wip: helmfileify

values/keycloak/manifests/ingress.yaml

@@ -0,0 +1,46 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  labels:
+    app.kubernetes.io/component: keycloak
+    app.kubernetes.io/instance: prod-keycloak
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/version: 26.0.2
+  name: prod-keycloak-admin
+  namespace: keycloak
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: auth.oceanbox.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prod-keycloak
+            port:
+              name: http
+        path: /admin
+        pathType: ImplementationSpecific
+  - host: keycloak.adm.oceanbox.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: prod-keycloak
+            port:
+              name: http
+        path: /admin
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - auth.oceanbox.io
+    - keycloak.adm.oceanbox.io
+    secretName: keycloak.adm.oceanbox.io-tls
+

values/keycloak/manifests/keycloak.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.keycloak.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-keycloak 
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: keycloak
+    server: 'https://kubernetes.default.svc'
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfiles/keycloak
+    plugin:
+      name: helmfile
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+  project: aux
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.keycloak.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}
+{{- end }}