From e08eee030fd379fa7253e99626c314d021b1eacd Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Fri, 21 Apr 2023 14:21:37 +0200 Subject: [DOC] Update London OOM documentation Add information: - new Deployment options (Production, Development) - move Istio deployment to base installation - add Gateway-API and Keycloak Installation instructions - split and rename of a few files for updated structure - changed rst section formatting as suggested in sphinx rtd theme - add London Release Notes Issue-ID: OOM-3159 Signed-off-by: Andreas Geissler Change-Id: I98b8541d51daba982fd6c8be0c85fae676d53c13 --- docs/sections/resources/yaml/istiod.yaml | 21 +++++++++ .../resources/yaml/keycloak-db-values.yaml | 7 +++ .../resources/yaml/keycloak-server-values.yaml | 53 ++++++++++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 docs/sections/resources/yaml/istiod.yaml create mode 100644 docs/sections/resources/yaml/keycloak-db-values.yaml create mode 100644 docs/sections/resources/yaml/keycloak-server-values.yaml (limited to 'docs/sections/resources/yaml') diff --git a/docs/sections/resources/yaml/istiod.yaml b/docs/sections/resources/yaml/istiod.yaml new file mode 100644 index 0000000000..47380125b8 --- /dev/null +++ b/docs/sections/resources/yaml/istiod.yaml @@ -0,0 +1,21 @@ +global: + proxy: + # Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready + holdApplicationUntilProxyStarts: true + #logging: + # level: "default:debug" +meshConfig: + rootNamespace: istio-config + extensionProviders: + - name: oauth2-proxy + envoyExtAuthzHttp: + service: oauth2-proxy.default.svc.cluster.local + port: 80 + timeout: 1.5s + includeHeadersInCheck: ["authorization", "cookie"] + headersToUpstreamOnAllow: ["x-forwarded-access-token", "authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"] + headersToDownstreamOnDeny: ["content-type", "set-cookie"] +pilot: + env: + PILOT_ENABLE_MYSQL_FILTER: true + PILOT_HTTP10: true \ No newline at end of file diff --git a/docs/sections/resources/yaml/keycloak-db-values.yaml b/docs/sections/resources/yaml/keycloak-db-values.yaml new file mode 100644 index 0000000000..ae1459bea7 --- /dev/null +++ b/docs/sections/resources/yaml/keycloak-db-values.yaml @@ -0,0 +1,7 @@ +# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql +global: + postgresql: + auth: + username: dbusername + password: dbpassword + database: keycloak \ No newline at end of file diff --git a/docs/sections/resources/yaml/keycloak-server-values.yaml b/docs/sections/resources/yaml/keycloak-server-values.yaml new file mode 100644 index 0000000000..7eaecbedfc --- /dev/null +++ b/docs/sections/resources/yaml/keycloak-server-values.yaml @@ -0,0 +1,53 @@ +image: + # The Keycloak image repository + repository: quay.io/keycloak/keycloak + # Overrides the Keycloak image tag whose default is the chart appVersion + tag: "19.0.3-legacy" + +postgresql: + # If `true`, the Postgresql dependency is enabled + enabled: false + +extraEnv: | + - name: KEYCLOAK_USER + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: user + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: password + - name: DB_VENDOR + value: postgres + - name: DB_ADDR + value: keycloak-db-postgresql + - name: DB_PORT + value: "5432" + - name: DB_DATABASE + value: keycloak + - name: DB_USER + value: dbusername + - name: DB_PASSWORD_FILE + value: /secrets/db-creds/password + - name: PROXY_ADDRESS_FORWARDING + value: "true" + +extraVolumeMounts: | + - name: db-creds + mountPath: /secrets/db-creds + readOnly: true + +extraVolumes: | + - name: db-creds + secret: + secretName: keycloak-db-postgresql + +secrets: + admin-creds: + annotations: + my-test-annotation: Test secret for {{ include "keycloak.fullname" . }} + stringData: + user: admin + password: secret \ No newline at end of file -- cgit 1.2.3-korg