🐛 better keycloak ingress (#79)

* Fixes ingress for keycloak bitnami chart 17.x, to use its schema for ingress rules.
* repath `keycloak` to just `auth`
* Adds a link

charts/attributes/values.yaml

@@ -10,7 +10,7 @@ serverRootPath: /attributes
 oidc:
   realm: tdf
   internalHost: http://keycloak/auth
-  externalHost: http://localhost:65432/keycloak/auth
+  externalHost: http://localhost:65432/auth
   clientId: tdf-attributes
   clientSecret: myclientsecret
 

deployments/docker-desktop/keycloak-values.yaml

@@ -31,7 +31,7 @@ extraEnv: |
   - name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
     value: "true"
   - name: KEYCLOAK_FRONTEND_URL
-    value: "http://localhost:65432/keycloak/auth"
+    value: "http://localhost:65432/auth"
 extraEnvFrom: |
   - secretRef:
       name: '{{ include "keycloak.fullname" . }}-db'
@@ -44,10 +44,13 @@ ingress:
   enabled: true
   annotations:
     kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  path: /keycloak(/|$)(.*)
-  hostname: localhost
-  extraHosts:
-    - name: host.docker.internal 
-      path: /keycloak(/|$)(.*)
-      pathType: Prefix
+  rules:
+    - host: localhost
+      paths:
+        - path: /auth(/|$)(.*)
+          pathType: Prefix
+    - host: host.docker.internal 
+      paths:
+        - path: /auth(/|$)(.*)
+          pathType: Prefix
+  tls: null

tests/integration/Tiltfile

@@ -243,6 +243,13 @@ docker_build(
     build_args={"ALPINE_VERSION": ALPINE_VERSION, "PY_VERSION": PY_VERSION},
 )
 
+k8s_resource(
+    "keycloak",
+    links=[
+        link('localhost:65432/auth', 'Keycloak admin console')
+    ],
+)
+
 k8s_resource("bootstrap-keycloak", resource_deps=["keycloak", "opentdf-entitlements"])
 
 #    db    db d888888b d88888b .d8888. d888888b

tests/integration/backend-attributes-values.yaml

@@ -4,7 +4,7 @@ serverRootPath: /attributes
 oidc:
   realm: tdf
   internalHost: http://keycloak/auth
-  externalHost: http://localhost:65432/keycloak/auth
+  externalHost: http://localhost:65432/auth
   clientId: tdf-attributes
   clientSecret: myclientsecret
 

tests/integration/backend-keycloak-values.yaml

@@ -25,7 +25,7 @@ extraEnv: |
   - name: KEYCLOAK_PROXY_ADDRESS_FORWARDING
     value: "true"
   - name: KEYCLOAK_FRONTEND_URL
-    value: "http://localhost:65432/keycloak/auth"
+    value: "http://localhost:65432/auth"
 extraEnvFrom: |
   - secretRef:
       name: '{{ include "keycloak.fullname" . }}-db'
@@ -38,10 +38,13 @@ ingress:
   enabled: true
   annotations:
     kubernetes.io/ingress.class: nginx
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  path: /keycloak(/|$)(.*)
-  hostname: localhost
-  extraHosts:
-    - name: host.docker.internal 
-      path: /keycloak(/|$)(.*)
-      pathType: Prefix
+  rules:
+    - host: localhost
+      paths:
+        - path: /auth(/|$)(.*)
+          pathType: Prefix
+    - host: host.docker.internal 
+      paths:
+        - path: /auth(/|$)(.*)
+          pathType: Prefix
+  tls: null

tests/integration/backend.yaml

@@ -118,13 +118,13 @@ kind: ConfigMap
 metadata:
   name: entitlements-cm
 data:
-  OIDC_AUTHORIZATION_URL: http://localhost:65432/keycloak/auth/realms/tdf/protocol/openid-connect/auth
+  OIDC_AUTHORIZATION_URL: http://localhost:65432/auth/realms/tdf/protocol/openid-connect/auth
   OIDC_CLIENT_ID: tdf-entitlements
   OIDC_CLIENT_SECRET: myclientsecret
   OIDC_CONFIGURATION_URL: http://keycloak/auth/realms/tdf/.well-known/openid-configuration
   OIDC_REALM: tdf
   OIDC_SERVER_URL: http://keycloak/auth/
-  OIDC_TOKEN_URL: http://localhost:65432/keycloak/auth/realms/tdf/protocol/openid-connect/token
+  OIDC_TOKEN_URL: http://localhost:65432/auth/realms/tdf/protocol/openid-connect/token
   POSTGRES_DATABASE: tdf_database
   POSTGRES_HOST: opentdf-postgresql
   POSTGRES_SCHEMA: tdf_entitlement

tests/integration/frontend.yaml

@@ -33,7 +33,7 @@ kind: ConfigMap
 metadata:
   name: opentdf-abacus-cm
 data:
-  KEYCLOAK_HOST: http://localhost:65432/keycloak/auth/
+  KEYCLOAK_HOST: http://localhost:65432/auth/
   KEYCLOAK_CLIENT_ID: dcr-test
   KEYCLOAK_REALM: tdf
   ATTRIBUTES_HOST: http://localhost:65432/attributes/