diff --git a/charts/dex/base/cluster.yaml b/charts/dex/base/cluster.yaml new file mode 100644 index 00000000..39f8a6c0 --- /dev/null +++ b/charts/dex/base/cluster.yaml @@ -0,0 +1,19 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: dexdb +spec: + enableSuperuserAccess: true + instances: 2 + logLevel: info + storage: + pvcTemplate: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: managed-nfs-storage + volumeMode: Filesystem + resizeInUseVolumes: true + size: 1Gi diff --git a/charts/dex/base/config.yaml b/charts/dex/base/config.yaml deleted file mode 100644 index d9f6314b..00000000 --- a/charts/dex/base/config.yaml +++ /dev/null @@ -1,138 +0,0 @@ -issuer: https://idp.oceanbox.io/dex -# storage: -# type: postgres -# config: -# host: dexdb-rw -# port: 5432 -# database: app -# user: app -# password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx -# ssl: -# mode: disable -web: - http: 127.0.0.1:5556 -telemetry: - http: 127.0.0.1:5558 -grpc: - addr: 127.0.0.1:5557 -frontend: - dir: /srv/dex/web - issuer: oceanbox - extra: - client_logo_url: "../theme/client-logo.png" -# enablePasswordDB: true -# staticPasswords: -# - email: "admin@oceanbox.io" -# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC" -# username: "admin" -# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f" -oauth2: - responseTypes: [ "code" ] - skipApprovalScreen: true - alwaysShowLoginScreen: false -connectors: -- type: microsoft - id: oceanbox - name: oceanbox.io - config: - clientID: 43667ac0-37e1-422f-99fc-50a699bb255c - clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB - tenant: 3f737008-e9a0-4485-9d27-40329d288089 - redirectURI: https://idp.oceanbox.io/dex/callback - onlySecurityGroups: true - groups: - - atlantis -- type: microsoft - id: salmar - name: salmar.no - config: - clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058 - clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2 - tenant: de10159d-2c09-4762-966c-e841d3391feb - redirectURI: https://idp.oceanbox.io/dex/callback - onlySecurityGroups: true - groups: - - Azure-Grp-App-Cloud-Oceanbox -- type: microsoft - id: aqua-kompetanse - name: aqua-kompetanse.no - config: - clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2 - clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC - tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3 - redirectURI: https://idp.oceanbox.io/dex/callback - onlySecurityGroups: true - groups: - - Oceanbox -- type: oidc - id: keycloak - name: default - config: - issuer: https://auth.srv.oceanbox.io/realms/oceanbox - clientID: dex - clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4 - redirectURI: https://idp.oceanbox.io/dex/callback - promptType: login -staticClients: - - id: atlantis - redirectURIs: - - 'https://maps.oceanbox.io/signin-oidc' - - 'https://maps.srv.oceanbox.io/signin-oidc' - - 'https://maps.relic.oceanbox.io/signin-oidc' - name: 'Atlantis' - secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm - - id: atlantis_dev - redirectURIs: - - 'https://atlantis.beta.oceanbox.io/signin-oidc' - - 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc' - - 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc' - - 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc' - - 'https://atlantis.local.oceanbox.io:8080/signin-oidc' - name: 'Atlantis dev' - secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR - - id: petimeter - redirectURIs: - - 'https://petimeter.srv.oceanbox.io/signin-oidc' - name: 'Petimeter dev' - secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs - - id: petimeter_dev - redirectURIs: - - 'https://petimeter.beta.oceanbox.io/signin-oidc' - - 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc' - - 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc' - - 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc' - - 'https://petimeter.local.oceanbox.io:8080/signin-oidc' - name: 'Petimeter dev' - secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk - - id: sorcerer - redirectURIs: - - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' - - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' - name: 'Sorcerer' - secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB - - id: sorcerer_dev - redirectURIs: - - 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc' - - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' - - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' - - 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' - - 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' - - 'https://s.local.oceanbox.io:11080/signin-oidc' - - 'https://sorcerer.local.oceanbox.io:11080/signin-oidc' - name: 'Sorcerer dev' - secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy - - id: archmeister - redirectURIs: - - 'https://archmeister.srv.oceanbox.io/signin-oidc' - name: 'Archmeister' - secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro - - id: archmeister_dev - redirectURIs: - - 'https://archmeister.beta.oceanbox.io/signin-oidc' - - 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc' - - 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc' - - 'https://r.local.oceanbox.io:11080/signin-oidc' - - 'https://archmeister.local.oceanbox.io:9080/signin-oidc' - name: 'Archmeister dev' - secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I - diff --git a/charts/dex/base/kustomization.yaml b/charts/dex/base/kustomization.yaml index 26ff73cf..a66a1eec 100644 --- a/charts/dex/base/kustomization.yaml +++ b/charts/dex/base/kustomization.yaml @@ -1,7 +1,2 @@ -# namePrefix: staging- -generatorOptions: - disableNameSuffixHash: true -secretGenerator: - - name: dex-config - files: - - config.yaml +resources: + - cluster.yaml diff --git a/charts/dex/prod/config.yaml b/charts/dex/prod/config.yaml index 13e2483e..8abc2dd6 100644 --- a/charts/dex/prod/config.yaml +++ b/charts/dex/prod/config.yaml @@ -1,10 +1,138 @@ +issuer: https://idp.oceanbox.io/dex storage: type: postgres config: - host: dexdb-rw + host: prod-dexdb-rw port: 5432 - database: prod - user: dex + database: app + user: app password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx ssl: mode: disable +web: + http: 127.0.0.1:5556 +telemetry: + http: 127.0.0.1:5558 +grpc: + addr: 127.0.0.1:5557 +frontend: + dir: /srv/dex/web + issuer: oceanbox + extra: + client_logo_url: "../theme/client-logo.png" +# enablePasswordDB: true +# staticPasswords: +# - email: "admin@oceanbox.io" +# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC" +# username: "admin" +# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f" +oauth2: + responseTypes: [ "code" ] + skipApprovalScreen: true + alwaysShowLoginScreen: false +connectors: +- type: microsoft + id: oceanbox + name: oceanbox.io + config: + clientID: 43667ac0-37e1-422f-99fc-50a699bb255c + clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB + tenant: 3f737008-e9a0-4485-9d27-40329d288089 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - atlantis +- type: microsoft + id: salmar + name: salmar.no + config: + clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058 + clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2 + tenant: de10159d-2c09-4762-966c-e841d3391feb + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Azure-Grp-App-Cloud-Oceanbox +- type: microsoft + id: aqua-kompetanse + name: aqua-kompetanse.no + config: + clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2 + clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC + tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Oceanbox +- type: oidc + id: keycloak + name: default + config: + issuer: https://auth.srv.oceanbox.io/realms/oceanbox + clientID: dex + clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4 + redirectURI: https://idp.oceanbox.io/dex/callback + promptType: login +staticClients: + - id: atlantis + redirectURIs: + - 'https://maps.oceanbox.io/signin-oidc' + - 'https://maps.srv.oceanbox.io/signin-oidc' + - 'https://maps.relic.oceanbox.io/signin-oidc' + name: 'Atlantis' + secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm + - id: atlantis_dev + redirectURIs: + - 'https://atlantis.beta.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://atlantis.local.oceanbox.io:8080/signin-oidc' + name: 'Atlantis dev' + secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR + - id: petimeter + redirectURIs: + - 'https://petimeter.srv.oceanbox.io/signin-oidc' + name: 'Petimeter dev' + secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs + - id: petimeter_dev + redirectURIs: + - 'https://petimeter.beta.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://petimeter.local.oceanbox.io:8080/signin-oidc' + name: 'Petimeter dev' + secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk + - id: sorcerer + redirectURIs: + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + name: 'Sorcerer' + secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB + - id: sorcerer_dev + redirectURIs: + - 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://s.local.oceanbox.io:11080/signin-oidc' + - 'https://sorcerer.local.oceanbox.io:11080/signin-oidc' + name: 'Sorcerer dev' + secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy + - id: archmeister + redirectURIs: + - 'https://archmeister.srv.oceanbox.io/signin-oidc' + name: 'Archmeister' + secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro + - id: archmeister_dev + redirectURIs: + - 'https://archmeister.beta.oceanbox.io/signin-oidc' + - 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc' + - 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc' + - 'https://r.local.oceanbox.io:11080/signin-oidc' + - 'https://archmeister.local.oceanbox.io:9080/signin-oidc' + name: 'Archmeister dev' + secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I + diff --git a/charts/dex/prod/kustomization.yaml b/charts/dex/prod/kustomization.yaml index 26ff73cf..e054b0e0 100644 --- a/charts/dex/prod/kustomization.yaml +++ b/charts/dex/prod/kustomization.yaml @@ -1,7 +1,9 @@ -# namePrefix: staging- +namePrefix: prod- generatorOptions: disableNameSuffixHash: true secretGenerator: - name: dex-config files: - config.yaml +resources: + - ../base diff --git a/charts/dex/resources/dexdb-cluster.yaml b/charts/dex/resources/dexdb-cluster.yaml deleted file mode 100644 index e6fa0e46..00000000 --- a/charts/dex/resources/dexdb-cluster.