k/keycloak: initial commit
This commit is contained in:
parent
f5008b3294
commit
ad5b94929e
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: keycloak
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt
|
||||||
|
external-dns.alpha.kubernetes.io/hostname: keycloak.distrust.co
|
||||||
|
spec:
|
||||||
|
ingressClassName: nginx
|
||||||
|
rules:
|
||||||
|
- host: keycloak.distrust.co
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: keycloak
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- keycloak.distrust.co
|
||||||
|
secretName: website-tls
|
|
@ -0,0 +1,78 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: keycloak-config
|
||||||
|
stringData:
|
||||||
|
admin: ENC[AES256_GCM,data:MRhVmq8=,iv:IMmqxQsXUcPg7Nwq6b1AXEipB4Ks05lEPrEh4nmTHxQ=,tag:K+dM779PcYEtCl/l3fquZQ==,type:str]
|
||||||
|
admin_password: ENC[AES256_GCM,data:wzTxmvr83LTWSLCdtoprqHMRuBxKkK0C2dmFCcF9lpI=,iv:frlyzI4trbJRHpgzRWUffOgnMFNfaO/XAlrxKdcLATg=,tag:Lv8zMWDqyppClmstGB2BPw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-15T03:10:17Z"
|
||||||
|
mac: ENC[AES256_GCM,data:UnjytZ+qoP9jsD+6XWo6f7Zrr2NGf4ZXa6bX4rqMoPu5VGbAewbKjeg2LQPLdB5t0V7cC0Zl0sfg58hLWZcG8igclSmfARkDBKeyCp836hkkUsoELule1jwUzlopNRFeh5W5P1sIpDt54QWulm7+stDAbT7tR586mIrzNOUj/M0=,iv:1vcNRq7pfVoRjPOxZvVKql5htdhAvueG1n2Qbx37mIg=,tag:vfuo+GbGz2p7MYib/uvxDQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-15T03:10:16Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAArGyOdTV+QuqLX0HSdo13zZJfEqzz6arQ9nUVP9vSPF+C
|
||||||
|
i96V90KmzC1t/C1RFFzinKQ6gnIgC+yDZAs1HnvBpStaItz9oMLrldqDVMaEpK43
|
||||||
|
u2HIpHsLvo/B2QN/0g63XSI7a1+MsDHZHWWbat+pDehLRWy9BgSd5/cZSiBIe0AG
|
||||||
|
NhwzeEIoEinecFW3NWUy9PZA0yEn/Gl6gdaNYLBDFdbAox8enwr3M5kmMolWmOgI
|
||||||
|
jYLyVQhU8tix/dRCXx+vzIrus7rIvoRqlL7ji9nA1wsFto/6OMkxfylIZzATK3JU
|
||||||
|
wQ55iZriD8WQOn/GTpDcomLuavu9/pNP+o2rszkws714CROPUa/vn963BZmxrNQ3
|
||||||
|
W0ztTvOpJ+1dlR1ZxgPCBtUnv6jv6MCBC3DTtYtOCN7+CuRvlU5jSQUoiUyF12O6
|
||||||
|
GLY+GiVWKE+d+EbF9rf3s/E9un4hop6izYjSP2R3lJPJvPX/KyFe0v6V2HfwNBaH
|
||||||
|
t5NEui8R2/9icmy1nTTzXN2YMQ59buPgSJJ7ZAdm1Vf21kddZFAijOhAGU8pL08Y
|
||||||
|
cH2lbD2Lx7/avszaG66Y+YkNnKWY1Ql/bv7qoBLWtC+49YiThxi5GiBfLTGGHXEu
|
||||||
|
GevgmC96YumLZpdmME1y5Zn62MrVHO0zTXxEnTb4txkXHDX2SUB/QvRfuFdxySvS
|
||||||
|
UQEU5w08lky/SvZ2pj/1EcTaJUv7pYOKs2yxjvD07IUFuWzwJTjqd4uxwWTaqdXl
|
||||||
|
Y4I9oSUTaoM/Qjr/yf8CpJSg+mjTSbXRBlJAXRlomPuMKQ==
|
||||||
|
=oFCJ
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2023-05-15T03:10:16Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ/9G8zOlijaI9Y3lXZLwrGw/PPgCFPSi0bXSDALI+HfB7ig
|
||||||
|
4F2tHmnUz3BVYzEwkNgs4Kc3CqI1IJ1MrU5jCCqR9+fpAmkPrKr+oRcYrmb5PGK1
|
||||||
|
81vYQ0H+dTThieNnI6bL4CCFEjwbyJTgPmiYrSO9G0BYyjiFlatqEe5ZI3nVk2w7
|
||||||
|
Y3r5EZhFcVlTjsVuphXmf6KYzAoFq6EJn+nAJC18kqmdYBsK2iu1123kHR+lOWCK
|
||||||
|
ASiTkPezk/5KxNKb0rnQQexqpGEqBzxBCEw5kycrGgIxUdy31+749BolB5lstsFC
|
||||||
|
q6kdeshFBFzaNktH/lRKYrsee/qgGOHyheMC7HJwrLmsCvsESi1v3b6EJmNWApIg
|
||||||
|
ewxD7aj9oUKQg4m4Apc5Fw2icnwRefIF48TFGefL3syyNniWlnkTkRfYMIaEO6gy
|
||||||
|
a5IYg4utghkTx8uF+XQjV1njOEMsOekCiKWRhvacJsJ6ziWMXrJ8+R+NriIoJGV1
|
||||||
|
svekoRuHTaK1NOH8Yb8Ftflqzf/MFRJT+xVWw+8S1cTXMq3nuYw6HgF2HFoA8STU
|
||||||
|
exD8Wd57BnUyx04IMqtwDwCDgzuwNJj+CU8OfkuGytgN/qOTb8XqVKkI2oIpqCqo
|
||||||
|
TtVSS/9W2vV5JqXQwSk1WU0Sxo8u7s89GC0uZqfCrD1c430M2UiWTIj16XFIqjDS
|
||||||
|
UQHon6AwuwAz0HAD9H3uPspXV2h2v9XanAXf+b8wI63X68bPovbr7TkIsHWLFpzq
|
||||||
|
4Y11aben+nwqQkpN4ei5DNZ5LQsedwJ50Z7wuYkOxMthHg==
|
||||||
|
=8E34
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2023-05-15T03:10:16Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtAQ/+LJiQrH4ODbXOXKXiiZD6qhya3KrfXIRG0Jn2Q17eN7Dw
|
||||||
|
txhKYfdQn3czsqfHEB082abKZ5P8rm8jSH85H8i6SACqsVic4zK72Uwqsd6c/c7J
|
||||||
|
dewAsvx4LuKdHh8RqxGOloE6Orvn3CYQT1K7d3asMEHyxYFkQLFFrtbUKVtx+BIw
|
||||||
|
RHTGmxU+ej3wmWpIEpXXqGbYbLzQA4j5jYe4jjUPW218bxJ+4nF4sNEwnYWEeYlZ
|
||||||
|
vol7gq2vPaqq8KrnDJhrc0GpbIQgsWnUg4LtExrWPLrhY+H+41tQ3GvpwZMncIJr
|
||||||
|
4klNbeFjsNXh+1hP48IDwqgpUIWkBpSnhogt830Umciej/xIzvfyJnSxkzqYB60j
|
||||||
|
ZKUUky2iaSpR1IVNVu1Y3+ym+mQEYEypL9tX2sKkUZHOXKC0Iz2WpwcnEk/4WaI7
|
||||||
|
KYk+IgNj2iwwCNHeVO2BMDcb91LA7FRt3EnT6XPH1mWawgRF3UM/wbzbYDUTJYKQ
|
||||||
|
FT7Yu+sJOjEWnv0goCwK6+CR3Yox22QnJ+Xi/rZT/B3LYixyKd0RD+f7zP3P9UGe
|
||||||
|
+fWsJUpFzftWaKto8eyz+mTYBaFYqwgqfqudjCOmW6DhUBr5VWfzW73xFE16047f
|
||||||
|
CZTgqAeNo7Npzm0BQTlODDk96j4zYa35Fho+GIscpji/phSQ+c3N7lc5RMxTRszS
|
||||||
|
UQGJYjTdH7N+dXYixN0DF7o26vC8GhJmOtZsNLexYFgGChPgCc1q+wX9td0zevwh
|
||||||
|
FD1pL4sxVsKPXfNKSF6UqZdEKglR2ihv6qywEQ5IT8sirw==
|
||||||
|
=o9zp
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,18 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
namespace: keycloak
|
||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- resources.yaml
|
||||||
|
- ingress.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
||||||
|
configMapGenerator:
|
||||||
|
- name: keycloak-config
|
||||||
|
literals:
|
||||||
|
- KC_HOSTNAME_URL=https://keycloak.distrust.co
|
||||||
|
patches:
|
||||||
|
- path: postgres-auth.patch.yaml
|
||||||
|
target:
|
||||||
|
kind: Deployment
|
||||||
|
name: keycloak
|
|
@ -0,0 +1,4 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: Keycloak
|
|
@ -0,0 +1,83 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: database-configuration
|
||||||
|
stringData:
|
||||||
|
address: ENC[AES256_GCM,data:RS6hEXdX1KCHRiQRZKh8KquHLopYO+7HrEQd7xEzsQ19sFZ4FTGO5JSDv+sQSFajdI0LEOvRrYrhVlWEQ8+VZ9E=,iv:1ImaNPCJ4gRPZnKLyUDAaYC65hznkJTN0XcoHMht7Uc=,tag:7EE/6DFeoftrfEWL87dhvQ==,type:str]
|
||||||
|
dbname: ENC[AES256_GCM,data:96lDzmgCQ44=,iv:Tgqn2ExHcLA0InFyq0vaIJ7JSki6D5yLeOFnvMtbfkY=,tag:eLKfzhvGL1PX1gjqh1aMoA==,type:str]
|
||||||
|
host: ENC[AES256_GCM,data:xiesN1NpCAEW2dGHutysgqfvHgQalMeQoe+JBSlLp4/RSdsZLBijzmDt7puqd29sLK0wgcqsxQgVjo4=,iv:HaG3YQ/g9rRoqwtWUT7W/gC+sCnq4f0shoLw2NV1f4s=,tag:sexGZ2EDkIIqN1cHU4OvIw==,type:str]
|
||||||
|
jdbc_url: ENC[AES256_GCM,data:Qq67i6hnALTr5eUdWQ/ICczNkdvRIC96qP53AQMN10AJoBvQUIDgbMN/XWTRC1SZPucC2b2+5hbsEFntud3ryY4+ucFe+c0O/k4hCC0qYySsf7tqWfiezwYxw16BskCVr3WalEzBB13zih0D,iv:gT/i4R+ZN/kmZfbrphDFZxdBfSQXyQjV231SMGkN4pc=,tag:/KBMJaRbsJmr35ncWcQksw==,type:str]
|
||||||
|
name: ENC[AES256_GCM,data:8sjmGhI2rfU=,iv:lZVcv5ADwJL/fS7dneji7KhfyFpHJGavcKFO1VB6zuk=,tag:vDIhIgX0/tjElndzUIaVyA==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:QZhQHjfakGBEcsxXC6OxAN1pl4z6DIrJ,iv:0mlgs/ihf5YKeEzn9lp6keNzKe4gMT+TTpquTLc7Lq8=,tag:3unmkIvaFQcfdDQZvcPiug==,type:str]
|
||||||
|
port: ENC[AES256_GCM,data:hR/vQxc=,iv:g9IODLw/3SjVXHR/+XEmYXm8sZbqJsTc13NJ3tE8FKs=,tag:JMvOoQa1dN9l5aEa79OeZA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-05-15T04:04:00Z"
|
||||||
|
mac: ENC[AES256_GCM,data:a7zP7tV+w4gdWh5Z8TCqs6T9cF4GZGny07gDsry5LdRHCSvMePjDmhTl3oPUT6IdxEQX0oMR7QsWGkuopSIiJ5FcY4Hbzp88ivSHCddaZCbSza9MeiQDU2XXCC1zaBFWFA75VF0Gkd/y4jwDHOpE+a9DERVJwgUuZMf1NaWVCOc=,iv:KDVtlwtnvX7HmA4T4x3sF9cicZzJGKuBHSBEom1tues=,tag:w3jfLi1poBTWFVkETPkt6Q==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-05-15T04:03:54Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAm2r/Vj8f2eHl2waxwn+GYEPyq8CYlJjCenIP0K/6UPyg
|
||||||
|
/+rcWcqm1Ip6CxgPm5MrZA/8b2+hep/H7IsSIG1EHyLfuKEROMMUFFh8jt6ZzRJX
|
||||||
|
W3UzLqRiYsZz98pd7UBgPs4q0vXCuUHIy2pjsXWy5SNIs5lPxfqW7Voh2K/XKGKd
|
||||||
|
Op8p+GeSsieVKoTnPqldHF6cBuUmxcLy8G5fqf5oG6bYwoW05e21aLBb0N4KCSRY
|
||||||
|
SJHnd03KOoqEGmdBw8sL8ob2Kj+AfUa2lqF5uKH8GrwP3fbXCXLbiukeyTbGOCkR
|
||||||
|
DdUp5h5Ik80nhkDJ4Te3Vq52U+p8AWO2sUJvgs4pmDdDW5ZOwRs1MiGs4Q4TIO32
|
||||||
|
cBq8mGtL57yyTCtSw0FJE3rjFEAdUMmldNOqkkwPsybDpTzfYWjRkFQBestC4cvM
|
||||||
|
0qtxHNk1EZLYgiw8tlZNhxz/Q7LQFjaOffU3r7IFjJxoWrpUlzrxEX0Ech79XzRl
|
||||||
|
mnXSvaYyboI/CZGuxqMN+fdxiY4BctT3c+PN7yDE+UNpUFI410637QTCpgKTwls5
|
||||||
|
5Gy0pBMDDf5WtGNq1ZkYajhqPe0VfOb72HzqWbrq3k5xVj7t9eXQHIgb04MnRQNF
|
||||||
|
Y9zT5yaK6pUQ4vN1PiCEycKZWMwJbvU7IfDIyCintCcEReCXRyjyG4A4t5PPAtDS
