k/keycloak: initial commit
This commit is contained in:
parent
f5008b3294
commit
ad5b94929e
|
@ -0,0 +1,24 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: keycloak
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt
|
||||
external-dns.alpha.kubernetes.io/hostname: keycloak.distrust.co
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: keycloak.distrust.co
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: keycloak
|
||||
port:
|
||||
number: 80
|
||||
tls:
|
||||
- hosts:
|
||||
- keycloak.distrust.co
|
||||
secretName: website-tls
|
|
@ -0,0 +1,78 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keycloak-config
|
||||
stringData:
|
||||
admin: ENC[AES256_GCM,data:MRhVmq8=,iv:IMmqxQsXUcPg7Nwq6b1AXEipB4Ks05lEPrEh4nmTHxQ=,tag:K+dM779PcYEtCl/l3fquZQ==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:wzTxmvr83LTWSLCdtoprqHMRuBxKkK0C2dmFCcF9lpI=,iv:frlyzI4trbJRHpgzRWUffOgnMFNfaO/XAlrxKdcLATg=,tag:Lv8zMWDqyppClmstGB2BPw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-15T03:10:17Z"
|
||||
mac: ENC[AES256_GCM,data:UnjytZ+qoP9jsD+6XWo6f7Zrr2NGf4ZXa6bX4rqMoPu5VGbAewbKjeg2LQPLdB5t0V7cC0Zl0sfg58hLWZcG8igclSmfARkDBKeyCp836hkkUsoELule1jwUzlopNRFeh5W5P1sIpDt54QWulm7+stDAbT7tR586mIrzNOUj/M0=,iv:1vcNRq7pfVoRjPOxZvVKql5htdhAvueG1n2Qbx37mIg=,tag:vfuo+GbGz2p7MYib/uvxDQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-15T03:10:16Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAArGyOdTV+QuqLX0HSdo13zZJfEqzz6arQ9nUVP9vSPF+C
|
||||
i96V90KmzC1t/C1RFFzinKQ6gnIgC+yDZAs1HnvBpStaItz9oMLrldqDVMaEpK43
|
||||
u2HIpHsLvo/B2QN/0g63XSI7a1+MsDHZHWWbat+pDehLRWy9BgSd5/cZSiBIe0AG
|
||||
NhwzeEIoEinecFW3NWUy9PZA0yEn/Gl6gdaNYLBDFdbAox8enwr3M5kmMolWmOgI
|
||||
jYLyVQhU8tix/dRCXx+vzIrus7rIvoRqlL7ji9nA1wsFto/6OMkxfylIZzATK3JU
|
||||
wQ55iZriD8WQOn/GTpDcomLuavu9/pNP+o2rszkws714CROPUa/vn963BZmxrNQ3
|
||||
W0ztTvOpJ+1dlR1ZxgPCBtUnv6jv6MCBC3DTtYtOCN7+CuRvlU5jSQUoiUyF12O6
|
||||
GLY+GiVWKE+d+EbF9rf3s/E9un4hop6izYjSP2R3lJPJvPX/KyFe0v6V2HfwNBaH
|
||||
t5NEui8R2/9icmy1nTTzXN2YMQ59buPgSJJ7ZAdm1Vf21kddZFAijOhAGU8pL08Y
|
||||
cH2lbD2Lx7/avszaG66Y+YkNnKWY1Ql/bv7qoBLWtC+49YiThxi5GiBfLTGGHXEu
|
||||
GevgmC96YumLZpdmME1y5Zn62MrVHO0zTXxEnTb4txkXHDX2SUB/QvRfuFdxySvS
|
||||
UQEU5w08lky/SvZ2pj/1EcTaJUv7pYOKs2yxjvD07IUFuWzwJTjqd4uxwWTaqdXl
|
||||
Y4I9oSUTaoM/Qjr/yf8CpJSg+mjTSbXRBlJAXRlomPuMKQ==
|
||||
=oFCJ
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2023-05-15T03:10:16Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUAQ/9G8zOlijaI9Y3lXZLwrGw/PPgCFPSi0bXSDALI+HfB7ig
|
||||
4F2tHmnUz3BVYzEwkNgs4Kc3CqI1IJ1MrU5jCCqR9+fpAmkPrKr+oRcYrmb5PGK1
|
||||
81vYQ0H+dTThieNnI6bL4CCFEjwbyJTgPmiYrSO9G0BYyjiFlatqEe5ZI3nVk2w7
|
||||
Y3r5EZhFcVlTjsVuphXmf6KYzAoFq6EJn+nAJC18kqmdYBsK2iu1123kHR+lOWCK
|
||||
ASiTkPezk/5KxNKb0rnQQexqpGEqBzxBCEw5kycrGgIxUdy31+749BolB5lstsFC
|
||||
q6kdeshFBFzaNktH/lRKYrsee/qgGOHyheMC7HJwrLmsCvsESi1v3b6EJmNWApIg
|
||||
ewxD7aj9oUKQg4m4Apc5Fw2icnwRefIF48TFGefL3syyNniWlnkTkRfYMIaEO6gy
|
||||
a5IYg4utghkTx8uF+XQjV1njOEMsOekCiKWRhvacJsJ6ziWMXrJ8+R+NriIoJGV1
|
||||
svekoRuHTaK1NOH8Yb8Ftflqzf/MFRJT+xVWw+8S1cTXMq3nuYw6HgF2HFoA8STU
|
||||
exD8Wd57BnUyx04IMqtwDwCDgzuwNJj+CU8OfkuGytgN/qOTb8XqVKkI2oIpqCqo
|
||||
TtVSS/9W2vV5JqXQwSk1WU0Sxo8u7s89GC0uZqfCrD1c430M2UiWTIj16XFIqjDS
|
||||
UQHon6AwuwAz0HAD9H3uPspXV2h2v9XanAXf+b8wI63X68bPovbr7TkIsHWLFpzq
|
||||
4Y11aben+nwqQkpN4ei5DNZ5LQsedwJ50Z7wuYkOxMthHg==
|
||||
=8E34
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2023-05-15T03:10:16Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtAQ/+LJiQrH4ODbXOXKXiiZD6qhya3KrfXIRG0Jn2Q17eN7Dw
|
||||
txhKYfdQn3czsqfHEB082abKZ5P8rm8jSH85H8i6SACqsVic4zK72Uwqsd6c/c7J
|
||||
dewAsvx4LuKdHh8RqxGOloE6Orvn3CYQT1K7d3asMEHyxYFkQLFFrtbUKVtx+BIw
|
||||
RHTGmxU+ej3wmWpIEpXXqGbYbLzQA4j5jYe4jjUPW218bxJ+4nF4sNEwnYWEeYlZ
|
||||
vol7gq2vPaqq8KrnDJhrc0GpbIQgsWnUg4LtExrWPLrhY+H+41tQ3GvpwZMncIJr
|
||||
4klNbeFjsNXh+1hP48IDwqgpUIWkBpSnhogt830Umciej/xIzvfyJnSxkzqYB60j
|
||||
ZKUUky2iaSpR1IVNVu1Y3+ym+mQEYEypL9tX2sKkUZHOXKC0Iz2WpwcnEk/4WaI7
|
||||
KYk+IgNj2iwwCNHeVO2BMDcb91LA7FRt3EnT6XPH1mWawgRF3UM/wbzbYDUTJYKQ
|
||||
FT7Yu+sJOjEWnv0goCwK6+CR3Yox22QnJ+Xi/rZT/B3LYixyKd0RD+f7zP3P9UGe
|
||||
+fWsJUpFzftWaKto8eyz+mTYBaFYqwgqfqudjCOmW6DhUBr5VWfzW73xFE16047f
|
||||
CZTgqAeNo7Npzm0BQTlODDk96j4zYa35Fho+GIscpji/phSQ+c3N7lc5RMxTRszS
|
||||
UQGJYjTdH7N+dXYixN0DF7o26vC8GhJmOtZsNLexYFgGChPgCc1q+wX9td0zevwh
|
||||
FD1pL4sxVsKPXfNKSF6UqZdEKglR2ihv6qywEQ5IT8sirw==
|
||||
=o9zp
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: keycloak
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- resources.yaml
|
||||
- ingress.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
||||
configMapGenerator:
|
||||
- name: keycloak-config
|
||||
literals:
|
||||
- KC_HOSTNAME_URL=https://keycloak.distrust.co
|
||||
patches:
|
||||
- path: postgres-auth.patch.yaml
|
||||
target:
|
||||
kind: Deployment
|
||||
name: keycloak
|
|
@ -0,0 +1,4 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: Keycloak
|
|