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: postgresql.cnpg.io/v1 -kind: Cluster -metadata: - annotations: - linkerd.io/inject: disabled - name: dexdb -spec: - enableSuperuserAccess: true - instances: 2 - logLevel: info - bootstrap: - initdb: - database: prod - owner: dex - storage: - pvcTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: managed-nfs-storage - volumeMode: Filesystem - resizeInUseVolumes: true - size: 1Gi ---- -apiVersion: v1 -kind: Service -metadata: - name: dexdb-nodeport -spec: - ports: - - name: psql - nodePort: 30432 - port: 5432 - protocol: TCP - targetPort: 5432 - selector: - cnpg.io/cluster: dexdb - cnpg.io/instanceName: dexdb-1 - sessionAffinity: None - type: NodePort diff --git a/charts/dex/staging/cluster_patch.yaml b/charts/dex/staging/cluster_patch.yaml new file mode 100644 index 00000000..965bd964 --- /dev/null +++ b/charts/dex/staging/cluster_patch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/instances + value: 1 diff --git a/charts/dex/staging/config.yaml b/charts/dex/staging/config.yaml index 7afc9f1a..238eeb5c 100644 --- a/charts/dex/staging/config.yaml +++ b/charts/dex/staging/config.yaml @@ -1,10 +1,138 @@ +issuer: https://idp.oceanbox.io/dex storage: type: postgres config: - host: dexdb-rw + host: staging-dexdb-rw port: 5432 - database: staging - user: dex + database: app + user: app password: e8Musi4IppwPDkSpfhjYBhNQEQtL2nEUl9LCL6X1cqDCxtW8UQko4wW0uiyU4myx ssl: mode: disable +web: + http: 127.0.0.1:5556 +telemetry: + http: 127.0.0.1:5558 +grpc: + addr: 127.0.0.1:5557 +frontend: + dir: /srv/dex/web + issuer: oceanbox + extra: + client_logo_url: "../theme/client-logo.png" +# enablePasswordDB: true +# staticPasswords: +# - email: "admin@oceanbox.io" +# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC" +# username: "admin" +# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f" +oauth2: + responseTypes: [ "code" ] + skipApprovalScreen: true + alwaysShowLoginScreen: false +connectors: +- type: microsoft + id: oceanbox + name: oceanbox.io + config: + clientID: 43667ac0-37e1-422f-99fc-50a699bb255c + clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB + tenant: 3f737008-e9a0-4485-9d27-40329d288089 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - atlantis +- type: microsoft + id: salmar + name: salmar.no + config: + clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058 + clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2 + tenant: de10159d-2c09-4762-966c-e841d3391feb + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Azure-Grp-App-Cloud-Oceanbox +- type: microsoft + id: aqua-kompetanse + name: aqua-kompetanse.no + config: + clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2 + clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC + tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3 + redirectURI: https://idp.oceanbox.io/dex/callback + onlySecurityGroups: true + groups: + - Oceanbox +- type: oidc + id: keycloak + name: default + config: + issuer: https://auth.srv.oceanbox.io/realms/oceanbox + clientID: dex + clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4 + redirectURI: https://idp.oceanbox.io/dex/callback + promptType: login +staticClients: + - id: atlantis + redirectURIs: + - 'https://maps.oceanbox.io/signin-oidc' + - 'https://maps.srv.oceanbox.io/signin-oidc' + - 'https://maps.relic.oceanbox.io/signin-oidc' + name: 'Atlantis' + secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm + - id: atlantis_dev + redirectURIs: + - 'https://atlantis.beta.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://stig-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-atlantis.beta.oceanbox.io/signin-oidc' + - 'https://atlantis.local.oceanbox.io:8080/signin-oidc' + name: 'Atlantis dev' + secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR + - id: petimeter + redirectURIs: + - 'https://petimeter.srv.oceanbox.io/signin-oidc' + name: 'Petimeter dev' + secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs + - id: petimeter_dev + redirectURIs: + - 'https://petimeter.beta.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://stig-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-petimeter.beta.oceanbox.io/signin-oidc' + - 'https://petimeter.local.oceanbox.io:8080/signin-oidc' + name: 'Petimeter dev' + secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk + - id: sorcerer + redirectURIs: + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + name: 'Sorcerer' + secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB + - id: sorcerer_dev + redirectURIs: + - 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://sorcerer.hpc.oceanbox.io/signin-oidc' + - 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc' + - 'https://s.local.oceanbox.io:11080/signin-oidc' + - 'https://sorcerer.local.oceanbox.io:11080/signin-oidc' + name: 'Sorcerer dev' + secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy + - id: archmeister + redirectURIs: + - 'https://archmeister.srv.oceanbox.io/signin-oidc' + name: 'Archmeister' + secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro + - id: archmeister_dev + redirectURIs: + - 'https://archmeister.beta.oceanbox.io/signin-oidc' + - 'https://jonas-archmeister.beta.oceanbox.io/signin-oidc' + - 'https://simkir-archmeister.beta.oceanbox.io/signin-oidc' + - 'https://r.local.oceanbox.io:11080/signin-oidc' + - 'https://archmeister.local.oceanbox.io:9080/signin-oidc' + name: 'Archmeister dev' + secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I + diff --git a/charts/dex/staging/kustomization.yaml b/charts/dex/staging/kustomization.yaml index 26ff73cf..1e48d97d 100644 --- a/charts/dex/staging/kustomization.yaml +++ b/charts/dex/staging/kustomization.yaml @@ -1,7 +1,15 @@ -# namePrefix: staging- +namePrefix: staging- generatorOptions: disableNameSuffixHash: true secretGenerator: - name: dex-config files: - config.yaml +patches: + - target: + group: postgresql.cnpg.io + version: v1 + kind: Cluster + path: cluster_patch.yaml +resources: + - ../base