Skip to content

Commit 472f598

Browse files
ViczeiViczei
committed
feat(keycloak): expose via ingress with KC_HOSTNAME for browser OIDC redirect
1 parent 6095a7f commit 472f598

3 files changed

Lines changed: 44 additions & 3 deletions

File tree

.kontinuous/env/dev/templates/keycloak.deployment.yaml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,22 @@ spec:
2727
containers:
2828
- name: keycloak
2929
image: quay.io/keycloak/keycloak:26.0
30-
args:
31-
- start-dev
32-
- --import-realm
30+
command:
31+
- /bin/bash
32+
- -c
33+
- |
34+
export KC_HOSTNAME=https://keycloak-${POD_NAMESPACE}.ovh.fabrique.social.gouv.fr
35+
exec /opt/keycloak/bin/kc.sh start-dev --import-realm
3336
ports:
3437
- containerPort: 8080
3538
name: http
3639
env:
40+
- name: POD_NAMESPACE
41+
valueFrom:
42+
fieldRef:
43+
fieldPath: metadata.namespace
44+
- name: KC_PROXY_HEADERS
45+
value: xforwarded
3746
- name: KEYCLOAK_ADMIN
3847
value: admin
3948
- name: KEYCLOAK_ADMIN_PASSWORD

.kontinuous/env/dev/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,12 @@ app:
2828
MAILER_SMTP_HOST: maildev
2929
MAILER_SMTP_PORT: "1025"
3030
MAILER_SMTP_SSL: "False"
31+
EGAPRO_PROCONNECT_DISCOVERY_URL: "https://keycloak-{{ .Values.global.namespace }}.ovh.fabrique.social.gouv.fr/realms/egapro"
32+
EGAPRO_PROCONNECT_MANAGE_ORGANISATIONS_URL: "https://keycloak-{{ .Values.global.namespace }}.ovh.fabrique.social.gouv.fr/realms/egapro/account"
33+
EGAPRO_PROCONNECT_PERSONAL_INFORMATION_URL: "https://keycloak-{{ .Values.global.namespace }}.ovh.fabrique.social.gouv.fr/realms/egapro/account"
34+
35+
keycloak:
36+
enabled: true
3137

3238
maildev: {}
3339
pgweb: {}

.kontinuous/templates/keycloak.ingress.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{{- if .Values.keycloak }}
2+
{{- if .Values.keycloak.enabled }}
3+
apiVersion: networking.k8s.io/v1
4+
kind: Ingress
5+
metadata:
6+
name: keycloak
7+
annotations:
8+
kubernetes.io/ingress.class: nginx
9+
spec:
10+
tls:
11+
- hosts:
12+
- keycloak-{{ .Values.global.namespace }}.ovh.fabrique.social.gouv.fr
13+
secretName: api-crt
14+
rules:
15+
- host: keycloak-{{ .Values.global.namespace }}.ovh.fabrique.social.gouv.fr
16+
http:
17+
paths:
18+
- path: /
19+
pathType: Prefix
20+
backend:
21+
service:
22+
name: keycloak
23+
port:
24+
number: 8080
25+
{{- end }}
26+
{{- end }}

0 commit comments

Comments
 (0)