From ebcd915658d8201c212d98035b0a5959405d8f62 Mon Sep 17 00:00:00 2001 From: friedrich goerz Date: Mon, 12 Dec 2022 16:13:58 +0100 Subject: [PATCH] DEV-730: keylcoak integration - commit ins abentuerland --- host_vars/prodwork01-keycloak-01.yml | 2 ++ roles/connect_compact/defaults/main.yml | 3 ++- roles/keycloak_compact/defaults/main.yml | 2 ++ templates/connect-compact/docker-compose.yml.j2 | 8 ++++---- templates/keycloak-compact/docker-compose.yml.j2 | 4 ++-- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/host_vars/prodwork01-keycloak-01.yml b/host_vars/prodwork01-keycloak-01.yml index 2c15bd9..d77c7ff 100644 --- a/host_vars/prodwork01-keycloak-01.yml +++ b/host_vars/prodwork01-keycloak-01.yml @@ -1,2 +1,4 @@ --- keycloak_external_subdomain: "{{ inventory_hostname }}" + +keycloak_compact_tls_cert_resolver: letsencrypt diff --git a/roles/connect_compact/defaults/main.yml b/roles/connect_compact/defaults/main.yml index 44b056b..95b7cb4 100644 --- a/roles/connect_compact/defaults/main.yml +++ b/roles/connect_compact/defaults/main.yml @@ -54,4 +54,5 @@ current_realm_clients: [ "{{ http_s }}://{{ connect_base_url }}", ] }, -] \ No newline at end of file +] +connect_compact_tls_cert_resolver: letsencrypt-http diff --git a/roles/keycloak_compact/defaults/main.yml b/roles/keycloak_compact/defaults/main.yml index 6622f0a..2f61103 100644 --- a/roles/keycloak_compact/defaults/main.yml +++ b/roles/keycloak_compact/defaults/main.yml @@ -7,4 +7,6 @@ keycloak_postgres_username: "keycloak_postgres" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" +keycloak_compact_tls_cert_resolver: letsencrypt-http + service_port_keycloak_external: 8110 diff --git a/templates/connect-compact/docker-compose.yml.j2 b/templates/connect-compact/docker-compose.yml.j2 index a9973d9..1a99708 100644 --- a/templates/connect-compact/docker-compose.yml.j2 +++ b/templates/connect-compact/docker-compose.yml.j2 @@ -21,14 +21,14 @@ services: - "traefik.http.routers.{{ connect_id }}.rule=Host(`{{ connect_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}.tls=true" - - "traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ connect_id }}.tls.certresolver={{ connect_compact_tls_cert_resolver }}" - "traefik.http.services.{{ connect_id }}.loadbalancer.server.port=8080" - "traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin" - "traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ connect_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service" - "traefik.http.routers.{{ connect_id }}-admin.tls=true" - - "traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ connect_id }}-admin.tls.certresolver={{ connect_compact_tls_cert_resolver }}" - "traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}" {% if connect_external_subdomain is defined @@ -38,7 +38,7 @@ services: - "traefik.http.routers.{{ connect_id }}-extern.rule=Host(`{{ connect_external_subdomain }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-extern.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}-extern.tls=true" - - "traefik.http.routers.{{ connect_id }}-extern.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ connect_id }}-extern.tls.certresolver={{ connect_compact_tls_cert_resolver }}" - "traefik.http.services.{{ connect_id }}-extern.loadbalancer.server.port=8080" {% endif %} environment: @@ -154,7 +154,7 @@ services: - "traefik.http.routers.{{ connect_id }}-kibana.rule=Host(`{{ kibana_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-kibana.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}-kibana.tls=true" - - "traefik.http.routers.{{ connect_id }}-kibana.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ connect_id }}-kibana.tls.certresolver={{ connect_compact_tls_cert_resolver }}" - "traefik.http.services.{{ connect_id }}-kibana.loadbalancer.server.port=5601" - "traefik.http.routers.{{ connect_id }}-kibana.middlewares={{ connect_id }}-kibana-ipwhitelist" - "traefik.http.middlewares.{{ connect_id }}-kibana-ipwhitelist.ipwhitelist.sourcerange={{ ( ip_whitelist_netgo + ip_whitelist_admins ) | join(',') }}" diff --git a/templates/keycloak-compact/docker-compose.yml.j2 b/templates/keycloak-compact/docker-compose.yml.j2 index 01acc2b..98a2edc 100644 --- a/templates/keycloak-compact/docker-compose.yml.j2 +++ b/templates/keycloak-compact/docker-compose.yml.j2 @@ -20,7 +20,7 @@ services: - "traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ keycloak_id }}.smardigo.digital`)" - "traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure" - "traefik.http.routers.{{ keycloak_id }}.tls=true" - - "traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ keycloak_id }}.tls.certresolver={{ keycloak_compact_tls_cert_resolver }}" - "traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port=8080" {% if keycloak_external_subdomain is defined @@ -29,7 +29,7 @@ services: - "traefik.http.routers.{{ keycloak_id }}-extern.rule=Host(`{{ keycloak_external_subdomain }}.smardigo.digital`)" - "traefik.http.routers.{{ keycloak_id }}-extern.entrypoints=websecure" - "traefik.http.routers.{{ keycloak_id }}-extern.tls=true" - - "traefik.http.routers.{{ keycloak_id }}-extern.tls.certresolver=letsencrypt-http" + - "traefik.http.routers.{{ keycloak_id }}-extern.tls.certresolver={{ keycloak_compact_tls_cert_resolver }}" - "traefik.http.services.{{ keycloak_id }}-extern.loadbalancer.server.port=8080" {% endif %} environment: