https://infocepo.com/wiki/index.php?action=history&feed=atom&title=Onyxia-openid-install
Onyxia-openid-install - Revision history
2026-05-16T03:14:53Z
Revision history for this page on the wiki
MediaWiki 1.39.13
https://infocepo.com/wiki/index.php?title=Onyxia-openid-install&diff=1847&oldid=prev
Tcepo: Created page with "== onyxia + openid install == #Official : https://docs.onyxia.sh * Configurez : <pre> #https://docs.onyxia.sh/ domainRoot=example.com appName=datalab s3Url=https://s3.example.com </pre> * Executez : <pre> mv ~/${appName} ~/${appName}-$(date '+%Y%m%d') mkdir ~/${appName} cd ~/${appName} #values cat <<EOT >${appName}-values.yaml ingress: enabled: true hosts: - host: "${appName}.${domainRoot}" annotations: cert-manager.io/cluster-issuer: letsencrypt-prod..."
2024-08-14T17:07:14Z
<p>Created page with "== onyxia + openid install == #Official : https://docs.onyxia.sh * Configurez : <pre> #https://docs.onyxia.sh/ domainRoot=example.com appName=datalab s3Url=https://s3.example.com </pre> * Executez : <pre> mv ~/${appName} ~/${appName}-$(date '+%Y%m%d') mkdir ~/${appName} cd ~/${appName} #values cat <<EOT >${appName}-values.yaml ingress: enabled: true hosts: - host: "${appName}.${domainRoot}" annotations: cert-manager.io/cluster-issuer: letsencrypt-prod..."</p>
<p><b>New page</b></p><div>== onyxia + openid install ==<br />
#Official : https://docs.onyxia.sh<br />
<br />
* Configurez :<br />
<pre><br />
#https://docs.onyxia.sh/<br />
domainRoot=example.com<br />
appName=datalab<br />
s3Url=https://s3.example.com<br />
</pre><br />
<br />
* Executez :<br />
<pre><br />
mv ~/${appName} ~/${appName}-$(date '+%Y%m%d')<br />
mkdir ~/${appName}<br />
cd ~/${appName}<br />
#values<br />
cat <<EOT >${appName}-values.yaml<br />
ingress:<br />
enabled: true<br />
hosts:<br />
- host: "${appName}.${domainRoot}"<br />
annotations:<br />
cert-manager.io/cluster-issuer: letsencrypt-prod<br />
tls:<br />
- secretName: ${appName}.${domainRoot}-tls<br />
hosts:<br />
- "${appName}.${domainRoot}"<br />
EOT<br />
helm repo add onyxia https://InseeFrLab.github.io/onyxia<br />
helm repo update<br />
helm search repo onyxia --versions |head<br />
</pre><br />
<br />
* Configurez :<br />
<pre><br />
appVersion=8.20.0<br />
</pre><br />
<br />
* Choisir un mot de passe pour l'installation :<br />
CHANGEME1<br />
<br />
* Executez :<br />
<pre><br />
helm upgrade --install ${appName} onyxia/onyxia -n ${appName} --create-namespace \<br />
--version "${appVersion}" \<br />
-f ${appName}-values.yaml<br />
<br />
# Keycloak<br />
helm repo add bitnami https://charts.bitnami.com/bitnami<br />
keycloakVersion=$(curl -s https://raw.githubusercontent.com/InseeFrLab/onyxia-ops/main/apps/keycloak/Chart.yaml | sed -rn 's#^[[:space:]]+version: (.*)$#\1#p')<br />
export appVersion<br />
export appDomain=${appName}.${domainRoot}<br />
export DOMAIN=${domainRoot}<br />
#https://github.com/InseeFrLab/onyxia-ops/blob/main/apps/keycloak/values.yaml<br />
[ -z "${CHANGEME1}" ] &&echo CHANGEME1 &&read i &&export CHANGEME1=$i<br />
CHANGEME2=${CHANGEME1}<br />
CHANGEME3=${CHANGEME2}<br />
cat <<EOT >keycloak-values.yaml<br />
global:<br />
postgresql:<br />
auth:<br />
postgresPassword: "$CHANGEME1"<br />
