keycloak patch PR #262

marmila · Jan 21, 2024 · 121f689 · 121f689
2 parents c4e98be + d6c8c40
commit 121f689
Show file tree

Hide file tree

Showing 23 changed files with 322 additions and 139 deletions.
diff --git a/ansible-runner/build/requirements.yml b/ansible-runner/build/requirements.yml
@@ -35,3 +35,5 @@ collections:
     version: 1.6.0
   - name: ansible.posix
     version: 1.5.4
+  - name: community.crypto
+    version: 2.16.1
diff --git a/ansible/create_vault_credentials.yml b/ansible/create_vault_credentials.yml
@@ -55,11 +55,12 @@
         - elasticsearch_prometheus_password
         - keycloak_admin_password
         - keycloak_pi_password
+        - keycloak_postgresql_password
         - oauth2_proxy_client_secret
         - oauth2_proxy_cookie
         - oauth2_proxy_redis_password
         - grafana_client_secret
-        - kibana_client_secret
+        - postgresql_admin_password
 
     - name: Generate vault file
       ansible.builtin.template:

diff --git a/ansible/requirements.yml b/ansible/requirements.yml
@@ -35,3 +35,5 @@ collections:
     version: 1.6.0
   - name: ansible.posix
     version: 1.5.4
+  - name: community.crypto
+    version: 2.16.1
diff --git a/ansible/vars/picluster.yml b/ansible/vars/picluster.yml
@@ -237,7 +237,7 @@ custom_ca: false
 vault_init: true
 vault_unseal: true
 vault_unseal_service: true
-tls_skip_verify: false
+tls_skip_verify: "{{ not enable_letsencrypt }}"
 
