bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bstein:89f4b0dbdfa1b40f0a0fc04da4b67fa09835574c
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu
...
compare: bstein:6ba509dbe18c97c75cdecef64969d8153c0fd8a5
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu

3 Commits
89f4b0dbdf ... 6ba509dbe1

Author SHA1 Message Date
Brad Stein
6ba509dbe1 gitea: tolerate oidc init failures 2026-01-14 13:46:34 -03:00
Brad Stein
ab50780f49 gitea: trim vault secret newlines 2026-01-14 13:43:56 -03:00
Brad Stein
9c16d0fbc0 keycloak: bump job names 2026-01-14 13:42:08 -03:00
17 changed files with 30 additions and 26 deletions
Show Stats Expand all files Collapse all files

2
services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: portal-onboarding-e2e-test-13
name: portal-onboarding-e2e-test-14
namespace: bstein-dev-home
spec:
backoffLimit: 0

24
services/gitea/deployment.yaml
View File

@ -67,9 +67,9 @@ spec:
- -c
- |
set -euo pipefail
CLIENT_ID="$(cat /vault/secrets/gitea-oidc__client_id)"
CLIENT_SECRET="$(cat /vault/secrets/gitea-oidc__client_secret)"
DISCOVERY_URL="$(cat /vault/secrets/gitea-oidc__openid_auto_discovery_url)"
CLIENT_ID="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_id)"
CLIENT_SECRET="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_secret)"
DISCOVERY_URL="$(tr -d '\r\n' </vault/secrets/gitea-oidc__openid_auto_discovery_url)"
APPINI=/data/gitea/conf/app.ini
BIN=/usr/local/bin/gitea
@ -78,7 +78,7 @@ spec:
if [ -n "$id" ]; then
echo "Updating existing auth source id=$id"
$BIN -c "$APPINI" admin auth update-oauth \
if ! $BIN -c "$APPINI" admin auth update-oauth \
--id "$id" \
--name keycloak \
--provider openidConnect \
@ -90,10 +90,12 @@ spec:
--required-claim-value "" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa
--skip-local-2fa; then
echo "OIDC update failed; continuing without blocking startup" >&2
fi
else
echo "Creating keycloak auth source"
$BIN -c "$APPINI" admin auth add-oauth \
if ! $BIN -c "$APPINI" admin auth add-oauth \
--name keycloak \
--provider openidConnect \
--key "$CLIENT_ID" \
@ -104,7 +106,9 @@ spec:
--required-claim-value "" \
--group-claim-name groups \
--admin-group admin \
--skip-local-2fa
--skip-local-2fa; then
echo "OIDC create failed; continuing without blocking startup" >&2
fi
fi
volumeMounts:
- name: gitea-data
@ -133,9 +137,9 @@ spec:
args:
- |
set -euo pipefail
export GITEA__security__SECRET_KEY="$(cat /vault/secrets/gitea-secret__SECRET_KEY)"
export GITEA__security__INTERNAL_TOKEN="$(cat /vault/secrets/gitea-secret__INTERNAL_TOKEN)"
export DB_PASS="$(cat /vault/secrets/gitea-db-secret__password)"
export GITEA__security__SECRET_KEY="$(tr -d '\r\n' </vault/secrets/gitea-secret__SECRET_KEY)"
export GITEA__security__INTERNAL_TOKEN="$(tr -d '\r\n' </vault/secrets/gitea-secret__INTERNAL_TOKEN)"
export DB_PASS="$(tr -d '\r\n' </vault/secrets/gitea-db-secret__password)"
exec /usr/bin/entrypoint /usr/bin/s6-svscan /etc/s6
ports:
- containerPort: 3000

2
services/keycloak/endurain-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: endurain-oidc-secret-ensure-1
name: endurain-oidc-secret-ensure-2
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/harbor-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: harbor-oidc-secret-ensure-5
name: harbor-oidc-secret-ensure-6
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/ldap-federation-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-ldap-federation-7
name: keycloak-ldap-federation-8
namespace: sso
spec:
backoffLimit: 2

2
services/keycloak/logs-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: logs-oidc-secret-ensure-4
name: logs-oidc-secret-ensure-5
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -10,7 +10,7 @@ imagePullSecrets:
apiVersion: batch/v1
kind: Job
metadata:
name: mas-secrets-ensure-16
name: mas-secrets-ensure-17
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-client-4
name: keycloak-portal-e2e-client-5
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-execute-actions-email-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-execute-actions-email-7
name: keycloak-portal-e2e-execute-actions-email-8
namespace: sso
spec:
backoffLimit: 3

2
services/keycloak/portal-e2e-target-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-target-3
name: keycloak-portal-e2e-target-4
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-token-exchange-permissions-7
name: keycloak-portal-e2e-token-exchange-permissions-8
namespace: sso
spec:
backoffLimit: 6

2
services/keycloak/portal-e2e-token-exchange-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-portal-e2e-token-exchange-test-3
name: keycloak-portal-e2e-token-exchange-test-4
namespace: sso
spec:
backoffLimit: 6

2
services/keycloak/realm-settings-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-realm-settings-19
name: keycloak-realm-settings-20
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: sparkyfitness-oidc-secret-ensure-1
name: sparkyfitness-oidc-secret-ensure-2
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/synapse-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: synapse-oidc-secret-ensure-6
name: synapse-oidc-secret-ensure-7
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/user-overrides-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: keycloak-user-overrides-3
name: keycloak-user-overrides-4
namespace: sso
spec:
backoffLimit: 0

2
services/keycloak/vault-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: vault-oidc-secret-ensure-3
name: vault-oidc-secret-ensure-4
namespace: sso
spec:
backoffLimit: 0