This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new f096b8b added step-ca
f096b8b is described below
commit f096b8b50230571817709f6216d7ce8691a4b9c0
Author: Oleh Martushevskyi <[email protected]>
AuthorDate: Tue Dec 3 18:22:02 2019 +0200
added step-ca
---
.../modules/helm_charts/dlab-ui-chart/values.yaml | 4 +-
.../modules/helm_charts/files/keycloak_values.yaml | 8 ++-
.../ssn-gke/main/modules/helm_charts/keycloak.tf | 70 +++++++++++-----------
.../terraform/gcp/ssn-gke/main/variables.tf | 3 +-
4 files changed, 46 insertions(+), 39 deletions(-)
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
index 0b679ad..4f62f8b 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
@@ -54,9 +54,9 @@ ui:
username: ${mongo_user}
db_name: ${mongo_db_name}
keycloak:
- auth_server_url: dlab-ui.k8s-gcp.dlabanalytics.com
+ auth_server_url: https://dlab-ui.k8s-gcp.dlabanalytics.com/auth
# https://${ssn_k8s_alb_dns_name}/auth
- redirect_uri: dlab-ui.k8s-gcp.dlabanalytics.com
+ redirect_uri: https://dlab-ui.k8s-gcp.dlabanalytics.com/
# https://${ssn_k8s_alb_dns_name}/
custom_certs:
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/keycloak_values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/keycloak_values.yaml
index 205ee11..ce3e5a7 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/keycloak_values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/keycloak_values.yaml
@@ -38,12 +38,18 @@ keycloak:
# nodePort: 31088
ingress:
- enabled: false
+ enabled: true
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /auth
path: /auth
+ hosts:
+ - ${ssn_k8s_alb_dns_name}
+ tls:
+ - hosts:
+ - ${ssn_k8s_alb_dns_name}
+ secretName: dlab-ui-tls
startupScripts:
mystartup.sh: |
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
index 8c8eb06..fedf56d 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
@@ -71,38 +71,38 @@ resource "helm_release" "keycloak" {
helm_release.dlab_ui]
}
-resource "kubernetes_ingress" "keycloak_ingress" {
- metadata {
- name = "keycloak"
- namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
- annotations = {
- "kubernetes.io/ingress.class": "nginx"
- "nginx.ingress.kubernetes.io/ssl-redirect": "true"
- "nginx.ingress.kubernetes.io/rewrite-target": "/auth"
- }
- }
-
- spec {
- backend {
- service_name = "${helm_release.keycloak.name}-http"
- service_port = 80
- }
-
- rule {
- http {
- path {
- backend {
- service_name = "${helm_release.keycloak.name}-http"
- service_port = 80
- }
-
- path = "/auth"
- }
- }
- }
- tls {
- secret_name = "${helm_release.dlab_ui.name}-tls"
- }
- }
- depends_on = [helm_release.keycloak]
-}
\ No newline at end of file
+//resource "kubernetes_ingress" "keycloak_ingress" {
+// metadata {
+// name = "keycloak"
+// namespace = kubernetes_namespace.dlab-namespace.metadata[0].name
+// annotations = {
+// "kubernetes.io/ingress.class": "nginx"
+// "nginx.ingress.kubernetes.io/ssl-redirect": "true"
+// "nginx.ingress.kubernetes.io/rewrite-target": "/auth"
+// }
+// }
+//
+// spec {
+// backend {
+// service_name = "${helm_release.keycloak.name}-http"
+// service_port = 80
+// }
+//
+// rule {
+// http {
+// path {
+// backend {
+// service_name = "${helm_release.keycloak.name}-http"
+// service_port = 80
+// }
+//
+// path = "/auth"
+// }
+// }
+// }
+// tls {
+// secret_name = "${helm_release.dlab_ui.name}-tls"
+// }
+// }
+// depends_on = [helm_release.keycloak]
+//}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
index a7e09a1..a9a0084 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
@@ -83,7 +83,8 @@ variable "service_account_iam_roles" {
"roles/monitoring.viewer",
"roles/storage.objectViewer",
"roles/iam.serviceAccountTokenCreator",
- "roles/iam.serviceAccountKeyAdmin"
+ "roles/iam.serviceAccountKeyAdmin",
+ "roles/dns.admin"
]
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