 # Configure KV
 vault_kv_secrets:

diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml
@@ -1,62 +1,110 @@
----
-# Encrypted variables - Ansible Vault
-vault:
-  # SAN
-  san:
-    iscsi:
-      node_pass: s1cret0
-      password_mutual: 0tr0s1cret0
-  # K3s secrets
-  cluster:
-    k3s:
-      token: s1cret0
-  # traefik secrets
-  traefik:
-    basic_auth:
-      user: admin
-      passwd: s1cret0
-  # Minio S3 secrets
-  minio:
-    root:
-      user: root
-      key: supers1cret0
-    restic:
-      user: restic
-      key: supers1cret0
-    longhorn:
-      user: longhorn
-      key: supers1cret0
-    velero:
-      user: velero
-      key: supers1cret0
-    loki:
-      user: loki
-      key: supers1cret0
-    tempo:
-      user: tempo
-      key: supers1cret0
-  # elastic search
-  elasticsearch:
-    es-admin:
-      user: admin
-      password: s1cret0
-    es-fluentd:
-      user: fluentd
-      password: s1cret0
-    es-prometheus:
-      user: prometheus
-      password: s1cret0
-  # Fluentd
-  fluentd:
-    shared_key: s1cret0
-  # Grafana
-  grafana:
-    admin:
-      user: admin
-      password: s1cret0
-
-  # Certmanager
-  certmanager:
-    ionos:
-      public_prefix: your-public-prefix
-      secret: your-key
+$ANSIBLE_VAULT;1.1;AES256
+65643835353139353261366635336461333433656263616438643062633130343037376338653366
+3464393261333738666634303566666236313532626136320a333937336338383361323137383561
+31306661336137653566363933653863663731626265363033643361363132333833363261663937
+3466643037353536350a623932663564336236303332623732633035306163663839343530306264
+30323439343133633034633734386561613133633739386261666165623633663530643762333761
+66303635373632636165336537396331393332376539663630373135306637643632343136323038
+63656665323165393766646338616432646565626432633235363461323039653566316233636461
+64346137353232336561613632356162323435356633663939393637623039313038653037613462
+66313966396264643330613130333330393838366161653563353064346334633631656234386131
+64383564366139343532313339613637353066346338363737306465333638643165663138656363
+36626161663063363238313230613835376561393431333762663766396538323832303765346439
+36613536663065323765643565633663346361373934346330303638623330373536363232393039
+63633932393936646363373231343533383931643063663163396137313439613537386366303135
+63643264303230306538663835366131323262393034356239303036396131363565393734386435
+36316261356335353934656361323365363038366237326134646634306431316331383538323536
+61393136633365393664353861393635313938326362626561333435303164643463626339306666
+33643538376661396535396532653639666565333165626231616334333034323737316265663361
+64323836386662663436373832396536333761343866353636653134653532313032383931363739
+35333035653531343531333136396236656261346537393764353939633536303339393061626665
+35663932626134643564313262373635323833323532333365643433636231633866656235333262
+35343066323039333330616138303463303336626562303161353330343438336234333230646537
+64303563393633313732653665656562623432366332353237396637393162343665343638306261
+61303234616664616338336562613439326236366535323634643066653062323561623663636430
+62316161386663383637383463646661323637333933363965393838613662653337323436336233
+30363230313238313733353132376138326533626530343731303138393561663637653030666337
+61373632303362323934373538353238613262653933623539373734646562383962383134646139
+31316436363336663563646561333738623761333939643938336130666362313334663635616130
+36633235386339643565396434353531316531303036383238396335323132323335383861636134
+61356234613431366235313337383234346535353933613838656665323830323838646631366563
+34343735306265636564613963313965613538633832643836323033393635366664303337656536
+62363065373939646666623635346565613236653836646637396538323365343236643664383531
+38356332336362656461373064366131383131666538353031333136663839646630353935353832
+62643764656464333038306164393766303564336335373033616637373262396338386361336530
+62343832333633373136396330623366643236663036626262363631653733313730313239363232
+30306531616138373637383231353966626137323862663766343134376362363162363230386431
+64613132653231663662633563643266323537303862316234393036323935643939383864373839
+38343636323132616536366635303933656435353562656162393966626236383831373464626563
+64356661616465316662323938623932636666306339393539373963623037616335353461643363
+37636232306361646237626332323162333833343832376236633137343637613866353233616636
+32383166383031316365303766346631396632653265646633316165633034656437396665343165
+37313530616232353835376662636534393263386130303066316439623333643362663036323937
+35613333636631363632363131643165663930303736323864663231346531663765393465353930
+34373139663636663237396466366561373135663439636335323332643431616466363638353463
+63346538396464346434653465313161383231396466613463636633643261306139313062663832
+66616633383961383939636630333663316332643538633632653933663263646663343436663963
+64663834333662363432346538633935346336313261336535663330393166336266303939353434
+62363531663937363764366466663436346435623532336430303661386233306436376365313666
+31636663303430396331323034373932366162616234366637386263373831323231333333326634
+66393732653637333163346138353038363132646435313036366562323935653739383065336665
+65393134343533333963643938356633376466343461396237643436343639643730633762346663
+64383937663535333438333731653834343934346265643161613261623931626263636634316532
+30376566636235636331643738636338356666363061373063643865633535316432616365666161
+30633165353963353066393639323863373666383532306562383663363935356165383266343731
+34653934313264366261663533653761366136646439336539316631363738303364623430663832
+63303439666362353831653864323632313565333661326563643034663439636432663538303361
+62396532373139396164306433333365623736383164613265383734383230373866396237306638
+61306361613533346338366330303533386534633330623433643537343630656638613134653533
+36373239623361653335643431643666346363666461306633626365643334316161373364323961
+39643530646433323564376637313565623166386436653930626139336232366264346565613834
+35333362646362643032653830346564646636353466366533396562656139316562306664663633
+33393737623036333832313630626332393764636339303361656333383030656263343466303163
+33323433346436343433306231363230653564346430323263366363313034633761633834373961
+64343734626266643635313136663633346165663465366364616132633163333738613636326539
+33663633303861383634623631323537323430386363346330313037323439376463623163346531
+37393332393164376562313536343335333966356566343831633532323632633464653030616132
+35663933373435313864323431336439653334366164306530633034343761636236623063323361
+30306536633538626563626636636534373964383432333365386137353061306337313836373631
+36353732636664346438303835336461333762313461653131646266306335643235313732633635
+62336331393235326436363038363932616134656266336132623030393563323035343364383834
+39353536633930643662623338613430316364373238306438366230383461323439366532323266
+34316539366233363435373337303930386265653463386134373630636361333133623030313339
+39386138653439316565333030636539376665323036646239653132373064633531643932613536
+37373638323835333733613463613738626564303266653566373766343832376663343736373530
+35613830616332636431626462383835663431633065623864623830373432373838626332646365
+34633063663236303331353061383765363330336235316165643363313431333366616465646461
+37313165393137363162363733326161623134346666313239316133613664653731333865623238
+66393633306264373166643535366636396136313638343930356531616234366631633935656365
+36383430636637653562373039616134376435623036303934643837343739386335303331666638
+62663565613332303264396238303234356433383962376232636430343964616135633930303236
+34633638623439383438326336613530663933636237643965326437633332616636643937666161
+33613132336339333239313135343931373132656130663963353536313034363437373635626534
+65346532336331343964323265313539346561663566666163343761373632616238343464306533
+37646163643932323236633863663532666334373466383563386234623339343134336639373665
+39393365393365376463376537636634373938336235383835336330313935366563336537376239
+36306432336338663539323834626535366233356364353162626331626639643566373435353165
+31313039346666613964333262316165383363383866633936643336323463306566366431316533
+32356537623237316131396261623466393962386561643965663334346636336133636436313333
+38613832666665366239626333393332613765333936306631303166643064376466636136336266
+37303433666566323263666232373861323337653866323666303437643031623935653534306635
+61336566656139653634623030356638646537303036326434343431653564626466393265633437
+38623233323738626435383135636530323031363564656638383335646139373131613435633063
+31336538663930373833306238316366623063313333623332383632643664633131653530313266
+39336630373165323534396232633131653732653966386261393736383031623933373366633636
+31653466343137313635396665366635633435306262383464383232343437326366376339323936
+62643930613963376139323835383139666337323634613133313763313038363461343135323163
+32386530343261353436393265383333666561656537636332376637636139626166656231316436
+38363263323962353835326435303661663666373534316435646534626661353135316164653763
+37373132303331333566613163373463396664396361623963653638383335306633333533613039
+31313530366433316262363435626230366638343932656162643131613436336161643766656461
+33636139303135643832646135386561343966633964656639656437666461383433623164393039
+31363361663735616564386436633165366666643834646237653163643862636336383830343035
+64386334343833323433633036383466343435393631303838353863646262386636336163313064
+31616165366439333266303835383765626435666634366230386137383463613734396531386234
+39623739633762386662306261643736313664383638626366363462623366373935636330323566
+39313239366430366334373766363765613563373361346266363532346562613433346535353364
+62393331626634633866346438336230323061333864643562386463613739393335326166636662
+31373366363666646333356262313838646261306566626261643437343939306331636363316663
+37613861396363396439363561633131616134613361333933386138633661666563313961633961
+6334
diff --git a/ansible/vars/vault.yml.j2 b/ansible/vars/vault.yml.j2
@@ -23,6 +23,9 @@ vault:
     picluster-admin:
       user: piadmin
       password: {{ keycloak_pi_password }}
+    postgresql:
+      user: keycloak
+      password: {{ keycloak_postgresql_password }}
   # Oauth2-Proxy
   oauth2-proxy:
     oauth2:
@@ -73,13 +76,13 @@ vault:
     oauth2:
       client-id: grafana
       client-secret: {{ grafana_client_secret }}
-  # Kibana
-  kibana:
-    oauth2:
-      client-id: kibana
-      client-secret: {{ kibana_client_secret }}
   # Certmanager
   certmanager:
     ionos:
       public_prefix: {{ ionos_public_prefix }}
       secret: {{ ionos_secret }}
+  # PostgreSQL
+  postgresql:
+    admin:
+      user: admin
+      password: {{ postgresql_admin_password }}
diff --git a/argocd/bootstrap/argocd/Chart.yaml b/argocd/bootstrap/argocd/Chart.yaml
@@ -3,5 +3,5 @@ name: argocd
 version: 0.0.0
 dependencies:
   - name: argo-cd
-    version: 5.51.4
+    version: 5.53.3
     repository: https://argoproj.github.io/argo-helm
diff --git a/argocd/bootstrap/crds/cert-manager/kustomization.yaml b/argocd/bootstrap/crds/cert-manager/kustomization.yaml
@@ -4,4 +4,4 @@ resources:
 # Cert-manager helm installation https://cert-manager.io/docs/installation/helm/
 # CDRs can be installed manually.
 # cert-manager helm chart to be installed with value installCDRs=false
-- https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
+- https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.crds.yaml
diff --git a/argocd/bootstrap/crds/external-secrets/kustomization.yaml b/argocd/bootstrap/crds/external-secrets/kustomization.yaml
@@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 # external-secrets https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
-# helm chart version 0.9.9
+# helm chart version 0.9.11
 # external-secrets helm chart to be installed with value installCDRs=false
-- https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.9/deploy/crds/bundle.yaml
+- https://raw.githubusercontent.com/external-secrets/external-secrets/v0.9.11/deploy/crds/bundle.yaml
diff --git a/argocd/system/cert-manager/Chart.yaml b/argocd/system/cert-manager/Chart.yaml
@@ -3,10 +3,10 @@ name: certmanager
 version: 0.0.0
 dependencies:
   - name: cert-manager
-    version: v1.13.2
+    version: v1.13.3
     repository: https://charts.jetstack.io
   - name: trust-manager
-    version: v0.7.0
+    version: v0.8.0
     repository: https://charts.jetstack.io
   - name: cert-manager-webhook-ionos
     version: 1.0.2

