diff --git a/services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml b/services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml index 9a1c7ccb..b1f195fa 100644 --- a/services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml +++ b/services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml @@ -73,7 +73,7 @@ spec: CLIENT_ID="$(echo "$CLIENT_QUERY" | jq -r '.[0].id' 2>/dev/null || true)" if [ -z "$CLIENT_ID" ] || [ "$CLIENT_ID" = "null" ]; then - create_payload='{"clientId":"metis","enabled":true,"protocol":"openid-connect","publicClient":false,"standardFlowEnabled":true,"implicitFlowEnabled":false,"directAccessGrantsEnabled":false,"serviceAccountsEnabled":false,"redirectUris":["https://sentinel.bstein.dev/oauth2/callback"],"webOrigins":["https://sentinel.bstein.dev"],"rootUrl":"https://sentinel.bstein.dev","baseUrl":"/"}' + create_payload='{"clientId":"metis","enabled":true,"protocol":"openid-connect","publicClient":false,"standardFlowEnabled":true,"implicitFlowEnabled":false,"directAccessGrantsEnabled":false,"serviceAccountsEnabled":false,"redirectUris":["https://recovery.bstein.dev/oauth2/callback"],"webOrigins":["https://recovery.bstein.dev"],"rootUrl":"https://recovery.bstein.dev","baseUrl":"/"}' status="$(curl -sS -o /dev/null -w "%{http_code}" -X POST \ -H "Authorization: Bearer ${ACCESS_TOKEN}" \ -H 'Content-Type: application/json' \ @@ -121,7 +121,7 @@ spec: fi fi - update_payload='{"enabled":true,"clientId":"metis","protocol":"openid-connect","publicClient":false,"standardFlowEnabled":true,"implicitFlowEnabled":false,"directAccessGrantsEnabled":false,"serviceAccountsEnabled":false,"redirectUris":["https://sentinel.bstein.dev/oauth2/callback"],"webOrigins":["https://sentinel.bstein.dev"],"rootUrl":"https://sentinel.bstein.dev","baseUrl":"/"}' + update_payload='{"enabled":true,"clientId":"metis","protocol":"openid-connect","publicClient":false,"standardFlowEnabled":true,"implicitFlowEnabled":false,"directAccessGrantsEnabled":false,"serviceAccountsEnabled":false,"redirectUris":["https://recovery.bstein.dev/oauth2/callback"],"webOrigins":["https://recovery.bstein.dev"],"rootUrl":"https://recovery.bstein.dev","baseUrl":"/"}' status="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT \ -H "Authorization: Bearer ${ACCESS_TOKEN}" \ -H 'Content-Type: application/json' \ diff --git a/services/maintenance/metis-certificate.yaml b/services/maintenance/metis-certificate.yaml index 88c6bec4..b7cf0f81 100644 --- a/services/maintenance/metis-certificate.yaml +++ b/services/maintenance/metis-certificate.yaml @@ -2,12 +2,12 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: sentinel-tls + name: recovery-tls namespace: maintenance spec: - secretName: sentinel-tls + secretName: recovery-tls issuerRef: kind: ClusterIssuer name: letsencrypt dnsNames: - - sentinel.bstein.dev + - recovery.bstein.dev diff --git a/services/maintenance/metis-ingress.yaml b/services/maintenance/metis-ingress.yaml index 50905f5f..193b0f12 100644 --- a/services/maintenance/metis-ingress.yaml +++ b/services/maintenance/metis-ingress.yaml @@ -12,10 +12,10 @@ metadata: spec: ingressClassName: traefik tls: - - hosts: ["sentinel.bstein.dev"] - secretName: sentinel-tls + - hosts: ["recovery.bstein.dev"] + secretName: recovery-tls rules: - - host: sentinel.bstein.dev + - host: recovery.bstein.dev http: paths: - path: / diff --git a/services/maintenance/oauth2-proxy-metis.yaml b/services/maintenance/oauth2-proxy-metis.yaml index ce0c841b..eba18a4c 100644 --- a/services/maintenance/oauth2-proxy-metis.yaml +++ b/services/maintenance/oauth2-proxy-metis.yaml @@ -74,7 +74,7 @@ spec: args: - --provider=oidc - --config=/vault/secrets/oidc-config - - --redirect-url=https://sentinel.bstein.dev/oauth2/callback + - --redirect-url=https://recovery.bstein.dev/oauth2/callback - --oidc-issuer-url=https://sso.bstein.dev/realms/atlas - --scope=openid profile email groups - --email-domain=* @@ -96,7 +96,7 @@ spec: - --approval-prompt=auto - --skip-jwt-bearer-tokens=true - --oidc-groups-claim=groups - - --cookie-domain=sentinel.bstein.dev + - --cookie-domain=recovery.bstein.dev ports: - containerPort: 4180 name: http