|
||||||
|
UQEiTfYS2piR7+fwqHAH/rehhmAO3Bi4HUJsY8ynhTD94pZhA+zPgLgMRlcGQNx/
|
||||||
|
G6a7kA6+8t79HekNHvnvpjDe/JpXSBvTEX/Dpq8e7ry3HA==
|
||||||
|
=ukHh
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2023-05-15T04:03:54Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUARAAz+6T9zi2NzeoUAJjCCntvgiBeXvNr8bF+NycE0bxWbmA
|
||||||
|
DRkEQAC1N6mj2XJSSVrBkXro+L3yKrtvxDIWj09BefushoX+5J+xJAjTb8viSGzV
|
||||||
|
V6TLVnHI8slPMKxohog23qFXTKj8iHFJTLkqtpDhA6xfOc2l0GfUobD4sz5MLKqv
|
||||||
|
tMHlb4xhB4BM6VDfsJc2R1H1WxS2sLm9RI+eXZE4DypwAYwy1T+b5AIITuzXY0Vf
|
||||||
|
c8HHCt/Rk06yg+lQ6KiHjEBT8xZTmrcPARzXBx0TmHLXK9ICmXpsfbsMQYxudyGo
|
||||||
|
Aqmnxq7V1hKvjg5y/94+H4BBslcA77C1fRzLCMFtDZAN9zdZ2HFAxttr+O+Nf/zK
|
||||||
|
m5DAO7P+O41DQOgBKh67xoqH2dY1Srim0R4Tt0x5FZHW1mNKDv63MBPBWVMW7CvA
|
||||||
|
RZJ6KKSlhc92sG/NaJyYC5oLhjAdv9JmC+/yArNLhXzvzOwnDWVSKN+N8I+D67bl
|
||||||
|
qJQWAQD1PPJjJzY6+MTfjl0Xq5BuwcAEIv9E25NDpPw2Bkb9HmPk8/ufFKc/l4iV
|
||||||
|
Bsh8mJz2nIM9M8NxZWZ2D7n1NpHvl6nUN6khkXqLcMtyZhcCsNiJLRSW/5Du3zxV
|
||||||
|
CT3Y/fGG3XmSdyg1pylFPImtvsPMQFQhZGY7LHkUUnScQJD2eRQi2KYvHkET8FHS
|
||||||
|
UQGZFsF3U5xWYQdiQ2ih0q4muK9z0+HkP+hVr528nXSWdQWM5RgIER1LlR/bEsRa
|
||||||
|
0eAq9SZcQcvRMJqBpE8edQ1z1YsoX7nmTv/ERE5MQvc5eg==
|
||||||
|
=tGMv
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2023-05-15T04:03:54Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtAQ//V19wzb2oNiTG7tsO2BzpcgFiY4TO5l3Xnc5meQE6kgGh
|
||||||
|
CCktTlqToK5GrgpHbxogIElwsCyqmsKvHf7Y0smMdQV+dymHrjhm8/BMIsHw6oy0
|
||||||
|
SGSNLaLgJQxxYwRXMufVCsBEIg8iFJSWGUydNd2KPhQZjQo+hR6ki8ijLUASkdeQ
|
||||||
|
IUtFz0nxvtnKz3PUCzE0yCArxIP6joWTxwMp8uQB1kj86lfpQWFKX2JlOqurydo7
|
||||||
|
QDPXHYTMgzRuAHnuDoEeQREbagC97VhdvCcH1PjCwgef2AcU8o/mhddNiEdLpmeX
|
||||||
|
YPqgY2CBBzbICdL00KhVUu2dcw5+aIG/q0R70+R7eX+783cj3QwjHUcEyGdEDTo/
|
||||||
|
AUclqSpePP3okpVyQAWNtrYrC3uMx6/bUgSLVeFwpmVmkHyX3mhPnC9fHcE/pnnN
|
||||||
|
+jSjRawHDP+GnnfHEwppHl1F16+cjJzBbO8KZe7WTWzRzfYCcqv0REQ9SmKhaouE
|
||||||
|
C+wiBFewtyaKKBr9eEdOUPg07YAqU+9FWPyyPDv5dqdljvLH0N4JaWH2S/83WNbb
|
||||||
|
y/atJiRcOP5dhHbPZ1PbG5sLkPBmyHiFy3E8AZLcWEwkXlXttFvdKYcULaDh3O/x
|
||||||
|
vXsDWO1S6ezQ0Z4TZqLfATSzvqzSuSazRVCXsG0b6MK2nvorT5xFsANhhRGYi0bS
|
||||||
|
UQEmqP6gs7PzX3FLuAnLMTbIts3NdkHjGJIYIGb82AiO4eoSUp0h13vrJchEr2XR
|
||||||
|
NIszME07Iy+yE8eeX7yMIlbDZRaZ1t4nDQU/UT7xmCHYVQ==
|
||||||
|
=bXHz
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,43 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: keycloak
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: keycloak
|
||||||
|
args:
|
||||||
|
- start
|
||||||
|
- --db=postgres
|
||||||
|
env:
|
||||||
|
- name: KEYCLOAK_ADMIN
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: keycloak-config
|
||||||
|
key: admin
|
||||||
|
- name: KEYCLOAK_ADMIN_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: keycloak-config
|
||||||
|
key: admin_password
|
||||||
|
- name: KC_DB_USERNAME
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: name
|
||||||
|
- name: KC_DB_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: password
|
||||||
|
- name: KC_DB_URL
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: database-configuration
|
||||||
|
key: jdbc_url
|
||||||
|
- name: KC_HOSTNAME_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: keycloak-config
|
||||||
|
key: KC_HOSTNAME_URL
|
|
@ -0,0 +1,53 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: keycloak
|
||||||
|
labels:
|
||||||
|
app: keycloak
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 80
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
app: keycloak
|
||||||
|
type: ClusterIP
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: keycloak
|
||||||
|
labels:
|
||||||
|
app: keycloak
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: keycloak
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: keycloak
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: keycloak
|
||||||
|
image: quay.io/keycloak/keycloak:21.1.1
|
||||||
|
args: ["start"]
|
||||||
|
env:
|
||||||
|
- name: KC_PROXY
|
||||||
|
value: "edge"
|
||||||
|
- name: KC_HEALTH_ENABLED
|
||||||
|
value: "true"
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
containerPort: 8080
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health/ready
|
||||||
|
port: 8080
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /health/live
|
||||||
|
port: 8080
|
||||||
|
initialDelaySeconds: 60
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if test -t 1; then
|
||||||
|
# This is not foolproof. Can easily be beat by doing |cat. This is just to
|
||||||
|
# make it less likely that secrets are output to terminal.
|
||||||
|
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
|
||||||
|
"pipe output to \`sops\`." >/dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
KC_ADMIN=admin
|
||||||
|
KC_ADMIN_PASSWORD="$(pwgen 32 1)"
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: keycloak-config
|
||||||
|
stringData:
|
||||||
|
admin: ${KC_ADMIN}
|
||||||
|
admin_password: ${KC_ADMIN_PASSWORD}
|
||||||
|
EOF
|
|
@ -0,0 +1,7 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: ksops
|
||||||
|
files:
|
||||||
|
- ./keycloak-config.enc.yaml
|
||||||
|
- ./postgres-auth.enc.yaml
|
Loading…
Reference in New Issue