From 9b02ba9b013edc58874fbe600bb46d4c95dc094c Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 13:19:17 +0200 Subject: [PATCH 1/7] Add autogenerated passwords for keycloak clients --- helm/osdu-infra-onprem/custom-values.yaml | 19 ++++--------------- .../templates/file-secret.yaml | 2 ++ .../templates/infra-job-secrets.yaml | 14 ++++++++------ helm/osdu-infra-onprem/values.yaml | 8 +------- 4 files changed, 15 insertions(+), 28 deletions(-) diff --git a/helm/osdu-infra-onprem/custom-values.yaml b/helm/osdu-infra-onprem/custom-values.yaml index c886612c..69b299a8 100644 --- a/helm/osdu-infra-onprem/custom-values.yaml +++ b/helm/osdu-infra-onprem/custom-values.yaml @@ -16,7 +16,7 @@ domain: name: "" keycloak: - auth: + auth: # Fill in variable value, the value should be at least 8 symbols adminPassword: "" externalDatabase: @@ -74,18 +74,6 @@ elasticsearch: bootstrap: infra: secret: - # Fill in variable value - keycloakAirflow: "" # FIXME check if it could be autogenerated in a secret - # Fill in variable value - keycloakIndexer: "" # FIXME check if it could be autogenerated in a secret - # Fill in variable value - keycloakCatalog: "" # FIXME check if it could be autogenerated in a secret - # Fill in variable value - keycloakConversion: "" # FIXME check if it could be autogenerated in a secret - # Fill in variable value - keycloakSchema: "" # FIXME check if it could be autogenerated in a secret - # Fill in variable value - keycloakLegal: "" # FIXME check if it could be autogenerated in a secret keycloakEntitlements: *keycloak-entitlements-client-secret gcp-partition-configmap: @@ -94,7 +82,7 @@ gcp-partition-configmap: osm_postgres_url: "" # FIXME check if it is needed to use not default database postgres # Fill in username "postgres" in base64 osm_postgres_username: "" # FIXME check if it is needed to use not default username postgres - osm_postgres_password: *postgresql-password-base64 # FIXME check if it is needed to use not password for default username + osm_postgres_password: *postgresql-password-base64 # FIXME check if it is needed to use not password for default username gcp_entitlements_configmap: enabled: true @@ -109,4 +97,5 @@ osdu_entitlements_bootstrap: register_infra_secret: secret: # Fill in variable values, the provided salt is expected to be hex-encoded; it should be random and at least 8 bytes in length - kms_salt: "" + # FIXME Add how to generate it + kms_salt: "" diff --git a/helm/osdu-infra-onprem/templates/file-secret.yaml b/helm/osdu-infra-onprem/templates/file-secret.yaml index 93d4e382..bc5d8857 100644 --- a/helm/osdu-infra-onprem/templates/file-secret.yaml +++ b/helm/osdu-infra-onprem/templates/file-secret.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: Secret metadata: name: minio-file-secret + annotations: + "helm.sh/resource-policy": no-upgrade-existing type: Opaque data: MINIO_ACCESS_KEY: {{ print "fileUser" | b64enc | quote }} diff --git a/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml b/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml index fb8896f0..c2d47a0b 100644 --- a/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml +++ b/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml @@ -2,6 +2,8 @@ apiVersion: v1 kind: Secret metadata: name: "{{ .Release.Name }}-infra-job-secret" + annotations: + "helm.sh/resource-policy": no-upgrade-existing type: Opaque data: MINIO_APP_ENVIRONMENT_IDENTIFIER: "{{ .Values.gcp_seismic_store_sdms_configmap.data.app_environment_identifier | b64enc }}" @@ -18,10 +20,10 @@ data: KEYCLOAK_REALM_NAME: "{{ .Values.bootstrap.infra.secret.keycloakRealmName | b64enc }}" KEYCLOAK_SERVICE: "{{ .Values.bootstrap.infra.secret.keycloakService | b64enc }}" KEYCLOAK_ADMIN_PASSWORD: "{{ .Values.keycloak.auth.adminPassword | b64enc }}" - KEYCLOAK_AIRFLOW_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakAirflow | b64enc }}" - KEYCLOAK_INDEXER_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakIndexer | b64enc }}" - KEYCLOAK_CATALOG_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakCatalog | b64enc }}" - KEYCLOAK_CONVERSION_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakConversion | b64enc }}" - KEYCLOAK_SCHEMA_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakSchema | b64enc }}" - KEYCLOAK_LEGAL_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakLegal | b64enc }}" + KEYCLOAK_AIRFLOW_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + KEYCLOAK_INDEXER_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + KEYCLOAK_CATALOG_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + KEYCLOAK_CONVERSION_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + KEYCLOAK_SCHEMA_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} + KEYCLOAK_LEGAL_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} KEYCLOAK_ENTITLEMENTS_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakEntitlements | b64enc }}" diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index 58fe82c5..f679eacf 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -184,12 +184,6 @@ bootstrap: # FIXME namespace is hardcoded keycloakService: "keycloak.default.svc.cluster.local" # external dns example keycloak.example.com keycloakRealmName: "osdu" - keycloakAirflow: "" # FIXME check if values could be added as an autogenerated secret - keycloakIndexer: "" # FIXME check if values could be added as an autogenerated secret - keycloakCatalog: "" # FIXME check if values could be added as an autogenerated secret - keycloakConversion: "" # FIXME check if values could be added as an autogenerated secret - keycloakSchema: "" # FIXME check if values could be added as an autogenerated secret - keycloakLegal: "" # FIXME check if values could be added as an autogenerated secret keycloakEntitlements: "" # FIXME check if values could be added as an autogenerated secret, is the same as openid_provider_client_secret value in entitlements postgresqlUser: "postgres" postgresqlPort: "5432" @@ -309,7 +303,7 @@ gcp_dataset_deploy: serviceAccountName: "dataset" image: "community.opengroup.org:5555/osdu/platform/system/dataset/osdu-gcp" conf: - postgres_secret_name: "dataset-postgres-secret" + postgres_secret_name: "dataset-postgres-secret" minio_secret_name: "minio-secret" on_prem_enabled: true -- GitLab From b225c7867ed8d33eb08465218650e587a61c2370 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 14:30:43 +0200 Subject: [PATCH 2/7] Add pass generator for airflow secret --- helm/osdu-infra-onprem/custom-values.yaml | 5 +---- helm/osdu-infra-onprem/templates/airflow-infra.yaml | 4 +++- helm/osdu-infra-onprem/values.yaml | 7 ++----- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/helm/osdu-infra-onprem/custom-values.yaml b/helm/osdu-infra-onprem/custom-values.yaml index 69b299a8..9c046fbb 100644 --- a/helm/osdu-infra-onprem/custom-values.yaml +++ b/helm/osdu-infra-onprem/custom-values.yaml @@ -49,7 +49,6 @@ rabbitmq: auth: # Fill in variable value password: "" - erlangCookie: "" airflow: externalDatabase: @@ -62,9 +61,7 @@ airflow-postgresql: global: postgresql: auth: - # Fill in variable value - postgresPassword: "" - password: *airflow-database-password + postgresPassword: *airflow-database-password elasticsearch: security: diff --git a/helm/osdu-infra-onprem/templates/airflow-infra.yaml b/helm/osdu-infra-onprem/templates/airflow-infra.yaml index c520ac1b..54d12442 100644 --- a/helm/osdu-infra-onprem/templates/airflow-infra.yaml +++ b/helm/osdu-infra-onprem/templates/airflow-infra.yaml @@ -45,10 +45,12 @@ apiVersion: v1 kind: Secret metadata: name: airflow-secret + annotations: + "helm.sh/resource-policy": no-upgrade-existing type: Opaque data: MINIO_ACCESS_KEY: {{ print "airflowLogUser" | b64enc | quote }} MINIO_SECRET_KEY: {{ randAlphaNum 16 | b64enc | quote }} KEYCLOAK_CLIENT_ID: {{ print "airflow" | b64enc | quote }} - KEYCLOAK_CLIENT_SECRET: {{ .Values.bootstrap.infra.secret.keycloakAirflow | b64enc | quote }} + KEYCLOAK_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} {{- end }} diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index 26340a13..743ff104 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -6,7 +6,7 @@ airflow: enabled: false externalDatabase: host: "airflow-postgresql" - user: "airflow" + user: "postgres" password: "" database: "airflow" ingress: @@ -41,10 +41,8 @@ airflow-postgresql: global: postgresql: auth: - postgresPassword: "" - username: "airflow" - password: "" database: "airflow" + postgresPassword: "" replicaCount: 1 ingress: enabled: false @@ -72,7 +70,6 @@ rabbitmq: auth: username: "rabbitmq" password: "" - erlangCookie: "" replicaCount: 1 extraConfiguration: |- load_definitions = /app/load_definition.json -- GitLab From f568d4ed2180b205fb567c01a03eaf5e0e15ac94 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 17:24:58 +0200 Subject: [PATCH 3/7] Remove RabbitMQ password from value --- helm/osdu-infra-onprem/Chart.yaml | 4 ++-- helm/osdu-infra-onprem/README.md | 17 +++++++++-------- helm/osdu-infra-onprem/custom-values.yaml | 5 ----- .../templates/rabbitmq-secrets.yaml | 13 +++++++++---- helm/osdu-infra-onprem/values.yaml | 2 +- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/helm/osdu-infra-onprem/Chart.yaml b/helm/osdu-infra-onprem/Chart.yaml index a10478a9..2b7f82c1 100644 --- a/helm/osdu-infra-onprem/Chart.yaml +++ b/helm/osdu-infra-onprem/Chart.yaml @@ -59,7 +59,7 @@ dependencies: alias: airflow-postgresql ## RabbitMQ - name: rabbitmq - version: 8.24.13 + version: 8.31.2 repository: https://charts.bitnami.com/bitnami condition: rabbitmq.enabled ## Redis @@ -127,7 +127,7 @@ dependencies: - name: gcp-notification-deploy version: 0.1.0 repository: https://community.opengroup.org/api/v4/projects/143/packages/helm/stable - condition: gcp_notification_deploy.enabled + condition: gcp_notification_deploy.enabled alias: gcp_notification_deploy ## Dataset - name: gcp-dataset-configmap diff --git a/helm/osdu-infra-onprem/README.md b/helm/osdu-infra-onprem/README.md index f31d7a5d..36da5cd3 100644 --- a/helm/osdu-infra-onprem/README.md +++ b/helm/osdu-infra-onprem/README.md @@ -109,7 +109,7 @@ Packages are only needed for installation from local computer. |**keycloak-postgresql.global.postgresql.auth.password** | Keycloak PostgreSQL password | string | - | yes | |**keycloak-postgresql.global.postgresql.auth.database** | Keycloak PostgreSQL database | string | keycloak | yes | -> 3: Use the same user, password and database as `keycloak-postgresql.global.auth.username`, `keycloak-postgresql.global.auth.password`, `keycloak-postgresql.global.auth.database`. +> 3: Use the same user, password and database as `keycloak-postgresql.global.auth.username`, `keycloak-postgresql.global.auth.password`, `keycloak-postgresql.global.auth.database`. > @@ -141,14 +141,15 @@ Packages are only needed for installation from local computer. |------|-------------|------|---------|:--------:| |**rabbitmq.enabled** | If true install the RabbitMQ service | boolean | true | yes| |**rabbitmq.auth.username** | RabbitMQ user name | string | - | yes| -|**rabbitmq.auth.password** | RabbitMQ user password | string | - | yes| |**rabbitmq.auth.erlangCookie** | RabbitMQ Erlang cookie | string | - | no4| -> 4: RabbitMQ Erlang cookie to determine whether different nodes are allowed to communicate with each other. It is not required for installing (will be generated a random 32 character long alphanumeric string), **but needed for upgrading**. If no value was set, you can use following command to obtain Erlang cookie: +> 4: RabbitMQ Erlang cookie to determine whether different nodes are allowed to communicate with each other. It is not required for installing (will be generated a random 32 character long alphanumeric string), **but needed for upgrading**. If no value was set, you can use following command to obtain Erlang cookie: > > `kubectl get secret osdu-gcp-onprem-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode` > +More details in the original Bitnami helm chart [repository](https://github.com/bitnami/charts/tree/master/bitnami/rabbitmq). + ### **Be careful!