gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '844706cb29'
${ noResults }
hetzner-ansible/roles/keycloak/vars/main.yml

69 lines
3.2 KiB
YAML
Raw Blame History

---
keycloak_id: "{{ inventory_hostname }}-keycloak"
keycloak_postgres_id: "{{ inventory_hostname }}-postgres-keycloak"
keycloak_labels: [
# Definve service
'"traefik.http.services.{{ keycloak_id }}.loadbalancer.server.port={{ service_port }}"',
# open all
'"traefik.enable=true"',
'"traefik.http.routers.{{ keycloak_id }}-public.service={{ keycloak_id }}"',
'"traefik.http.routers.{{ keycloak_id }}-public.rule=Host(`{{ stage_server_domain }}`)"',
'"traefik.http.routers.{{ keycloak_id }}-public.entrypoints=websecure"',
'"traefik.http.routers.{{ keycloak_id }}-public.tls=true"',
'"traefik.http.routers.{{ keycloak_id }}-public.tls.certresolver=letsencrypt"',
# allow login / login page (except for master)
'"traefik.http.routers.{{ keycloak_id }}-public-login.service={{ keycloak_id }}"',
'"traefik.http.routers.{{ keycloak_id }}-public-login.rule=Host(`{{ stage_server_domain }}`) && (PathPrefix(`/auth/realms/{realm:[^/]+}/login-actions/authenticate`) && !PathPrefix(`/auth/realms/master/login-actions/authenticate`))"',
'"traefik.http.routers.{{ keycloak_id }}-public-login.entrypoints=websecure"',
'"traefik.http.routers.{{ keycloak_id }}-public-login.tls=true"',
'"traefik.http.routers.{{ keycloak_id }}-public-login.tls.certresolver=letsencrypt"',
# restrict all POST, PUT, DELETE, PATCH to intranet
'"traefik.http.routers.{{ keycloak_id }}-private.service={{ keycloak_id }}"',
'"traefik.http.routers.{{ keycloak_id }}-private.rule=Host(`{{ stage_server_domain }}`)&&Method(`POST`,`PUT`,`DELETE`, `PATCH`)"',
'"traefik.http.routers.{{ keycloak_id }}-private.entrypoints=websecure"',
'"traefik.http.routers.{{ keycloak_id }}-private.tls=true"',
'"traefik.http.routers.{{ keycloak_id }}-private.tls.certresolver=letsencrypt"',
'"traefik.http.routers.{{ keycloak_id }}-private.middlewares={{ keycloak_id }}-private-ipwhitelist"',
'"traefik.http.middlewares.{{ keycloak_id }}-private-ipwhitelist.ipwhitelist.sourcerange={{ (ip_whitelist + k8s_worker_node_ips + keycloak_ip_whitelist) | join(",") }}"',
]
keycloak_docker: {
networks: [
{
name: front-tier,
external: true,
},
],
services: [
{
name: "{{ keycloak_id }}",
image_name: "{{ keycloak_image }}",
image_version: "{{ keycloak_version }}",
labels: "{{ keycloak_labels + ( keycloak_labels_additional | default([])) }}",
command: "start --log-console-output=json",
environment: [
"KEYCLOAK_ADMIN: \"{{ keycloak_admin_username }}\"",
"KEYCLOAK_ADMIN_PASSWORD: \"{{ keycloak_admin_password }}\"",
"KC_PROXY: \"edge\"",
"KC_HOSTNAME: \"{{ stage_server_domain }}\"",
"KC_DB: \"postgres\"",
"KC_DB_USERNAME: \"{{ keycloak_postgres_username }}\"",
"KC_DB_PASSWORD: \"{{ keycloak_postgres_password }}\"",
"KC_DB_URL: \"jdbc:postgresql://{{ shared_service_postgres_primary }}:{{ service_port_postgres }}/{{ keycloak_postgres_database }}?sslmode=require\""
],
networks: [
'"front-tier"',
],
ports: [
{
external: "{{ service_port_keycloak_external }}",
internal: "{{ service_port_keycloak }}",
},
],
extra_hosts: "{{ keycloak_extra_hosts | default([]) }}",
}
],
}
Reference in New Issue View Git Blame Copy Permalink