@ -0,0 +1,83 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: database-configuration
|
||||
stringData:
|
||||
address: ENC[AES256_GCM,data:RS6hEXdX1KCHRiQRZKh8KquHLopYO+7HrEQd7xEzsQ19sFZ4FTGO5JSDv+sQSFajdI0LEOvRrYrhVlWEQ8+VZ9E=,iv:1ImaNPCJ4gRPZnKLyUDAaYC65hznkJTN0XcoHMht7Uc=,tag:7EE/6DFeoftrfEWL87dhvQ==,type:str]
|
||||
dbname: ENC[AES256_GCM,data:96lDzmgCQ44=,iv:Tgqn2ExHcLA0InFyq0vaIJ7JSki6D5yLeOFnvMtbfkY=,tag:eLKfzhvGL1PX1gjqh1aMoA==,type:str]
|
||||
host: ENC[AES256_GCM,data:xiesN1NpCAEW2dGHutysgqfvHgQalMeQoe+JBSlLp4/RSdsZLBijzmDt7puqd29sLK0wgcqsxQgVjo4=,iv:HaG3YQ/g9rRoqwtWUT7W/gC+sCnq4f0shoLw2NV1f4s=,tag:sexGZ2EDkIIqN1cHU4OvIw==,type:str]
|
||||
jdbc_url: ENC[AES256_GCM,data:Qq67i6hnALTr5eUdWQ/ICczNkdvRIC96qP53AQMN10AJoBvQUIDgbMN/XWTRC1SZPucC2b2+5hbsEFntud3ryY4+ucFe+c0O/k4hCC0qYySsf7tqWfiezwYxw16BskCVr3WalEzBB13zih0D,iv:gT/i4R+ZN/kmZfbrphDFZxdBfSQXyQjV231SMGkN4pc=,tag:/KBMJaRbsJmr35ncWcQksw==,type:str]
|
||||
name: ENC[AES256_GCM,data:8sjmGhI2rfU=,iv:lZVcv5ADwJL/fS7dneji7KhfyFpHJGavcKFO1VB6zuk=,tag:vDIhIgX0/tjElndzUIaVyA==,type:str]
|
||||
password: ENC[AES256_GCM,data:QZhQHjfakGBEcsxXC6OxAN1pl4z6DIrJ,iv:0mlgs/ihf5YKeEzn9lp6keNzKe4gMT+TTpquTLc7Lq8=,tag:3unmkIvaFQcfdDQZvcPiug==,type:str]
|
||||
port: ENC[AES256_GCM,data:hR/vQxc=,iv:g9IODLw/3SjVXHR/+XEmYXm8sZbqJsTc13NJ3tE8FKs=,tag:JMvOoQa1dN9l5aEa79OeZA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-05-15T04:04:00Z"
|
||||
mac: ENC[AES256_GCM,data:a7zP7tV+w4gdWh5Z8TCqs6T9cF4GZGny07gDsry5LdRHCSvMePjDmhTl3oPUT6IdxEQX0oMR7QsWGkuopSIiJ5FcY4Hbzp88ivSHCddaZCbSza9MeiQDU2XXCC1zaBFWFA75VF0Gkd/y4jwDHOpE+a9DERVJwgUuZMf1NaWVCOc=,iv:KDVtlwtnvX7HmA4T4x3sF9cicZzJGKuBHSBEom1tues=,tag:w3jfLi1poBTWFVkETPkt6Q==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-15T04:03:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA82rPM2mSf/aARAAm2r/Vj8f2eHl2waxwn+GYEPyq8CYlJjCenIP0K/6UPyg
|
||||
/+rcWcqm1Ip6CxgPm5MrZA/8b2+hep/H7IsSIG1EHyLfuKEROMMUFFh8jt6ZzRJX
|
||||
W3UzLqRiYsZz98pd7UBgPs4q0vXCuUHIy2pjsXWy5SNIs5lPxfqW7Voh2K/XKGKd
|
||||
Op8p+GeSsieVKoTnPqldHF6cBuUmxcLy8G5fqf5oG6bYwoW05e21aLBb0N4KCSRY
|
||||
SJHnd03KOoqEGmdBw8sL8ob2Kj+AfUa2lqF5uKH8GrwP3fbXCXLbiukeyTbGOCkR
|
||||
DdUp5h5Ik80nhkDJ4Te3Vq52U+p8AWO2sUJvgs4pmDdDW5ZOwRs1MiGs4Q4TIO32
|
||||
cBq8mGtL57yyTCtSw0FJE3rjFEAdUMmldNOqkkwPsybDpTzfYWjRkFQBestC4cvM
|
||||
0qtxHNk1EZLYgiw8tlZNhxz/Q7LQFjaOffU3r7IFjJxoWrpUlzrxEX0Ech79XzRl
|
||||
mnXSvaYyboI/CZGuxqMN+fdxiY4BctT3c+PN7yDE+UNpUFI410637QTCpgKTwls5
|
||||
5Gy0pBMDDf5WtGNq1ZkYajhqPe0VfOb72HzqWbrq3k5xVj7t9eXQHIgb04MnRQNF
|
||||