** Helm installs services to the current kube config context @@ -201,17 +202,17 @@ Example of output message after previous command if you use default variables. ### Check connection to Elasticsearch * As an example, I'll use elasticsearch-coordinating-only Elasticsearch node which will be created after installing Helm chart -* Take certificates from secret for checking the connection to the Elasticsearch node: - * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt` - * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.tls\.crt}" | base64 --decode > tls.crt` - * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.tls\.key}" | base64 --decode > tls.key` +* Take certificates from secret for checking the connection to the Elasticsearch node: + * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.ca\.crt}" | base64 --decode > ca.crt` + * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.tls\.crt}" | base64 --decode > tls.crt` + * `kubectl get secret --namespace default elasticsearch-coordinating-only-crt -o jsonpath="{.data.tls\.key}" | base64 --decode > tls.key` * Connect to the Elasticsearch node: * `kubectl port-forward --namespace default svc/elasticsearch-coordinating-only 9200:9200 & curl -vk --key ./tls.key --cert ./tls.crt -u elastic: http://127.0.0.1:9200/` ### Check connection to Keycloak Used Keycloak chart deploys external PostgreSQL database. -Currently, to expose Keycloak istio ingress is used. To get ip use: +Currently, to expose Keycloak istio ingress is used. To get ip use: `kubectl -n istio-gateway get svc istio-ingressgateway -o jsonpath={.status.loadBalancer.ingress[].ip}` To access Keycloak through port-forwarding (when service type is ClusterIP) use: diff --git a/helm/osdu-infra-onprem/custom-values.yaml b/helm/osdu-infra-onprem/custom-values.yaml index 9c046fbb..72d2f503 100644 --- a/helm/osdu-infra-onprem/custom-values.yaml +++ b/helm/osdu-infra-onprem/custom-values.yaml @@ -45,11 +45,6 @@ postgresql: postgresPassword: *postgresql-password password: "" -rabbitmq: - auth: - # Fill in variable value - password: "" - airflow: externalDatabase: password: *airflow-database-password diff --git a/helm/osdu-infra-onprem/templates/rabbitmq-secrets.yaml b/helm/osdu-infra-onprem/templates/rabbitmq-secrets.yaml index bad00fdb..7819a824 100644 --- a/helm/osdu-infra-onprem/templates/rabbitmq-secrets.yaml +++ b/helm/osdu-infra-onprem/templates/rabbitmq-secrets.yaml @@ -1,4 +1,8 @@ -{{- if .Values.rabbitmq.enabled }} +--- +{{- $rabbitPassword := (randAlphaNum 16)}} +{{- $rabbitPassword64 := $rabbitPassword | b64enc | quote }} + +--- apiVersion: v1 kind: Secret metadata: @@ -10,7 +14,7 @@ stringData: "users": [ { "name": "{{ .Values.rabbitmq.auth.username }}", - "password": "{{ .Values.rabbitmq.auth.password }}", + "password": "{{ $rabbitPassword }}", "hashing_algorithm": "rabbit_password_hashing_sha256", "tags": [ "administrator" @@ -68,6 +72,7 @@ stringData: } ] } + --- apiVersion: v1 kind: Secret @@ -76,5 +81,5 @@ metadata: type: Opaque data: RABBITMQ_ADMIN_USERNAME: "{{ .Values.rabbitmq.auth.username | b64enc }}" - RABBITMQ_ADMIN_PASSWORD: "{{ .Values.rabbitmq.auth.password | b64enc }}" -{{- end }} + RABBITMQ_ADMIN_PASSWORD: {{ $rabbitPassword64 }} + rabbitmq-password: {{ $rabbitPassword64 }} diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index 743ff104..932af5d6 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -69,7 +69,7 @@ rabbitmq: fullnameOverride: "rabbitmq" auth: username: "rabbitmq" - password: "" + existingPasswordSecret: "rabbitmq-secret" replicaCount: 1 extraConfiguration: |- load_definitions = /app/load_definition.json -- GitLab From b3426524c05b53981db252127020f6b371f51d32 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 17:43:03 +0200 Subject: [PATCH 4/7] Add a FIXME --- helm/osdu-infra-onprem/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index 932af5d6..e0e12bf7 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -169,6 +169,7 @@ keycloak-postgresql: postgresql: auth: postgresPassword: "" + # FIXME: use postgres as a single user username: "keycloak" password: "" database: "keycloak" -- GitLab From 77bca37bded0822a7b16d8513607f0598350a251 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 17:50:48 +0200 Subject: [PATCH 5/7] Resolve some conflicts --- helm/osdu-infra-onprem/templates/infra-job-secrets.yaml | 1 - helm/osdu-infra-onprem/values.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml b/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml index c2d47a0b..12a2cd86 100644 --- a/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml +++ b/helm/osdu-infra-onprem/templates/infra-job-secrets.yaml @@ -26,4 +26,3 @@ data: KEYCLOAK_CONVERSION_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} KEYCLOAK_SCHEMA_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} KEYCLOAK_LEGAL_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} - KEYCLOAK_ENTITLEMENTS_CLIENT_SECRET: "{{ .Values.bootstrap.infra.secret.keycloakEntitlements | b64enc }}" diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index 4cc70aaf..a8167c48 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -182,7 +182,6 @@ bootstrap: # FIXME namespace is hardcoded keycloakService: "keycloak.default.svc.cluster.local" # external dns example keycloak.example.com keycloakRealmName: "osdu" - keycloakEntitlements: "" # FIXME check if values could be added as an autogenerated secret, is the same as openid_provider_client_secret value in entitlements postgresqlUser: "postgres" postgresqlPort: "5432" postgresqlFileLocationKind: "FileLocationsOsm" # use instead of file_locations_osm in application-anthos.properties in file service -- GitLab From a2c26b3a98fbe5ccb3c0b2a9cbe6e9fb70858624 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 18:21:15 +0200 Subject: [PATCH 6/7] Fix an issue with service aacount --- helm/osdu-infra-onprem/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index a8167c48..610478ff 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -223,7 +223,6 @@ osdu_entitlements_bootstrap: entitlements_host: "http://entitlements" conf: openid_secret_name: "entitlements-openid-secret" - serviceAccountName: "entitlements" # FIXME change when bootstrap service accounts are added on_prem_enabled: true image: repository: "community.opengroup.org:5555/osdu/platform/deployment-and-operations/infra-gcp-provisioning/osdu-gcp-bootstrap-entitlements" -- GitLab From fc814345c6d04beb1d58c4b402f33ccb5c3d8aa0 Mon Sep 17 00:00:00 2001 From: Oleksandr Kosse Date: Sun, 3 Apr 2022 20:14:24 +0200 Subject: [PATCH 7/7] Minor fixes --- helm/osdu-infra-onprem/custom-values.yaml | 4 +--- .../templates/entitlements-infra-secret.yaml | 2 +- helm/osdu-infra-onprem/values.yaml | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/helm/osdu-infra-onprem/custom-values.yaml b/helm/osdu-infra-onprem/custom-values.yaml index 228bd6bd..a712fe2a 100644 --- a/helm/osdu-infra-onprem/custom-values.yaml +++ b/helm/osdu-infra-onprem/custom-values.yaml @@ -4,8 +4,6 @@ keycloak-database-password: &keycloak-database-password "" airflow-database-password: &airflow-database-password "" # Fill in variable value postgresql-password: &postgresql-password "" -# Fill in value above for postgresql-password in base64 -postgresql-password-base64: &postgresql-password-base64 "" domain: # Fill in variable value @@ -65,7 +63,7 @@ gcp-partition-configmap: osm_postgres_url: "" # FIXME check if it is needed to use not default database postgres # Fill in username "postgres" in base64 osm_postgres_username: "" # FIXME check if it is needed to use not default username postgres - osm_postgres_password: *postgresql-password-base64 # FIXME check if it is needed to use not password for default username + osm_postgres_password: "" # FIXME check if it is needed to use not password for default username gcp_entitlements_configmap: enabled: true diff --git a/helm/osdu-infra-onprem/templates/entitlements-infra-secret.yaml b/helm/osdu-infra-onprem/templates/entitlements-infra-secret.yaml index 9a8f4c4e..bdf7e520 100644 --- a/helm/osdu-infra-onprem/templates/entitlements-infra-secret.yaml +++ b/helm/osdu-infra-onprem/templates/entitlements-infra-secret.yaml @@ -7,5 +7,5 @@ metadata: type: Opaque data: OPENID_PROVIDER_URL: {{ printf "http://keycloak/auth/realms/%s" .Values.bootstrap.infra.secret.keycloakRealmName | b64enc | quote }} - OPENID_PROVIDER_CLIENT_ID: {{ "entitlements" | b64enc | quote }} + OPENID_PROVIDER_CLIENT_ID: {{ print "entitlements" | b64enc | quote }} OPENID_PROVIDER_CLIENT_SECRET: {{ randAlphaNum 16 | b64enc | quote }} diff --git a/helm/osdu-infra-onprem/values.yaml b/helm/osdu-infra-onprem/values.yaml index ca9b5753..6487398f 100644 --- a/helm/osdu-infra-onprem/values.yaml +++ b/helm/osdu-infra-onprem/values.yaml @@ -265,7 +265,7 @@ gcp_dataset_configmap: data: spring_profiles_active: "anthos" file_dms_bucket: "" #FIXME need for specific bucket may later disappear, depends on DEVs - redis_group_host: "http://redis-group-master" + redis_group_host: "redis-group-master" redis_group_port: 6379 conf: on_prem_enabled: true -- GitLab