diff --git a/argocd/system/external-secrets/Chart.yaml b/argocd/system/external-secrets/Chart.yaml
@@ -3,5 +3,5 @@ name: external-secrets
 version: 0.0.0
 dependencies:
   - name: external-secrets
-    version: 0.9.9
+    version: 0.9.11
     repository: https://charts.external-secrets.io
diff --git a/argocd/system/keycloak/templates/keycloak-externalsecret.yaml b/argocd/system/keycloak/templates/keycloak-externalsecret.yaml
@@ -15,4 +15,16 @@ spec:
         key: keycloak/admin
         property: password
         conversionStrategy: Default # ArgoCD sync issue
+        decodingStrategy: None # ArgoCD sync issue
+    - secretKey: postgresql-admin-password
+      remoteRef:
+        key: postgresql/admin
+        property: password
+        conversionStrategy: Default # ArgoCD sync issue
+        decodingStrategy: None # ArgoCD sync issue
+    - secretKey: password
+      remoteRef:
+        key: keycloak/postgresql
+        property: password
+        conversionStrategy: Default # ArgoCD sync issue
         decodingStrategy: None # ArgoCD sync issue
diff --git a/argocd/system/keycloak/values.yaml b/argocd/system/keycloak/values.yaml
@@ -18,6 +18,18 @@ keycloak:
     existingSecret: keycloak-secret
     adminUser: admin
 
+  # postgresSQL
+  postgresql:
+    enabled: true
+    auth:
+      username: keycloak
+      database: keycloak
+      existingSecret: keycloak-secret
+      secretKeys:
+        adminPasswordKey: postgresql-admin-password
+        userPasswordKey: password
+    architecture: standalone
+
   # Adding additional secrets for realm configuration as environment variables
   extraEnvVarsSecret: keycloak-env-secret
 

diff --git a/argocd/system/linkerd-jaeger/Chart.yaml b/argocd/system/linkerd-jaeger/Chart.yaml
@@ -3,5 +3,5 @@ name: linkerd-jaeger
 version: 0.0.0
 dependencies:
   - name: linkerd-jaeger
-    version: 30.12.6
+    version: 30.12.10
     repository: https://helm.linkerd.io/stable
diff --git a/argocd/system/linkerd-viz/Chart.yaml b/argocd/system/linkerd-viz/Chart.yaml
@@ -3,5 +3,5 @@ name: linkerd-viz
 version: 0.0.0
 dependencies:
   - name: linkerd-viz
-    version: 30.12.6
+    version: 30.12.10
     repository: https://helm.linkerd.io/stable
diff --git a/argocd/system/linkerd/Chart.yaml b/argocd/system/linkerd/Chart.yaml
@@ -6,5 +6,5 @@ dependencies:
     version: 1.8.0
     repository: https://helm.linkerd.io/stable
   - name: linkerd-control-plane
-    version: 1.16.6
+    version: 1.16.10
     repository: https://helm.linkerd.io/stable
diff --git a/argocd/system/logging/Chart.yaml b/argocd/system/logging/Chart.yaml
@@ -3,16 +3,16 @@ name: logging
 version: 0.0.0
 dependencies:
   - name: eck-operator
-    version: 2.10.0
+    version: 2.11.0
     repository: https://helm.elastic.co
   - name: fluentd
     version: 0.5.0
     repository: https://fluent.github.io/helm-charts
   - name: fluent-bit
-    version: 0.40.0
+    version: 0.42.0
     repository: https://fluent.github.io/helm-charts
   - name: loki
-    version: 5.38.0
+    version: 5.41.7
     repository: https://grafana.github.io/helm-charts
   - name: prometheus-elasticsearch-exporter
     version: 5.3.1

diff --git a/argocd/system/minio/Chart.yaml b/argocd/system/minio/Chart.yaml
@@ -3,5 +3,5 @@ name: minio
 version: 0.0.0
 dependencies:
   - name: minio
-    version: 5.0.14
+    version: 5.0.15
     repository: https://charts.min.io/
diff --git a/argocd/system/nginx/Chart.yaml b/argocd/system/nginx/Chart.yaml
@@ -3,5 +3,5 @@ name: ingress-nginx
 version: 0.0.0
 dependencies:
   - name: ingress-nginx
-    version: 4.8.3
+    version: 4.9.0
     repository: https://kubernetes.github.io/ingress-nginx