Merge pull request #480 from CivMC/feature/fix-services

Update auth and monitoring templates
This commit is contained in:
AngrySoundTech
2024-04-30 15:00:49 -04:00
committed by GitHub
2 changed files with 18 additions and 14 deletions

View File

@@ -3,21 +3,25 @@ version: '3.8'
services:
keycloak:
image: jboss/keycloak:latest
image: keycloak/keycloak:latest
restart: always
networks:
- auth_default
- traefik-public
environment:
KEYCLOAK_USER: '{{secret.auth.keycloak.user}}'
KEYCLOAK_PASSWORD: '{{secret.auth.keycloak.password}}'
PROXY_ADDRESS_FORWARDING: 'true'
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: '{{secret.auth.postgres.password}}'
KEYCLOAK_ADMIN: '{{secret.auth.keycloak.user}}'
KEYCLOAK_ADMIN_PASSWORD: '{{secret.auth.keycloak.password}}'
KC_HOSTNAME: '{{secret.auth.keycloak.host}}'
KC_HOSTNAME_STRICT: 'false'
KC_PROXY: edge
KC_PROXY_ADDRESS_FORWARDING: 'true'
KC_HTTP_ENABLED: 'true'
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: '{{secret.auth.postgres.password}}'
deploy:
placement:
constraints: [node.role == manager]

View File

@@ -20,10 +20,10 @@ services:
GF_AUTH_GENERIC_OAUTH_ALLOW_SIGN_UP: "true"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "{{secret.monitoring.grafana.oauth.client_id}}"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "{{secret.monitoring.grafana.oauth.client_secret}}"
GF_AUTH_GENERIC_OAUTH_SCOPES: profile
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/auth/realms/Internal/protocol/openid-connect/auth"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/auth/realms/Internal/protocol/openid-connect/token"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/auth/realms/Internal/protocol/openid-connect/userinfo"
GF_AUTH_GENERIC_OAUTH_SCOPES: 'openid profile email'
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/realms/Internal/protocol/openid-connect/auth"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/realms/Internal/protocol/openid-connect/token"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://{{secret.monitoring.grafana.oauth.domain}}/realms/Internal/protocol/openid-connect/userinfo"
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'"
user: "0"
deploy: