Add keycloak deployment

author: Patrick Spek <p.spek@tyil.nl> 2023-08-03 10:02:57 +0200
committer: Patrick Spek <p.spek@tyil.nl> 2023-08-03 10:02:57 +0200
commit: cad2dadda1316c0605db6ac1e8a4fb6eb656579b (patch)
tree: 3a922d50ed03effc5a3ba6e5076aa9ce17066b4a /data.d
parent: 21e6e861ef32e16b5313b5adeac11e69fa8cecfc (diff)
4 files changed, 122 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/deployment.yaml
new file mode 100644
index 0000000..cb9c1ad
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/created-by: tyil
+      app.kubernetes.io/managed-by: manual
+      app.kubernetes.io/name: keycloak
+      app.kubernetes.io/part-of: auth-system
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/created-by: tyil
+        app.kubernetes.io/managed-by: manual
+        app.kubernetes.io/name: keycloak
+        app.kubernetes.io/part-of: auth-system
+    spec:
+      containers:
+      - name: keycloak
+        image: quay.io/keycloak/keycloak:21.0.2
+        args: ["start-dev"]
+        env:
+        - name: KEYCLOAK_ADMIN
+          valueFrom:
+            secretKeyRef:
+              name: keycloak-credentials
+              key: username
+        - name: KEYCLOAK_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: keycloak-credentials
+              key: password
+        - name: KC_PROXY
+          value: "edge"
+        ports:
+        - name: http
+          containerPort: 8080
+        readinessProbe:
+          httpGet:
+            path: /realms/master
+            port: 8080
+        resources:
+          requests:
+            memory: 368Mi
+          limits:
+            memory: 512Mi
+...
diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/ingress.yaml
new file mode 100644
index 0000000..37bdee1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+  ingressClassName: "traefik"
+  tls:
+  - hosts:
+    - keycloak.tyil.nl
+    secretName: tls-nl.tyil.keycloak
+  rules:
+  - host: keycloak.tyil.nl
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: keycloak
+            port:
+              number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/service.yaml
new file mode 100644
index 0000000..0ee669b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/oolah/auth-system/keycloak/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  namespace: auth-system
+  labels:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+spec:
+  selector:
+    app.kubernetes.io/created-by: tyil
+    app.kubernetes.io/managed-by: manual
+    app.kubernetes.io/name: keycloak
+    app.kubernetes.io/part-of: auth-system
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/oolah/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/oolah/kube-system/treafik/middleware-headers-keycloak.yaml
new file mode 100644
index 0000000..d8e4001
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/oolah/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: headers-keycloak
+  namespace: kube-system
+spec:
+  headers:
+    stsPreload: true
+    forceSTSHeader: true
+    contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'"
+...
author	Patrick Spek <p.spek@tyil.nl>	2023-08-03 10:02:57 +0200
committer	Patrick Spek <p.spek@tyil.nl>	2023-08-03 10:02:57 +0200
commit	cad2dadda1316c0605db6ac1e8a4fb6eb656579b (patch)
tree	3a922d50ed03effc5a3ba6e5076aa9ce17066b4a /data.d
parent	21e6e861ef32e16b5313b5adeac11e69fa8cecfc (diff)