Y9zT5yaK6pUQ4vN1PiCEycKZWMwJbvU7IfDIyCintCcEReCXRyjyG4A4t5PPAtDS
|
||||
UQEiTfYS2piR7+fwqHAH/rehhmAO3Bi4HUJsY8ynhTD94pZhA+zPgLgMRlcGQNx/
|
||||
G6a7kA6+8t79HekNHvnvpjDe/JpXSBvTEX/Dpq8e7ry3HA==
|
||||
=ukHh
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||
- created_at: "2023-05-15T04:03:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAw95Vf08z8oUARAAz+6T9zi2NzeoUAJjCCntvgiBeXvNr8bF+NycE0bxWbmA
|
||||
DRkEQAC1N6mj2XJSSVrBkXro+L3yKrtvxDIWj09BefushoX+5J+xJAjTb8viSGzV
|
||||
V6TLVnHI8slPMKxohog23qFXTKj8iHFJTLkqtpDhA6xfOc2l0GfUobD4sz5MLKqv
|
||||
tMHlb4xhB4BM6VDfsJc2R1H1WxS2sLm9RI+eXZE4DypwAYwy1T+b5AIITuzXY0Vf
|
||||
c8HHCt/Rk06yg+lQ6KiHjEBT8xZTmrcPARzXBx0TmHLXK9ICmXpsfbsMQYxudyGo
|
||||
Aqmnxq7V1hKvjg5y/94+H4BBslcA77C1fRzLCMFtDZAN9zdZ2HFAxttr+O+Nf/zK
|
||||
m5DAO7P+O41DQOgBKh67xoqH2dY1Srim0R4Tt0x5FZHW1mNKDv63MBPBWVMW7CvA
|
||||
RZJ6KKSlhc92sG/NaJyYC5oLhjAdv9JmC+/yArNLhXzvzOwnDWVSKN+N8I+D67bl
|
||||
qJQWAQD1PPJjJzY6+MTfjl0Xq5BuwcAEIv9E25NDpPw2Bkb9HmPk8/ufFKc/l4iV
|
||||
Bsh8mJz2nIM9M8NxZWZ2D7n1NpHvl6nUN6khkXqLcMtyZhcCsNiJLRSW/5Du3zxV
|
||||
CT3Y/fGG3XmSdyg1pylFPImtvsPMQFQhZGY7LHkUUnScQJD2eRQi2KYvHkET8FHS
|
||||
UQGZFsF3U5xWYQdiQ2ih0q4muK9z0+HkP+hVr528nXSWdQWM5RgIER1LlR/bEsRa
|
||||
0eAq9SZcQcvRMJqBpE8edQ1z1YsoX7nmTv/ERE5MQvc5eg==
|
||||
=tGMv
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||
- created_at: "2023-05-15T04:03:54Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMA0/D4ws+/KPtAQ//V19wzb2oNiTG7tsO2BzpcgFiY4TO5l3Xnc5meQE6kgGh
|
||||
CCktTlqToK5GrgpHbxogIElwsCyqmsKvHf7Y0smMdQV+dymHrjhm8/BMIsHw6oy0
|
||||
SGSNLaLgJQxxYwRXMufVCsBEIg8iFJSWGUydNd2KPhQZjQo+hR6ki8ijLUASkdeQ
|
||||
IUtFz0nxvtnKz3PUCzE0yCArxIP6joWTxwMp8uQB1kj86lfpQWFKX2JlOqurydo7
|
||||
QDPXHYTMgzRuAHnuDoEeQREbagC97VhdvCcH1PjCwgef2AcU8o/mhddNiEdLpmeX
|
||||
YPqgY2CBBzbICdL00KhVUu2dcw5+aIG/q0R70+R7eX+783cj3QwjHUcEyGdEDTo/
|
||||
AUclqSpePP3okpVyQAWNtrYrC3uMx6/bUgSLVeFwpmVmkHyX3mhPnC9fHcE/pnnN
|
||||
+jSjRawHDP+GnnfHEwppHl1F16+cjJzBbO8KZe7WTWzRzfYCcqv0REQ9SmKhaouE
|
||||
C+wiBFewtyaKKBr9eEdOUPg07YAqU+9FWPyyPDv5dqdljvLH0N4JaWH2S/83WNbb
|
||||
y/atJiRcOP5dhHbPZ1PbG5sLkPBmyHiFy3E8AZLcWEwkXlXttFvdKYcULaDh3O/x
|
||||
vXsDWO1S6ezQ0Z4TZqLfATSzvqzSuSazRVCXsG0b6MK2nvorT5xFsANhhRGYi0bS
|
||||
UQEmqP6gs7PzX3FLuAnLMTbIts3NdkHjGJIYIGb82AiO4eoSUp0h13vrJchEr2XR
|
||||
NIszME07Iy+yE8eeX7yMIlbDZRaZ1t4nDQU/UT7xmCHYVQ==
|
||||
=bXHz
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
|
@ -0,0 +1,43 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: keycloak
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: keycloak
|
||||
args:
|
||||
- start
|
||||
- --db=postgres
|
||||
env:
|
||||
- name: KEYCLOAK_ADMIN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keycloak-config
|
||||
key: admin
|
||||
- name: KEYCLOAK_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: keycloak-config
|
||||
key: admin_password
|
||||
- name: KC_DB_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: name
|
||||
- name: KC_DB_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: password
|
||||
- name: KC_DB_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: database-configuration
|
||||
key: jdbc_url
|
||||
- name: KC_HOSTNAME_URL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: keycloak-config
|
||||
key: KC_HOSTNAME_URL
|
|
@ -0,0 +1,53 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: keycloak
|
||||
labels:
|
||||
app: keycloak
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: keycloak
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: keycloak
|
||||
labels:
|
||||
app: keycloak
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: keycloak
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: keycloak
|
||||
spec:
|
||||
containers:
|
||||
- name: keycloak
|
||||
image: quay.io/keycloak/keycloak:21.1.1
|
||||
args: ["start"]
|
||||
env:
|
||||
- name: KC_PROXY
|
||||
value: "edge"
|
||||
- name: KC_HEALTH_ENABLED
|
||||
value: "true"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /health/ready
|
||||
port: 8080
|
||||
initialDelaySeconds: 60
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health/live
|
||||
port: 8080
|
||||
initialDelaySeconds: 60
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/sh
|
||||
|
||||
if test -t 1; then
|
||||
# This is not foolproof. Can easily be beat by doing |cat. This is just to
|
||||
# make it less likely that secrets are output to terminal.
|
||||
echo "Error: Not outputting secret to stdout; redirect output to a file or" \
|
||||
"pipe output to \`sops\`." >/dev/stderr
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KC_ADMIN=admin
|
||||
KC_ADMIN_PASSWORD="$(pwgen 32 1)"
|
||||
|
||||
cat <<EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: keycloak-config
|
||||
stringData:
|
||||
admin: ${KC_ADMIN}
|
||||
admin_password: ${KC_ADMIN_PASSWORD}
|
||||
EOF
|
|
@ -0,0 +1,7 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: ksops
|
||||
files:
|
||||
- ./keycloak-config.enc.yaml
|
||||
- ./postgres-auth.enc.yaml
|
Loading…
Reference in New Issue