feat(keycloak): migrate to keycloak helm chart #1107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 15813086 | Triggered | Generic Database Assignment | 16d722e | platform-apps/charts/keycloak/values-k3d.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Rendered ChartOnly in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:02:08.835698816 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:02:08.834698813 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:01:42.248612772 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:02:08.835698816 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:02:08.835698816 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:02:08.835698816 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:02:08.834698813 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:01:42.248612772 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:02:08.835698816 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:01:42.249612779 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:02:08.836698818 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:01:42.250612786 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:02:08.788698697 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:01:42.141612071 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:02:08.787698695 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:01:42.140612065 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:02:08.788698697 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:01:42.141612071 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:02:08.788698697 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:01:42.141612071 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:02:08.788698697 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:01:42.141612071 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:02:08.787698695 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:01:42.140612065 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:02:08.788698697 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:01:42.141612071 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:02:08.789698700 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:01:42.142612078 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered ChartOnly in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:15:46.288743365 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:15:46.287743363 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:15:46.288743365 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:16:12.543819194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:15:46.288743365 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-03 21:16:12.543819194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:15:46.288743365 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:15:46.287743363 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:16:12.542819191 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:15:46.288743365 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:16:12.544819196 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:15:46.289743368 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-03 21:15:46.178743073 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-03 21:15:46.177743070 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-03 21:15:46.178743073 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-03 21:15:46.178743073 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-03 21:15:46.178743073 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:16:12.492819069 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-03 21:15:46.177743070 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:16:12.493819072 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-03 21:15:46.178743073 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:16:12.494819074 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-03 21:15:46.179743076 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Rendered Chartdiff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:16:17.635279107 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:15:35.236664370 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:16:17.635279107 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:15:35.236664370 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:16:17.490280408 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:15:35.087665988 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:16:17.490280408 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:15:35.088665977 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:16:28.791185830 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:16:02.126422084 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:16:28.790185839 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:16:02.126422084 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:16:28.791185830 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:16:02.126422084 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:16:02.128422064 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:16:28.791185830 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:16:28.791185830 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:16:02.126422084 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:16:28.790185839 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:16:02.126422084 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:16:02.128422064 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:16:28.791185830 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:16:02.127422074 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:16:28.792185822 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:16:02.128422064 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:16:02.020423142 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:16:02.019423152 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:16:02.020423142 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:16:28.744186225 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:16:28.744186225 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:16:02.020423142 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:16:02.020423142 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:16:28.744186225 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:16:02.019423152 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:16:28.745186217 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:16:28.743186234 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:16:02.020423142 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:16:28.744186225 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:16:28.744186225 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:16:28.745186217 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:16:02.021423132 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 09:43:40.214443103 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 09:42:59.952192834 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 09:43:40.210443079 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 09:42:59.945192793 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 09:43:40.214443103 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 09:42:59.952192834 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 09:43:40.214443103 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 09:42:59.952192834 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:43:41.277449613 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:43:01.367201236 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:43:41.277449613 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:43:01.367201236 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:43:41.132448725 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 09:43:01.218200351 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:43:41.132448725 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 09:43:01.218200351 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:43:26.887361863 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:43:26.886361857 