a9f2ba76ae
* feat!(openid): introducing support for openid configuration BREAKING CHANGE: provider configuration changed from auth.authentication.provider to auth.authentication.jwt.enabled * add upgrading to 4.1.0 * add validation for deprecated values * add openid CI with keycloak * fix chart-testing lint new-line-at-end-of-file * fix keycloak dependency repository * fix keycloak repository * fix yaml to json convert error * disable keycloak to validate github actions before re-enable it * disable openid test scenario * disable keycloak in values * enable keycloak without authentication and authorization * add openid test scenario * disable test scenario other than openid * enable all test scenario * disable functions component * create openid resources * test truncate command * test truncate command * change client_secret generator * change client_secret generator * test python * fix script * fix script * print python result * test python * test python * fix client_secret generation * fix create openid resources * fix secret name * fix mount keycloak config * fix keycloak service * exclude keycloak from chart * add license * add license * wait keycloak is alive * fix keycloak chart install namespace * add test pulsar real openid config * fix keycloak issuer url * fix pod name * remove check keycloak alive * check realm pulsar openid configuration * change keycloak service * remove test keyclock service * remove selector to get all pod log * wait keycloak is alive * check keycloak realm pulsar urls * wait until keycloak is ready * add wait timeout * fix realm pulsar name * add log to debug * add openid for toolset * set authorization * set authorization * fix client template filename * fix install keycloak * disable authorization * debug sub claim value * fix sub claim value * cleanup * enable all build --------- Co-authored-by: glecroc <guillaume.lecroc@cnp.fr>
71 lines
3.3 KiB
YAML
71 lines
3.3 KiB
YAML
#
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
{{- if .Values.components.toolset }}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: "{{ template "pulsar.fullname" . }}-{{ .Values.toolset.component }}"
|
|
namespace: {{ template "pulsar.namespace" . }}
|
|
labels:
|
|
{{- include "pulsar.standardLabels" . | nindent 4 }}
|
|
component: {{ .Values.toolset.component }}
|
|
data:
|
|
BOOKIE_LOG_APPENDER: "RollingFile"
|
|
{{- include "pulsar.bookkeeper.config.common" . | nindent 2 }}
|
|
{{- if not .Values.toolset.useProxy }}
|
|
# talk to broker
|
|
{{- if and .Values.tls.enabled .Values.tls.broker.enabled }}
|
|
webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.https }}/"
|
|
brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsarssl }}/"
|
|
useTls: "true"
|
|
tlsAllowInsecureConnection: "false"
|
|
tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt"
|
|
tlsEnableHostnameVerification: "false"
|
|
{{- end }}
|
|
{{- if not (and .Values.tls.enabled .Values.tls.broker.enabled) }}
|
|
webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.http }}/"
|
|
brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}:{{ .Values.broker.ports.pulsar }}/"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.toolset.useProxy }}
|
|
# talk to proxy
|
|
{{- if and .Values.tls.enabled .Values.tls.proxy.enabled }}
|
|
webServiceUrl: "https://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.https }}/"
|
|
brokerServiceUrl: "pulsar+ssl://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsarssl }}/"
|
|
useTls: "true"
|
|
tlsAllowInsecureConnection: "false"
|
|
tlsTrustCertsFilePath: "/pulsar/certs/proxy-ca/ca.crt"
|
|
tlsEnableHostnameVerification: "false"
|
|
{{- end }}
|
|
{{- if not (and .Values.tls.enabled .Values.tls.proxy.enabled) }}
|
|
webServiceUrl: "http://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.http }}/"
|
|
brokerServiceUrl: "pulsar://{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}:{{ .Values.proxy.ports.pulsar }}/"
|
|
{{- end }}
|
|
{{- end }}
|
|
# Authentication Settings
|
|
{{- if .Values.auth.authentication.enabled }}
|
|
{{- if .Values.auth.authentication.jwt.enabled }}
|
|
authParams: "file:///pulsar/tokens/client/token"
|
|
authPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
|
|
{{- end }}
|
|
{{- end }}
|
|
{{ toYaml .Values.toolset.configData | indent 2 }}
|
|
{{- end }}
|