username: "keycloak"<br />
password: "$CHANGEME2"<br />
database: "keycloak"<br />
#keycloak:<br />
auth:<br />
adminUser: keycloak<br />
adminPassword: $CHANGEME3<br />
production: true<br />
tls: <br />
enabled: false<br />
autoGenerated: false<br />
proxy: edge<br />
httpRelativePath: "/auth/"<br />
replicaCount: 1<br />
ingress:<br />
# If `true`, an Ingress is created<br />
enabled: true<br />
#ingressClassName: nginx<br />
# Ingress annotations<br />
annotations:<br />
## Resolve HTTP 502 error using ingress-nginx:<br />
## See https://www.ibm.com/support/pages/502-error-ingress-keycloak-response<br />
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k<br />
cert-manager.io/cluster-issuer: letsencrypt-prod<br />
# List of rules for the Ingress<br />
hostname: "auth-lab.$DOMAIN"<br />
# TLS configuration<br />
extraTls:<br />
- hosts:<br />
- auth-lab.$DOMAIN<br />
secretName: auth-lab.$DOMAIN-tls<br />
<br />
extraStartupArgs: "--features=preview --log-level=org.keycloak.events:debug"<br />
<br />
extraEnvVars: <br />
- name: ONYXIA_RESOURCES_ALLOWED_ORIGINS<br />
value: "https://${appDomain}, http://localhost, http://127.0.0.1"<br />
<br />
initContainers: |<br />
- name: realm-ext-provider<br />
image: curlimages/curl<br />
imagePullPolicy: IfNotPresent<br />
command:<br />
- sh<br />
args:<br />
- -c<br />
- |<br />
curl -L -f -S -o /extensions/onyxia-web.jar https://github.com/InseeFrLab/onyxia/releases/download/v${appVersion}/keycloak-theme.jar<br />
volumeMounts:<br />
- name: extensions<br />
mountPath: /extensions<br />
<br />
extraVolumeMounts: |<br />
- name: extensions<br />
mountPath: /opt/bitnami/keycloak/providers<br />
<br />
extraVolumes: |<br />
- name: extensions<br />
emptyDir: {}<br />
<br />
externalDatabase:<br />
host: keycloakv3-postgresql<br />
port: 5432<br />
user: keycloak<br />
password: $CHANGEME2<br />
database: keycloak<br />
EOT<br />
helm upgrade --install keycloak bitnami/keycloak -n ${appName} --create-namespace \<br />
-f keycloak-values.yaml \<br />
--version "${keycloakVersion}"<br />
</pre><br />
<br />
* Allez sur Keycloak :<br />
https://auth-lab.<your-domain>/auth/ (keycloak:<your-password>)<br />
<br />
* Configurez :<br />
#https://docs.onyxia.sh/admin-doc/readme/user-authentication (partie : Configuring Keycloak)<br />
(Ne pas configurer l'étape 3. In Authentication (on the left panel) -> Tab Required Actions enable and set as default action Therms and Conditions.)<br />
* Executez :<br />
<pre><br />
if [ -z "$appName" ] || [ -z "$domainRoot" ] || [ -z "$appVersion" ] ;then<br />
echo nok<br />
break<br />
fi<br />
export DOMAIN=${domainRoot}<br />
cat <<EOT >${appName}-values.yaml<br />
ingress:<br />
enabled: true<br />
hosts:<br />
- host: "${appName}.${domainRoot}"<br />
annotations:<br />
cert-manager.io/cluster-issuer: letsencrypt-prod<br />
tls:<br />
- secretName: ${appName}.${domainRoot}-tls<br />
hosts:<br />
- "${appName}.${domainRoot}"<br />
api:<br />
startupProbe:<br />
enabled: true<br />
periodSeconds: 60<br />
serviceAccount:<br />
create: true<br />
clusterAdmin: true<br />
env:<br />
authentication.mode: "openidconnect"<br />
oidc.issuer-uri: "https://auth-lab.$DOMAIN/auth/realms/datalab"<br />
oidc.clientID: "onyxia"<br />
catalogs:<br />
[<br />
]<br />
regions: [<br />
{<br />
id: "default",<br />
name: "default",<br />
location: {lat: 48.864716, longitude: 2.349014, name: "Paris" },<br />
description: "Default",<br />
services: {<br />
quotas: {<br />
enabled: false,<br />
userEnabled: false,<br />
groupEnabled: false,<br />
allowUserModification: false,<br />
default: {<br />
"count/pods": 100,<br />
"requests.memory": 32,<br />
"requests.cpu": 8,<br />
"limits.memory": 32,<br />
"limits.cpu": 8,<br />
"requests.storage": "500Gi"<br />
}<br />
},<br />
type: "KUBERNETES",<br />
singleNamespace: false,<br />
authenticationMode: "serviceAccount",<br />
expose: {<br />
domain: "$DOMAIN",<br />
route: false,<br />
ingress: true<br />
},<br />
defaultConfiguration: {<br />
ipprotection: false,<br />
sliders: {<br />
cpu: {<br />
sliderUnit: "m",<br />
sliderMax: 8000,<br />
sliderStep: 100,<br />
sliderMin: 100<br />
},<br />
memory: {<br />
sliderMax: 16,<br />
sliderMin: 1,<br />
sliderUnit: "Gi",<br />
sliderStep: 1<br />
},<br />
disk: {<br />
sliderMin: 1,<br />
sliderMax: 200,<br />
sliderUnit: "Gi",<br />
sliderStep: 1<br />
}<br />
},<br />
resources: {<br />
cpuLimit: 2000m,<br />
memoryLimit: 4Gi,<br />
disk: 5Gi<br />
}<br />
},<br />
},<br />
data: {<br />
S3: {<br />
URL: "${s3Url}",<br />
pathStyleAccess: true,<br />
workingDirectory: {<br />
bucketMode: "multi",<br />
bucketNamePrefix: "",<br />
bucketNamePrefixGroup: "project-"<br />
}<br />
}<br />
}<br />
}<br />
]<br />
extraVolumes:<br />
- name: config<br />
emptyDir: {}<br />
- name: cache<br />
emptyDir: {}<br />
extraVolumeMounts:<br />
- mountPath: /.config/<br />
name: config<br />
- mountPath: /.cache/<br />
name: cache<br />
<br />
web:<br />
env:<br />
FONT: |<br />
{<br />
fontFamily: "Marianne",<br />
dirUrl: "%PUBLIC_URL%/fonts/Marianne",<br />
"400": "Marianne-Regular.woff2",<br />
"400-italic": "Marianne-Regular_Italic.woff2",<br />
"500": "Marianne-Medium.woff2",<br />
"700": "Marianne-Bold.woff2",<br />
"700-italic": "Marianne-Bold_Italic.woff2"<br />
}<br />
PALETTE_OVERRIDE: |<br />
{<br />
focus: {<br />
main: "#000091",<br />
light: "#9A9AFF",<br />
light2: "#E5E5F4"<br />
},<br />
dark: {<br />
main: "#2A2A2A",<br />
light: "#383838",<br />
greyVariant1: "#161616",<br />
greyVariant2: "#9C9C9C",<br />
greyVariant3: "#CECECE",<br />
greyVariant4: "#E5E5E5"<br />
},<br />
light: {<br />
main: "#F1F0EB",<br />
light: "#FDFDFC",<br />
greyVariant1: "#E6E6E6",<br />
greyVariant2: "#C9C9C9",<br />
greyVariant3: "#9E9E9E",<br />
greyVariant4: "#747474"<br />
}<br />
}<br />
HOMEPAGE_HERO_TEXT_AUTHENTICATED: "Bonjour %USER_FIRSTNAME% !"<br />
HOMEPAGE_CARDS: "[]"<br />
SOCIAL_MEDIA_IMAGE: "%PUBLIC_URL%/preview-france.png"<br />
HEADER_TEXT_BOLD: "Fabrique Numérique"<br />
DISABLE_HOMEPAGE: false<br />
HOMEPAGE_MAIN_ASSET: false<br />
HEADER_TEXT_FOCUS: "DataLab"<br />
HEADER_MAIN_ASSET: "false"<br />
extraVolumes:<br />
- name: nginx<br />
emptyDir: {}<br />
- name: index<br />
emptyDir: {}<br />
EOT<br />
helm upgrade --install ${appName} onyxia/onyxia -n ${appName} --create-namespace \<br />
--version "${appVersion}" \<br />
-f ${appName}-values.yaml<br />
</pre></div>
Tcepo