summaryrefslogtreecommitdiff
path: root/data.d/k3s-master/manifests.d/tyilnet/auth-system
diff options
context:
space:
mode:
Diffstat (limited to 'data.d/k3s-master/manifests.d/tyilnet/auth-system')
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml57
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml31
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml22
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml57
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml32
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml20
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml26
-rw-r--r--data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml53
8 files changed, 298 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
new file mode 100644
index 0000000..cb9c1ad
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: keycloak
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+ spec:
+ containers:
+ - name: keycloak
+ image: quay.io/keycloak/keycloak:21.0.2
+ args: ["start-dev"]
+ env:
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-credentials
+ key: username
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: keycloak-credentials
+ key: password
+ - name: KC_PROXY
+ value: "edge"
+ ports:
+ - name: http
+ containerPort: 8080
+ readinessProbe:
+ httpGet:
+ path: /realms/master
+ port: 8080
+ resources:
+ requests:
+ memory: 368Mi
+ limits:
+ memory: 512Mi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
new file mode 100644
index 0000000..37bdee1
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml
@@ -0,0 +1,31 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: keycloak
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+spec:
+ ingressClassName: "traefik"
+ tls:
+ - hosts:
+ - keycloak.tyil.nl
+ secretName: tls-nl.tyil.keycloak
+ rules:
+ - host: keycloak.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: keycloak
+ port:
+ number: 80
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
new file mode 100644
index 0000000..0ee669b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: keycloak
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
new file mode 100644
index 0000000..9cee89f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ spec:
+ containers:
+ - env:
+ - name: GID
+ value: "1001"
+ - name: TZ
+ value: Europe/Amsterdam
+ - name: UID
+ value: "1001"
+ image: nitnelave/lldap:stable
+ name: lldap
+ ports:
+ - containerPort: 3890
+ - containerPort: 6360
+ - containerPort: 17170
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ resources:
+ requests:
+ memory: 32Mi
+ limits:
+ memory: 128Mi
+ restartPolicy: Always
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: lldap
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
new file mode 100644
index 0000000..cc82eec
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ annotations:
+ cert-manager.io/cluster-issuer: "letsencrypt-production"
+ traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd
+spec:
+ ingressClassName: traefik
+ tls:
+ - hosts:
+ - ldap.tyil.nl
+ secretName: tls-nl.tyil.ldap
+ rules:
+ - host: ldap.tyil.nl
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: lldap-http-service
+ port:
+ number: 17170
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
new file mode 100644
index 0000000..17a812b
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ storageClassName: nfs
+ volumeName: lldap
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 1Gi
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml
new file mode 100644
index 0000000..4501e8f
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: lldap
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ storageClassName: nfs
+ persistentVolumeReclaimPolicy: Recycle
+ volumeMode: Filesystem
+ capacity:
+ storage: 1Gi
+ accessModes:
+ - ReadWriteMany
+ nfs:
+ path: /lldap
+ server: 10.57.101.10
+ mountOptions:
+ - hard
+ - nfsvers=4.2
+...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
new file mode 100644
index 0000000..1520b3c
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: lldap-http-service
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ ports:
+ - name: http
+ port: 17170
+ targetPort: 17170
+...
+---
+apiVersion: v1
+kind: Service
+metadata:
+ # This port may _not_ be named "lldap_ldap", as the application itself wants
+ # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the
+ # application can't handle.
+ name: lldap-ldap-service
+ namespace: auth-system
+ labels:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+spec:
+ selector:
+ app.kubernetes.io/created-by: tyil
+ app.kubernetes.io/managed-by: manual
+ app.kubernetes.io/name: lldap
+ app.kubernetes.io/part-of: auth-system
+ type: NodePort
+ ports:
+ - name: ldap
+ port: 3890
+ targetPort: 3890
+ nodePort: 3890
+ - name: ldaps
+ port: 6360
+ targetPort: 6360
+ nodePort: 6360
+...
generated by cgit v1.1 at 2024-06-26 02:20:17 +0000