Use the Bitnami Helm chart for Keycloak

author: Patrick Spek <p.spek@tyil.nl> 2023-08-24 07:42:11 +0200
committer: Patrick Spek <p.spek@tyil.nl> 2023-08-24 07:42:11 +0200
commit: 6bda71e0a15d0cadba64ce5330b1f0f6a42ac375 (patch)
tree: 68a0d4d53fc8f7237fad3a2402ea4877909d0364
parent: ca196d213f99c361e2cb3973002ae4584c787ea0 (diff)
4 files changed, 52 insertions, 110 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
deleted file mode 100644
index cb9c1ad..0000000
--- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: keycloak
-  namespace: auth-system
-  labels:
-    app.kubernetes.io/created-by: tyil
-    app.kubernetes.io/managed-by: manual
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/part-of: auth-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/created-by: tyil
-      app.kubernetes.io/managed-by: manual
-      app.kubernetes.io/name: keycloak
-      app.kubernetes.io/part-of: auth-system
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/created-by: tyil
-        app.kubernetes.io/managed-by: manual
-        app.kubernetes.io/name: keycloak
-        app.kubernetes.io/part-of: auth-system
-    spec:
-      containers:
-      - name: keycloak
-        image: quay.io/keycloak/keycloak:21.0.2
-        args: ["start-dev"]
-        env:
-        - name: KEYCLOAK_ADMIN
-          valueFrom:
-            secretKeyRef:
-              name: keycloak-credentials
-              key: username
-        - name: KEYCLOAK_ADMIN_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: keycloak-credentials
-              key: password
-        - name: KC_PROXY
-          value: "edge"
-        ports:
-        - name: http
-          containerPort: 8080
-        readinessProbe:
-          httpGet:
-            path: /realms/master
-            port: 8080
-        resources:
-          requests:
-            memory: 368Mi
-          limits:
-            memory: 512Mi
-...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml
new file mode 100644
index 0000000..28324a1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: keycloak
+  namespace: auth-system
+spec:
+  chart: oci://registry-1.docker.io/bitnamicharts/keycloak
+  valuesContent: |-
+    global:
+      storageClass: longhorn
+    clusterDomain: k3s.tyil.nl
+    externalDatabase:
+      existingSecret: keycloak-database
+      existingSecretHostKey: host
+      existingSecretPortKey: port
+      existingSecretUserKey: user
+      existingSecretDatabaseKey: database
+      existingSecretPasswordKey: password
+    extraEnvVars:
+    - name: KC_HOSTNAME_URL
+      value: "https://keycloak.tyil.nl"
+    - name: KC_HOSTNAME_ADMIN_URL
+      value: "https://keycloak.tyil.nl"
+    - name: KC_PROXY
+      value: "edge"
+    resources:
+      requests:
+        cpu: 100m
+        memory: 512Mi
+      limits:
+        cpu: 200m
+        memory: 1024Mi
+    ingress:
+      enabled: true
+      certManager: true
+      tls:
+      - secretName: tls-nl.tyil.keycloak
+        hosts:
+        - keycloak.tyil.nl
+      hostname: keycloak.tyil.nl
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-production"
+        traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+      ingressClassName: traefik
+    metrics:
+      enabled: true
+      serviceMonitor:
+        enabled: true
+    postgresql:
+      enabled: false
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
deleted file mode 100644
index 37bdee1..0000000
--- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: keycloak
-  namespace: auth-system
-  labels:
-    app.kubernetes.io/created-by: tyil
-    app.kubernetes.io/managed-by: manual
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/part-of: auth-system
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-production"
-spec:
-  ingressClassName: "traefik"
-  tls:
-  - hosts:
-    - keycloak.tyil.nl
-    secretName: tls-nl.tyil.keycloak
-  rules:
-  - host: keycloak.tyil.nl
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: keycloak
-            port:
-              number: 80
-...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
deleted file mode 100644
index 0ee669b..0000000
--- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: keycloak
-  namespace: auth-system
-  labels:
-    app.kubernetes.io/created-by: tyil
-    app.kubernetes.io/managed-by: manual
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/part-of: auth-system
-spec:
-  selector:
-    app.kubernetes.io/created-by: tyil
-    app.kubernetes.io/managed-by: manual
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/part-of: auth-system
-  ports:
-  - name: http
-    port: 80
-    targetPort: 8080
-...
author	Patrick Spek <p.spek@tyil.nl>	2023-08-24 07:42:11 +0200
committer	Patrick Spek <p.spek@tyil.nl>	2023-08-24 07:42:11 +0200
commit	6bda71e0a15d0cadba64ce5330b1f0f6a42ac375 (patch)
tree	68a0d4d53fc8f7237fad3a2402ea4877909d0364
parent	ca196d213f99c361e2cb3973002ae4584c787ea0 (diff)