From 534f8d21ad1fba7f42f79bd3cb26566e1b0d272d Mon Sep 17 00:00:00 2001 From: Adam Fekete Date: Wed, 27 Sep 2023 11:51:44 +0200 Subject: [PATCH] adding keycloak support --- README.md | 33 ++++++++++++++---------- charts/indico/templates/configmap.yaml | 35 ++++++++++++++++++++++++++ charts/indico/values.yaml | 18 ++++++++++--- 3 files changed, 69 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 0df82c0..414fc27 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,30 @@ -# indico - +# helm chart for indico event maganement application ## Usage -[Helm](https://helm.sh) must be installed to use the charts. Please refer to -Helm's [documentation](https://helm.sh/docs) to get started. +[Helm](https://helm.sh) must be installed to use the charts. Once Helm has been set up correctly, add the repo as follows: +```bash +helm repo add nomad-indico https://nomad-coe.github.io/indico +helm repo update +``` -Once Helm has been set up correctly, add the repo as follows: +To install the `RELEASE_NAME` chart: +```bash +helm install RELEASE_NAME nomad-indico/indico +``` - helm repo add nomad-indico https://nomad-coe.github.io/indico +To uninstall the chart: +```bash +helm delete RELEASE_NAME +``` -If you had already added this repo earlier, run `helm repo update` to retrieve -the latest versions of the packages. You can then run `helm search repo -indico` to see the charts. -To install the `` chart: +## Known issues: - helm install nomad-indico/indico +- after the first deployment the container of the main application and the worker needs to be restarted manually. -To uninstall the chart: +## Alternative solutions - helm delete \ No newline at end of file +Similar helm charts: +- [freedesktop.org](https://gitlab.freedesktop.org/mupuf/indico-k8s/-/tree/master/charts/indico) +- [nsf-muses](https://gitlab.com/nsf-muses/deployment/kubernetes/-/tree/main/charts/indico) \ No newline at end of file diff --git a/charts/indico/templates/configmap.yaml b/charts/indico/templates/configmap.yaml index 9c739db..0acaa17 100644 --- a/charts/indico/templates/configmap.yaml +++ b/charts/indico/templates/configmap.yaml @@ -33,6 +33,41 @@ data: # Disable system notices SYSTEM_NOTICES_URL = None + # Authentication settings + LOCAL_IDENTITIES = {{ .Values.indico.auth.localIdentities }} + + {{- with .Values.indico.auth.keycloak }} + {{- if .enabled }} + # Keycloak + EXTERNAL_REGISTRATION_URL = {{ .profileUrl | quote }} + AUTH_PROVIDERS = { + 'keycloak': { + 'type': 'authlib', + 'title': {{ .title | quote }}, + 'authlib_args': { + 'client_id': {{ .clientId | quote }}, + 'client_secret': {{ .clientSecret | quote }}, + 'server_metadata_url': {{ .metadataUrl | quote }}, + 'client_kwargs': {'scope': 'openid'} + } + } + } + IDENTITY_PROVIDERS = { + 'keycloak': { + 'type': 'authlib', + 'title': {{ .title | quote }}, + 'mapping': { + 'first_name': 'given_name', + 'last_name': 'family_name', + 'email': 'email' + }, + 'trusted_email': True, + 'synced_fields': {'first_name', 'last_name', 'email'} + } + } + {{- end }} + {{- end }} + uwsgi.ini: | [uwsgi] diff --git a/charts/indico/values.yaml b/charts/indico/values.yaml index 5cfcea9..cddd025 100644 --- a/charts/indico/values.yaml +++ b/charts/indico/values.yaml @@ -2,8 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. - -# TODO: Helper # secretKey: python -c 'import os; print(repr(os.urandom(32)))' replicaCount: 1 @@ -99,6 +97,18 @@ indico: publicSupport: "support@example.com" noReply: "noreply@example.com" + # The localIdentities must be set to "True" to bootstrap the application because an initial admin + # account must be created. After keycloak is configured, another user can be granted admin privileges + # after which localIdentities can be disabled to avoid the Indico login page. + auth: + localIdentities: "True" + keycloak: + enabled: false + title: "" + clientId: "" + clientSecret: "" + profileUrl: "https://auth.example.com/realms/EXAMPLE/account/" + metadataUrl: "https://auth.example.com/realms/EXAMPLE/.well-known/openid-configuration" redis: auth: enabled: false @@ -106,8 +116,8 @@ redis: postgresql: auth: database: "indico" - username: "username" - password: "password" + username: "indico" + password: "indico" primary: initdb: scripts: