Commit d4f59f88 authored by Siarhei Symanovich (EPAM)'s avatar Siarhei Symanovich (EPAM) Committed by Oleksandr Kosse (EPAM)
Browse files

GONRG-4577-airflow-keycloak-bootstrap

parent 5168e263
......@@ -16,9 +16,10 @@ source ./validate-env.sh "POSTGRESQL_PASSWORD"
source ./validate-env.sh "POSTGRESQL_DATABASE"
source ./validate-env.sh "DATA_PARTITION_ID"
source ./validate-env.sh "POSTGRESQL_FILE_LOCATION_KIND"
source ./validate-env.sh "KEYCLOAK_SERVICE_URL"
source ./validate-env.sh "KEYCLOAK_SERVICE"
source ./validate-env.sh "KEYCLOAK_ADMIN_PASSWORD"
source ./validate-env.sh "KEYCLOAK_REALM_NAME"
source ./validate-env.sh "KEYCLOAK_AIRFLOW_CLIENT_SECRET"
source ./validate-env.sh "KEYCLOAK_INDEXER_CLIENT_SECRET"
source ./validate-env.sh "KEYCLOAK_CATALOG_CLIENT_SECRET"
source ./validate-env.sh "KEYCLOAK_CONVERSION_CLIENT_SECRET"
......
......@@ -21,4 +21,5 @@ fi
DIRNAME=$(dirname "$RESOLVED_NAME")
java "$KC_OPTS" -cp "$DIRNAME"/keycloak-admin-cli-16.1.1.jar org.keycloak.client.admin.cli.KcAdmMain "$@"
# shellcheck disable=SC2086
java $KC_OPTS -cp "$DIRNAME"/keycloak-admin-cli-16.1.1.jar org.keycloak.client.admin.cli.KcAdmMain "$@"
......@@ -5,6 +5,7 @@ set -ex
# List of service accounts and passwords
cat << EOF > /tmp/ServiceAccounts.json
{
"airflow": "${KEYCLOAK_AIRFLOW_CLIENT_SECRET}",
"indexer": "${KEYCLOAK_INDEXER_CLIENT_SECRET}",
"catalog": "${KEYCLOAK_CATALOG_CLIENT_SECRET}",
"conversion": "${KEYCLOAK_CONVERSION_CLIENT_SECRET}",
......@@ -14,13 +15,13 @@ cat << EOF > /tmp/ServiceAccounts.json
}
EOF
while [ "$(curl -s -w "%{http_code}\n" http://"$KEYCLOAK_SERVICE_URL"/auth -o /dev/null)" -eq 503 ]
while [ "$(curl -s -w "%{http_code}\n" http://"$KEYCLOAK_SERVICE"/auth -o /dev/null)" -eq 503 ]
do
echo "Keycloak is configuring ..." && sleep 1
done
#Create realm
/opt/keycloak/kcadm.sh config credentials --server http://"$KEYCLOAK_SERVICE_URL"/auth --realm master --user user --password "$KEYCLOAK_ADMIN_PASSWORD" --config /tmp/key.config
/opt/keycloak/kcadm.sh config credentials --server http://"$KEYCLOAK_SERVICE"/auth --realm master --user user --password "$KEYCLOAK_ADMIN_PASSWORD" --config /tmp/key.config
/opt/keycloak/kcadm.sh create realms -s realm="$KEYCLOAK_REALM_NAME" -s accessTokenLifespan=3600 -s displayName="$KEYCLOAK_REALM_NAME Realm" -s enabled=true --config /tmp/key.config
# Create service accounts(clients)
......
......@@ -40,6 +40,9 @@ Packages are only needed for installation from local computer.
|**bootstrap.infra.image.repository** | Repository of bootstrap image| string | - | yes |
|**bootstrap.infra.image.tag** | Tag of bootstrap image | string | - | yes |
|**bootstrap.infra.secret.dataPartitionId** | Data Partition ID | string | - | yes |
|**bootstrap.infra.secret.keycloakService** | Defines DNS(service name) to keycloak | string | keycloak.default.svc.cluster.local | yes|
|**bootstrap.infra.secret.keycloakRealmName** | Defines realm name. | string | osdu | yes|
|**bootstrap.infra.secret.keycloakAirflow** | Airflow service account secret in Keycloak| string | - | yes |
|**bootstrap.infra.secret.keycloakIndexer** | Indexer service account secret in Keycloak| string | - | yes |
|**bootstrap.infra.secret.keycloakCatalog** | Catalog service account secret in Keycloak | string | - | yes |
|**bootstrap.infra.secret.keycloakConversion** | Conversion service account secret in Keycloak | string | - | yes |
......@@ -59,8 +62,6 @@ Packages are only needed for installation from local computer.
|**domain.tls.credentialName** | Secret name that contains TLS certificate | string | "ingress-tls" | yes|
|**keycloak.enabled** | If true install Keycloak | boolean | true | yes|
|**keycloak.auth.adminPassword** | Keycloak administrator password for the user | string | - | no |
|**keycloak.keycloakURL** | Defines URL to keycloak ui. | string | keycloak.example.com | yes|
|**keycloak.keycloakRealmName** | Defines realm name. | string | osdu | yes|
|**keycloak.service.type** | Defines type of service to expose Keycloak | string | ClusterIP | yes|
|**keycloak.postgresql.enabled** | Deploy and use separate PostgreSQL service for Keycloak| boolean | false | no |
|**keycloak.externalDatabase.host** | host of the external database | string | keycloak-postgresql.default.svc.cluster.local | no |
......
Thank you for installing {{ .Chart.Name }}.
Following charts and services were installed:
{{- if .Values.minio.enabled }}
- MinIO
{{- end }}
{{- if .Values.postgresql.enabled }}
- PostgreSQL
{{- end }}
{{- if .Values.rabbitmq.enabled }}
- RabbitMQ
{{- end }}
{{- if .Values.elasticsearch.enabled }}
- ElasticSearch
{{- end }}
{{- if .Values.keycloak.enabled }}
- Keycloak
{{- end }}
{{- if .Values.airflow.enabled }}
- Airflow
{{- end }}
Access to services:
{{- if .Values.minio.enabled }}
MinIO is available via: {{ .Values.minio.ingress.hostname }}
{{- end }}
{{- if .Values.keycloak.enabled }}
Keycloak is available via: {{ .Values.keycloak.ingress.hostname }}
{{- end }}
Thank you for installing {{ .Chart.Name }}.
Following charts and services were installed:
{{- if .Values.minio.enabled }}
- MinIO
{{- end }}
{{- if .Values.postgresql.enabled }}
- PostgreSQL
{{- end }}
{{- if .Values.rabbitmq.enabled }}
- RabbitMQ
{{- end }}
{{- if .Values.elasticsearch.enabled }}
- ElasticSearch
{{- end }}
{{- if .Values.keycloak.enabled }}
- Keycloak
{{- end }}
{{- if .Values.airflow.enabled }}
- Airflow
{{- end }}
Access to services:
{{- if .Values.airflow.enabled }}
Airlow is available via: airflow.{{ .Values.domain.name }}
{{- end }}
{{- if .Values.minio.enabled }}
MinIO is available via: minio.{{ .Values.domain.name }}
{{- end }}
{{- if .Values.keycloak.enabled }}
Keycloak is available via: keycloak.{{ .Values.domain.name }}
{{- end }}
{{- if .Values.airflow.enabled }}
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
......@@ -48,3 +49,4 @@ type: Opaque
data:
KEYCLOAK_CLIENT_ID: {{ print "airflow" | b64enc | quote }}
KEYCLOAK_CLIENT_SECRET: {{ .Values.bootstrap.infra.secret.keycloakAirflow | b64enc | quote }}
{{- end }}
......@@ -17,9 +17,10 @@ data:
POSTGRESQL_DATABASE: "{{ .Values.postgresql.global.postgresql.auth.database | b64enc }}"
DATA_PARTITION_ID: "{{ .Values.bootstrap.infra.secret.dataPartitionId | b64enc }}"
POSTGRESQL_FILE_LOCATION_KIND: "{{ .Values.bootstrap.infra.secret.postgresqlFileLocationKind | b64enc }}"
KEYCLOAK_REALM_NAME: "{{ .Values.keycloak.keycloakRealmName | b64enc }}"
KEYCLOAK_SERVICE_URL: "{{ .Values.keycloak.keycloakURL | b64enc }}"
KEYCLOAK_REALM_NAME: "{{ .Values.bootstrap.infra.secret.keycloakRealmName | b64enc }}"
KEYCLOAK_SERVICE: "{{ .Values.bootstrap.infra.secret.keycloakService | b64enc }}"
KEYCLOAK_ADMIN_PASSWORD: "{{ .Values.keycloak.auth.adminPassword | b64enc }}"
KEYCLOAK_AIRFLOW_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakAirflow | b64enc }}"
KEYCLOAK_INDEXER_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakIndexer | b64enc }}"
KEYCLOAK_CATALOG_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakCatalog | b64enc }}"
KEYCLOAK_CONVERSION_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakConversion | b64enc }}"
......
