diff options
author | Patrick Spek <p.spek@tyil.nl> | 2023-04-05 08:55:38 +0200 |
---|---|---|
committer | Patrick Spek <p.spek@tyil.nl> | 2023-04-05 08:55:38 +0200 |
commit | 9b9390b89375c59982e8bf09d2c8c8b1077f1c08 (patch) | |
tree | 1e777a1235f58c0abcfcc9fa5fef86aab8a9e9e7 | |
parent | e365f83a3e97687085cc6411044e45483ad5dc70 (diff) |
Add keycloak deployment
4 files changed, 123 insertions, 0 deletions
diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml new file mode 100644 index 0000000..5cd9975 --- /dev/null +++ b/data.d/k3s-hurzak/manifests.d/keycloak/deployment.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:21.0.2 + args: ["start-dev"] + env: + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: keycloak-credentials + key: username + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-credentials + key: password + - name: KC_PROXY + value: "edge" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /realms/master + port: 8080 +... diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml new file mode 100644 index 0000000..1d9bb16 --- /dev/null +++ b/data.d/k3s-hurzak/manifests.d/keycloak/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: searxng + namespace: public-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + ingressClassName: "traefik" + tls: + - hosts: + - id.tyil.nl + secretName: tls-nl.tyil.id + rules: + - host: id.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak + port: + number: 8080 +... diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml new file mode 100644 index 0000000..de38e41 --- /dev/null +++ b/data.d/k3s-hurzak/manifests.d/keycloak/sealed-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: keyloak-credentials + namespace: personal-services +spec: + encryptedData: + password: AgCCPDpthr2iCHLo5HceLX9qNTXB0tpeUxiyAW1Gl/oGFMdSJRRzJ4nweQ+O3IL8sySMdJY2lBPBI7FAqiiLiKe/PQ+G6VHP0OhehYUyEPsze8U0eq8tUoCEVsNXObd5wE5kryHg8tGc+Qkj3cAd2r5QQVqdUsNxfs1nKwJELEP+GKcTKa/jZllhIYcV+tm5XgbP5bFBe9XurYclB1k+AwUNJlx1wiP1jM5tAXZmSln/xPhBDs4pYLjHo7By1GbJ9uyRANwzDRK64YDpTHPI8K2xvfiPkm29U7blxpos9KAdGl3O3B65xDtMbDhvvZZ2VHEebb5XbK02zRAu4FV9HgYxX4RmMA11v1BTo6/rwMZhfJVKRu3y1XHv5A0fzWn6a2/CJVSCpaHkP7DwxI/FKB63TIfdHYyxd6Rpp60+nMIcj5t01pWiUDZU62p8qcoJsfKhAg6cu9QEsvCqJak/LBXb0tfWuSZiY/Mf4VMRo3v+re9KtTENRHtHS6sfsnDREKkqwIzQptlrnt7vn+gnBzmSM4A/QvTd6Rswq2fhZcbdH7GlSk1I0RmnPjASGneR0/zrdfY9phsKkO+rebcdXGo8apC73bmm0O3SOPK4jDoDVC+FxlZZMjsHWUAB6qtGQJSpby1XINCfvoWbPaRrT/ENDDCbhEgcZwFRHIR+PvBfEKysZfZiHzliXOWs4CAsA92wF61A1mdSI1PX + username: AgCRcn8pUF7oEbgZTzltAPngQSxf5/t6z6YcMwn7S4vYdRH4NoXhm8Ju2I0mGMDJMgxHQErJGnTXNBG59p7nCSz89fowZ3nfp6mjGxwuQCHp41Z5UHZN/mFEzaZ/Zdk8E+q867p2Te62cwrXRO1nppDg5yKeGlOPbyNFir9PQlscgWEvAeC6w7ZtMfn4bQ99U4M4XuXm5mAirE8cmprgqo3yxHrMXKtzG0GO7KPnWaxKARQ50GJSfLbYsaGub1ECaqZe+q2DDbsL0BoDnJTXZ4+9wvZwTFfIaDS0BAQ4K5L/q8X2wjAel3AJ2ZnjJ+MylZhLxCJ1uAdihZOiwH508r6YAMQtHWPIu9Tt5IR45sA52d2Mv/FjArM0eX5jsg9OUfofRPmk48bn1fp4TnIrHSdUrIJQmo3rhgJ2aJz1e3WNUpvv8FOCdYtr2miuiL5+FnPUjFhN6JX5Z2LVevfhHXZePsq0kbEWiRZxZgcUjmghkloKDB+Vblf92kfCsWkEVT9v1cIEEN7eYATGzBAuraZs7Po/LeGwgop0QxkdpA46oK6F5L4Jgzhby8Crsw1cvol9MpYQVfTTDFHpqn4Ol9nux7I1R2Rcbwq5jxZtrNB+Hi06SQEt51BsqH4uIpEzHxhqe5+dONor86mpyVQuve1VK5RXOUqAKl+VWcvwF1TmOq4v5/wU4Qc4ApTwGQu82DrFPwnZ9Q== + template: + data: null + metadata: + creationTimestamp: null + name: keyloak-credentials + namespace: personal-services + type: Opaque + diff --git a/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml b/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml new file mode 100644 index 0000000..c9068b7 --- /dev/null +++ b/data.d/k3s-hurzak/manifests.d/keycloak/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak + namespace: personal-services + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: keycloak + ports: + - name: http + port: 8080 + targetPort: 8080 +... |