This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-1158
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-1158 by this push:
new 3b9f28c added gcp gke deploying
3b9f28c is described below
commit 3b9f28cf09ac222679cfe2899c49cd4d47af0380
Author: Oleh Martushevskyi <oleh_martushevs...@epam.com>
AuthorDate: Fri Dec 20 11:26:33 2019 +0200
added gcp gke deploying
---
.../terraform/gcp/endpoint/main/main.tf | 2 +-
.../terraform/gcp/endpoint/main/variables.tf | 2 +-
.../terraform/gcp/ssn-gke/main/main.tf | 2 ++
.../dlab-ui-chart/templates/configmap-ui-conf.yaml | 4 ++--
.../modules/helm_charts/dlab-ui-chart/values.yaml | 2 ++
.../gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf | 2 ++
.../modules/helm_charts/files/configure_keycloak.sh | 20 ++++++++++----------
.../gcp/ssn-gke/main/modules/helm_charts/keycloak.tf | 2 ++
.../ssn-gke/main/modules/helm_charts/variables.tf | 4 ++++
.../terraform/gcp/ssn-gke/main/outputs.tf | 4 ++--
.../terraform/gcp/ssn-gke/main/variables.tf | 8 ++++++++
11 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf
b/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf
index 3eab2a5..9d69110 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/main.tf
@@ -21,7 +21,7 @@
provider "google" {
credentials = file(var.creds_file)
- project = var.project_id
+ project = var.gcp_project_id
region = var.region
zone = var.zone
}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
index 5d62063..6ef2466 100644
--- a/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/endpoint/main/variables.tf
@@ -19,7 +19,7 @@
#
#
******************************************************************************
-variable "project_id" {
+variable "gcp_project_id" {
default = ""
}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
index c1fe060..6521774 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/main.tf
@@ -75,4 +75,6 @@ module "helm_charts" {
custom_key_path = var.custom_key_path
mysql_disk_size = var.mysql_disk_size
domain = var.domain
+ keycloak_realm_name = var.keycloak_realm_name
+ keycloak_client_id = var.keycloak_client_id
}
\ No newline at end of file
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml
index 12c2176..ac96e8b 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/templates/configmap-ui-conf.yaml
@@ -216,13 +216,13 @@ data:
keycloakConfiguration:
redirectUri: {{ .Values.ui.keycloak.redirect_uri }}
- realm: dlab
+ realm: {{ .Values.ui.keycloak.realm_name }}
bearer-only: true
auth-server-url: ${KEYCLOAK_AUTH_URL}
ssl-required: none
register-node-at-startup: true
register-node-period: 600
- resource: dlab-ui
+ resource: {{ .Values.ui.keycloak.client_id }}
credentials:
secret: ${KEYCLOAK_CLIENT_SECRET}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
index 2d12be7..4f11f1b 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui-chart/values.yaml
@@ -56,6 +56,8 @@ ui:
keycloak:
auth_server_url: https://${ssn_k8s_alb_dns_name}/auth
redirect_uri: https://${ssn_k8s_alb_dns_name}/
+ realm_name: ${keycloak_realm_name}
+ client_id: ${keycloak_client_id}
custom_certs:
enabled: ${custom_certs_enabled}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
index aef6881..93899d4 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/dlab-ui.tf
@@ -43,6 +43,8 @@ data "template_file" "dlab_ui_values" {
custom_certs_crt = local.custom_cert
custom_certs_key = local.custom_key
step_ca_crt =
lookup(data.external.step-ca-config-values.result, "rootCa")
+ keycloak_realm_name = var.keycloak_realm_name
+ keycloak_client_id = var.keycloak_client_id
}
}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh
index 40039a1..309c37c 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/files/configure_keycloak.sh
@@ -27,16 +27,16 @@
--user ${keycloak_user} --password ${keycloak_password} > /dev/null
&& echo "true" || echo "false")
}
check_realm () {
- RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab > /dev/null
&& echo "true" || echo "false")
+ RUN=$(/opt/jboss/keycloak/bin/kcadm.sh get
realms/${keycloak_realm_name} > /dev/null && echo "true" || echo "false")
}
configure_keycloak () {
# Create Realm
- /opt/jboss/keycloak/bin/kcadm.sh create realms -s realm=dlab -s
enabled=true -s loginTheme=dlab \
+ /opt/jboss/keycloak/bin/kcadm.sh create realms -s
realm=${keycloak_realm_name} -s enabled=true -s loginTheme=dlab \
-s sslRequired=none
# Get realm ID
- dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get realms/dlab |
/usr/bin/jq -r '.id')
+ dlab_realm_id=$(/opt/jboss/keycloak/bin/kcadm.sh get
realms/${keycloak_realm_name} | /usr/bin/jq -r '.id')
# Create user federation
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s
name=dlab-ldap -s providerId=ldap \
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r
${keycloak_realm_name} -s name=dlab-ldap -s providerId=ldap \
-s providerType=org.keycloak.storage.UserStorageProvider -s
parentId=$dlab_realm_id -s 'config.priority=["1"]' \
-s 'config.fullSyncPeriod=["-1"]' -s
'config.changedSyncPeriod=["-1"]' -s 'config.cachePolicy=["DEFAULT"]' \
-s config.evictionDay=[] -s config.evictionHour=[] -s
config.evictionMinute=[] -s config.maxLifespan=[] -s \
@@ -50,15 +50,15 @@
-s 'config.useTruststoreSpi=["ldapsOnly"]' -s
'config.connectionPooling=["true"]' \
-s 'config.pagination=["true"]' --server http://127.0.0.1:8080/auth
# Get user federation ID
- user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r dlab
--query name=dlab-ldap | /usr/bin/jq -er '.[].id')
+ user_f_id=$(/opt/jboss/keycloak/bin/kcadm.sh get components -r
${keycloak_realm_name} --query name=dlab-ldap | /usr/bin/jq -er '.[].id')
# Create user federation email mapper
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s
name=uid-attribute-to-email-mapper \
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r
${keycloak_realm_name} -s name=uid-attribute-to-email-mapper \
-s providerId=user-attribute-ldap-mapper -s
providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper \
-s parentId=$user_f_id -s 'config."user.model.attribute"=["email"]' \
-s 'config."ldap.attribute"=["uid"]' -s
'config."read.only"=["false"]' \
-s 'config."always.read.value.from.ldap"=["false"]' -s
'config."is.mandatory.in.ldap"=["false"]'
# Create user federation group mapper
- /opt/jboss/keycloak/bin/kcadm.sh create components -r dlab -s
name=group_mapper -s providerId=group-ldap-mapper \
+ /opt/jboss/keycloak/bin/kcadm.sh create components -r
${keycloak_realm_name} -s name=group_mapper -s providerId=group-ldap-mapper \
-s providerType=org.keycloak.storage.ldap.mappers.LDAPStorageMapper
-s parentId=$user_f_id \
-s 'config."groups.dn"=["ou=Groups,${ldap_dn}"]' -s
'config."group.name.ldap.attribute"=["cn"]' \
-s 'config."group.object.classes"=["posixGroup"]' -s
'config."preserve.group.inheritance"=["false"]' \
@@ -67,14 +67,14 @@
-s
'config."user.roles.retrieve.strategy"=["LOAD_GROUPS_BY_MEMBER_ATTRIBUTE"]' \
-s 'config."mapped.group.attributes"=[]' -s
'config."drop.non.existing.groups.during.sync"=["false"]'
# Create client
- /opt/jboss/keycloak/bin/kcadm.sh create clients -r dlab -s
clientId=dlab-ui -s enabled=true -s \
+ /opt/jboss/keycloak/bin/kcadm.sh create clients -r
${keycloak_realm_name} -s clientId=${keycloak_client_id} -s enabled=true -s \
'redirectUris=["https://${ssn_k8s_alb_dns_name}/";]' -s
secret=${keycloak_client_secret} -s \
serviceAccountsEnabled=true
# Get clint ID
- client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r dlab
--query clientId=dlab-ui | /usr/bin/jq -er '.[].id')
+ client_id=$(/opt/jboss/keycloak/bin/kcadm.sh get clients -r
${keycloak_realm_name} --query clientId=${keycloak_client_id} | /usr/bin/jq -er
'.[].id')
# Create client mapper
/opt/jboss/keycloak/bin/kcadm.sh create
clients/$client_id/protocol-mappers/models \
- -r dlab -s name=group_mapper -s protocol=openid-connect -s
protocolMapper="oidc-group-membership-mapper" \
+ -r ${keycloak_realm_name} -s name=group_mapper -s
protocol=openid-connect -s protocolMapper="oidc-group-membership-mapper" \
-s 'config."full.path"="false"' -s 'config."id.token.claim"="true"'
-s 'config."access.token.claim"="true"' \
-s 'config."claim.name"="groups"' -s
'config."userinfo.token.claim"="true"'
}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
index 7b8e01d..e07f693 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/keycloak.tf
@@ -34,6 +34,8 @@ data "template_file" "configure_keycloak" {
ldap_dn = var.ldap_dn
ldap_user = var.ldap_user
ldap_bind_creds = var.ldap_bind_creds
+ keycloak_realm_name = var.keycloak_realm_name
+ keycloak_client_id = var.keycloak_client_id
}
}
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
index c9d3382..be4f82c 100644
---
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
+++
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/modules/helm_charts/variables.tf
@@ -82,3 +82,7 @@ variable "custom_certs_host" {}
variable "mysql_disk_size" {}
variable "domain" {}
+
+variable "keycloak_realm_name" {}
+
+variable "keycloak_client_id" {}
diff --git a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf
index 95a7e1a..1a2028b 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/outputs.tf
@@ -36,7 +36,7 @@ output "keycloak_client_secret" {
}
output "keycloak_client_id" {
- value = "dlab-ui"
+ value = var.keycloak_client_id
}
output "ssn_ui_host" {
@@ -64,7 +64,7 @@ output "keycloak_auth_server_url" {
}
output "keycloak_realm_name" {
- value = "dlab"
+ value = var.keycloak_realm_name
}
output "keycloak_user_name" {
diff --git
a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
index 40ca86b..fbecd7c 100644
--- a/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
+++ b/infrastructure-provisioning/terraform/gcp/ssn-gke/main/variables.tf
@@ -194,3 +194,11 @@ variable "mysql_disk_size" {
variable "domain" {
default = ""
}
+
+variable "keycloak_realm_name" {
+ default = "dlab"
+}
+
+variable "keycloak_client_id" {
+ default = "dlab-ui"
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@dlab.apache.org
For additional commands, e-mail: commits-h...@dlab.apache.org
