Installer: oauth2 clients point to local hydra
diff --git a/helmfile/base/helmfile.yaml b/helmfile/base/helmfile.yaml
index 83d7097..c8b7cbe 100644
--- a/helmfile/base/helmfile.yaml
+++ b/helmfile/base/helmfile.yaml
@@ -11,6 +11,8 @@
url: https://metallb.github.io/metallb
- name: longhorn
url: https://charts.longhorn.io
+- name: ory
+ url: https://k8s.ory.sh/helm/charts
helmDefaults:
tillerless: true
@@ -184,6 +186,19 @@
namespace: shveli-app-maddy
- persistence:
size: 100Gi
+- name: oauth2-manager
+ chart: ory/hydra-maester
+ version: v0.20.1
+ namespace: {{ .Values.name }}-oauth2-manager
+ values:
+ - fullnameOverride: {{ .Values.name }}-hydra-maester
+ - image:
+ repository: giolekva/ory-hydra-maester
+ tag: latest
+ pullPolicy: IfNotPresent
+ - adminService:
+ name: hydra # IGNORED
+ port: 80
environments:
prod:
diff --git a/helmfile/users/helmfile.yaml b/helmfile/users/helmfile.yaml
index b2fae82..df53071 100644
--- a/helmfile/users/helmfile.yaml
+++ b/helmfile/users/helmfile.yaml
@@ -346,7 +346,7 @@
secret:
enabled: true
maester:
- enabled: true
+ enabled: false
hydraFullnameOverride: hydra
hydra-maester:
fullnameOverride: {{ .Values.id }}-hydra-maester
@@ -475,7 +475,7 @@
values:
- domain: {{ .Values.domain }}
- oauth2:
- hydraAdmin: http://hydra-admin
+ hydraAdmin: http://hydra-admin.{{ .Values.namespacePrefix}}core-auth.svc.cluster.local
hydraPublic: https://hydra.{{ .Values.domain }}
clientId: matrix
clientSecret: {{ .Values.matrixOAuth2ClientSecret }}
@@ -530,7 +530,7 @@
cookieSecret: {{ .Values.piholeOAuth2CookieSecret }}
secretName: oauth2-secret
configName: oauth2-proxy
- hydraAdmin: http://hydra-admin
+ hydraAdmin: http://hydra-admin.{{ .Values.namespacePrefix}}core-auth.svc.cluster.local
- hydraPublic: https://hydra.{{ .Values.domain }}/
- profileUrl: https://accounts-ui.{{ .Values.domain }}
- ingressClassName: {{ .Values.id }}-ingress-private
@@ -565,7 +565,7 @@
- certManagerNamespace: cert-manager
- mxHostname: mail.lekva.me
- mailGatewayAddress: "tcp://maddy.pcloud-mail-gateway.svc.cluster.local:587"
- - matrixStorageSize: 100Gi
+ - matrixStorageSize: 1Gi
lekva:
secrets:
- secrets.lekva.yaml
diff --git a/helmfile/users/secrets.lekva.yaml b/helmfile/users/secrets.lekva.yaml
index a355a12..1a45ed7 100644
--- a/helmfile/users/secrets.lekva.yaml
+++ b/helmfile/users/secrets.lekva.yaml
@@ -1,32 +1,32 @@
-gandiAPIToken: ENC[AES256_GCM,data:GxZUH3fLSbPusqZqViv3cr/tBTmSgruZ,iv:+g6mmJglcieJyN2qwjHx8NkT2i1VK5xZA8uYiAIA23Y=,tag:aDLkDZ4r6ToYYHq54cZedQ==,type:str]
-piholeOAuth2ClientSecret: ENC[AES256_GCM,data:WZ6aWggy,iv:32Dg7r+SL2W35z/kDqkwKNevw+KFWR0VoisLJQ6kpUw=,tag:l/s1pHsK4M9Rh1FitXY4Jw==,type:str]
-piholeOAuth2CookieSecret: ENC[AES256_GCM,data:6ed1Px5QFkq3sc6K7cfPMYPd0KcAhLXIf2qZug5b+lM=,iv:RGn0z4Q2ygwCBF3z/8Y/vvQsSLycihi65LF//L0rbEU=,tag:ULKiC0XK7Uk8Ppv1Qs5tgw==,type:str]
-matrixOAuth2ClientSecret: ENC[AES256_GCM,data:A0cPpQ1Nt0speE36+6fDb9/5g7teW2x5+P/IThnDThA=,iv:REzjYKRJ9Kpa85dnDaeBNLODrAxBWVr7dwlyYO0J9Zw=,tag:P08EiiAO2qtVGmsIVIWt7A==,type:str]
