From 893a498df80c871e2c2622c92480a02a1580f863 Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 09:16:58 +0100 Subject: [PATCH 1/6] DEV-900 Added separate IAM per stage --- Chart.yaml | 4 ++++ values_nsodev.yaml | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/Chart.yaml b/Chart.yaml index 8442182..0eae394 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -44,3 +44,7 @@ dependencies: repository: oci://prodnso-harbor-01.smardigo.digital/smardigo condition: egeld24-wordpress.enabled alias: egeld24-wordpress + - name: iam + version: 0.1.0 + repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure + condition: iam.enabled diff --git a/values_nsodev.yaml b/values_nsodev.yaml index 4ec0c48..88b7b7b 100644 --- a/values_nsodev.yaml +++ b/values_nsodev.yaml @@ -147,3 +147,10 @@ prometheus-postgres-exporter: datasourceSecret: name: postgres-exporter-database-connection key: datasource + +iam: + iam_module: external + iam_client_enabled: "true" + protocol: http + hostname: iam.nsodev + port: 8080 \ No newline at end of file From 963dbbc85b9d853ef3751f2804ded4d525668f2d Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 09:32:49 +0100 Subject: [PATCH 2/6] DEV-900 Set iam condition to enabled --- values_nsodev.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/values_nsodev.yaml b/values_nsodev.yaml index 88b7b7b..b7b0555 100644 --- a/values_nsodev.yaml +++ b/values_nsodev.yaml @@ -149,6 +149,7 @@ prometheus-postgres-exporter: key: datasource iam: + enabled: true iam_module: external iam_client_enabled: "true" protocol: http From 9e579ceeac71fe66b268bb24b6f8e2bbdc760d0c Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 10:06:18 +0100 Subject: [PATCH 3/6] DEV-900 iam needs access to keycloak k8s secret --- values_nsodev.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/values_nsodev.yaml b/values_nsodev.yaml index b7b0555..b9ec950 100644 --- a/values_nsodev.yaml +++ b/values_nsodev.yaml @@ -154,4 +154,8 @@ iam: iam_client_enabled: "true" protocol: http hostname: iam.nsodev - port: 8080 \ No newline at end of file + port: 8080 + secret_name_keycloak_creds: mobene-keycloak.iam-keycloak-creds + envvars: + #iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/" + iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/" \ No newline at end of file From 314f62c434db2a8439a1098493b5e30c912ac72d Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 10:24:47 +0100 Subject: [PATCH 4/6] DEV-900 Create keycloak secret for iam per namespace --- secrets_nsodev.yaml | 7 +++++-- templates/secret_iam_keycloakcreds.yaml | 8 ++++++++ values_nsodev.yaml | 5 ++--- 3 files changed, 15 insertions(+), 5 deletions(-) create mode 100644 templates/secret_iam_keycloakcreds.yaml diff --git a/secrets_nsodev.yaml b/secrets_nsodev.yaml index 34291a7..6ce68cc 100644 --- a/secrets_nsodev.yaml +++ b/secrets_nsodev.yaml @@ -111,14 +111,17 @@ prometheusPgExporter: pgHostname: ENC[AES256_GCM,data:F4R2lcLEeqg+99LGyMIk2A==,iv:3eL540ONsQm9o3FcATwA4xf/wgF/DeuUv7CAD5TCRz8=,tag:mnUf7QwO8fOT/vLc7nHplg==,type:str] pgUsername: ENC[AES256_GCM,data:gwW/lv44wkDxyqSUQV3C4M4=,iv:k9AwTdhT5lWC+Idtpm6Keb6HBFoDsTyfwj42nP7vWTI=,tag:/jkFJAOKhhKp53bTGzWL9Q==,type:str] pgPassword: ENC[AES256_GCM,data:wf+LP9osXWPMwo05JR0mKI4gxt7pB0PnrbJqOF7L48k=,iv:Z5Suc34EqmyUjIPAw5qdIY6ZV46D0VE/T9pz0DhMQcY=,tag:M+xX3gCXcpMAVh1ktSQFXw==,type:str] +iam: + iam_keycloak_username: ENC[AES256_GCM,data:2Ur6BnFLpXmeLr2L4QQ=,iv:/QQFEwMlEdey/nlWEgMbG2cokb41GP9782vpua2F5D8=,tag:O0bCmpxHJOitxyThaX/ANA==,type:str] + iam_keycloak_password: ENC[AES256_GCM,data:Lj0BdgSi9RebXQ19nlJtmdLFhg0=,iv:rGij7rjE1uAAxhhmBJ46ule6CXSFq7ysdVkTQdHomfM=,tag:W8ra+LYDsGRUe2NnaVhkIw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-02-22T16:06:39Z" - mac: ENC[AES256_GCM,data:ZSMTkpdvSgTYm7vCdmjp/b0qP7lYfTZymVzXJLS1HPek8EfNT72KvZcZQVDILEyo7JLRn+QTjT/x8A2hCny/xegSB681WtoA8Z7kEo/Qm1enFCZwfpnr2EFwbExP/2B7JliVrpjfXEasQcEappDVBMA9nVVFn5oC8o+oEtD1Z7A=,iv:3Tv4pv5Obqe/ulBUc7fFouzvSMyN45LcxxbLGiKYl5A=,tag:LKBSIVRhKhzCh29UPtAiaQ==,type:str] + lastmodified: "2023-03-16T09:21:59Z" + mac: ENC[AES256_GCM,data:6IfgCi6LspJo1ui0x3G3lgOJojTEM6pznHsFaKz6cUf4D4B0S5AWspawgWB9gD+Lq1AHI5zfF0Q2USqF+QjhqK7YQ5nwDTtN4h3G6DN4gdvnxxM1EJUt9WrVTFYaQLcY/lYWaZ/0YQH4/LBbAilPZt6GM0fyE+e6bolhwq8jYcQ=,iv:xJTZFyFy3g1ctnn3i97cU3OOktS7romdsze9xV+FoyY=,tag:7D/qgLjzM+BAM1GQny3C0w==,type:str] pgp: - created_at: "2023-02-17T10:43:42Z" enc: | diff --git a/templates/secret_iam_keycloakcreds.yaml b/templates/secret_iam_keycloakcreds.yaml new file mode 100644 index 0000000..7c37879 --- /dev/null +++ b/templates/secret_iam_keycloakcreds.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +stringData: + username: {{ .Values.iam.iam_keycloak_username }} + password: {{ .Values.iam.iam_keycloak_password }} +kind: Secret +metadata: + name: iam-keycloak-creds +type: Opaque diff --git a/values_nsodev.yaml b/values_nsodev.yaml index b9ec950..753002a 100644 --- a/values_nsodev.yaml +++ b/values_nsodev.yaml @@ -155,7 +155,6 @@ iam: protocol: http hostname: iam.nsodev port: 8080 - secret_name_keycloak_creds: mobene-keycloak.iam-keycloak-creds + secret_name_keycloak_creds: iam-keycloak-creds envvars: - #iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/" - iam_keycloak_auth_server_url: "https://prodnso-keycloak-01.smardigo.digital/auth/" \ No newline at end of file + iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" \ No newline at end of file From 993c048427c7280af06601fba9bcff7bc93801f9 Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 12:07:39 +0100 Subject: [PATCH 5/6] DEV-900 Restructured values --- Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Chart.yaml b/Chart.yaml index 0eae394..c2120bd 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -45,6 +45,6 @@ dependencies: condition: egeld24-wordpress.enabled alias: egeld24-wordpress - name: iam - version: 0.1.0 + version: 0.1.1 repository: oci://prodnso-harbor-01.smardigo.digital/infrastructure condition: iam.enabled From 0f334ea2f7978fa90e3c720eb650207998aae9dd Mon Sep 17 00:00:00 2001 From: Michael Haehnel Date: Thu, 16 Mar 2023 13:11:36 +0100 Subject: [PATCH 6/6] DEV-900 Sync iam values and secrets to qa and prod --- secrets_cusprod.yaml | 23 +++++++++++++---------- secrets_cusqa.yaml | 23 +++++++++++++---------- values_cusprod.yaml | 11 +++++++++++ values_cusqa.yaml | 11 +++++++++++ values_nsodev.yaml | 2 +- 5 files changed, 49 insertions(+), 21 deletions(-) diff --git a/secrets_cusprod.yaml b/secrets_cusprod.yaml index 5134ee1..a826882 100644 --- a/secrets_cusprod.yaml +++ b/secrets_cusprod.yaml @@ -77,13 +77,13 @@ smardigo-wordpress: password: