diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2023-04-21 14:21:37 +0200 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2023-06-01 15:44:40 +0200 |
commit | e08eee030fd379fa7253e99626c314d021b1eacd (patch) | |
tree | e5cf7bd85d6ea82d3de72e9f6fd802e3b7faa409 /docs/sections/resources | |
parent | 1a76edf1159156d832e62c268b54fd727f82057f (diff) |
[DOC] Update London OOM documentation
Add information:
- new Deployment options (Production, Development)
- move Istio deployment to base installation
- add Gateway-API and Keycloak Installation instructions
- split and rename of a few files for updated structure
- changed rst section formatting as suggested in sphinx rtd theme
- add London Release Notes
Issue-ID: OOM-3159
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I98b8541d51daba982fd6c8be0c85fae676d53c13
Diffstat (limited to 'docs/sections/resources')
-rw-r--r-- | docs/sections/resources/yaml/istiod.yaml | 21 | ||||
-rw-r--r-- | docs/sections/resources/yaml/keycloak-db-values.yaml | 7 | ||||
-rw-r--r-- | docs/sections/resources/yaml/keycloak-server-values.yaml | 53 |
3 files changed, 81 insertions, 0 deletions
diff --git a/docs/sections/resources/yaml/istiod.yaml b/docs/sections/resources/yaml/istiod.yaml new file mode 100644 index 0000000000..47380125b8 --- /dev/null +++ b/docs/sections/resources/yaml/istiod.yaml @@ -0,0 +1,21 @@ +global: + proxy: + # Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready + holdApplicationUntilProxyStarts: true + #logging: + # level: "default:debug" +meshConfig: + rootNamespace: istio-config + extensionProviders: + - name: oauth2-proxy + envoyExtAuthzHttp: + service: oauth2-proxy.default.svc.cluster.local + port: 80 + timeout: 1.5s + includeHeadersInCheck: ["authorization", "cookie"] + headersToUpstreamOnAllow: ["x-forwarded-access-token", "authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"] + headersToDownstreamOnDeny: ["content-type", "set-cookie"] +pilot: + env: + PILOT_ENABLE_MYSQL_FILTER: true + PILOT_HTTP10: true
\ No newline at end of file diff --git a/docs/sections/resources/yaml/keycloak-db-values.yaml b/docs/sections/resources/yaml/keycloak-db-values.yaml new file mode 100644 index 0000000000..ae1459bea7 --- /dev/null +++ b/docs/sections/resources/yaml/keycloak-db-values.yaml @@ -0,0 +1,7 @@ +# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql +global: + postgresql: + auth: + username: dbusername + password: dbpassword + database: keycloak
\ No newline at end of file diff --git a/docs/sections/resources/yaml/keycloak-server-values.yaml b/docs/sections/resources/yaml/keycloak-server-values.yaml new file mode 100644 index 0000000000..7eaecbedfc --- /dev/null +++ b/docs/sections/resources/yaml/keycloak-server-values.yaml @@ -0,0 +1,53 @@ +image: + # The Keycloak image repository + repository: quay.io/keycloak/keycloak + # Overrides the Keycloak image tag whose default is the chart appVersion + tag: "19.0.3-legacy" + +postgresql: + # If `true`, the Postgresql dependency is enabled + enabled: false + +extraEnv: | + - name: KEYCLOAK_USER + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: user + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: password + - name: DB_VENDOR + value: postgres + - name: DB_ADDR + value: keycloak-db-postgresql + - name: DB_PORT + value: "5432" + - name: DB_DATABASE + value: keycloak + - name: DB_USER + value: dbusername + - name: DB_PASSWORD_FILE + value: /secrets/db-creds/password + - name: PROXY_ADDRESS_FORWARDING + value: "true" + +extraVolumeMounts: | + - name: db-creds + mountPath: /secrets/db-creds + readOnly: true + +extraVolumes: | + - name: db-creds + secret: + secretName: keycloak-db-postgresql + +secrets: + admin-creds: + annotations: + my-test-annotation: Test secret for {{ include "keycloak.fullname" . }} + stringData: + user: admin + password: secret
\ No newline at end of file |