+gandiAPIToken: ENC[AES256_GCM,data:NVxAAyqsg7Vx7Qa1m6koG3wGpsq8ZJre,iv:8vuB+JPMXunl4wIHeoOmZmNwmO6obE09PebTgsUkt1Y=,tag:hQBZUG9RNanzgZ/TxpSRcw==,type:str]
+piholeOAuth2ClientSecret: ENC[AES256_GCM,data:2+h+dpkU9fAdNpuABDhrMtkg3LlPLOV0atXJJ9o+H8Y=,iv:QJLMdfanldaUaiMlPlsaYUa0ga6SaM7kthGyaNykVr0=,tag:vAcE59KOah8KMwWAf3N5Hg==,type:str]
+piholeOAuth2CookieSecret: ENC[AES256_GCM,data:1J7eXqv1Q6CJVtYe+Oczt8GmL1Caa+1jlI2vMwlxZTA=,iv:+2l/JPag19vA7JrKtS+EYAB/eJbvp1ojdTCUnBBIGA8=,tag:WOG2IAIkGxTZrvF6pWQjgg==,type:str]
+matrixOAuth2ClientSecret: ENC[AES256_GCM,data:8DmEC4Td9G/XSLMrdW+Nv08g3khlF9y8ELmr8eFlAaM=,iv:hsy/GolATeoDz1+vJcEvpj6DVf5NlHXh45LkRWpT7uY=,tag:k2lgOZuN387MlCBt1VCtRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2021-11-28T18:09:52Z"
- mac: ENC[AES256_GCM,data:zOoZxh3/tJt70M7GM0mY0EMAPEGOOWm3Lk92hFk50H2XcBAX/mfZJ3jq26aULJDlktJIwxBkjLqXSQEXpJed96Wcr7SfB1u1lrtK5AyD1HrCNwtyBDX9Rbuf6SijKpjGxpXdPaQiGt1HvP9J7lA8BnuAXDBFR9RDOCgJ6T2gdU0=,iv:UIKEr0K/wDFJtOLegePubEb2SitU4w0Qv/rSNOD46X4=,tag:QBn5WAaDq+8+y0U5ucnFrg==,type:str]
+ lastmodified: "2021-12-01T13:03:06Z"
+ mac: ENC[AES256_GCM,data:xbuh5GNYIAFbJi004V+lVMLoI1ns86xj/J+YUag1CvViOCiSr3/Xp20BHWcXZIBgiGSNcyvDaLVNe+5YB5wbCkYfqkqQ2E4piEJ2VN9QW6oVE0vckZN55XQgmCPtjy3es78+D9wravzuZX4X2KOSrtMfYlzb31HCbonQhwFzoG8=,iv:C3U5WFhts/ZIuecSmHljYDafhvLhFz9Mj9kVWVhOiDA=,tag:7/48p9GmOAs6E0ALiOdXyw==,type:str]
pgp:
- - created_at: "2021-11-28T18:09:51Z"
+ - created_at: "2021-12-01T13:03:04Z"
enc: |
-----BEGIN PGP MESSAGE-----
- hQGMA8PXnOzdTLRzAQv+LzuGeNoPR+EFLfIbg0Ml05bFu//MT+0+1AEXzEEglyYU
- /aXEXN1MPGRyy4WPN51bfnvMBD0WTDmFmyTM6R9dIaHdUeh+Cxm6zmn6U7yF/ciw
- jhO2bCEmbPKCGyVueIPnZwF69CK2pwk7rQW29PTlnnGV4KcfKgHxIZwMufJcE4Le
- 7elr+uhkrmoHp9bYMmzCPPi/ugSlF5+UD+nf5ZcvnqHDpNeOdrhFDCzEkZPleH4i
- 1+HgELkgvLHooRCUVf51SyisDmyZFXFh80LSOZAKOUH3mHau9kSiWdEnfp8Vtx8v
- 2ofUltMYJ6TeVLyeUmmgmdDloSWfQNGu0tg9La/rnxL8vFHVT/wenZQSFRs+mPsA
- zLwf8qM5ZFrmPtenqtioJX3X2N9KsNVRz6K99Yo5FJiqvAe1mLakDj+xTJRdQ3Kt
- E9Ozuwoz7Ri/amwmCaEXttFxbONhAmegTdjQyQGP16XmKUNA3pOenQSLeKB5Tw5y
- 4mpCNeZefBqfR0ov9szF0l4BIvCJ+kv3Z7bG7fozyXDNmlJWUIwB5qt0v7ZPyt43
- jyhMhARgY/ALlEdwvze5XE5hptv6/QyVSbhkbHou3e57kHGPY6BfIhOf8qxhWzuf
- PUgEIks5sxhRZK/MZ7NY
- =d6+Q
+ hQGMA8PXnOzdTLRzAQv+JI6iR7zvOKC6D4ygIqOzZ6Uc6MF2HM9fk7fATnGVMK9D
+ 6bgn2uv+O5HyLx3OsSmbWa77wRaAMsSJvxFwnbae8NXbAcYmvLTPezMzHqUoRsLW
+ 3c/KIeFE8VsV6gwyJeQPt5WyYgZJdlS7nbZn5wUYljkcUJzz3OrvBkj4cUdejnk7
+ 6rFkJnx0iDW1ADC62TVbkT3x/72zAZHxVe0a8q0L/fI7KYkbqZSJNx+RuRomK0Gt
+ usIAymUXEIP3lClO5cawTBYQ9rAf2fXrGswlo3cplsXJiiQeQ82OL+wyfL1dorbm
+ wXpDUjoKDsLeAmGiMjJbKJcdYkgX/dfUhqSfLQxd7nq2OHdpV+vnrxYGNJ9cTmWG
+ DbsU6JQqpJ5KBwZ2GyxB6KRh5yW9jAZXDloK0ueKK41OHioZBEG4pVbDqSfsTu2P
+ YQn8VyFOzQLq5XP5LjLPNcTypUrXZFvQM/mpZEgUjBMGjoHwCWzHgQzXs9j/ya1+
+ 80/5l93jemawAzy9iLcx0l4B5yttNpP98X/MY4rb2cQ0n77Pd7tZcO1TL9dDXs6h
+ F+kZemBr1964028XS8dQpz4wEiMjFZOg2GyLRMrQBvp1fL9Cc5KWZD6Mq0froTMj
+ kPUxFjH1emsz7FncsikT
+ =FzDH
-----END PGP MESSAGE-----
fp: 60584680BB48B3CE3FECFFBE7D1302EE361D316A
unencrypted_suffix: _unencrypted