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:43:26.887361863 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:43:51.364510332 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 09:43:51.364510332 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:43:26.887361863 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:43:26.886361857 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:43:26.889361875 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:43:51.363510327 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:43:26.887361863 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:43:26.888361869 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:43:51.365510338 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:43:26.889361875 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:43:51.314510047 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 09:43:26.781361219 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:43:51.314510047 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 09:43:26.781361219 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:43:51.314510047 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 09:43:26.781361219 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 09:43:26.782361225 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 09:43:26.782361225 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:43:51.314510047 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 09:43:26.781361219 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 09:43:26.782361225 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:43:51.313510041 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 09:43:26.780361213 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 09:43:26.783361231 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:43:51.314510047 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 09:43:26.781361219 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 09:43:26.782361225 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 09:43:26.782361225 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:43:51.315510053 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 09:43:26.783361231 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 10:39:24.605352341 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 10:38:35.501603966 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 10:39:24.600352369 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 10:38:35.495603992 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 10:39:24.605352341 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 10:38:35.501603966 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 10:39:24.605352341 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 10:38:35.501603966 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 10:39:26.353342728 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 10:38:37.321596096 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 10:39:26.353342728 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 10:38:37.321596096 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 10:39:26.211343509 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 10:38:37.177596718 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 10:39:26.211343509 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 10:38:37.177596718 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 10:39:39.226274532 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 10:39:08.242438346 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 10:39:39.226274532 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 10:39:08.242438346 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 10:39:39.226274532 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 10:39:08.242438346 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 10:39:08.244438336 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 10:39:08.243438341 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 10:39:08.243438341 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 10:39:39.226274532 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 10:39:08.242438346 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 10:39:08.244438336 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 10:39:39.225274537 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 10:39:08.242438346 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 10:39:08.244438336 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 10:39:39.226274532 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 10:39:08.243438341 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 10:39:08.243438341 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 10:39:08.243438341 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 10:39:39.227274527 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 10:39:08.244438336 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 10:39:39.181274770 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 10:39:08.135438902 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 10:39:39.180274775 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 10:39:08.134438907 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 10:39:39.181274770 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 10:39:08.135438902 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 10:39:39.181274770 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 10:39:08.135438902 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 10:39:39.181274770 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 10:39:08.135438902 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 10:39:39.180274775 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 10:39:08.134438907 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 10:39:39.181274770 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 10:39:08.135438902 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 10:39:39.182274765 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 10:39:08.136438897 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 13:28:19.294198271 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 13:27:38.599459023 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 13:28:19.290198298 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 13:27:38.593459059 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 13:28:19.294198271 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 13:27:38.599459023 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 13:28:19.294198271 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 13:27:38.599459023 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 13:28:20.327191087 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 13:27:40.040450425 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 13:28:20.327191087 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 13:27:40.040450425 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 13:28:20.183192088 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 13:27:39.880451379 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 13:28:20.184192081 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 13:27:39.880451379 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 13:28:05.990286427 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 13:28:05.989286435 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 13:28:05.990286427 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 13:28:29.814125744 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 13:28:29.814125744 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 13:28:05.990286427 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 13:28:05.989286435 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 13:28:05.992286412 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 13:28:29.813125751 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 13:28:05.990286427 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 13:28:05.991286419 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 13:28:29.815125737 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 13:28:05.992286412 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 13:28:29.769126051 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 13:28:29.768126057 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 13:28:29.769126051 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 13:28:05.884287277 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 13:28:29.769126051 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 13:28:05.884287277 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 13:28:29.769126051 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 13:28:05.884287277 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 13:28:29.768126057 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 13:28:05.885287269 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 13:28:29.769126051 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 13:28:05.883287285 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 13:28:05.884287277 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 13:28:05.884287277 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 13:28:29.770126044 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 13:28:05.885287269 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 14:46:42.884575440 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 14:45:44.301398067 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 14:46:42.880575434 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 14:45:44.297398056 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 14:46:42.884575440 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 14:45:44.301398067 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 14:46:42.884575440 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 14:45:44.301398067 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 14:46:44.741578134 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 14:45:46.749404500 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 14:46:44.741578134 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 14:45:46.749404500 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 14:46:44.598577926 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 14:45:46.608404133 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 14:46:44.598577926 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 14:45:46.609404135 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 14:47:00.610621111 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 14:46:24.923516661 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 14:47:00.609621109 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 14:46:24.923516661 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 14:47:00.610621111 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 14:46:24.923516661 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 14:47:00.610621111 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -34,24 +34,8 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
@@ -77,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -57,26 +57,8 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 14:47:00.610621111 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 14:46:24.923516661 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 14:47:00.609621109 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 14:46:24.922516658 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 14:46:24.925516667 +0000
@@ -1,21 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -29,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -56,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -83,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -110,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -137,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -164,41 +149,14 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 14:47:00.610621111 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 14:46:24.923516661 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 14:46:24.924516664 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 14:47:00.611621114 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 14:46:24.925516667 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -6,9 +6,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -27,9 +27,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -48,9 +48,9 @@
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 14:47:00.565620991 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 14:46:24.818516351 +0000
@@ -2,9 +2,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,34 +27,9 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 14:47:00.565620991 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 14:46:24.818516351 +0000
@@ -61,16 +61,4 @@
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 14:47:00.565620991 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 14:46:24.818516351 +0000
@@ -6,11 +6,10 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
realm: kubrix
displayName: kubrix
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 14:47:00.566620993 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 14:46:24.819516354 +0000
@@ -1,20 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
@@ -28,12 +14,12 @@
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -55,12 +41,12 @@
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -82,12 +68,12 @@
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -109,12 +95,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -136,12 +122,12 @@
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -163,12 +149,12 @@
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 14:47:00.564620988 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 14:46:24.817516348 +0000
@@ -1,15 +1,6 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 14:47:00.565620991 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 14:46:24.818516351 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 14:47:00.565620991 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 14:46:24.818516351 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 14:47:00.566620993 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 14:46:24.819516354 +0000
@@ -1,41 +1,15 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 17:28:16.211266832 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 17:27:32.305871726 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 17:28:16.207266796 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 17:27:32.300871682 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 17:28:16.211266832 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 17:27:32.305871726 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 17:28:16.211266832 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 17:27:32.305871726 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 17:28:17.565279079 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 17:27:33.795884883 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 17:28:17.566279088 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 17:27:33.795884883 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 17:28:17.419277758 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 17:27:33.652883618 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 17:28:17.419277758 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 17:27:33.652883618 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 17:28:01.684135892 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 17:28:01.684135892 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 17:28:29.251386383 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 17:28:01.684135892 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 17:28:29.252386392 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 17:28:01.682135874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 17:28:01.683135883 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 17:28:29.253386401 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 17:28:01.684135892 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 17:28:29.205385957 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 17:28:01.572134865 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 17:28:01.575134893 