openidconnect, not yet working
This commit is contained in:
parent
53aaf42bd9
commit
ba18e687b5
@ -8,11 +8,15 @@ kubectl create namespace $NAMESPACE \
|
|||||||
-o yaml | \
|
-o yaml | \
|
||||||
kubectl -f - apply
|
kubectl -f - apply
|
||||||
|
|
||||||
SECRETS_FILE=`mktemp`
|
if [ -f secrets.txt ]; then
|
||||||
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
|
. secrets.txt
|
||||||
. $SECRETS_FILE
|
else
|
||||||
rm $SECRETS_FILE
|
SECRETS_FILE=`mktemp`
|
||||||
# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
|
gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
|
||||||
|
. $SECRETS_FILE
|
||||||
|
rm $SECRETS_FILE
|
||||||
|
# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
|
||||||
|
fi
|
||||||
|
|
||||||
kubectl create secret generic defectdojo-postgresql-specific \
|
kubectl create secret generic defectdojo-postgresql-specific \
|
||||||
--dry-run=client \
|
--dry-run=client \
|
||||||
@ -28,6 +32,21 @@ kubectl create secret generic defectdojo-redis-specific \
|
|||||||
--from-literal=redis-password="" | \
|
--from-literal=redis-password="" | \
|
||||||
kubectl apply -f - -n $NAMESPACE
|
kubectl apply -f - -n $NAMESPACE
|
||||||
|
|
||||||
|
kubectl create secret generic defectdojo-extrasecrets \
|
||||||
|
--dry-run=client \
|
||||||
|
-o yaml \
|
||||||
|
--save-config \
|
||||||
|
--from-literal=DD_SESSION_COOKIE_SECURE="True" \
|
||||||
|
--from-literal=DD_CSRF_COOKIE_SECURE="True" \
|
||||||
|
--from-literal=DD_SECURE_SSL_REDIRECT="True" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \
|
||||||
|
--from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" | \
|
||||||
|
kubectl apply -f - -n $NAMESPACE
|
||||||
|
|
||||||
|
|
||||||
helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
|
helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
|
||||||
helm repo update
|
helm repo update
|
||||||
|
@ -1,7 +1,15 @@
|
|||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
|
jA0ECQMI2OsWrWYS+jz50sElAUvKcwh3A7lF7F0DitbXDspCaXNemMJVxXLHQcdu
|
||||||
E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
|
OpMv6FfnBc9tUjNG33eVELCCB+vfCfsH2Syx5av6CgFwsiY9MFZwJigN2iv4/aEQ
|
||||||
dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
|
wiFd6hcQZPCx0PFsH5O6jm0I/3A2/bJd3IuK8ks0syU95kgPD+jjM37VLm4Dd/kY
|
||||||
=X3R9
|
CDsWP44LR5aQNNGM/lqHgHjsvJEn9d086+2WH6jrotoeyGbv0NfreDf6r6vnGeUF
|
||||||
|
cnRl8OvyaY4ApxHun27n8/l8DGswpg4+awBDchxFJ9ke4jJUiFcZo3MSuzZkk8FI
|
||||||
|
4xFQ35t9re55coYo97ud6TNWzHNodbBxjR9GbJnGbsRT7TpPmbuy8SQ2FYpCAHFf
|
||||||
|
I5Tn6SBB7logrzfs+Ui4fXMX7Rrwo7gZuG3GYiib0H6O24lWiA+GAxmMnVplLbXC
|
||||||
|
TX2ja9FtiEOxoTtBzLMpTIVcmNSbV9tv8oBxmumOw1MihGobpBcmL1h66DTXPVml
|
||||||
|
CqmdXZmuoKKbBVi/ZnVMghkNqo6PDkgkWQ9rcVegBFZmr/fxVWRaCwY1ui8Ri9C+
|
||||||
|
vRmaTtiYVFWN8CgO4+1i6TjYZ9KroVk2ThBI0KLDPT/emeVAaF99tUTrtD1Dhwkb
|
||||||
|
Zb/9M7KsBHRJj7dYO3j7tIphZoZWASU=
|
||||||
|
=q37V
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
|
@ -9,6 +9,15 @@ alternativeHosts:
|
|||||||
django:
|
django:
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
mediaPersistentVolume:
|
||||||
|
enabled: true
|
||||||
|
name: defectdojo-media
|
||||||
|
type: pvc
|
||||||
|
persistentVolumeClaim:
|
||||||
|
create: true
|
||||||
|
size: 5Gi
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteMany
|
||||||
|
|
||||||
postgresql:
|
postgresql:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -21,4 +30,3 @@ redis:
|
|||||||
celery:
|
celery:
|
||||||
path: "/6"
|
path: "/6"
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user