diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/tyilnet/auth-system')
8 files changed, 298 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml new file mode 100644 index 0000000..cb9c1ad --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:21.0.2 + args: ["start-dev"] + env: + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: keycloak-credentials + key: username + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-credentials + key: password + - name: KC_PROXY + value: "edge" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /realms/master + port: 8080 + resources: + requests: + memory: 368Mi + limits: + memory: 512Mi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml new file mode 100644 index 0000000..37bdee1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml @@ -0,0 +1,31 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" +spec: + ingressClassName: "traefik" + tls: + - hosts: + - keycloak.tyil.nl + secretName: tls-nl.tyil.keycloak + rules: + - host: keycloak.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak + port: + number: 80 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml new file mode 100644 index 0000000..0ee669b --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: keycloak + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 80 + targetPort: 8080 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml new file mode 100644 index 0000000..9cee89f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/deployment.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + strategy: + type: Recreate + template: + metadata: + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + spec: + containers: + - env: + - name: GID + value: "1001" + - name: TZ + value: Europe/Amsterdam + - name: UID + value: "1001" + image: nitnelave/lldap:stable + name: lldap + ports: + - containerPort: 3890 + - containerPort: 6360 + - containerPort: 17170 + volumeMounts: + - mountPath: /data + name: data + resources: + requests: + memory: 32Mi + limits: + memory: 128Mi + restartPolicy: Always + volumes: + - name: data + persistentVolumeClaim: + claimName: lldap +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml new file mode 100644 index 0000000..cc82eec --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/ingress.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - ldap.tyil.nl + secretName: tls-nl.tyil.ldap + rules: + - host: ldap.tyil.nl + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: lldap-http-service + port: + number: 17170 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml new file mode 100644 index 0000000..17a812b --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume-claim.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + storageClassName: nfs + volumeName: lldap + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml new file mode 100644 index 0000000..4501e8f --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/persistent-volume.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: lldap + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + storageClassName: nfs + persistentVolumeReclaimPolicy: Recycle + volumeMode: Filesystem + capacity: + storage: 1Gi + accessModes: + - ReadWriteMany + nfs: + path: /lldap + server: 10.57.101.10 + mountOptions: + - hard + - nfsvers=4.2 +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml new file mode 100644 index 0000000..1520b3c --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/lldap/service.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: lldap-http-service + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + ports: + - name: http + port: 17170 + targetPort: 17170 +... +--- +apiVersion: v1 +kind: Service +metadata: + # This port may _not_ be named "lldap_ldap", as the application itself wants + # to use LLDAP_LDAP_PORT, which Kubernetes will override with a value the + # application can't handle. + name: lldap-ldap-service + namespace: auth-system + labels: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system +spec: + selector: + app.kubernetes.io/created-by: tyil + app.kubernetes.io/managed-by: manual + app.kubernetes.io/name: lldap + app.kubernetes.io/part-of: auth-system + type: NodePort + ports: + - name: ldap + port: 3890 + targetPort: 3890 + nodePort: 3890 + - name: ldaps + port: 6360 + targetPort: 6360 + nodePort: 6360 +... |