ENC[AES256_GCM,data:E0VioUPXje4NaVhMblBUxQ==,iv:zHYBjtEA5dF8NPHs9sd8GMttwthrFUmqYxwt3oyqEA0=,tag:Ty0azptN/hTJ5lenr1n3RQ==,type:str] extraEnvVars: - name: ENC[AES256_GCM,data:52Oek6aUUT9dy8fhyg==,iv:1bWlmaowjyxuRLoBpV0MA+jvsdh/swLUUbhjXmsuP+k=,tag:kweWWhaOCVSElTllOQ6m6A==,type:str] - value: ENC[AES256_GCM,data:fVbVptY/Ubxi/BmSwMvD,iv:OZhndmSPuhx+3oMWukAUj4xMhI642bufj853Ief7z28=,tag:9UNlGOtAYztmpPjMmKi1GA==,type:str] + value: ENC[AES256_GCM,data:smnVzsy/pe/ch4qEhxEe,iv:NDNrvzPvZOaPCsJYbzvH59j7QfkWnUQfMxAXbFLXwPs=,tag:zYkLhPjtJoxfqj/gAinpmA==,type:str] - name: ENC[AES256_GCM,data:NSBSXzHuNzDVDAlHhFop,iv:vzviTG4gDfY2T8KJY/l5XcEg4v9jj0ppgqGgmOpbqVU=,tag:1ijBTWic9jRSnQUXLTrj0A==,type:str] value: ENC[AES256_GCM,data:iWHmlLS7Oav5gHeFFA==,iv:IMwDw8g1KXQ6p54hnF3lrnutXV9Fqs2y+HqTE7wgxRM=,tag:ftqBw7Us3Jl2zacJhOc66g==,type:str] - name: ENC[AES256_GCM,data:2nzvtbdGTHmQmWWIg+Jw,iv:Vyuvhun/oWn1NjMtlg5RaJiXGfOwke1S7jXwFdj14tY=,tag:fJCxprgYOe5rvj6XkKKCYQ==,type:str] value: ENC[AES256_GCM,data:76Ee5g/e2ZavJFavgWnH,iv:dextUZDlHQFjll78rfGPU09wpHdBqNXSPBcN+LcZMwc=,tag:bbNejPM2drb94nR42+tkSg==,type:str] - name: ENC[AES256_GCM,data:BEcTphysDRLvaNk8evxwtw==,iv:QssQQuzGJUnq6QgfmDUDwsbdhuc7HuHk+MeipUi6OHk=,tag:XtpW+LdK5hX0yTwiSSgI9g==,type:str] - value: ENC[AES256_GCM,data:QoFJrXCW6VtnAWWafUjr,iv:mJviMdX4p65ZPn27o+w2GeeacB3wZ1K4nl83ZaTrCCc=,tag:KmDWmAfEyaNz62ig3fFcGQ==,type:str] + value: ENC[AES256_GCM,data:smnVzsy/pe/ch4qEhxEe,iv:NDNrvzPvZOaPCsJYbzvH59j7QfkWnUQfMxAXbFLXwPs=,tag:zYkLhPjtJoxfqj/gAinpmA==,type:str] - name: ENC[AES256_GCM,data:NSuzIdhfU71LbmcuhYO4ZTTX+dc=,iv:YwDsGshaLVihMukyfwtutN7cTv5nWvZf38hOtVa05i0=,tag:RG9zimMTY+nzN/SUHm5IJQ==,type:str] value: ENC[AES256_GCM,data:smnVzsy/pe/ch4qEhxEe,iv:NDNrvzPvZOaPCsJYbzvH59j7QfkWnUQfMxAXbFLXwPs=,tag:zYkLhPjtJoxfqj/gAinpmA==,type:str] - name: ENC[AES256_GCM,data:ZzKjnUa9xgHWHYnQDgdnWA2MJjtIG2lO,iv:nzlxgZfXY/n4wO+rBY28oSd6k0A71CRvwzbWbAvPr8g=,tag:4sd2iA0Hxjve82NPIpYD3A==,type:str] @@ -99,11 +99,11 @@ smardigo-wordpress: - name: ENC[AES256_GCM,data:naVisP5pmB4=,iv:5Qs+DACKtizLXAGnAfPth4Q1nQQCkID5cuufD6Ox9Zc=,tag:d8moNb4ZMwyHbLkfB8s/GA==,type:str] value: ENC[AES256_GCM,data:9kFe1O5G,iv:maXofHRkSQFfOexL+u0+81rAT+QRLZ5R+2/Afe+ZjvM=,tag:Ck23BxrhQ7LzlYDnejjceQ==,type:str] - name: ENC[AES256_GCM,data:wM9izM3dn5iOaaBB8Jbb,iv:yVRE0tJU1OASSr+UuUKrM9J6e7bG3af9G47KjEza/Os=,tag:whv+zj30/UKhYmWRr6WefQ==,type:str] - value: ENC[AES256_GCM,data:EclHOvLR7w==,iv:R3L8wyN1uiOgPc+4dnFy3QP30kM8XvIaoDZf5JMqGRI=,tag:lyjIoqO4pgHYzEI+PHcKfw==,type:str] + value: ENC[AES256_GCM,data:l9fmaKyJuQ==,iv:DO9fA2Wcjx1ls5zcTLwdinuq+j+WF7/FKVg4jUODPHE=,tag:gmwVh2lYQqyyBGbhwEnbOA==,type:str] - name: ENC[AES256_GCM,data:SdcUu+ukVJ5U,iv:O7hiiG8fqhVq9717neBo9hd8uLqK0OQQOTNdBsRP4CE=,tag:qOHCXPHEeI0nwOnuFH+WaA==,type:str] value: ENC[AES256_GCM,data:l9fmaKyJuQ==,iv:DO9fA2Wcjx1ls5zcTLwdinuq+j+WF7/FKVg4jUODPHE=,tag:gmwVh2lYQqyyBGbhwEnbOA==,type:str] - name: ENC[AES256_GCM,data:uOgUj6SUH84XIB1hiQ==,iv:Wq3LWUfXNl1tdOgSEiYRJX/l5S+VgnUY+oIGHNZCLMc=,tag:VnPqOuYuqnJpoVtpEIsRvQ==,type:str] - value: ENC[AES256_GCM,data:L3xS2VSjLMbO28cLIXURW0ZqHGOGIaonk1+8CCJBJ4UrN0HV36erTnk2Q7Rqk80DzBkObybafSyjnk41n43y,iv:1w0okHSA2EpFQSLrf44LxyZzYakK2NRGtyw1QRilhS0=,tag:Vj7dpnH11KK0oIXSjy4TVQ==,type:str] + value: