gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

DEV-730: keylcoak integration - commit ins abentuerland

Browse Source
qa
friedrich goerz 3 years ago
parent 1c6f257b28
commit ebcd915658
5 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
host_vars/prodwork01-keycloak-01.yml
Unescape Escape View File

@ -1,2 +1,4 @@
--- ---
keycloak_external_subdomain: "{{ inventory_hostname }}" keycloak_external_subdomain: "{{ inventory_hostname }}"
keycloak_compact_tls_cert_resolver: letsencrypt

1
roles/connect_compact/defaults/main.yml
Unescape Escape View File

@ -55,3 +55,4 @@ current_realm_clients: [
] ]
}, },
] ]
connect_compact_tls_cert_resolver: letsencrypt-http

2
roles/keycloak_compact/defaults/main.yml
Unescape Escape View File

@ -7,4 +7,6 @@ keycloak_postgres_username: "keycloak_postgres"
keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}" keycloak_postgres_password: "{{ keycloak_postgres_password_vault }}"
keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak" keycloak_image_name: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"
keycloak_compact_tls_cert_resolver: letsencrypt-http
service_port_keycloak_external: 8110 service_port_keycloak_external: 8110

8
templates/connect-compact/docker-compose.yml.j2
Unescape Escape View File

@ -21,14 +21,14 @@ services:
- "traefik.http.routers.{{ connect_id }}.rule=Host(`{{ connect_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}.rule=Host(`{{ connect_id }}.{{ domain }}`)"
- "traefik.http.routers.{{ connect_id }}.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ connect_id }}.tls=true" - "traefik.http.routers.{{ connect_id }}.tls=true"
- "traefik.http.routers.{{ connect_id }}.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ connect_id }}.tls.certresolver={{ connect_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ connect_id }}.loadbalancer.server.port=8080" - "traefik.http.services.{{ connect_id }}.loadbalancer.server.port=8080"
- "traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin" - "traefik.http.routers.{{ connect_id }}-admin.service={{ connect_id }}-admin"
- "traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ connect_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-admin.rule=Host(`{{ connect_id }}.{{ domain }}`)"
- "traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service" - "traefik.http.routers.{{ connect_id }}-admin.entrypoints=admin-service"
- "traefik.http.routers.{{ connect_id }}-admin.tls=true" - "traefik.http.routers.{{ connect_id }}-admin.tls=true"
- "traefik.http.routers.{{ connect_id }}-admin.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ connect_id }}-admin.tls.certresolver={{ connect_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}" - "traefik.http.services.{{ connect_id }}-admin.loadbalancer.server.port={{ management_port }}"
{% if {% if
connect_external_subdomain is defined connect_external_subdomain is defined
@ -38,7 +38,7 @@ services:
- "traefik.http.routers.{{ connect_id }}-extern.rule=Host(`{{ connect_external_subdomain }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-extern.rule=Host(`{{ connect_external_subdomain }}.{{ domain }}`)"
- "traefik.http.routers.{{ connect_id }}-extern.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}-extern.entrypoints=websecure"
- "traefik.http.routers.{{ connect_id }}-extern.tls=true" - "traefik.http.routers.{{ connect_id }}-extern.tls=true"
- "traefik.http.routers.{{ connect_id }}-extern.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ connect_id }}-extern.tls.certresolver={{ connect_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ connect_id }}-extern.loadbalancer.server.port=8080" - "traefik.http.services.{{ connect_id }}-extern.loadbalancer.server.port=8080"
{% endif %} {% endif %}
environment: environment:
@ -154,7 +154,7 @@ services:
- "traefik.http.routers.{{ connect_id }}-kibana.rule=Host(`{{ kibana_id }}.{{ domain }}`)" - "traefik.http.routers.{{ connect_id }}-kibana.rule=Host(`{{ kibana_id }}.{{ domain }}`)"
- "traefik.http.routers.{{ connect_id }}-kibana.entrypoints=websecure" - "traefik.http.routers.{{ connect_id }}-kibana.entrypoints=websecure"
- "traefik.http.routers.{{ connect_id }}-kibana.tls=true" - "traefik.http.routers.{{ connect_id }}-kibana.tls=true"
- "traefik.http.routers.{{ connect_id }}-kibana.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ connect_id }}-kibana.tls.certresolver={{ connect_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ connect_id }}-kibana.loadbalancer.server.port=5601" - "traefik.http.services.{{ connect_id }}-kibana.loadbalancer.server.port=5601"
- "traefik.http.routers.{{ connect_id }}-kibana.middlewares={{ connect_id }}-kibana-ipwhitelist" - "traefik.http.routers.{{ connect_id }}-kibana.middlewares={{ connect_id }}-kibana-ipwhitelist"
- "traefik.http.middlewares.{{ connect_id }}-kibana-ipwhitelist.ipwhitelist.sourcerange={{ ( ip_whitelist_netgo + ip_whitelist_admins ) | join(',') }}" - "traefik.http.middlewares.{{ connect_id }}-kibana-ipwhitelist.ipwhitelist.sourcerange={{ ( ip_whitelist_netgo + ip_whitelist_admins ) | join(',') }}"

4
templates/keycloak-compact/docker-compose.yml.j2
Unescape Escape View File

@ -20,7 +20,7 @@ services:
- "traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ keycloak_id }}.smardigo.digital`)" - "traefik.http.routers.{{ keycloak_id }}.rule=Host(`{{ keycloak_id }}.smardigo.digital`)"
- "traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure" - "traefik.http.routers.{{ keycloak_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ keycloak_id }}.tls=true" - "traefik.http.routers.{{ keycloak_id }}.tls=true"
- "traefik.http.routers.{{ keycloak_id }}.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ keycloak_id }}.tls.certresolver={{ keycloak_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port=8080" - "traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port=8080"
{% if {% if
keycloak_external_subdomain is defined keycloak_external_subdomain is defined
@ -29,7 +29,7 @@ services:
- "traefik.http.routers.{{ keycloak_id }}-extern.rule=Host(`{{ keycloak_external_subdomain }}.smardigo.digital`)" - "traefik.http.routers.{{ keycloak_id }}-extern.rule=Host(`{{ keycloak_external_subdomain }}.smardigo.digital`)"
- "traefik.http.routers.{{ keycloak_id }}-extern.entrypoints=websecure" - "traefik.http.routers.{{ keycloak_id }}-extern.entrypoints=websecure"
- "traefik.http.routers.{{ keycloak_id }}-extern.tls=true" - "traefik.http.routers.{{ keycloak_id }}-extern.tls=true"
- "traefik.http.routers.{{ keycloak_id }}-extern.tls.certresolver=letsencrypt-http" - "traefik.http.routers.{{ keycloak_id }}-extern.tls.certresolver={{ keycloak_compact_tls_cert_resolver }}"
- "traefik.http.services.{{ keycloak_id }}-extern.loadbalancer.server.port=8080" - "traefik.http.services.{{ keycloak_id }}-extern.loadbalancer.server.port=8080"
{% endif %} {% endif %}
environment: environment:

Write Preview
Loading…
Cancel
Save