openidconnect, not yet working

deployment/install.sh

@@ -8,11 +8,15 @@ kubectl create namespace $NAMESPACE \
   -o yaml | \
   kubectl -f - apply
 
-SECRETS_FILE=`mktemp`
+if [ -f secrets.txt ]; then
-gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+  . secrets.txt
-. $SECRETS_FILE
+else
-rm $SECRETS_FILE
+  SECRETS_FILE=`mktemp`
-# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+  . $SECRETS_FILE
+  rm $SECRETS_FILE
+  # eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+fi
 
 kubectl create secret generic defectdojo-postgresql-specific \
   --dry-run=client \
@@ -28,6 +32,21 @@ kubectl create secret generic defectdojo-redis-specific \
   --from-literal=redis-password="" | \
   kubectl apply -f - -n $NAMESPACE
 
+kubectl create secret generic defectdojo-extrasecrets \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=DD_SESSION_COOKIE_SECURE="True" \
+  --from-literal=DD_CSRF_COOKIE_SECURE="True" \
+  --from-literal=DD_SECURE_SSL_REDIRECT="True" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" | \
+  kubectl apply -f - -n $NAMESPACE
+
 
 helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
 helm repo update

deployment/secrets.asc

@@ -1,7 +1,15 @@
 -----BEGIN PGP MESSAGE-----
 
-jA0ECQMIBTFqH76O+EH80m0BfrFMTw8TSSx9cXepIYKzXVS40qB8WtHg4Dvu96jH
+jA0ECQMI2OsWrWYS+jz50sElAUvKcwh3A7lF7F0DitbXDspCaXNemMJVxXLHQcdu
-E6DH3djCVjketkrTLm2n8gwT6FjcQXtinqhU8IqUiP1nLIu24ZHgy5+Y83MeGN4/
+OpMv6FfnBc9tUjNG33eVELCCB+vfCfsH2Syx5av6CgFwsiY9MFZwJigN2iv4/aEQ
-dN/TcgiGmXiMM9N0VjGCJeUZ2aHNNunmQeSxVnrv
+wiFd6hcQZPCx0PFsH5O6jm0I/3A2/bJd3IuK8ks0syU95kgPD+jjM37VLm4Dd/kY
-=X3R9
+CDsWP44LR5aQNNGM/lqHgHjsvJEn9d086+2WH6jrotoeyGbv0NfreDf6r6vnGeUF
+cnRl8OvyaY4ApxHun27n8/l8DGswpg4+awBDchxFJ9ke4jJUiFcZo3MSuzZkk8FI
+4xFQ35t9re55coYo97ud6TNWzHNodbBxjR9GbJnGbsRT7TpPmbuy8SQ2FYpCAHFf
+I5Tn6SBB7logrzfs+Ui4fXMX7Rrwo7gZuG3GYiib0H6O24lWiA+GAxmMnVplLbXC
+TX2ja9FtiEOxoTtBzLMpTIVcmNSbV9tv8oBxmumOw1MihGobpBcmL1h66DTXPVml
+CqmdXZmuoKKbBVi/ZnVMghkNqo6PDkgkWQ9rcVegBFZmr/fxVWRaCwY1ui8Ri9C+
+vRmaTtiYVFWN8CgO4+1i6TjYZ9KroVk2ThBI0KLDPT/emeVAaF99tUTrtD1Dhwkb
+Zb/9M7KsBHRJj7dYO3j7tIphZoZWASU=
+=q37V
 -----END PGP MESSAGE-----

deployment/values.yml

@@ -9,6 +9,15 @@ alternativeHosts:
 django:
   ingress:
     enabled: false
+  mediaPersistentVolume:
+    enabled: true
+    name: defectdojo-media
+    type: pvc
+    persistentVolumeClaim:
+      create: true
+      size: 5Gi
+      accessModes:
+        - ReadWriteMany
 
 postgresql:
   enabled: false
@@ -21,4 +30,3 @@ redis:
 celery:
   path: "/6"
 
-