bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bstein:6ba509dbe18c97c75cdecef64969d8153c0fd8a5
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu
..
compare: bstein:89f4b0dbdfa1b40f0a0fc04da4b67fa09835574c
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu

No commits in common. "6ba509dbe18c97c75cdecef64969d8153c0fd8a5" and "89f4b0dbdfa1b40f0a0fc04da4b67fa09835574c" have entirely different histories.
6ba509dbe1 ... 89f4b0dbdf

17 changed files with 26 additions and 30 deletions
Show Stats Expand all files Collapse all files

2
services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: portal-onboarding-e2e-test-14
name: portal-onboarding-e2e-test-13
namespace: bstein-dev-home
spec:
backoffLimit: 0

24
services/gitea/deployment.yaml
View File

@ -67,9 +67,9 @@ spec:
- -c
- |
set -euo pipefail
CLIENT_ID="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_id)"
CLIENT_SECRET="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_secret)"
DISCOVERY_URL="$(tr -d '\r\n' </vault/secrets/gitea-oidc__openid_auto_discovery_url)"
CLIENT_ID="$(cat /vault/secrets/gitea-oidc__client_id)"
CLIENT_SECRET="$(cat /vault/secrets/gitea-oidc__client_secret)"
DISCOVERY_URL="$(cat /vault/secrets/gitea-oidc__openid_auto_discovery_url)"
APPINI=/data/gitea/conf/app.ini
BIN=/usr/local/bin/gitea
@ -78,7 +78,7 @@ spec:
if [ -n "$id" ]; then
echo "Updating existing auth source id=$id"
if ! $BIN -c "$APPINI" admin auth update-oauth \
$BIN -c "$APPINI" admin auth update-oauth \
--id "$id" \
--name keycloak \
--provider openidConnect \
@ -90,12 +90,10 @@ spec:
--required-claim-value "" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa; then
echo "OIDC update failed; continuing without blocking startup" >&2
fi
--skip-local-2fa
else
echo "Creating keycloak auth source"
if ! $BIN -c "$APPINI" admin auth add-oauth \
$BIN -c "$APPINI" admin auth add-oauth \
--name keycloak \
--provider openidConnect \
--key "$CLIENT_ID" \
@ -106,9 +104,7 @@ spec:
--required-claim-value "" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa; then
echo "OIDC create failed; continuing without blocking startup" >&2
fi
--skip-local-2fa
fi
volumeMounts:
- name: gitea-data
@ -137,9 +133,9 @@ spec:
args:
- |
set -euo pipefail
export GITEA__security__SECRET_KEY="$(tr -d '\r\n' </vault/secrets/gitea-secret__SECRET_KEY)"
export GITEA__security__INTERNAL_TOKEN="$(tr -d '\r\n' </vault/secrets/gitea-secret__INTERNAL_TOKEN)"
export DB_PASS="$(tr -d '\r\n' </vault/secrets/gitea-db-secret__password)"
export GITEA__security__SECRET_KEY="$(cat /vault/secrets/gitea-secret__SECRET_KEY)"
export GITEA__security__INTERNAL_TOKEN="$(cat /vault/secrets/gitea-secret__INTERNAL_TOKEN)"
export DB_PASS="$(cat /vault/secrets/gitea-db-secret__password)"
exec /usr/bin/entrypoint /usr/bin/s6-svscan /etc/s6
ports:
- containerPort: 3000

2
services/keycloak/endurain-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: endurain-oidc-secret-ensure-2
name: endurain-oidc-secret-ensure-1
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/harbor-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: harbor-oidc-secret-ensure-6
name: harbor-oidc-secret-ensure-5
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/ldap-federation-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-ldap-federation-8
name: keycloak-ldap-federation-7
namespace: sso
spec:
backoffLimit: 2

2
services/keycloak/logs-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: logs-oidc-secret-ensure-5
name: logs-oidc-secret-ensure-4
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -10,7 +10,7 @@ imagePullSecrets:
apiVersion: batch/v1
kind: Job
metadata:
name: mas-secrets-ensure-17
name: mas-secrets-ensure-16
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-client-5
name: keycloak-portal-e2e-client-4
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-execute-actions-email-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-execute-actions-email-8
name: keycloak-portal-e2e-execute-actions-email-7
namespace: sso
spec:
backoffLimit: 3

2
services/keycloak/portal-e2e-target-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-target-4
name: keycloak-portal-e2e-target-3
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-token-exchange-permissions-8
name: keycloak-portal-e2e-token-exchange-permissions-7
namespace: sso
spec:
backoffLimit: 6

2
services/keycloak/portal-e2e-token-exchange-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-token-exchange-test-4
name: keycloak-portal-e2e-token-exchange-test-3
namespace: sso
spec:
backoffLimit: 6

2
services/keycloak/realm-settings-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-realm-settings-20
name: keycloak-realm-settings-19
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: sparkyfitness-oidc-secret-ensure-2
name: sparkyfitness-oidc-secret-ensure-1
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/synapse-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: synapse-oidc-secret-ensure-7
name: synapse-oidc-secret-ensure-6
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/user-overrides-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-user-overrides-4
name: keycloak-user-overrides-3
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/vault-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: vault-oidc-secret-ensure-4
name: vault-oidc-secret-ensure-3
namespace: sso
spec:
backoffLimit: 0