improved makefile and comments

vertigobr · Oct 27, 2020 · 59a9fee · 59a9fee
1 parent 5d96f51
commit 59a9fee
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 15 deletions.
diff --git a/examples/keycloak/docker-compose.yml b/examples/keycloak/docker-compose.yml
@@ -6,17 +6,17 @@ services:
     ports:
       - 5443:5443
     environment:
-      - AUTHORIZATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/auth
-      - TOKEN_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/token
+      - ISSUER=http://keycloak.localdomain:8080/auth/realms/vkpr
       - LOGOUT_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/logout
-      - JWKS_URI=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/certs
-      - REGISTRATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/clients-registrations/openid-connect
       - DISABLE_HTTPS=true
       - REVOCATION_ENDPOINT=
-      - ISSUER=http://keycloak.localdomain:8080/auth/realms/vkpr
       - CLIENT_ID=oidc-demo
       - CLIENT_SECRET=60e50da1-b492-4995-9574-763fa285456c
       - REDIRECT_URI=http://localhost:5443/callback
       - BASE_URL=http://localhost:5443
       - VERIFY_SSL_SERVER=false
       - DEBUG=true
+      #- JWKS_URI=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/certs
+      #- REGISTRATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/clients-registrations/openid-connect
+      #- AUTHORIZATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/auth
+      #- TOKEN_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/token
diff --git a/examples/local/values-local-certs-dns.yaml b/examples/local/values-local-certs-dns.yaml
@@ -2,6 +2,10 @@
 # Valores para testes locais com o k3d, mas com Cert-manager e External-DNS operando
 # via DigitalOcean.
 #
+# Este exemplo assume que <TOKEN> pode modificar um domínio "vkpr-dev.vertigo.com.br"
+# gerenciado pela DigitalOcean. Importante compreender que o DNS irá resolver para um
+# IP de rede local (o External-Ip do load balancer no k3d).
+#
 # O que executa:
 # - Ingress controller (ingress-nginx)
 # - Aplicação "whoami" com nome DNS real

diff --git a/examples/local/values-local-minimal.yaml b/examples/local/values-local-minimal.yaml
@@ -5,12 +5,23 @@
 # - Ingress controller (ingress-nginx)
 # - Aplicação "whoami"
 #
+#
+# INSTALAÇÃO COM MAKEFILE:
+#
+# make k3d_create
+# make example_local_minimal
+#
+#
+# INSTALAÇÃO VIA HELM (manual):
+#
 # helm upgrade -i vkpr -f examples/local/values-local-minimal.yaml ./charts/vkpr
 #
+# TESTAR:
+#
 # Coloque as seguintes entradas no /etc/hosts :
 # 127.0.0.1    whoami.localdomain
 #
-# Testar com:
+# Testar via curl:
 #
 # curl whoami.localdomain:8080
 #

diff --git a/makefile b/makefile
@@ -14,6 +14,34 @@ secret_del:
 	kubectl delete secret vkpr-realm-secret -n vkpr
 	rm ./vkpr-realm.json
 
+KUBECONFIG := $(shell sh -c "k3d kubeconfig write vkpr-local")
+
+k3d_create:
+	k3d cluster create vkpr-local -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg "--no-deploy=traefik"
+
+k3d_delete:
+	k3d cluster delete vkpr-local
+
+k3d_info:
+	@echo "KUBECONFIG = $(KUBECONFIG)"
+	kubectl cluster-info
+
+## EXEMPLOS LOCAIS
+
+example_local_minimal:
+	@echo "KUBECONFIG = $(KUBECONFIG)"
+	helm upgrade -i vkpr -f examples/local/values-local-minimal.yaml ./charts/vkpr
+	@echo "curl whoami.localdomain:8080"
+
+example_local_keycloak:
+	@echo "KUBECONFIG = $(KUBECONFIG)"
+	kubectl create secret generic vkpr-realm-secret --from-file=examples/keycloak/realm.json
+	helm upgrade -i vkpr --skip-crds -f examples/local/values-local-keycloak.yaml ./charts/vkpr
+	docker-compose -f examples/keycloak/docker-compose.yml up -d
+	@echo "------ DONE ------"
+	@echo "Browser OIDC login test:"
+	@echo "Open http://localhost:5443/ on your browser and check integration with keycloak using the login/password defined on the realm"
+
 ## VAULT SETUP ##
 
 vault_init_http:
@@ -108,15 +136,6 @@ vault_k8s_config:
 vault_k8s_role:
 	vault write auth/kubernetes/role/issuer bound_service_account_names=issuer bound_service_account_namespaces=default policies=pki ttl=20m
 
-## Run keycloak locally with k3d
-keycloak_local_up:
-	k3d cluster create vkpr-local -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg "--no-deploy=traefik"
-	export KUBECONFIG=$(k3d kubeconfig write vkpr-local)
-	kubectl create secret generic vkpr-realm-secret --from-file=examples/keycloak/realm.json
-	helm upgrade -i vkpr --skip-crds -f examples/local/values-local-keycloak.yaml ./charts/vkpr
-	docker-compose -f examples/keycloak/docker-compose.yml up -d
-	echo "Open http://localhost:5443/ on your browser and check integration with keycloak using the login/password defined on the realm"
-
 vault_keycloak_local_up:
 	k3d cluster create vkpr-local --k3s-server-arg "--no-deploy=traefik"
 	export KUBECONFIG=$$(k3d kubeconfig write vkpr-local)