diff --git a/keycloak.yaml b/keycloak.yaml deleted file mode 100644 index c65bf3f..0000000 --- a/keycloak.yaml +++ /dev/null @@ -1,42 +0,0 @@ -auth: - adminPassword: en to tre fire - adminUser: admin - existingSecret: "" - managementPassword: "" - managementUser: manager -ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/ssl-redirect: "true" - enabled: true - extraHosts: [] - extraPaths: [] - hostname: keycloak.dev.oceanbox.io - ingressClassName: nginx - path: / - pathType: ImplementationSpecific - selfSigned: false - servicePort: http - tls: true -extraVolumeMounts: - - name: theme - mountPath: /opt/bitnami/keycloak/themes/oceanbox -extraVolumes: - - name: theme - emptyDir: {} -initContainers: | - - name: keycloak-theme-provider - image: docker.io/juselius/oceanbox-theme:1.0 - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying theme..." - cp -R /theme/* /keycloak/themes/oceanbox - volumeMounts: - - name: theme - mountPath: /keycloak/themes/oceanbox diff --git a/manifest.yaml b/manifest.yaml deleted file mode 100644 index 7b341dd..0000000 --- a/manifest.yaml +++ /dev/null @@ -1,531 +0,0 @@ ---- -# Source: keycloak/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: keycloak - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -automountServiceAccountToken: true ---- -# Source: keycloak/charts/postgresql/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: keycloak-postgresql - namespace: "oceanbox" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.9 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm -type: Opaque -data: - postgres-password: "bVJsYUE2c0sxSg==" - password: "azlIUEJZOUVSOA==" - # We don't auto-generate LDAP password when it's not provided as we do for other passwords ---- -# Source: keycloak/templates/secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: keycloak - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -type: Opaque -data: - admin-password: "ZW4gdG8gdHJlIGZpcmU=" - management-password: "V1c1U0dvNEloSw==" ---- -# Source: keycloak/templates/configmap-env-vars.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: keycloak-env-vars - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -data: - KEYCLOAK_ADMIN_USER: "admin" - KEYCLOAK_MANAGEMENT_USER: "manager" - KEYCLOAK_HTTP_PORT: "8080" - KEYCLOAK_PROXY: passthrough - KEYCLOAK_ENABLE_STATISTICS: "false" - KEYCLOAK_DATABASE_HOST: "keycloak-postgresql" - KEYCLOAK_DATABASE_PORT: "5432" - KEYCLOAK_DATABASE_NAME: "bitnami_keycloak" - KEYCLOAK_DATABASE_USER: "bn_keycloak" - KEYCLOAK_ENABLE_TLS: "false" - KEYCLOAK_CACHE_TYPE: "local" - KEYCLOAK_LOG_OUTPUT: "default" ---- -# Source: keycloak/charts/postgresql/templates/primary/svc-headless.yaml -apiVersion: v1 -kind: Service -metadata: - name: keycloak-postgresql-hl - namespace: "oceanbox" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.9 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - # Use this annotation in addition to the actual publishNotReadyAddresses - # field below because the annotation will stop being respected soon but the - # field is broken in some versions of Kubernetes: - # https://github.com/kubernetes/kubernetes/issues/58662 - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: ClusterIP - clusterIP: None - # We want all pods in the StatefulSet to have their addresses published for - # the sake of the other Postgresql pods even before they're ready, since they - # have to be able to talk to each other in order to become ready. - publishNotReadyAddresses: true - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: primary ---- -# Source: keycloak/charts/postgresql/templates/primary/svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: keycloak-postgresql - namespace: "oceanbox" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.9 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - type: ClusterIP - sessionAffinity: None - ports: - - name: tcp-postgresql - port: 5432 - targetPort: tcp-postgresql - nodePort: null - selector: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: primary ---- -# Source: keycloak/templates/headless-service.yaml -apiVersion: v1 -kind: Service -metadata: - name: keycloak-headless - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -spec: - type: ClusterIP - clusterIP: None - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - publishNotReadyAddresses: true - selector: - app.kubernetes.io/name: keycloak - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: keycloak ---- -# Source: keycloak/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: keycloak - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -spec: - type: LoadBalancer - externalTrafficPolicy: "Cluster" - sessionAffinity: None - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/name: keycloak - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: keycloak ---- -# Source: keycloak/charts/postgresql/templates/primary/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: keycloak-postgresql - namespace: "oceanbox" - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.9 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: -spec: - replicas: 1 - serviceName: keycloak-postgresql-hl - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: primary - template: - metadata: - name: keycloak-postgresql - labels: - app.kubernetes.io/name: postgresql - helm.sh/chart: postgresql-11.6.9 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: primary - annotations: - spec: - serviceAccountName: default - - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: postgresql - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: primary - namespaces: - - "oceanbox" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - securityContext: - fsGroup: 1001 - hostNetwork: false - hostIPC: false - initContainers: - containers: - - name: postgresql - image: docker.io/bitnami/postgresql:14.4.0-debian-11-r2 - imagePullPolicy: "IfNotPresent" - securityContext: - runAsUser: 1001 - env: - - name: BITNAMI_DEBUG - value: "false" - - name: POSTGRESQL_PORT_NUMBER - value: "5432" - - name: POSTGRESQL_VOLUME_DIR - value: "/bitnami/postgresql" - - name: PGDATA - value: "/bitnami/postgresql/data" - # Authentication - - name: POSTGRES_USER - value: "bn_keycloak" - - name: POSTGRES_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-postgresql - key: postgres-password - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-postgresql - key: password - - name: POSTGRES_DB - value: "bitnami_keycloak" - # Replication - # Initdb - # Standby - # LDAP - - name: POSTGRESQL_ENABLE_LDAP - value: "no" - # TLS - - name: POSTGRESQL_ENABLE_TLS - value: "no" - # Audit - - name: POSTGRESQL_LOG_HOSTNAME - value: "false" - - name: POSTGRESQL_LOG_CONNECTIONS - value: "false" - - name: POSTGRESQL_LOG_DISCONNECTIONS - value: "false" - - name: POSTGRESQL_PGAUDIT_LOG_CATALOG - value: "off" - # Others - - name: POSTGRESQL_CLIENT_MIN_MESSAGES - value: "error" - - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES - value: "pgaudit" - ports: - - name: tcp-postgresql - containerPort: 5432 - livenessProbe: - failureThreshold: 6 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - exec pg_isready -U "bn_keycloak" -d "dbname=bitnami_keycloak" -h 127.0.0.1 -p 5432 - readinessProbe: - failureThreshold: 6 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - exec: - command: - - /bin/sh - - -c - - -e - - - | - exec pg_isready -U "bn_keycloak" -d "dbname=bitnami_keycloak" -h 127.0.0.1 -p 5432 - [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] - resources: - limits: {} - requests: - cpu: 250m - memory: 256Mi - volumeMounts: - - name: dshm - mountPath: /dev/shm - - name: data - mountPath: /bitnami/postgresql - volumes: - - name: dshm - emptyDir: - medium: Memory - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: "8Gi" ---- -# Source: keycloak/templates/statefulset.yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: keycloak - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak -spec: - replicas: 1 - podManagementPolicy: Parallel - serviceName: keycloak-headless - updateStrategy: - rollingUpdate: {} - type: RollingUpdate - selector: - matchLabels: - app.kubernetes.io/name: keycloak - app.kubernetes.io/instance: keycloak - app.kubernetes.io/component: keycloak - template: - metadata: - annotations: - checksum/configmap-env-vars: 503dfcf8a222e248d4ef79d1c510f17380e89ada3ea41db074f3d5ade7e247c5 - checksum/secrets: 15ae48deda4484b39021a91faceb68544d16f599867b6f7e64b2f818698b62de - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak - spec: - serviceAccountName: keycloak - - affinity: - podAffinity: - - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: keycloak - app.kubernetes.io/instance: keycloak - namespaces: - - "oceanbox" - topologyKey: kubernetes.io/hostname - weight: 1 - nodeAffinity: - - securityContext: - fsGroup: 1001 - initContainers: - - name: keycloak-theme-provider - image: docker.io/my-theme:1.0 - imagePullPolicy: IfNotPresent - command: - - sh - args: - - -c - - | - echo "Copying theme..." - cp -R /my-theme/* /theme - volumeMounts: - - name: theme - mountPath: /theme - - containers: - - name: keycloak - image: docker.io/bitnami/keycloak:18.0.2-debian-11-r0 - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - runAsUser: 1001 - env: - - name: KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: BITNAMI_DEBUG - value: "false" - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak - key: admin-password - - name: KEYCLOAK_MANAGEMENT_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak - key: management-password - - name: KEYCLOAK_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-postgresql - key: password - envFrom: - - configMapRef: - name: keycloak-env-vars - resources: - limits: {} - requests: {} - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: https - containerPort: 8443 - protocol: TCP - - name: http-management - containerPort: 9990 - protocol: TCP - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 300 - periodSeconds: 1 - successThreshold: 1 - timeoutSeconds: 5 - httpGet: - path: / - port: http - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - httpGet: - path: /realms/master - port: http - volumeMounts: - - mountPath: /opt/bitnami/keycloak/themes/oceanbox - name: theme - volumes: - - emptyDir: {} - name: theme ---- -# Source: keycloak/templates/ingress.yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak - namespace: oceanbox - labels: - app.kubernetes.io/name: keycloak - helm.sh/chart: keycloak-9.3.2 - app.kubernetes.io/instance: keycloak - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: keycloak - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - nginx.ingress.kubernetes.io/ssl-redirect: "true" -spec: - ingressClassName: "nginx" - rules: - - host: "keycloak.dev.oceanbox.io" - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: keycloak - port: - name: http - tls: - - hosts: - - "keycloak.dev.oceanbox.io" - secretName: keycloak.dev.oceanbox.io-tls