ENC[AES256_GCM,data:sCbttrS3MQ+VTF4j/Eu7Uo5TKN9Fpw6r8EsJ5LI+SI6y/CDLFi9quOnsPLRxvRvu/VhSIBE6xU/oLZGRnNif,iv:Og/brs9XG6MJbMbniVss4lDR+OlkKy09pRO21Bho7bU=,tag:UxYZsAzgmY3HaDvBP76//g==,type:str] - name: ENC[AES256_GCM,data:NPk0AR1P0kvW7pSS8DEsjteA5w==,iv:RdR6Ha/0RiN1dQKPUDHh/vf9XZWxv6uXTUNJdNg37NY=,tag:WTfGwDzniFAA9I3lVfO1Hw==,type:str] value: ENC[AES256_GCM,data:sCbttrS3MQ+VTF4j/Eu7Uo5TKN9Fpw6r8EsJ5LI+SI6y/CDLFi9quOnsPLRxvRvu/VhSIBE6xU/oLZGRnNif,iv:Og/brs9XG6MJbMbniVss4lDR+OlkKy09pRO21Bho7bU=,tag:UxYZsAzgmY3HaDvBP76//g==,type:str] egeld24-wordpress: @@ -128,13 +128,13 @@ egeld24-wordpress: password: ENC[AES256_GCM,data:fCnW72Cayksn7jNixNwPAw==,iv:IJ233kj/fMHePNBmx5tM/L8q/MI+wqEei96iPOMadss=,tag:55kjE7qZqEFq1OF6y8ERUg==,type:str] extraEnvVars: - name: ENC[AES256_GCM,data:s53s4fPVEOH2BKZkAQ==,iv:0QYtbr8ldpAoozc9KE573x86NQ3cmYNmo8ha504oEz4=,tag:o8fEQ85HgpeQKdGzGqT4GQ==,type:str] - value: ENC[AES256_GCM,data:gBadkit+5y82UZ9XEafe,iv:Kilq7DwhR5NLaAQEuMyJDou+Ms1ZFFfuR0OXiaNTUaw=,tag:NdsA9Rjd52JXHhApsLs2dw==,type:str] + value: ENC[AES256_GCM,data:NcztKNPYahAGHnR1kY5D,iv:OKbpvLWRyf1mOcg/vRc6HDe/NvB7/ncHaXq4fQqQCUQ=,tag:PNhMuJ3b9Hf6qNOHbbqLGg==,type:str] - name: ENC[AES256_GCM,data:tTsnzwgUWRao8bsACvRa,iv:/L+HUYm1JuwthmQ/LTQK95L/+RKaw/Uq6YbxbZVAxYQ=,tag:Nly8TdWKUvNFCpSWoYX2HA==,type:str] value: ENC[AES256_GCM,data:woxfdn7IROpeNvXrbQ==,iv:RwwrJfL5R3YkZrIhpg2lPZBruF1Bpz9/F8kCn7y42+A=,tag:x+Js5T9dcfrn50RdZknn4A==,type:str] - name: ENC[AES256_GCM,data:CzBpx5k29Fxr1UBll/Dr,iv:NZMbR4XF7vXD1e9oqFqWJMwkGgXqJu5Tt8GzeSLcHf0=,tag:zuBXKWR1zjF69d5JGzylfA==,type:str] value: ENC[AES256_GCM,data:samQkF4LLU91Nr+MUrGK,iv:CGcbjUPIcYaItXmw1dl8dhoWmwU7ZdaU7jm2FQ0aj54=,tag:dkm4D2l4fIZzizyHB0omZw==,type:str] - name: ENC[AES256_GCM,data:VbJi+/EkUit4za9AuF3EVA==,iv:4luOavJ8XqIqcAqyyWehB0LT9ke0EfN0MsyiNnzYFP0=,tag:mE1iBl0+QcBuHCuNvfBQPA==,type:str] - value: ENC[AES256_GCM,data:rJTgV8JMuiPBhnG6QVR4,iv:mImP5QzZv0d1vHHtF7+lbNN1XVMgZ+eN0rq6ysIc+RU=,tag:4efwVu1q5Q8qVedahaGyGA==,type:str] + value: ENC[AES256_GCM,data:NcztKNPYahAGHnR1kY5D,iv:OKbpvLWRyf1mOcg/vRc6HDe/NvB7/ncHaXq4fQqQCUQ=,tag:PNhMuJ3b9Hf6qNOHbbqLGg==,type:str] - name: ENC[AES256_GCM,data:9VZPxZCeGcAh4RvG+D0RpNTALXw=,iv:+oUEZiJiexBe+cNo076kqTvaRrPitsrZSWMYsd5dDw4=,tag:EW1vde0sn1S+2Bc6V1emUg==,type:str] value: ENC[AES256_GCM,data:NcztKNPYahAGHnR1kY5D,iv:OKbpvLWRyf1mOcg/vRc6HDe/NvB7/ncHaXq4fQqQCUQ=,tag:PNhMuJ3b9Hf6qNOHbbqLGg==,type:str] - name: ENC[AES256_GCM,data:Uz89VKxnjEouUujnmGZXKgdxAqkBP7QT,iv:UxPZawSyZ2A6X+cd25YQw78gDBhgcjRPxCGlX6ad5iU=,tag:hqe2IKK4IdOJKcmzW84OTQ==,type:str] @@ -150,11 +150,11 @@ egeld24-wordpress: - name: ENC[AES256_GCM,data:Ru/p/tVmxt4=,iv:Oo6V8+QH4GHBNmq+mRR8jusXaJhaWZb2njbh1aw61Ng=,tag:zvl0YlkNjPleJE7CmWSauQ==,type:str] value: ENC[AES256_GCM,data:iUtYLTzW,iv:kg5j9JDgGfx/kxkb3JA70+xYMtAMXvx5mM7g5x2ZZXg=,tag:WRTU3C/5DX2jzUuTlSukJg==,type:str] - name: ENC[AES256_GCM,data:Z1ZLkm30ZndC0u3NIA2q,iv:OlV/+zg/RCIl/lHTof3J21fsZhI5u33t/96mjD5GZZM=,tag:Ck0HpOcrD2dMViNa1TvZoA==,type:str] - value: ENC[AES256_GCM,data:nkZrbG8Xdw==,iv:XOnwLTE307dmWN2NQD0TX5XDETY5tmrfXqP5KLpmlmU=,tag:oWacHNMOaVJ5xy6R0Xfhlw==,type:str] + value: ENC[AES256_GCM,data:YNzJnL3vow==,iv:6X05g8pFhkqM44INvAufDYiczADMkyMj8XNrdLFDbvc=,tag:R5PakdfmMK+MHKhMYA1Z3w==,type:str] - name: ENC[AES256_GCM,data:OimamhhhcXFd,iv:cm1t1U+4kpI5mIVZRbjqcHe+RAZLgbEEpCmEcHDyUUY=,tag:cTWtzJcBAeshSZbLwaz0dw==,type:str] value: ENC[AES256_GCM,data:YNzJnL3vow==,iv:6X05g8pFhkqM44INvAufDYiczADMkyMj8XNrdLFDbvc=,tag:R5PakdfmMK+MHKhMYA1Z3w==,type:str] - name: ENC[AES256_GCM,data:QKJM3JBBNGmP829KSw==,iv:ykwd3INY9KaUg3kE06UY7F56FrLRqMtZKC6EsvWaoK8=,tag:oR5DwUQNugMC1Z3PACM9gw==,type:str] - value: ENC[AES256_GCM,data:OlLYKQ72ogL3v/Ev+NNKLMcEfrTAMQYtBhvJSqc/uYQL7Z2IksWJggDuXLW9qb623n0uWzmxVRwKSxboRsv0,iv:OcaAjOk4gKuJJHraharKO6rg36JW7hdEekkaK9WJlx4=,tag:JR1YesBxupq/6upqkgQiDg==,type:str] + value: ENC[AES256_GCM,data:rn7yaZ7hOCdzwRpV5SwueB8t6YPT/AT//ApGwQC0CXsnH7a/LaubdtlKAl2lbv7Q/NgSSb09jphWhcR41grL,iv:3ZURqN23qcAuP+RvyvbGa+1mrIJPNTS89KoUKFAho+8=,tag:jtbcWOTl6z5hsjocgS1t0w==,type:str] - name: ENC[AES256_GCM,data:GhsYaRdJ7QfZNa6EOQQX5EjiiA==,iv:i67vbCeuNP9rXY/eyzckRwC36cP4cK0nBVGlM9r94tk=,tag:tbLlCjZ//3osPIl94Ftp/w==,type:str] value: ENC[AES256_GCM,data:rn7yaZ7hOCdzwRpV5SwueB8t6YPT/AT//ApGwQC0CXsnH7a/LaubdtlKAl2lbv7Q/NgSSb09jphWhcR41grL,iv:3ZURqN23qcAuP+RvyvbGa+1mrIJPNTS89KoUKFAho+8=,tag:jtbcWOTl6z5hsjocgS1t0w==,type:str] prometheusPgExporter: @@ -162,14 +162,17 @@ prometheusPgExporter: pgHostname: ENC[AES256_GCM,data:GHFq4hxKpLaxoJ8or/wTkA==,iv:gLFSVRut6FH2WRIcPzLLIJgIfHGZS2TAqMqK1mm/6xI=,tag:pz1nUSHueeINNiJJTBfxrA==,type:str] pgUsername: ENC[AES256_GCM,data:OnOTKNxMq59vFg7QoqQaoL4=,iv:XYe/DYZHnD32hE3nZc+5YtE0S4I43dbOs7lUGI9isgQ=,tag:f52O3+c8MKmFkUdQF10JCA==,type:str] pgPassword: ENC[AES256_GCM,data:Xn8n4aMBuv5Kb95xa4hLGOqQzVimauTuRfYTgmgRj6w=,iv:9JvOCmCzvHtleU3fFpSW5bP7BoCQ+yRiVrVmjCSnMEQ=,tag:GGOPMgEfwFVRwE2WWGM/Rg==,type:str] +iam: + iam_keycloak_username: ENC[AES256_GCM,data:5SdCmMAyOA/S7BwM1fo=,iv:QbdVoOSiQazKoWJnTe3MMI8v33hp2d4u1/Eq+tOzhmE=,tag:hA7AZ2wK+8ekW9po/L4W0A==,type:str] + iam_keycloak_password: ENC[AES256_GCM,data:7Jqt0OqypQF505REBUCcfjVdd/A=,iv:2FO2akMyhsODJaeCbhan1UeR9for+clh7i0Zt6h66Oc=,tag:HUsfE8Y5zgo3YlMx/LSVSQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-03-10T14:04:22Z" - mac: ENC[AES256_GCM,data:WDDr1wsbsk51YiWR9sMbv/NudLe24XoFtlRMs0NVzfBOVqfg4wwA69HfX5/cwLMyMacP+jY5h+KFzuhY9t4tTVTVAZDQEjI8sKGQ+GavrjfwHKJ8VVM4WPjssD25w2/6RWQqzczUIG1gwnqfy1jmxQSA6h01FzDaiRW7cyUsTsk=,iv:Yz6C4HbT5Rw467rVAVEDQ3PGytjXKPTjT2WEURhZJ5Y=,tag:HnMMV5pQesFSXy2GDfeH7A==,type:str] + lastmodified: "2023-03-16T12:06:19Z" + mac: ENC[AES256_GCM,data:iDZ42cVx8i7nWO1Q0Py9/j6cK4i+k6TpxvZp7PV2zPKv2tpayfFtYRn+5TJ1BzXbsy2NKpVzaOk/N3BSmUkhqHiJa4Nr5RHUUTRHRZdskf4hVdCKUImb3fZUctoJkWnkjyqS++ZydMmVxFVKJd+5X2DrmwmeOLiLV0bWK6yHnMA=,iv:RzWVkxe1WrUPHQO0/LRiEQUY81s42NdcCoMnWoxzY/w=,tag:xnrYhFDhMK81LmsiXjFm/g==,type:str] pgp: - created_at: "2023-03-10T14:04:21Z" enc: | diff --git a/secrets_cusqa.yaml b/secrets_cusqa.yaml index 27266f3..11f6679 100644 --- a/secrets_cusqa.yaml +++ b/secrets_cusqa.yaml @@ -77,13 +77,13 @@ smardigo-wordpress: password: ENC[AES256_GCM,data:r+C0ifv4EvXeMw==,iv:hzvbYVxAzB70328LrRUrE0pvAzUVg4GHuH6/LwwX79g=,tag:soXWbvlKiabmjqemV29nBA==,type:str] extraEnvVars: - name: ENC[AES256_GCM,data:agENX833Xzfh0YJ3mg==,iv:JIcMLf/6uzJEmF2/D5UrYVPzcltn0WNpHxvqHhYh35Q=,tag:qcNMFEXp8XtQBGgDQQzoMg==,type:str] - value: ENC[AES256_GCM,data:pVLsmaQXrkV9/XC7gQ==,iv:omJGpLRN6V3wxrFTzyePKoHTSVrSbpj0rl9iKSRSKe0=,tag:u5hUIrKGgWUGWwuNe5XLKg==,type:str] + value: ENC[AES256_GCM,data:ms/zbULhDka+lXl62Q==,iv:K3AqrtO66zXV3TXEnFk5w61ssQpg93VDVuetP8PVF3U=,tag:RlsG4bHQvgRXrFmC29m1Bg==,type:str] - name: ENC[AES256_GCM,data:P7GtSDWchdQELeKIH8LX,iv:QbRe2iVakiqjQJj+0BREartkLagWdKfhgGTRsLM8lxI=,tag:GEtHO0oPRmyBr/iNyXu3bA==,type:str] value: ENC[AES256_GCM,data:laVENtx9hHLHTYNojw==,iv:kfqIMPXXmsvuXa1y2VGDHFxokySb7UeXIaWa7BzPSkg=,tag:CRWd27MwMk0EyRAHm/RehQ==,type:str] - name: ENC[AES256_GCM,data:obDXpoAkkei7sBK6s8VM,iv:836AaYitD1MMcATrne0Rgqvd4UCu5rgHtEVuVjuxee0=,tag:DnsG9ZvejKppmpaNYR/95g==,type:str] value: ENC[AES256_GCM,data:k2C6+QYE0VeAWeSFVc/J,iv:QXoTjZxnQvHA1ckj3qgCJlDD09GNzXmGcOrstffPhjs=,tag:NwifwcKfxhpLmHmnrV44ag==,type:str] - name: ENC[AES256_GCM,data:174BJSfdHOc4RTCxjYKiVg==,iv:tTdRI7LCNvWXmhQkhuugJ2k7dHyZ38VJpwKSQKH5dH8=,tag:1EFWTsLgAIJxfLiWSwORBQ==,type:str] - value: ENC[AES256_GCM,data:B+pXPpJHgJcl1O89+w==,iv:zn6kTMIEmSce7lD3hZ4HQi5+coIu0n3c0VSH4QTrQ/A=,tag:IwAd3k4jYzEfd/i+YGZcQw==,type:str] + value: ENC[AES256_GCM,data:ms/zbULhDka+lXl62Q==,iv:K3AqrtO66zXV3TXEnFk5w61ssQpg93VDVuetP8PVF3U=,tag:RlsG4bHQvgRXrFmC29m1Bg==,type:str] - name: ENC[AES256_GCM,data:9dDBuodLxwArFtYSfka12Fa4s5E=,iv:Iz9VC0tL2L7SikrTqXLYxSitxc3Hi0u8AsY3N/8aWIs=,tag:UfV8547oYtDQqPuuh1AxPQ==,type:str] value: ENC[AES256_GCM,data:ms/zbULhDka+lXl62Q==,iv:K3AqrtO66zXV3TXEnFk5w61ssQpg93VDVuetP8PVF3U=,tag:RlsG4bHQvgRXrFmC29m1Bg==,type:str] - name: ENC[AES256_GCM,data:vl/+uWyhVLVg14obIisCtJxmjapeOhvP,iv:/js2yfgorc1i70l+FOqMDeLQQ9lDgzOt9toJqiM1hgM=,tag:/qRIEXYq4PWXjm4ebU9edA==,type:str] @@ -99,11 +99,11 @@ smardigo-wordpress: - name: ENC[AES256_GCM,data:HTY03Y7FuUo=,iv:M3vxIUkrKzE3AMGWZI8fehF5BkwhnimOfaYlIpSAOeg=,tag:z5RK10dGoQ9VY1JRnynPUA==,type:str] value: ENC[AES256_GCM,data:MvANB2a/,iv:ix/na6IYEnm5ouMmZLd3WS0yQB/c4BC//PXdMgR9fr4=,tag:eWE6fFo5errSCly46CB/ag==,type:str] - name: ENC[AES256_GCM,data:qPOJUe6Lm3+v9UUobaXl,iv:VHPE4ONAh6GtxCWCjTapD8AUohVDYKsGqY9vea8SPjk=,tag:Qhtc/KBRfbE0A9T4GDe97g==,type:str] - value: ENC[AES256_GCM,data:vYiwXjg=,iv:fJa0smYOiYSJ0Kr6BNIXUpviyVWJmdvtOAz308jf0uE=,tag:PJ8WCsJepphbf/q3UJkqpg==,type:str] + value: ENC[AES256_GCM,data:QNDLp1g=,iv:8gg4DWQY7qaVjEbjHhh2B1++r/KjM2n4t5thhBZRRxw=,tag:X5V++UX1cG8PLPXByaJJQw==,type:str] - name: ENC[AES256_GCM,data:hYdwPmtFycgn,iv:F5fhmpyVHEpxU87t31wSFYibzebFw/puhv0HkLVv99k=,tag:QkZRWM9nJV4dsSquhwBeYQ==,type:str] value: ENC[AES256_GCM,data:QNDLp1g=,iv:8gg4DWQY7qaVjEbjHhh2B1++r/KjM2n4t5thhBZRRxw=,tag:X5V++UX1cG8PLPXByaJJQw==,type:str] - name: ENC[AES256_GCM,data:sH59WYQQTJTi+NoOvA==,iv:yVwfbIAi05dgWOPGt9073bzm9uqPvF3tYjzxlYrpYlQ=,tag:0zyIQs4ZrM1xgIACIFDinw==,type:str] - value: ENC[AES256_GCM,data:w0PqhOn0qzGyjUz1gS4V6M1yyL90uhDP7SP8tWHJ8XuPwd/Ooe4Quij28eaNColIUYI9qkR4ihuTXzgqSWh5,iv:Wrb+orx4Ubck3016+sEMpa0EdZ3c2imgy8h0hk7zg14=,tag:m0hf3pYh430EhG74jA8XDw==,type:str] + value: ENC[AES256_GCM,data:F3jl6E/SLJ6eXA2NRFTTxd8cT6yHmBwZIzksxywfjEAeRfCOWKhfAGJUsndeSOsnnGDKGy6j7Cz+tVNy7QIW,iv:eZCWWaLzBkAV9i2lw0v9/Z40INbkvjkqRCPkZ492Ag4=,tag:kJCeW4LOXgvWl4VKh7awew==,type:str] - name: ENC[AES256_GCM,data:JbFdFnlbIHMaZAHPwtuAUXZS7w==,iv:7rrFQ7oRBeaP6/lN82wcb0CVHii8PNb0IupTS1F+X/0=,tag:Mq9oeoQjaEmVTZIJwvVhOA==,type:str] value: ENC[AES256_GCM,data:F3jl6E/SLJ6eXA2NRFTTxd8cT6yHmBwZIzksxywfjEAeRfCOWKhfAGJUsndeSOsnnGDKGy6j7Cz+tVNy7QIW,iv:eZCWWaLzBkAV9i2lw0v9/Z40INbkvjkqRCPkZ492Ag4=,tag:kJCeW4LOXgvWl4VKh7awew==,type:str] egeld24-wordpress: @@ -128,13 +128,13 @@ egeld24-wordpress: password: ENC[AES256_GCM,data:6/FL4Pdbnt8uwQ==,iv:97sm6FxLE0w4yVG3EI0avgij1DyOC/frz/4ZiNMbKKA=,tag:OVkv2obpZ9smYYqaSvdqIw==,type:str] extraEnvVars: - name: ENC[AES256_GCM,data:RoQlySW5VKqdFEBzEQ==,iv:ygm87j5mi/d2XER+ETVO1pTOQNGCkHQCKTfweE6cfP4=,tag:A2Jaofk3YHt7soJgvB1/7w==,type:str] - value: ENC[AES256_GCM,data:31RHkLZ3OKvZhvE6Cg==,iv:e6Nywo1eltOQ/icR4QxcLZ46DrlVsBe7QWrtXrD/SlA=,tag:5lVDzcNeQ+zxjQEvTlie8Q==,type:str] + value: ENC[AES256_GCM,data:0wCJx4/leGkv+v7Abw==,iv:XQTsSdTjMzJJQk8DwvYEouZsonPkmMtbeUJGkBLvcwg=,tag:0f1AANX8C/yYCHbYtElhpg==,type:str] - name: ENC[AES256_GCM,data:zkSbtvkerK7sl5dkMV0s,iv:K+xCzAdpoIXFTR+k6wDN81T8pw0sguB+WgyXfKJXZ/0=,tag:Ykr+pcVvOpTTqICNAptYSA==,type:str] value: ENC[AES256_GCM,data:V5198RK/dBtuCWeu5A==,iv:GO1INtZ+JVyr5b+gpOs6ko5gTmxEluEAwqY7kbyJj5A=,tag:NndLjTC0EGZhNiQa7p8z8A==,type:str] - name: ENC[AES256_GCM,data:OnVpCG6eGpbCM0tu5ykY,iv:9JMl3bA8t/yxaH+a6mpEQbd0wMdob7eaFtb1WSJBxyU=,tag:cQ2b0EUQqm3pqLpovgnYrg==,type:str] value: ENC[AES256_GCM,data:6991nbFFHICbkJ10Qxzr,iv:Gt8lj1l7o1ZrogkdUPJpYXifieQ/fTUkD28Vvv14G4o=,tag:LjkRbRtEeQUxRWPlMgKzHA==,type:str] - name: ENC[AES256_GCM,data:XpG7qsM4YCZD5LQl49TipA==,iv:oEE4YxqSNRDA29wCKP2BWtFiFXvDQXePaXmAy5E+CjI=,tag:WHV/yY8KcuudBFWea0LFUg==,type:str] - value: ENC[AES256_GCM,data:VyB0H/6jqsrYK76TLg==,iv:FLoXXiWhQp9J+lh4Kooc6lOMUXEgTkZlczwlNGknXs4=,tag:AJ9FjdpEvarvtEe/zFTmXg==,type:str] + value: ENC[AES256_GCM,data:0wCJx4/leGkv+v7Abw==,iv:XQTsSdTjMzJJQk8DwvYEouZsonPkmMtbeUJGkBLvcwg=,tag:0f1AANX8C/yYCHbYtElhpg==,type:str] - name: ENC[AES256_GCM,data:6cCiRqCYYxJKg2O1NbM4QRmPOrw=,iv:rOxPMPq2PPtswKCwmgGlv2ZFbzeVhJZEd2L1Owh7na8=,tag:q9HuX4ScL2no6Zw0OfKJhQ==,type:str] value: ENC[AES256_GCM,data:0wCJx4/leGkv+v7Abw==,iv:XQTsSdTjMzJJQk8DwvYEouZsonPkmMtbeUJGkBLvcwg=,tag:0f1AANX8C/yYCHbYtElhpg==,type:str] - name: ENC[AES256_GCM,data:Bg8vtO4WHKAXZvMHFV8oIvYseookb4Xx,iv:AHx7Zh0qELk4VZQCcE5LU3E+9rlzcDJLfKBKKZb8eQw=,tag:MmKhwfNjAacFKAfXPDt4rQ==,type:str] @@ -150,11 +150,11 @@ egeld24-wordpress: - name: ENC[AES256_GCM,data:naBK4YqcvqU=,iv:1HSr1EifN10xz0MRYmNgWiRFA4lJ88HaG0WrU/WKAhg=,tag:mcaTITfSWDjOvKxfEFv/fA==,type:str] value: ENC[AES256_GCM,data:j5wjJb8A,iv:g9xUzMN7nB53/XiM0qs78tG6SsARjQKv9Yj5HWj/0cI=,tag:pjty17+Vs6vv3pk3jKXkKg==,type:str] - name: ENC[AES256_GCM,data:yWn8jE9Geyo7zb5IPPW7,iv:BdLl92NTfAHt9dbtP8YDKAiK72Adb5/9LerTpaKxzy8=,tag:ljnGsU5tQwrpPx6llYAE9w==,type:str] - value: ENC[AES256_GCM,data:WxcjgYU=,iv:NtUAHk7lKBN/+XJlPUCvRFOqG2QKj97Urhu4MR0Sbrg=,tag:eOvvpTgVtdWK0rddOEnOSQ==,type:str] + value: ENC[AES256_GCM,data:fpBKO+s=,iv:OIMzTYMWhkpcejElodzAXupVd5Y4BqM/gHThQ5eXYI0=,tag:IHIfx/T5sj25u7GNZPw8jA==,type:str] - name: ENC[AES256_GCM,data:GF8n8YRKhq+4,iv:xWrnZYhIeJBG+5PIVVu+1Un7LLtaP8dCLiiNeWSFM5A=,tag:ebWzUAOyGPLCjwcWFEbT4w==,type:str] value: ENC[AES256_GCM,data:fpBKO+s=,iv:OIMzTYMWhkpcejElodzAXupVd5Y4BqM/gHThQ5eXYI0=,tag:IHIfx/T5sj25u7GNZPw8jA==,type:str] - name: ENC[AES256_GCM,data:ur/96ZWweYVkKoopHw==,iv:xUq4i4V2dAxlB2YDkVxBbr91qjqr7BY2rs8AqVG9RHI=,tag:br9iSO6oCJ2YiQrPlAIRNA==,type:str] - value: ENC[AES256_GCM,data:PioiI5RZvxaVP/PcpN1Ty2OPXFNNiI0i6ngLU/JDEXbbS1UI1fbt6PgUi5IMdGTcdhtsiv/33rw2VgZ3/bXn,iv:j91XuaCeM35c2vWOPETEa30haEcgoQDoNzWtPc46wXI=,tag:adCUs/n+6phdBy84lgXbAw==,type:str] + value: ENC[AES256_GCM,data:NV/N21lkLWdCaV/HEKKmNFDZyLe65O0YcaSrDoEdkF36ibxXcGqGBvP4kumBlwZnfW69x/kqXongS5LMEZk6,iv:mNn3kjFRbY56c9bOZe/2jnNDlENAaKm8RZWK1hpCH8M=,tag:JcPI/mA/qZzcNH6u6HhYew==,type:str] - name: ENC[AES256_GCM,data:Hy0295YT21AiMEkpI65r/nOsZw==,iv:myBIu11/Zr7dXNontERmCgj9OSNK1hWdGjtG3eYEzTw=,tag:RMqmgE99l1UkYnYDAL49mg==,type:str] value: ENC[AES256_GCM,data:NV/N21lkLWdCaV/HEKKmNFDZyLe65O0YcaSrDoEdkF36ibxXcGqGBvP4kumBlwZnfW69x/kqXongS5LMEZk6,iv:mNn3kjFRbY56c9bOZe/2jnNDlENAaKm8RZWK1hpCH8M=,tag:JcPI/mA/qZzcNH6u6HhYew==,type:str] prometheusPgExporter: @@ -162,14 +162,17 @@ prometheusPgExporter: pgHostname: ENC[AES256_GCM,data:Ez6qO6tkHWcRC3GLdSDyWA==,iv:TdTT0G2ikydmA3KxOPymPmwOneOTvXuLSOwRM6S8Jpw=,tag:Q6lo85vl/RZAGKhli9JdDQ==,type:str] pgUsername: ENC[AES256_GCM,data:m/5qoMU3ma7U7s2KkhNJPvg=,iv:H5OHXKe6mZpjal5Bajaz8okneMgaVx4xqPKQw9BiEBo=,tag:GeG2WbjfTcCG+U5OP+FvEQ==,type:str] pgPassword: ENC[AES256_GCM,data:wmAXUr8SJcG3sR+H6APwYsABnY7ETD2TessnGbPFQ2A=,iv:ifDEqRUD5R7vhg9Tevh8BeH+dK+O1xm+AryKkWKcffA=,tag:ZX6kLi7PXoyJ6SQ+J8V3dQ==,type:str] +iam: + iam_keycloak_username: ENC[AES256_GCM,data:XFd215QDZUxnHfUW7O0=,iv:NfNf3GxW5WrIgWaxJ7Z5mo1lL/dyMV79L4NEhWlPsdg=,tag:wj7rASAKwdS141KcCpb1aw==,type:str] + iam_keycloak_password: ENC[AES256_GCM,data:Qt445V8UipXkq/ZHu0l3mmHkANY=,iv:uUbfwY8jHQ5h253HcxImaO0gQgxS2qoAE+4MUysoNqQ=,tag:aB+3y2TAa5lGAqifEaF/zw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-03-10T14:04:27Z" - mac: ENC[AES256_GCM,data:YR702i9iygIFjqZfAp0vcCWPsTFfeB24+6ZYxftpHB9uew0Z4aC1ucBzCoNar65pA7por1TFtmNVIBIUasQlGx2Jkr9rNu56FPta0PmFuOLSq00qKw/zykWaVkfhIYxp/QNmzZeSFLn8Eei47ghfnAVyt7z0qKhlM3QUiTYbo/s=,iv:dGaBw/AfiHu/me7yALSQElx3DMYNCsVfVWyF9OscxWw=,tag:KByBbVtQvCh/l6B498bgdA==,type:str] + lastmodified: "2023-03-16T12:06:08Z" + mac: ENC[AES256_GCM,data:trwXyPe/7aGPzSaNUFAPO/9N1sBoiEf/XwlqY15fjAXCyisgF6PyW8Mu20oUSmb3o7RHO5eGd0tjXNqsiaANc6c7VSlYle4mPq+IE0K5ECNv42FnrSqoin5QlwqgWdjU/N8owzXhSOXs3idE757BLxj8vYPelnEUZM4SUKpaaS0=,iv:irszuCfmCI+e942NvJl2FWyAos6TSHsgKCs+p9ofrR4=,tag:8kLkA2EVIRAU1gqfHwSl6g==,type:str] pgp: - created_at: "2023-03-10T14:04:27Z" enc: | diff --git a/values_cusprod.yaml b/values_cusprod.yaml index 542c8a0..16d2fb4 100644 --- a/values_cusprod.yaml +++ b/values_cusprod.yaml @@ -177,3 +177,14 @@ prometheus-postgres-exporter: datasourceSecret: name: postgres-exporter-database-connection key: datasource + +iam: + enabled: true + iam_module: external + iam_client_enabled: "true" + protocol: http + hostname: iam.cusprod + port: 8080 + secret_name_keycloak_creds: iam-keycloak-creds + envvars: + iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" diff --git a/values_cusqa.yaml b/values_cusqa.yaml index 4b9db6f..b14f650 100644 --- a/values_cusqa.yaml +++ b/values_cusqa.yaml @@ -164,3 +164,14 @@ prometheus-postgres-exporter: datasourceSecret: name: postgres-exporter-database-connection key: datasource + +iam: + enabled: true + iam_module: external + iam_client_enabled: "true" + protocol: http + hostname: iam.cusqa + port: 8080 + secret_name_keycloak_creds: iam-keycloak-creds + envvars: + iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" diff --git a/values_nsodev.yaml b/values_nsodev.yaml index 753002a..7aef5b0 100644 --- a/values_nsodev.yaml +++ b/values_nsodev.yaml @@ -157,4 +157,4 @@ iam: port: 8080 secret_name_keycloak_creds: iam-keycloak-creds envvars: - iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/" \ No newline at end of file + iam_keycloak_auth_server_url: "https://keycloak-prodwork01.smardigo.digital/auth/"