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 17:28:29.206385967 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 17:28:01.573134874 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 17:28:01.574134883 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 17:28:29.207385976 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 17:28:01.575134893 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 18:51:42.195174662 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 18:50:58.953107554 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 18:51:42.191174656 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 18:50:58.947107545 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 18:51:42.195174662 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 18:50:58.953107554 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 18:51:42.195174662 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 18:50:58.953107554 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 18:51:43.494176638 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 18:51:00.650110023 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 18:51:43.494176638 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 18:51:00.650110023 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 18:51:43.354176425 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 18:51:00.504109811 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 18:51:43.354176425 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 18:51:00.505109813 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 18:51:27.941151959 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 18:51:54.583193192 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 18:51:27.941151959 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 18:51:54.584193194 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 18:51:27.942151960 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 18:51:54.585193195 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 18:51:27.943151962 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 18:51:54.536193125 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 18:51:54.536193125 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 18:51:27.833151791 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 18:51:54.536193125 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 18:51:27.833151791 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 18:51:27.836151795 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 18:51:54.537193126 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 18:51:27.834151792 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 18:51:27.835151794 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 18:51:54.538193128 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 18:51:27.836151795 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 19:17:39.217920544 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 19:16:53.765909186 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 19:17:39.213920544 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 19:16:53.760909183 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 19:17:39.217920544 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 19:16:53.764909185 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 19:17:39.217920544 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 19:16:53.764909185 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 19:17:40.522920397 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 19:16:56.505910292 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 19:17:40.523920397 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 19:16:56.506910292 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 19:17:40.379920413 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 19:16:56.358910232 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 19:17:40.379920413 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 19:16:56.358910232 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 19:17:24.520921202 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 19:17:51.634919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 19:17:24.520921202 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 19:17:51.633919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 19:17:24.521921202 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 19:17:51.635919414 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 19:17:24.522921202 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 19:17:24.412921206 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 19:17:51.586919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 19:17:24.412921206 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 19:17:51.587919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 19:17:24.413921206 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.11.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 19:17:51.588919418 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 19:17:24.414921206 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 20:45:29.862890325 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-04 20:44:46.030710871 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 20:45:29.858890313 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-04 20:44:46.025710852 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 20:45:29.862890325 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-04 20:44:46.030710871 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 20:45:29.862890325 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-04 20:44:46.030710871 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 20:45:31.212894571 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 20:44:47.560716514 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 20:45:31.212894571 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 20:44:47.560716514 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 20:45:31.062894099 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-04 20:44:47.402715931 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 20:45:31.062894099 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-04 20:44:47.403715935 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 20:45:15.266838139 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 20:45:42.521928975 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 20:45:15.266838139 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 20:45:42.520928972 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 20:45:15.267838143 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 20:45:42.522928977 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 20:45:15.268838147 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-04 20:45:15.156837708 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-04 20:45:15.156837708 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-04 20:45:15.156837708 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-04 20:45:15.156837708 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 20:45:42.472928837 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-04 20:45:15.157837712 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 20:45:42.473928840 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-04 20:45:15.158837716 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 07:09:21.333191326 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 07:08:39.193836912 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 07:09:21.328191282 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 07:08:39.189836880 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 07:09:21.333191326 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 07:08:39.193836912 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 07:09:21.333191326 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 07:08:39.193836912 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:09:22.548202031 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:08:40.756849608 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:09:22.548202031 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:08:40.756849608 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:09:22.404200762 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:08:40.596848308 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:09:22.405200771 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:08:40.596848308 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "11"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:09:33.175586325 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:09:07.050065768 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:09:07.051065777 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:09:33.176586334 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:09:07.052065785 +0000
@@ -3,38 +3,22 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
- name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:09:33.177586342 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:09:07.053065793 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "11"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:09:06.945064900 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:09:06.945064900 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:09:06.945064900 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:09:06.947064916 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:09:33.132585971 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:09:06.947064916 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:09:06.945064900 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:09:06.945064900 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:09:33.132585971 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:09:06.947064916 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:09:33.130585954 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:09:33.131585963 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:09:06.946064908 +0000
@@ -3,38 +3,22 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
- name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:09:33.132585971 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:09:06.947064916 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Signed-off-by: phac008 <philipp.achmueller@suxess-it.com>
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 07:22:06.693347268 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 07:21:15.689543975 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 07:22:06.689347284 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 07:21:15.684543993 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 07:22:06.693347268 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 07:21:15.689543975 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 07:22:06.693347268 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 07:21:15.689543975 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:22:08.475339906 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:21:17.969535194 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:22:08.476339902 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:21:17.969535194 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:22:08.333340491 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 07:21:17.826535817 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:22:08.333340491 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 07:21:17.827535813 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "1"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:22:23.457276411 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:21:49.183428369 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:22:23.457276411 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:21:49.183428369 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:22:23.458276407 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:21:49.184428366 +0000
@@ -3,38 +3,23 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:22:23.459276402 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:21:49.185428362 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "1"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 07:21:49.076428798 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:22:23.411276611 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 07:21:49.076428798 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:22:23.412276607 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-provider.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -7,5 +7,5 @@
name: provider-keycloak
annotations:
argocd.argoproj.io/sync-wave: "-10"
spec:
- package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.10.1
+ package: xpkg.upbound.io/crossplane-contrib/provider-keycloak:v1.12.0
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:22:23.413276602 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 07:21:49.077428794 +0000
@@ -3,38 +3,23 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:22:23.414276598 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 07:21:49.078428789 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Changes Default ValuesOnly in out-default-values/pr: keycloak_cluster_default-values.out
Only in out-default-values/pr: keycloak_keycloak_default-values.out
Only in out-default-values/pr: keycloak_postgresql_default-values.out |
Changes Rendered Chartdiff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 09:22:51.071889246 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-application-controller/statefulset.yaml 2025-03-05 09:22:01.306349607 +0000
@@ -24,9 +24,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 09:22:51.066889293 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-configs/argocd-cm.yaml 2025-03-05 09:22:01.301349651 +0000
@@ -19,23 +19,57 @@
application.instanceLabelKey: argocd.argoproj.io/instance
application.resourceTrackingMethod: annotation
application.sync.impersonation.enabled: "false"
exec.enabled: "false"
- resource.customizations: |
- argoproj.io/Application:
- health.lua: |
- hs = {}
- hs.status = "Progressing"
- hs.message = ""
- if obj.status ~= nil then
- if obj.status.health ~= nil then
- hs.status = obj.status.health.status
- if obj.status.health.message ~= nil then
- hs.message = obj.status.health.message
- end
- end
- end
- return hs
+ resource.customizations: "argoproj.io/Application:\n health.lua: |\n hs = {}\n hs.status = \"Progressing\"\n
+ \ hs.message = \"\"\n if obj.status ~= nil then\n if obj.status.health
+ ~= nil then\n hs.status = obj.status.health.status\n if obj.status.health.message
+ ~= nil then\n hs.message = obj.status.health.message\n end\n end\n
+ \ end\n return hs\n\n\"*.upbound.io/*\":\n health.lua: |\n health_status
+ = {\n status = \"Progressing\",\n message = \"Provisioning ...\"\n }\n
+ \ local function contains (table, val)\n for i, v in ipairs(table) do\n if
+ v == val then\n return true\n end\n end\n return false\n
+ \ end\n local has_no_status = {\n \"ProviderConfig\",\n \"ProviderConfigUsage\"\n
+ \ }\n if obj.status == nil or next(obj.status) == nil and contains(has_no_status,
+ obj.kind) then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is up-to-date.\"\n return health_status\n end\n if obj.status
+ == nil or next(obj.status) == nil or obj.status.conditions == nil then\n if
+ obj.kind == \"ProviderConfig\" and obj.status.users ~= nil then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is in use.\"\n return
+ health_status\n end\n return health_status\n end\n for i, condition
+ in ipairs(obj.status.conditions) do\n if condition.type == \"LastAsyncOperation\"
+ then\n if condition.status == \"False\" then\n health_status.status
+ = \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Synced\" then\n
+ \ if condition.status == \"False\" then\n health_status.status =
+ \"Degraded\"\n health_status.message = condition.message\n return
+ health_status\n end\n end\n if condition.type == \"Ready\" then\n
+ \ if condition.status == \"True\" then\n health_status.status = \"Healthy\"\n
+ \ health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status\n\"*.crossplane.io/*\":\n
+ \ health.lua: |\n health_status = {\n status = \"Progressing\",\n message
+ = \"Provisioning ...\"\n }\n local function contains (table, val)\n for
+ i, v in ipairs(table) do\n if v == val then\n return true\n end\n
+ \ end\n return false\n end\n local has_no_status = {\n \"Composition\",\n
+ \ \"CompositionRevision\",\n \"DeploymentRuntimeConfig\",\n \"ControllerConfig\",\n
+ \ \"ProviderConfig\",\n \"ProviderConfigUsage\"\n }\n if obj.status
+ == nil or next(obj.status) == nil and contains(has_no_status, obj.kind) then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n if obj.status == nil or next(obj.status) == nil or obj.status.conditions
+ == nil then\n if obj.kind == \"ProviderConfig\" and obj.status.users ~= nil
+ then\n health_status.status = \"Healthy\"\n health_status.message
+ = \"Resource is in use.\"\n return health_status\n end\n return
+ health_status\n end\n for i, condition in ipairs(obj.status.conditions) do\n
+ \ if condition.type == \"LastAsyncOperation\" then\n if condition.status
+ == \"False\" then\n health_status.status = \"Degraded\"\n health_status.message
+ = condition.message\n return health_status\n end\n end\n if
+ condition.type == \"Synced\" then\n if condition.status == \"False\" then\n
+ \ health_status.status = \"Degraded\"\n health_status.message =
+ condition.message\n return health_status\n end\n end\n if
+ contains({\"Ready\", \"Healthy\", \"Offered\", \"Established\"}, condition.type)
+ then\n if condition.status == \"True\" then\n health_status.status
+ = \"Healthy\"\n health_status.message = \"Resource is up-to-date.\"\n return
+ health_status\n end\n end\n end\n return health_status \n"
server.rbac.log.enforce.enable: "false"
statusbadge.enabled: "false"
timeout.hard.reconciliation: 0s
timeout.reconciliation: 20s
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 09:22:51.071889246 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-repo-server/deployment.yaml 2025-03-05 09:22:01.306349607 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml
--- out/target/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 09:22:51.071889246 +0000
+++ out/pr/argocd/values-k3d.yaml/argocd/charts/argo-cd/templates/argocd-server/deployment.yaml 2025-03-05 09:22:01.306349607 +0000
@@ -23,9 +23,9 @@
template:
metadata:
annotations:
checksum/cmd-params: 021657bca0b768f07802318ce7d0b20b3d5045c2feedf146761230e3127d1a38
- checksum/cm: 092e4b68676523e0791c5a3260457f72fb09b529679b11d8e23fa30c7ac50527
+ checksum/cm: afea27a043f6ab24838a5d7aa0d65ebd4dc0ec07c9d228f6ceaa7582e0f0f5ff
labels:
helm.sh/chart: argo-cd-7.8.5
app.kubernetes.io/name: argocd-server
app.kubernetes.io/instance: release-name
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 09:22:52.779873059 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 09:22:03.519330140 +0000
@@ -42,9 +42,9 @@
additionalScopes: groups
callbackUrl: https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -107,9 +107,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 09:22:52.780873050 +0000
+++ out/pr/backstage/values-demo-metalstack.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 09:22:03.520330132 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: a6d0d69f197b507dbd1559fd3893841a137aef7948c44a73f2a5b2934a1162e8
+ checksum/app-config: 5a81cc557ab281ce5c5eb2df547757b0313f786abdb12a8b61a4638b5f4270bc
spec:
serviceAccountName: default
volumes:
- configMap:
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 09:22:52.630874471 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/app-config-configmap.yaml 2025-03-05 09:22:03.368331468 +0000
@@ -37,9 +37,9 @@
additionalScopes: groups
callbackUrl: https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame
clientId: backstage
clientSecret: demosecret
- metadataUrl: http://keycloak-service.keycloak.svc.cluster.local:8080/realms/kubrix
+ metadataUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080/realms/kubrix
prompt: auto
signIn:
resolvers:
- resolver: emailLocalPartMatchingUserEntityName
@@ -100,9 +100,9 @@
type: url
providers:
keycloakOrg:
default:
- baseUrl: http://keycloak-service.keycloak.svc.cluster.local:8080
+ baseUrl: http://sx-keycloak-headless.keycloak.svc.cluster.local:8080
clientId: backstage
clientSecret: demosecret
loginRealm: kubrix
realm: kubrix
diff -U 4 -r out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml
--- out/target/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 09:22:52.630874471 +0000
+++ out/pr/backstage/values-k3d.yaml/sx-backstage/charts/backstage/templates/backstage-deployment.yaml 2025-03-05 09:22:03.368331468 +0000
@@ -28,9 +28,9 @@
app.kubernetes.io/instance: release-name
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/component: backstage
annotations:
- checksum/app-config: fd73c8167b845e840a077590441d9ef399d094ee33eebbaa9f4f41e71357d329
+ checksum/app-config: abdecdd74242fc70d75c25eb90c363cdeb8f8fc6226bb1926d128a33e212515b
spec:
serviceAccountName: default
volumes:
- configMap:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak: charts
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: 2faflow.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "1"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage.demo.kubrix.cloud/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 09:23:06.258744933 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 09:22:34.693040960 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana.demo.kubrix.cloud:3000/login/generic_oauth"
- "https://grafana.demo.kubrix.cloud/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -34,28 +34,12 @@
# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Group
metadata:
- name: team-a
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- name: team-a
- deletionPolicy: "Delete"
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-groups.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Group
-metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -69,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -57,30 +57,12 @@
# Source: sx-keycloak/templates/cp-keycloak-member.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Memberships
metadata:
- name: backstage-team-a-users-memberships
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- groupIdRef:
- name: team-a
- members:
- - team-auser
- realmId: kubrix
- providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-member.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Memberships
-metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin.demo.kubrix.cloud/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak.demo.kubrix.cloud/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 09:23:06.258744933 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 09:22:34.693040960 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -1,40 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
- team-auser: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -47,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -74,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -101,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -128,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -155,50 +140,23 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
providerConfigRef:
- name: "release-name-config"
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: user.keycloak.crossplane.io/v1alpha1
-kind: User
-metadata:
- name: team-auser
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- forProvider:
- realmId: kubrix
- username: team-auser
- enabled: true
- emailVerified: true
- firstName: team-a
- lastName: demouser
- email: team-auser@platform-engineer.cloud
- initialPassword:
- - valueSecretRef:
- name: "release-name-initial-passwords"
- key: team-auser
- namespace: default
- temporary: false # should be set to true in production
- deletionPolicy: "Delete"
- providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault.demo.kubrix.cloud/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 09:23:06.259744924 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/func.yaml 2025-03-05 09:22:34.694040951 +0000
@@ -3,38 +3,23 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 09:23:06.260744914 +0000
+++ out/pr/keycloak/values-demo-metalstack.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 09:22:34.695040943 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak: charts
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/comp.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: Composition
metadata:
name: keycloak-builtin-objects
annotations:
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "1"
spec:
compositeTypeRef:
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: configmap.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-backstage-client.yaml 2025-03-05 09:22:34.581041923 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-backstage-password"
-type: Opaque
-stringData:
- backstage: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-backstage-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: backstage
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://backstage-127-0-0-1.nip.io/api/auth/oidc/handler/frame"
clientSecretSecretRef:
key: backstage
- name: "release-name-client-backstage-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-client-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-clientscope.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-groups
spec:
@@ -26,9 +26,9 @@
kind: ClientScope
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
labels:
platform-engineer.cloud/clientscope: groups
name: openid-client-scope-openid
spec:
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-cp-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientroles-grafana.yaml 2025-03-05 09:22:34.581041923 +0000
@@ -4,11 +4,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
name: client-default-role-grafana-viewer
spec:
forProvider:
clientIdRef:
@@ -25,11 +25,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: editor
+ platform-engineer.cloud/role: grafana-editor
name: client-default-role-grafana-editor
spec:
forProvider:
clientIdRef:
@@ -46,11 +46,11 @@
kind: Role
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
labels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
name: client-default-role-grafana-admin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-backstage.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-grafana.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-grafana
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-pgadmin.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-pgadmin
spec:
forProvider:
clientIdRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-default-clientscopes-vault.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -4,9 +4,9 @@
kind: ClientDefaultScopes
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
name: client-default-scopes-vault
spec:
forProvider:
clientIdRef:
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-externaldb-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-client.yaml 2025-03-05 09:22:34.581041923 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-grafana-password"
-type: Opaque
-stringData:
- grafana: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: grafana
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -35,9 +26,9 @@
# - "http://grafana-127-0-0-1.nip.io:3000/login/generic_oauth"
- "https://grafana-127-0-0-1.nip.io/login/generic_oauth"
clientSecretSecretRef:
key: grafana
- name: "release-name-client-grafana-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml 2025-03-05 09:22:34.583041906 +0000
@@ -2,12 +2,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles
+ name: grafana-group-roles-admins-grafana-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -16,9 +16,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: admin
+ platform-engineer.cloud/role: grafana-admin
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -27,37 +27,12 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer
+ name: grafana-group-roles-team1-grafana-viewer
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
-spec:
- deletionPolicy: Delete
- forProvider:
- exhaustive: false
- groupIdRef:
- name: users
- realmIdRef:
- name: kubrix
- roleIdsSelector:
- matchLabels:
- platform-engineer.cloud/role: editor
- initProvider: {}
- managementPolicies:
- - '*'
- providerConfigRef:
- name: sx-keycloak-config
----
-# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
-apiVersion: group.keycloak.crossplane.io/v1alpha1
-kind: Roles
-metadata:
- name: grafana-grafana-group-roles-viewer-team1
- annotations:
- argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
@@ -66,9 +41,9 @@
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-viewer
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
@@ -77,23 +52,23 @@
# Source: sx-keycloak/templates/cp-keycloak-grafana-group-roles.yaml
apiVersion: group.keycloak.crossplane.io/v1alpha1
kind: Roles
metadata:
- name: grafana-grafana-group-roles-viewer-team-a
+ name: grafana-group-roles-users-grafana-editor
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "7"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
groupIdRef:
- name: team-a
+ name: users
realmIdRef:
name: kubrix
roleIdsSelector:
matchLabels:
- platform-engineer.cloud/role: viewer
+ platform-engineer.cloud/role: grafana-editor
initProvider: {}
managementPolicies:
- '*'
providerConfigRef:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-group-roles.yaml 2025-03-05 09:22:34.583041906 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-default-group-roles
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
deletionPolicy: Delete
forProvider:
exhaustive: false
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-groups.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -5,9 +5,9 @@
metadata:
name: admins
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: admins
@@ -21,9 +21,9 @@
metadata:
name: team1
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: team1
@@ -37,9 +37,9 @@
metadata:
name: users
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: users
@@ -53,24 +53,12 @@
metadata:
name: backstage-admin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
realmId: kubrix
name: backstage-admin
deletionPolicy: "Delete"
providerConfigRef:
name: "release-name-config"
-#---
-#apiVersion: group.keycloak.crossplane.io/v1alpha1
-#kind: Group
-#metadata:
-# name: crossplane-admin
-#spec:
-# forProvider:
-# realmId: master
-# name: crossplane-admin
-# deletionPolicy: "Delete"
-# providerConfigRef:
-# name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-member.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -5,9 +5,9 @@
metadata:
name: backstage-admin-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "6"
spec:
forProvider:
groupIdRef:
name: backstage-admin
@@ -23,9 +23,9 @@
metadata:
name: backstage-admins-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: admins
@@ -42,9 +42,9 @@
metadata:
name: backstage-team1-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: team1
@@ -60,9 +60,9 @@
metadata:
name: backstage-users-users-memberships
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "4"
spec:
forProvider:
groupIdRef:
name: users
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml 2025-03-05 09:22:34.581041923 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-pgadmin-password"
-type: Opaque
-stringData:
- pgadmin: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-pgadmin-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: pgadmin
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -31,9 +22,9 @@
- "http://localhost:7007/api/auth/oidc/handler/frame"
- "https://pgadmin-127-0-0-1.nip.io/oauth2/authorize"
clientSecretSecretRef:
key: pgadmin
- name: "release-name-client-pgadmin-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper-grafana.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper-grafana
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-protocolmapper.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -5,9 +5,9 @@
metadata:
name: openid-user-attribute-mapper
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "3"
spec:
forProvider:
clientScopeIdSelector:
matchLabels:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-realm.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -6,9 +6,9 @@
name: kubrix
labels:
platform-engineer.cloud/realm: kubrix
annotations:
- link.argocd.argoproj.io/external-link: https:///admin/master/console/#/kubrix
+ link.argocd.argoproj.io/external-link: https://keycloak-127-0-0-1.nip.io/admin/master/console/#/kubrix
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
argocd.argoproj.io/sync-wave: "1"
spec:
forProvider:
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 09:23:06.211745381 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-secret.yaml 2025-03-05 09:22:34.581041923 +0000
@@ -2,18 +2,23 @@
# Source: sx-keycloak/templates/cp-keycloak-secret.yaml
apiVersion: v1
kind: Secret
metadata:
- name: "release-name-credentials"
+ name: keycloak-credentials
annotations:
argocd.argoproj.io/sync-wave: "-9"
+ labels:
+ type: provider-credentials
type: Opaque
stringData:
- keycloak-credentials: |
+ # credentials username MUST be the same as adminUser from values file
+ # credentials password MUST be the same as adminPassword
+ credentials: |
{
- "username":"admin",
+ "username": "admin",
+ "password": "admin1",
+ "url": "http://release-name-headless.default.svc.cluster.local:8080",
"client_id": "admin-cli",
- "password":"admin",
- "url": "http://keycloak-service.default.svc.cluster.local:8080",
"realm": "master",
"tls_insecure_skip_verify": "true"
}
+ admin-password: "admin1"
Only in out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates: cp-keycloak-users-secret.yaml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-users.yaml 2025-03-05 09:22:34.583041906 +0000
@@ -1,39 +1,25 @@
---
# Source: sx-keycloak/templates/cp-keycloak-users.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-initial-passwords"
-type: Opaque
-stringData:
- phac: test
- jokl: test
- backstageadmin: test
- demouser: test
- demoadmin: test
- team1user: test
----
-# Source: sx-keycloak/templates/cp-keycloak-users.yaml
apiVersion: user.keycloak.crossplane.io/v1alpha1
kind: User
metadata:
name: phac
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: phac
enabled: true
emailVerified: true
firstName: Philipp
lastName: Achmueller
- email: philipp.achmueller@platform-engineer.cloud
+ email: philipp.achmueller@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: phac
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -46,21 +32,21 @@
metadata:
name: jokl
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: jokl
enabled: true
emailVerified: true
firstName: Johannes
lastName: Kleinlercher
- email: johannes.kleinlercher@platform-engineer.cloud
+ email: johannes.kleinlercher@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: jokl
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -73,21 +59,21 @@
metadata:
name: backstageadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: backstageadmin
enabled: true
emailVerified: true
firstName: MrBackstage
lastName: MrAdmin
- email: backstageadmin@platform-engineer.cloud
+ email: backstageadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: backstageadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -100,21 +86,21 @@
metadata:
name: demouser
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demouser
enabled: true
emailVerified: true
firstName: demo
lastName: user
- email: demouser@platform-engineer.cloud
+ email: demouser@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demouser
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -127,21 +113,21 @@
metadata:
name: demoadmin
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: demoadmin
enabled: true
emailVerified: true
firstName: demo
lastName: admin
- email: demoadmin@platform-engineer.cloud
+ email: demoadmin@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: demoadmin
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
@@ -154,21 +140,21 @@
metadata:
name: team1user
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
forProvider:
realmId: kubrix
username: team1user
enabled: true
emailVerified: true
firstName: team1
lastName: demouser
- email: team1user@platform-engineer.cloud
+ email: team1user@kubrix.io
initialPassword:
- valueSecretRef:
- name: "release-name-initial-passwords"
+ name: "cp-keycloak-users-secret"
key: team1user
namespace: default
temporary: false # should be set to true in production
deletionPolicy: "Delete"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-keycloak-vault-client.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -1,21 +1,12 @@
---
# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: "release-name-client-vault-password"
-type: Opaque
-stringData:
- vault: demosecret
----
-# Source: sx-keycloak/templates/cp-keycloak-vault-client.yaml
apiVersion: openidclient.keycloak.crossplane.io/v1alpha1
kind: Client
metadata:
name: vault
annotations:
- argocd.argoproj.io/sync-wave: "1"
+ argocd.argoproj.io/sync-wave: "5"
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
spec:
deletionPolicy: Delete
forProvider:
@@ -32,9 +23,9 @@
validRedirectUris:
- "https://vault-127-0-0-1.nip.io/ui/vault/auth/oidc/oidc/callback"
clientSecretSecretRef:
key: vault
- name: "release-name-client-vault-password"
+ name: keycloak-client-credentials
namespace: default
loginTheme: keycloak
providerConfigRef:
name: "release-name-config"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/cp-providerconfig.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -11,7 +11,7 @@
spec:
credentials:
source: Secret
secretRef:
- name: "release-name-credentials"
- key: keycloak-credentials
+ name: keycloak-credentials
+ key: credentials
namespace: "default"
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 09:23:06.212745372 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/func.yaml 2025-03-05 09:22:34.582041915 +0000
@@ -3,38 +3,23 @@
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-extra-resources
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-extra-resources:v0.0.3
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-auto-ready
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # This tells crossplane beta render to connect to the function locally.
- #render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: xpkg.upbound.io/crossplane-contrib/function-auto-ready:v0.2.1
---
# Source: sx-keycloak/templates/func.yaml
apiVersion: pkg.crossplane.io/v1beta1
kind: Function
metadata:
name: function-keycloak-builtin-objects
- annotations:
- argocd.argoproj.io/sync-wave: "-2"
- # # This tells crossplane beta render to connect to the function locally.
- # render.crossplane.io/runtime: Development
spec:
- # This is ignored when using the Development runtime.
package: registry.gitlab.com/corewire/images/crossplane/function-keycloak-builtin-objects:v1.0.0
packagePullPolicy: Always
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: ingress.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: keycloak.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: postgres.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: pvc.yaml
Only in out/target/keycloak/values-k3d.yaml/sx-keycloak/templates: secrets.yml
diff -U 4 -r out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml
--- out/target/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 09:23:06.213745362 +0000
+++ out/pr/keycloak/values-k3d.yaml/sx-keycloak/templates/xr.yaml 2025-03-05 09:22:34.583041906 +0000
@@ -1,41 +1,16 @@
---
# Source: sx-keycloak/templates/xr.yaml
-# Example for Master Realm
-#apiVersion: keycloak.crossplane.io/v1alpha1
-#kind: XBuiltinObjects
-#metadata:
-# name: keycloak-builtin-objects-master
-# annotations:
-# argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-#spec:
-# providerConfigName: sx-keycloak-config
-# providerSecretName: keycloak-credentials-cp
-# realm: master
-# builtinClients:
-# - account
-# - account-console
-# - admin-cli
-# - broker
-# - master-realm
-# - security-admin-console
-# builtinRealmRoles:
-# - offline_access
-# - uma_authorization
-# - admin
-# - create-realm
-#---
-# Example for a custom realm (custom realms have different builtin clients/roles than the master realm)
apiVersion: keycloak.crossplane.io/v1alpha1
kind: XBuiltinObjects
metadata:
name: keycloak-builtin-objects-kubrix
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
- argocd.argoproj.io/sync-wave: "-1"
+ argocd.argoproj.io/sync-wave: "2"
spec:
providerConfigName: sx-keycloak-config
- providerSecretName: keycloak-credentials-cp
+ providerSecretName: keycloak-credentials
realm: kubrix
builtinClients:
- account
- account-console |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.