chore: configure ingress for Keycloak

api-platform · Nov 15, 2023 · ea534df · ea534df
1 parent 967b9fd
commit ea534df
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 9 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -130,8 +130,14 @@ jobs:
             --set=pwa.image.tag=${{ inputs.docker-images-version }} \
             --set=pwa.image.pullPolicy=Always \
             --set=ingress.hosts[0].host=${{ inputs.url }} \
-            --set=ingress.hosts[0].paths[0].path=/* \
-            --set=ingress.hosts[0].paths[0].pathType=ImplementationSpecific \
+            --set=ingress.hosts[0].paths[0].path=/oidc \
+            --set=ingress.hosts[0].paths[0].pathType=Prefix \
+            --set=ingress.hosts[0].paths[0].backend.service.name=${{ inputs.namespace }}-keycloak \
+            --set=ingress.hosts[0].paths[0].backend.service.port.number=80 \
+            --set=ingress.hosts[0].paths[1].path=/ \
+            --set=ingress.hosts[0].paths[1].pathType=Prefix \
+            --set=ingress.hosts[0].paths[1].backend.service.name=${{ inputs.namespace }}-api-platform \
+            --set=ingress.hosts[0].paths[1].backend.service.port.number=80 \
             --set=external-dns.cloudflare.apiToken=${{ secrets.cloudflare-api-token }} \
             --set=external-dns.domainFilters={"${{ inputs.url }}"} \
             --set=external-dns.zoneIdFilters={${{ secrets.cloudflare-zone-id }}} \

diff --git a/helm/api-platform/templates/configmap.yaml b/helm/api-platform/templates/configmap.yaml
@@ -15,7 +15,7 @@ data:
   mercure-extra-directives: {{ .Values.mercure.extraDirectives | quote }}
   caddy-global-options: {{ .Values.php.caddyGlobalOptions | quote }}
   oidc-server-url: "https://{{ (first .Values.ingress.hosts).host }}/oidc/realms/demo"
-  oidc-server-url-internal: "http://{{ include "api-platform.fullname" . }}/oidc/realms/demo"
+  oidc-server-url-internal: {{ printf "http://%s-keycloak/oidc/realms/demo" .Release.Name | quote }}
   next-auth-url: "https://{{ (first .Values.ingress.hosts).host }}/api/auth"
   pwa-client-id: {{ .Values.pwa.oidcClientId | quote }}
 

diff --git a/helm/api-platform/templates/deployment.yaml b/helm/api-platform/templates/deployment.yaml
@@ -50,6 +50,16 @@ spec:
                 secretKeyRef:
                   name: {{ include "api-platform.fullname" . }}
                   key: mercure-jwt-secret
+            - name: OIDC_SERVER_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ include "api-platform.fullname" . }}
+                  key: oidc-server-url
+            - name: OIDC_SERVER_URL_INTERNAL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ include "api-platform.fullname" . }}
+                  key: oidc-server-url-internal
             - name: TRUSTED_HOSTS
               valueFrom:
                 configMapKeyRef:

diff --git a/helm/api-platform/templates/ingress.yaml b/helm/api-platform/templates/ingress.yaml
@@ -49,12 +49,12 @@ spec:
             backend:
               {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
-                name: {{ $fullName }}
+                name: {{- .backend.service.name | default $fullName -}}
                 port:
-                  number: {{ $svcPort }}
+                  number: {{- .backend.service.port.number | default $svcPort -}}
               {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
+              serviceName: {{- .backend.serviceName | default $fullName -}}
+              servicePort: {{- .backend.servicePort | default $svcPort -}}
               {{- end }}
           {{- end }}
     {{- end }}

diff --git a/helm/api-platform/values.yaml b/helm/api-platform/values.yaml
@@ -101,7 +101,7 @@ keycloak:
     limits:
       memory: 500Mi
   service:
-    type: ClusterIP
+    type: NodePort
   extraEnvVars:
     # Must set KC_HOSTNAME_URL to force https + relative path
     - name: KC_HOSTNAME_URL
@@ -214,7 +214,21 @@ ingress:
     # kubernetes.io/tls-acme: "true"
   hosts:
     - host: chart-example.local
-      paths: []
+      paths:
+        - path: /oidc
+          pathType: Prefix
+          backend:
+            service:
+              name: main-keycloak
+              port:
+                number: 80
+        - path: /
+          pathType: Prefix
+          backend:
+            service:
+              name: main-api-platform
+              port:
+                number: 80
   tls: []
   #  - secretName: chart-example-tls
   #    hosts: