bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: bstein:89f4b0dbdfa1b40f0a0fc04da4b67fa09835574c
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu
...
compare: bstein:6ba509dbe18c97c75cdecef64969d8153c0fd8a5
Branches Tags
bstein:main
bstein:feature/ariadne
bstein:feature/pi-usb-scratch-rollout
bstein:feature/sso-hardening
bstein:codex/titan-iac-work-quality-gate
bstein:codex/titan-iac-main-platform-metrics
bstein:codex/titan-iac-platform-metrics
bstein:feature/atlas-jobs-schedule-observability
bstein:lane2/jenkins-cleanup-activate
bstein:lane2/jenkins-cleanup-wiring-split
bstein:codex-ananke-fixes
bstein:feature/atlasbot-ananke-recovery
bstein:feature/atlasbot
bstein:feature/ci-gitops
bstein:deploy
bstein:feature/vault-consumption
bstein:feature/postgres-migration
bstein:feature/bstein-dev-home
bstein:feature/mailu
bstein:feature/sso
bstein:feature/atlas-monitoring
bstein:restructure/hybrid-clusters
bstein:fea/titan24-gpu

3 Commits
89f4b0dbdf ... 6ba509dbe1

Author SHA1 Message Date
Brad Stein
6ba509dbe1 gitea: tolerate oidc init failures 2026-01-14 13:46:34 -03:00
Brad Stein
ab50780f49 gitea: trim vault secret newlines 2026-01-14 13:43:56 -03:00
Brad Stein
9c16d0fbc0 keycloak: bump job names 2026-01-14 13:42:08 -03:00
17 changed files with 30 additions and 26 deletions
Show Stats Expand all files Collapse all files

2
services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: portal-onboarding-e2e-test-13 name: portal-onboarding-e2e-test-14
namespace: bstein-dev-home namespace: bstein-dev-home
spec: spec:
backoffLimit: 0 backoffLimit: 0

24
services/gitea/deployment.yaml
View File

@ -67,9 +67,9 @@ spec:
- -c - -c
- | - |
set -euo pipefail set -euo pipefail
CLIENT_ID="$(cat /vault/secrets/gitea-oidc__client_id)" CLIENT_ID="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_id)"
CLIENT_SECRET="$(cat /vault/secrets/gitea-oidc__client_secret)" CLIENT_SECRET="$(tr -d '\r\n' </vault/secrets/gitea-oidc__client_secret)"
DISCOVERY_URL="$(cat /vault/secrets/gitea-oidc__openid_auto_discovery_url)" DISCOVERY_URL="$(tr -d '\r\n' </vault/secrets/gitea-oidc__openid_auto_discovery_url)"
APPINI=/data/gitea/conf/app.ini APPINI=/data/gitea/conf/app.ini
BIN=/usr/local/bin/gitea BIN=/usr/local/bin/gitea
@ -78,7 +78,7 @@ spec:
if [ -n "$id" ]; then if [ -n "$id" ]; then
echo "Updating existing auth source id=$id" echo "Updating existing auth source id=$id"
$BIN -c "$APPINI" admin auth update-oauth \ if ! $BIN -c "$APPINI" admin auth update-oauth \
--id "$id" \ --id "$id" \
--name keycloak \ --name keycloak \
--provider openidConnect \ --provider openidConnect \
@ -90,10 +90,12 @@ spec:
--required-claim-value "" \ --required-claim-value "" \
--group-claim-name groups \ --group-claim-name groups \
--admin-group admin \ --admin-group admin \
--skip-local-2fa --skip-local-2fa; then
echo "OIDC update failed; continuing without blocking startup" >&2
fi
else else
echo "Creating keycloak auth source" echo "Creating keycloak auth source"
$BIN -c "$APPINI" admin auth add-oauth \ if ! $BIN -c "$APPINI" admin auth add-oauth \
--name keycloak \ --name keycloak \
--provider openidConnect \ --provider openidConnect \
--key "$CLIENT_ID" \ --key "$CLIENT_ID" \
@ -104,7 +106,9 @@ spec:
--required-claim-value "" \ --required-claim-value "" \
--group-claim-name groups \ --group-claim-name groups \
--admin-group admin \ --admin-group admin \
--skip-local-2fa --skip-local-2fa; then
echo "OIDC create failed; continuing without blocking startup" >&2
fi
fi fi
volumeMounts: volumeMounts:
- name: gitea-data - name: gitea-data
@ -133,9 +137,9 @@ spec:
args: args:
- | - |
set -euo pipefail set -euo pipefail
export GITEA__security__SECRET_KEY="$(cat /vault/secrets/gitea-secret__SECRET_KEY)" export GITEA__security__SECRET_KEY="$(tr -d '\r\n' </vault/secrets/gitea-secret__SECRET_KEY)"
export GITEA__security__INTERNAL_TOKEN="$(cat /vault/secrets/gitea-secret__INTERNAL_TOKEN)" export GITEA__security__INTERNAL_TOKEN="$(tr -d '\r\n' </vault/secrets/gitea-secret__INTERNAL_TOKEN)"
export DB_PASS="$(cat /vault/secrets/gitea-db-secret__password)" export DB_PASS="$(tr -d '\r\n' </vault/secrets/gitea-db-secret__password)"
exec /usr/bin/entrypoint /usr/bin/s6-svscan /etc/s6 exec /usr/bin/entrypoint /usr/bin/s6-svscan /etc/s6
ports: ports:
- containerPort: 3000 - containerPort: 3000

2
services/keycloak/endurain-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: endurain-oidc-secret-ensure-1 name: endurain-oidc-secret-ensure-2
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/harbor-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: harbor-oidc-secret-ensure-5 name: harbor-oidc-secret-ensure-6
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/ldap-federation-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-ldap-federation-7 name: keycloak-ldap-federation-8
namespace: sso namespace: sso
spec: spec:
backoffLimit: 2 backoffLimit: 2

2
services/keycloak/logs-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: logs-oidc-secret-ensure-4 name: logs-oidc-secret-ensure-5
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/mas-secrets-ensure-job.yaml
View File

@ -10,7 +10,7 @@ imagePullSecrets:
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: mas-secrets-ensure-16 name: mas-secrets-ensure-17
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/portal-e2e-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-client-4 name: keycloak-portal-e2e-client-5
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/portal-e2e-execute-actions-email-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-execute-actions-email-7 name: keycloak-portal-e2e-execute-actions-email-8
namespace: sso namespace: sso
spec: spec:
backoffLimit: 3 backoffLimit: 3

2
services/keycloak/portal-e2e-target-client-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-target-3 name: keycloak-portal-e2e-target-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/portal-e2e-token-exchange-permissions-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-token-exchange-permissions-7 name: keycloak-portal-e2e-token-exchange-permissions-8
namespace: sso namespace: sso
spec: spec:
backoffLimit: 6 backoffLimit: 6

2
services/keycloak/portal-e2e-token-exchange-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-portal-e2e-token-exchange-test-3 name: keycloak-portal-e2e-token-exchange-test-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 6 backoffLimit: 6

2
services/keycloak/realm-settings-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-realm-settings-19 name: keycloak-realm-settings-20
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/sparkyfitness-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: sparkyfitness-oidc-secret-ensure-1 name: sparkyfitness-oidc-secret-ensure-2
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/synapse-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: synapse-oidc-secret-ensure-6 name: synapse-oidc-secret-ensure-7
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/user-overrides-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: keycloak-user-overrides-3 name: keycloak-user-overrides-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0

2
services/keycloak/vault-oidc-secret-ensure-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: vault-oidc-secret-ensure-3 name: vault-oidc-secret-ensure-4
namespace: sso namespace: sso
spec: spec:
backoffLimit: 0 backoffLimit: 0