summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Spek <p.spek@tyil.nl>2023-04-05 08:55:38 +0200
committerPatrick Spek <p.spek@tyil.nl>2023-04-05 08:55:38 +0200
commit9b9390b89375c59982e8bf09d2c8c8b1077f1c08 (patch)
tree1e777a1235f58c0abcfcc9fa5fef86aab8a9e9e7
parente365f83a3e97687085cc6411044e45483ad5dc70 (diff)
Add keycloak deployment
-rw-r--r--data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml52
-rw-r--r--data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml31
-rw-r--r--data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml18
-rw-r--r--data.d/k3s-hurzak/manifests.d/keycloak/service.yaml22
4 files changed, 123 insertions, 0 deletions
diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml
new file mode 100644
index 0000000..5cd9975
--- /dev/null
+++ b/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml
@@ -0,0 +1,52 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keycloak
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+ spec:
+ containers:
+ - name: keycloak
+ image: quay.io/keycloak/keycloak:21.0.2
+ args: ["start-dev"]
+ env:
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-credentials
+ key: username
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-credentials
+ key: password
+ - name: KC_PROXY
+ value: "edge"
+ ports:
+ - name: http
+ containerPort: 8080
+ readinessProbe:
+ httpGet:
+ path: /realms/master
+ port: 8080
+...
diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml
new file mode 100644
index 0000000..1d9bb16
--- /dev/null
+++ b/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: searxng
+ namespace: public-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+ ingressClassName: "traefik"
+ tls:
+ - hosts:
+ - id.tyil.nl
+ secretName: tls-nl.tyil.id
+ rules:
+ - host: id.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: keycloak
+ port:
+ number: 8080
+...
diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml
new file mode 100644
index 0000000..de38e41
--- /dev/null
+++ b/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml
@@ -0,0 +1,18 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+ creationTimestamp: null
+ name: keyloak-credentials
+ namespace: personal-services
+spec:
+ encryptedData:
+ password: AgCCPDpthr2iCHLo5HceLX9qNTXB0tpeUxiyAW1Gl/oGFMdSJRRzJ4nweQ+O3IL8sySMdJY2lBPBI7FAqiiLiKe/PQ+G6VHP0OhehYUyEPsze8U0eq8tUoCEVsNXObd5wE5kryHg8tGc+Qkj3cAd2r5QQVqdUsNxfs1nKwJELEP+GKcTKa/jZllhIYcV+tm5XgbP5bFBe9XurYclB1k+AwUNJlx1wiP1jM5tAXZmSln/xPhBDs4pYLjHo7By1GbJ9uyRANwzDRK64YDpTHPI8K2xvfiPkm29U7blxpos9KAdGl3O3B65xDtMbDhvvZZ2VHEebb5XbK02zRAu4FV9HgYxX4RmMA11v1BTo6/rwMZhfJVKRu3y1XHv5A0fzWn6a2/CJVSCpaHkP7DwxI/FKB63TIfdHYyxd6Rpp60+nMIcj5t01pWiUDZU62p8qcoJsfKhAg6cu9QEsvCqJak/LBXb0tfWuSZiY/Mf4VMRo3v+re9KtTENRHtHS6sfsnDREKkqwIzQptlrnt7vn+gnBzmSM4A/QvTd6Rswq2fhZcbdH7GlSk1I0RmnPjASGneR0/zrdfY9phsKkO+rebcdXGo8apC73bmm0O3SOPK4jDoDVC+FxlZZMjsHWUAB6qtGQJSpby1XINCfvoWbPaRrT/ENDDCbhEgcZwFRHIR+PvBfEKysZfZiHzliXOWs4CAsA92wF61A1mdSI1PX
+ username: AgCRcn8pUF7oEbgZTzltAPngQSxf5/t6z6YcMwn7S4vYdRH4NoXhm8Ju2I0mGMDJMgxHQErJGnTXNBG59p7nCSz89fowZ3nfp6mjGxwuQCHp41Z5UHZN/mFEzaZ/Zdk8E+q867p2Te62cwrXRO1nppDg5yKeGlOPbyNFir9PQlscgWEvAeC6w7ZtMfn4bQ99U4M4XuXm5mAirE8cmprgqo3yxHrMXKtzG0GO7KPnWaxKARQ50GJSfLbYsaGub1ECaqZe+q2DDbsL0BoDnJTXZ4+9wvZwTFfIaDS0BAQ4K5L/q8X2wjAel3AJ2ZnjJ+MylZhLxCJ1uAdihZOiwH508r6YAMQtHWPIu9Tt5IR45sA52d2Mv/FjArM0eX5jsg9OUfofRPmk48bn1fp4TnIrHSdUrIJQmo3rhgJ2aJz1e3WNUpvv8FOCdYtr2miuiL5+FnPUjFhN6JX5Z2LVevfhHXZePsq0kbEWiRZxZgcUjmghkloKDB+Vblf92kfCsWkEVT9v1cIEEN7eYATGzBAuraZs7Po/LeGwgop0QxkdpA46oK6F5L4Jgzhby8Crsw1cvol9MpYQVfTTDFHpqn4Ol9nux7I1R2Rcbwq5jxZtrNB+Hi06SQEt51BsqH4uIpEzHxhqe5+dONor86mpyVQuve1VK5RXOUqAKl+VWcvwF1TmOq4v5/wU4Qc4ApTwGQu82DrFPwnZ9Q==
+ template:
+ data: null
+ metadata:
+ creationTimestamp: null
+ name: keyloak-credentials
+ namespace: personal-services
+ type: Opaque
+
diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml
new file mode 100644
index 0000000..c9068b7
--- /dev/null
+++ b/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak
+ namespace: personal-services
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: keycloak
+ ports:
+ - name: http
+ port: 8080
+ targetPort: 8080
+...