# OSDU Infra values
airflow:
enabled: true
postgresql:
enabled: false
externalDatabase:
host: "airflow-postgresql"
user: "airflow"
password: ""
database: "airflow"
ingress:
enabled: false
dags:
existingConfigmap: "dags-config"
auth:
password: ""
username: "admin"
executor: "KubernetesExecutor"
redis:
enabled: false
rbac:
create: true
serviceaccount:
create: true
worker:
image:
registry: gcr.io
repository: osdu-anthos/antos-airflow/airflow-worker
tag: 0.14.0
extraEnvVarsCM: "airflow-config"
extraEnvVarsSecret: "airflow-secret"
web:
extraEnvVarsCM: "airflow-config"
scheduler:
extraEnvVarsCM: "airflow-config"
airflow-postgresql:
enabled: true
fullnameOverride: "airflow-postgresql"
global:
postgresql:
auth:
postgresPassword: ""
username: "airflow"
password: ""
database: "airflow"
replicaCount: 1
ingress:
enabled: false
istio:
gateway: service-gateway
......@@ -76,20 +124,6 @@ postgresql:
ingress:
enabled: false
airflow-postgresql:
enabled: true
fullnameOverride: "airflow-postgresql"
global:
postgresql:
auth:
postgresPassword: ""
username: "airflow"
password: ""
database: "airflow"
replicaCount: 1
ingress:
enabled: false
elasticsearch:
enabled: true
fullnameOverride: "elasticsearch"
......@@ -116,8 +150,6 @@ keycloak:
fullnameOverride: "keycloak"
auth:
adminPassword: ""
keycloakURL: "keycloak.example.com" # internal dns example osdu-onprem-keycloak.default.svc.cluster.local
keycloakRealmName: "osdu"
service:
type: ClusterIP
postgresql:
......@@ -140,65 +172,31 @@ keycloak-postgresql:
database: "keycloak"
replicaCount: 1
airflow:
enabled: true
postgresql:
enabled: false
externalDatabase:
host: "airflow-postgresql"
user: "airflow"
password: ""
database: "airflow"
ingress:
enabled: false
dags:
existingConfigmap: "dags-config"
auth:
password: ""
username: "admin"
executor: "KubernetesExecutor"
redis:
enabled: false
rbac:
create: true
serviceaccount:
create: true
worker:
image:
registry: gcr.io
repository: osdu-anthos/antos-airflow/airflow-worker
tag: 0.14.0
extraEnvVarsCM: "airflow-config"
extraEnvVarsSecret: "airflow-secret"
web:
extraEnvVarsCM: "airflow-config"
scheduler:
extraEnvVarsCM: "airflow-config"
bootstrap:
infra:
secret:
dataPartitionId: ""
minioHost: "" # example http://osdu-minio
minioHost: "" # example http://osdu-onprem-minio
minioPort: "9000"
minioAccessKey: ""
minioSecretKey: ""
minioServiceUserPassword: ""
minioDataUserPassword: ""
keycloakService: "keycloak.default.svc.cluster.local" # external dns example keycloak.example.com
keycloakRealmName: "osdu"
keycloakAirflow: ""
keycloakIndexer: ""
keycloakCatalog: ""
keycloakConversion: ""
keycloakSchema: ""
keycloakLegal: ""
keycloakEntitelements: ""
# FIXME
keycloakAirflow: ""
postgresqlUser: "postgres"
postgresqlPort: "5432"
postgresqlFileLocationKind: "FileLocationsOsm" # use instead of file_locations_osm in application-anthos.properties in file service
image:
repository: ""
tag: ""
repository: "community.opengroup.org:5555/osdu/platform/deployment-and-operations/infra-gcp-provisioning/osdu-gcp-bootstrap-infra-on-prem"
tag: "latest"
imagePullSecrets: []
# OSDU Services values
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment