Open lknite opened 2 years ago
I had two env sections, when merged my env sections publicRegisterEnabled began to work as expected. Still I added a check for true and used True with a capital T as this seems to be required in taigaBack. Also added a comment in the values file that extra env variables can also be added to front.
Updated values.yaml:
taigaFront:
image:
repository: robrotheram/taiga-front-openid
pullPolicy: IfNotPresent
#pullPolicy: Always
tag: 6.4.2
#tag: latest
extraEnv:
- name: ENABLE_OPENID
value: "true"
#- name: PUBLIC_REGISTER_ENABLED
# value: "true"
- name: OPENID_URL
value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth"
- name: OPENID_CLIENT_ID
value: "taiga.k-dev.harmony.net"
- name: OPENID_NAME
value: "keycloak"
- name: OPENID_SCOPE
value: "openid email"
taigaBack:
image:
repository: robrotheram/taiga-back-openid
pullPolicy: IfNotPresent
#pullPolicy: Always
tag: 6.4.2
#tag: latest
extraEnv:
- name: ENABLE_OPENID
value: "True"
#- name: PUBLIC_REGISTER_ENABLED
# value: "True"
- name: OPENID_USER_URL
value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
- name: OPENID_TOKEN_URL
value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
- name: OPENID_CLIENT_ID
value: "taiga.k-dev.harmony.net"
- name: OPENID_CLIENT_SECRET
value: "<hidden>"
- name: OPENID_SCOPE
value: "openid email"
extraVolumeMounts:
- mountPath: /tmp/ca
name: certs
extraVolumes:
- name: certs
configMap:
name: ca-certs
items:
- key: "ca.crt"
path: "ca.crt"
lifecycle:
postStartCommand:
- /bin/sh
- -c
- "cat /tmp/ca/ca.crt >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"
taigaAsync:
image:
tag: 6.4.2
#taigaFront:
# image:
# tag: 6.4.2
#taigaBack:
# image:
# tag: 6.4.2
taigaProtected:
image:
tag: 6.4.0
name: taiga
env:
taigaURL: "https://taiga.k-dev.harmony.net"
postgresHost: "taiga-db"
publicRegisterEnabled: "true"
persistence:
media:
## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
##
enabled: true
size: '100Mi'
## Sets persistent volume claim's storageClassName. Defaults to `default`.
##
storageClassName: longhorn-slow
accessMode: 'ReadWriteMany'
static:
## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
##
enabled: true
size: '100Mi'
## Sets persistent volume claim's storageClassName. Defaults to `default`.
##
storageClassName: longhorn-slow
accessMode: 'ReadWriteMany'
Noticed another project, the bitnami helm chart to install argo-cd also uses these fields, so they might be something fairly standard at this point. Here's a comment of someone doing something similar: https://github.com/argoproj/argo-cd/issues/4344#issuecomment-890382825
These changes work for me to setup a mount with an onprem ca certificate chain in a configmap and then import that using a postStart command. The ability to set an environment variable on the front and back stateful sets was also necessary to setup the environment variables needed by the https://github.com/robrotheram/taiga-contrib-openid-auth extension/plugin.
Notes:
My values.yaml file: