feat: new prod keycloak deploy with cnpg database

apps/prod-keycloak.yaml

@@ -0,0 +1,35 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: prod-keycloak
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: aux
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: keycloak
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: true
+  sources:
+  - repoURL: https://charts.bitnami.com/bitnami
+    targetRevision: 24.3.1
+    chart: keycloak
+    helm:
+      valueFiles:
+        - $values/values/keycloak/values-prod.yaml
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    ref: values
+

values/keycloak/values-prod.yaml

@@ -0,0 +1,96 @@
+replicaCount: 2
+
+production: true
+
+proxy: edge
+
+auth:
+  adminPassword: en to tre fire
+  adminUser: admin
+  existingSecret: ""
+  managementPassword: ""
+  managementUser: manager
+
+postgresql:
+  enabled: false
+
+externalDatabase:
+  host: prod-keycloak-rw
+  port: 5432
+  database: app
+  existingSecret: prod-keycloak-ap
+  existingSecretUserKey: username
+  existingSecretPasswordKey: password
+
+extraVolumeMounts:
+- mountPath: /opt/bitnami/keycloak/themes/oceanbox
+  name: theme
+
+extraVolumes:
+- emptyDir: {}
+  name: theme
+
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  enabled: true
+  hostname: auth.oceanbox.io
+  ingressClassName: nginx
+  path: /
+  pathType: ImplementationSpecific
+  selfSigned: false
+  servicePort: http
+  tls: true
+
+adminIngress:
+  enabled: false
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  hostname: auth.adm.oceanbox.io
+  ingressClassName: nginx
+  path: /
+  pathType: ImplementationSpecific
+  selfSigned: false
+  servicePort: http
+  tls: true
+
+initContainers: |
+  - name: keycloak-theme-provider
+    image: docker.io/juselius/oceanbox-theme:1.2
+    imagePullPolicy: Always
+    command:
+      - sh
+    args:
+      - -c
+      - |
+        echo "Copying theme..."
+        cp -R /theme/* /keycloak/themes/oceanbox
+    volumeMounts:
+      - name: theme
+        mountPath: /keycloak/themes/oceanbox
+
+extraDeploy:
+  - apiVersion: postgresql.cnpg.io/v1
+    kind: Cluster
+    metadata:
+      name: prod-keycloak
+      namespace: keycloak
+    spec:
+      instances: 2
+      imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27-bookworm
+      storage:
+        resizeInUseVolumes: true
+        size: 10Gi
+      backup:
+        retentionPolicy: 60d
+        target: prefer-standby
+

values/keycloak/values.yaml

@@ -33,9 +33,6 @@ ingress:
     nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
   enabled: true
-  extraHosts:
-    - name: auth.oceanbox.io
-      path: /
   hostname: auth.srv.oceanbox.io
   ingressClassName: nginx
   path: /