diff --git a/examples/keycloak/docker-compose.yml b/examples/keycloak/docker-compose.yml index 791f7298..eb13dc0c 100644 --- a/examples/keycloak/docker-compose.yml +++ b/examples/keycloak/docker-compose.yml @@ -6,17 +6,17 @@ services: ports: - 5443:5443 environment: - - AUTHORIZATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/auth - - TOKEN_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/token + - ISSUER=http://keycloak.localdomain:8080/auth/realms/vkpr - LOGOUT_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/logout - - JWKS_URI=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/certs - - REGISTRATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/clients-registrations/openid-connect - DISABLE_HTTPS=true - REVOCATION_ENDPOINT= - - ISSUER=http://keycloak.localdomain:8080/auth/realms/vkpr - CLIENT_ID=oidc-demo - CLIENT_SECRET=60e50da1-b492-4995-9574-763fa285456c - REDIRECT_URI=http://localhost:5443/callback - BASE_URL=http://localhost:5443 - VERIFY_SSL_SERVER=false - DEBUG=true + #- JWKS_URI=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/certs + #- REGISTRATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/clients-registrations/openid-connect + #- AUTHORIZATION_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/auth + #- TOKEN_ENDPOINT=http://keycloak.localdomain:8080/auth/realms/vkpr/protocol/openid-connect/token diff --git a/examples/local/values-local-certs-dns.yaml b/examples/local/values-local-certs-dns.yaml index 93632259..116b7ac3 100644 --- a/examples/local/values-local-certs-dns.yaml +++ b/examples/local/values-local-certs-dns.yaml @@ -2,6 +2,10 @@ # Valores para testes locais com o k3d, mas com Cert-manager e External-DNS operando # via DigitalOcean. # +# Este exemplo assume que pode modificar um domínio "vkpr-dev.vertigo.com.br" +# gerenciado pela DigitalOcean. Importante compreender que o DNS irá resolver para um +# IP de rede local (o External-Ip do load balancer no k3d). +# # O que executa: # - Ingress controller (ingress-nginx) # - Aplicação "whoami" com nome DNS real diff --git a/examples/local/values-local-minimal.yaml b/examples/local/values-local-minimal.yaml index c2f03fdc..87dfa7ea 100644 --- a/examples/local/values-local-minimal.yaml +++ b/examples/local/values-local-minimal.yaml @@ -5,12 +5,23 @@ # - Ingress controller (ingress-nginx) # - Aplicação "whoami" # +# +# INSTALAÇÃO COM MAKEFILE: +# +# make k3d_create +# make example_local_minimal +# +# +# INSTALAÇÃO VIA HELM (manual): +# # helm upgrade -i vkpr -f examples/local/values-local-minimal.yaml ./charts/vkpr # +# TESTAR: +# # Coloque as seguintes entradas no /etc/hosts : # 127.0.0.1 whoami.localdomain # -# Testar com: +# Testar via curl: # # curl whoami.localdomain:8080 # diff --git a/makefile b/makefile index ac9b84b6..3b16ded5 100644 --- a/makefile +++ b/makefile @@ -14,6 +14,34 @@ secret_del: kubectl delete secret vkpr-realm-secret -n vkpr rm ./vkpr-realm.json +KUBECONFIG := $(shell sh -c "k3d kubeconfig write vkpr-local") + +k3d_create: + k3d cluster create vkpr-local -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg "--no-deploy=traefik" + +k3d_delete: + k3d cluster delete vkpr-local + +k3d_info: + @echo "KUBECONFIG = $(KUBECONFIG)" + kubectl cluster-info + +## EXEMPLOS LOCAIS + +example_local_minimal: + @echo "KUBECONFIG = $(KUBECONFIG)" + helm upgrade -i vkpr -f examples/local/values-local-minimal.yaml ./charts/vkpr + @echo "curl whoami.localdomain:8080" + +example_local_keycloak: + @echo "KUBECONFIG = $(KUBECONFIG)" + kubectl create secret generic vkpr-realm-secret --from-file=examples/keycloak/realm.json + helm upgrade -i vkpr --skip-crds -f examples/local/values-local-keycloak.yaml ./charts/vkpr + docker-compose -f examples/keycloak/docker-compose.yml up -d + @echo "------ DONE ------" + @echo "Browser OIDC login test:" + @echo "Open http://localhost:5443/ on your browser and check integration with keycloak using the login/password defined on the realm" + ## VAULT SETUP ## vault_init_http: @@ -108,15 +136,6 @@ vault_k8s_config: vault_k8s_role: vault write auth/kubernetes/role/issuer bound_service_account_names=issuer bound_service_account_namespaces=default policies=pki ttl=20m -## Run keycloak locally with k3d -keycloak_local_up: - k3d cluster create vkpr-local -p "8080:80@loadbalancer" -p "8443:443@loadbalancer" --k3s-server-arg "--no-deploy=traefik" - export KUBECONFIG=$(k3d kubeconfig write vkpr-local) - kubectl create secret generic vkpr-realm-secret --from-file=examples/keycloak/realm.json - helm upgrade -i vkpr --skip-crds -f examples/local/values-local-keycloak.yaml ./charts/vkpr - docker-compose -f examples/keycloak/docker-compose.yml up -d - echo "Open http://localhost:5443/ on your browser and check integration with keycloak using the login/password defined on the realm" - vault_keycloak_local_up: k3d cluster create vkpr-local --k3s-server-arg "--no-deploy=traefik" export KUBECONFIG=$$(k3d kubeconfig write vkpr-local)