CR

* KeycloakRealmIdentityProvider clientSecret the secret is removed
  from the value parameters, and taken directly from the secret

Jira: EPMDEDP-13111

Related: #38
Change-Id: Idb52bbc00dfb51d0d816335aa3e866354777826b
  • Loading branch information
oleksandr_taruraiev committed Feb 5, 2024
1 parent 45de974 commit 7e0a462
Show file tree
Hide file tree
Showing 17 changed files with 152 additions and 31 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ make update-readme
| defectdojo | 1.6.96 | 2.28.2 | False | False |
| dependency-track | 1.5.5 | v1.12.1 | False | False |
| edp | 3.7.5 | 3.7.5 | False | False |
| extensions-oidc | 1.18.1 | 1.18.1 | False | False |
| extensions-oidc | 1.20.0 | 1.20.0 | False | False |
| external-secrets | 0.9.9 | 1.0 | False | False |
| fluent-bit | 0.1.0 | 2.1.4 | False | False |
| harbor | 0.1.0 | 1.12.2 | False | False |
Expand Down
6 changes: 3 additions & 3 deletions add-ons/extensions-oidc/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ apiVersion: v2
description: A Helm chart for extensions-oidc
name: extensions-oidc
type: application
version: 1.18.1
appVersion: 1.18.1
version: 1.20.0
appVersion: 1.20.0

dependencies:
- name: keycloak-operator
version: 1.18.1
version: 1.20.0
repository: https://epam.github.io/edp-helm-charts/stable
29 changes: 24 additions & 5 deletions add-ons/extensions-oidc/README.md
Original file line number Diff line number Diff line change
@@ -1,21 +1,40 @@
# extensions-oidc

![Version: 1.18.1](https://img.shields.io/badge/Version-1.18.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.18.1](https://img.shields.io/badge/AppVersion-1.18.1-informational?style=flat-square)
![Version: 1.20.0](https://img.shields.io/badge/Version-1.20.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.20.0](https://img.shields.io/badge/AppVersion-1.20.0-informational?style=flat-square)

A Helm chart for extensions-oidc

```
+-------------------------+ +-----------------+
| sharedService | | broker |
| Realm | | Realm |
| +------------------+ | | +-------------+ |
| | idpBroker | | | |sharedService| |
| | identityProvider +---+---+-> Client | |
| +------------------+ | | +-------------+ |
| +----------+ +--------+ | +-----------------+
| | sonarqube| | nexus | |
| | Client | | Client | |
| +----------+ +--------+ |
+-------------------------+
```

broker - contains a list of users and basic settings, you can install or use a pre-created Realm, for that set the 'create' parameter to 'false' and ununcomment 'existingBroker' provide the name of the existing realm.

sharedService - contains clients, application integrations, and identity providers for connect to `broker` realm.

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://epam.github.io/edp-helm-charts/stable | keycloak-operator | 1.18.1 |
| https://epam.github.io/edp-helm-charts/stable | keycloak-operator | 1.20.0 |

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| extensionsOIDC.broker.create | bool | `true` | |
| extensionsOIDC.broker.name | string | `"broker"` | |
| extensionsOIDC.keycloakUrl | string | `"https://keycloak.example.com"` | |
| extensionsOIDC.mainRealm | string | `"openshift"` | |
| extensionsOIDC.mainRealmSecret | string | `""` | |
| extensionsOIDC.sharedService | string | `"shared"` | |
| keycloak-operator.clusterReconciliationEnabled | bool | `true` | |

35 changes: 35 additions & 0 deletions add-ons/extensions-oidc/README.md.gotmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
{{ template "chart.header" . }}
{{ template "chart.deprecationWarning" . }}

{{ template "chart.badgesSection" . }}

{{ template "chart.description" . }}

{{ template "chart.homepageLine" . }}

```
+-------------------------+ +-----------------+
| sharedService | | broker |
| Realm | | Realm |
| +------------------+ | | +-------------+ |
| | idpBroker | | | |sharedService| |
| | identityProvider +---+---+-> Client | |
| +------------------+ | | +-------------+ |
| +----------+ +--------+ | +-----------------+
| | sonarqube| | nexus | |
| | Client | | Client | |
| +----------+ +--------+ |
+-------------------------+
```

broker - contains a list of users and basic settings, you can install or use a pre-created Realm, for that set the 'create' parameter to 'false' and ununcomment 'existingBroker' provide the name of the existing realm.

sharedService - contains clients, application integrations, and identity providers for connect to `broker` realm.

{{ template "chart.maintainersSection" . }}

{{ template "chart.sourcesSection" . }}

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}
7 changes: 7 additions & 0 deletions add-ons/extensions-oidc/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{{- define "broker.name" -}}
{{- if .Values.extensionsOIDC.broker.create -}}
{{- .Values.extensionsOIDC.broker.name -}}
{{- else -}}
{{- .Values.extensionsOIDC.existingBroker -}}
{{- end -}}
{{- end -}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{- if .Values.extensionsOIDC.broker.create -}}
apiVersion: v1.edp.epam.com/v1
kind: KeycloakClient
metadata:
name: {{ .Values.extensionsOIDC.sharedService }}
spec:
attributes:
post.logout.redirect.uris: +
clientId: {{ .Values.extensionsOIDC.sharedService }}
clientRoles:
- administrator
- developer
realmRef:
kind: KeycloakRealm
name: {{ .Values.extensionsOIDC.broker.name }}
secret: keycloak-client-broker-secret
{{- end -}}
11 changes: 11 additions & 0 deletions add-ons/extensions-oidc/templates/broker/keycloak-realm.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{{- if .Values.extensionsOIDC.broker.create -}}
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealm
metadata:
name: {{ .Values.extensionsOIDC.broker.name }}
spec:
keycloakRef:
kind: ClusterKeycloak
name: keycloak
realmName: {{ .Values.extensionsOIDC.broker.name }}
{{- end -}}
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.extensionsOIDC.broker.create -}}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: keycloak-client-broker-secret
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: aws-parameterstore-oidc
data:
- secretKey: clientSecret
remoteRef:
key: /edp/keycloak-operator
property: keycloak-client-broker-secret.clientSecret
{{- end -}}
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: keycloak-client-shared-openshift-secret
name: keycloak-client-shared-secret
spec:
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: aws-parameterstore
name: aws-parameterstore-oidc
data:
- secretKey: clientSecret
remoteRef:
key: /edp/system
property: keycloak-client-shared-openshift-secret.clientSecret
key: /edp/keycloak-operator
property: keycloak-client-shared-secret.clientSecret
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
apiVersion: v1.edp.epam.com/v1
kind: KeycloakClient
metadata:
name: shared-openshift
name: {{ .Values.extensionsOIDC.sharedService }}-{{ include "broker.name" . }}
spec:
attributes:
post.logout.redirect.uris: +
clientId: shared
clientId: {{ .Values.extensionsOIDC.sharedService }}
clientRoles:
- administrator
- developer
realmRef:
kind: ClusterKeycloakRealm
name: main
secret: keycloak-client-shared-openshift-secret
secret: keycloak-client-shared-secret
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@ metadata:
name: main
spec:
clusterKeycloakRef: keycloak
realmName: shared
realmName: {{ .Values.extensionsOIDC.sharedService }}
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,6 @@ spec:
- name: sonar-developers
- name: administrator
composite: true
description: "default administrator role"
composites:
- name: sonar-administrators
description: "default administrator role"
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1.edp.epam.com/v1
kind: KeycloakRealmIdentityProvider
metadata:
name: shared-idp
name: {{ .Values.extensionsOIDC.sharedService }}-idp
spec:
realmRef:
kind: ClusterKeycloakRealm
Expand All @@ -15,25 +15,25 @@ spec:
config:
acceptsPromptNoneForwardFromClient: "false"
allowedClockSkew: "0"
authorizationUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}/protocol/openid-connect/auth"
authorizationUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}/protocol/openid-connect/auth"
backchannelSupported: "false"
clientAuthMethod: "client_secret_post"
clientId: "shared"
clientSecret: {{ .Values.extensionsOIDC.mainRealmSecret }}
clientId: {{ .Values.extensionsOIDC.sharedService }}
clientSecret: "$keycloak-client-shared-secret:clientSecret"
defaultScope: ""
disableUserInfo: "false"
forwardParameters: ""
guiOrder: ""
hideOnLoginPage: "false"
issuer: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}"
jwksUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}/protocol/openid-connect/certs"
issuer: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}"
jwksUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}/protocol/openid-connect/certs"
loginHint: "false"
logoutUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}/protocol/openid-connect/logout"
logoutUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}/protocol/openid-connect/logout"
passMaxAge: "false"
pkceEnabled: "false"
prompt: ""
syncMode: "IMPORT"
tokenUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}/protocol/openid-connect/token"
tokenUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}/protocol/openid-connect/token"
uiLocales: "false"
userInfoUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ .Values.extensionsOIDC.mainRealm }}/protocol/openid-connect/userinfo"
userInfoUrl: "{{ .Values.extensionsOIDC.keycloakUrl }}/auth/realms/{{ include "broker.name" . }}/protocol/openid-connect/userinfo"
validateSignature: "false"
20 changes: 18 additions & 2 deletions add-ons/extensions-oidc/values.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,23 @@
extensionsOIDC:
keycloakUrl: "https://keycloak.example.com"
mainRealm: "openshift"
mainRealmSecret: ""
# Recommended to utilize this realm primarily for enabling unique integrations and
# inheriting these capabilities into other realms.
broker:
# Create the broker realm with corresponding resources.
create: true
# If broker create parameter set to false operator create only a client for connection as Identity Provider,
# in this case be sure you define correct Realm name.
name: "broker"

# If you already have pre-configured realm and don't need to create a new one, set the broker create
# parameter to false and uncomment existingBroker parameter and provide the name of the existing realm:

# existingBroker: ""

# Realm creating for connecting and managing shared services clients, such as Nexus, Sonar, DefectDojo, etc.
sharedService: "shared"

# ClusterReconciliationEnabled is enabled (set to true), the operator will reconcile all.
# keycloak-operator objects throughout the cluster.
keycloak-operator:
clusterReconciliationEnabled: true
4 changes: 2 additions & 2 deletions add-ons/tekton-cache/README.md
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# tekton-cache

![Version: 0.3.1](https://img.shields.io/badge/Version-0.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.1](https://img.shields.io/badge/AppVersion-0.3.1-informational?style=flat-square)
![Version: 0.3.2](https://img.shields.io/badge/Version-0.3.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.3.2](https://img.shields.io/badge/AppVersion-0.3.2-informational?style=flat-square)

A Helm chart for EDP Tekton Cache

## Requirements

| Repository | Name | Version |
|------------|------|---------|
| https://epam.github.io/edp-helm-charts/stable | tekton-cache | 0.3.1 |
| https://epam.github.io/edp-helm-charts/stable | tekton-cache | 0.3.2 |

0 comments on commit 7e0a462

Please sign in to comment.