From 6bda71e0a15d0cadba64ce5330b1f0f6a42ac375 Mon Sep 17 00:00:00 2001 From: Patrick Spek Date: Thu, 24 Aug 2023 07:42:11 +0200 Subject: Use the Bitnami Helm chart for Keycloak --- .../tyilnet/auth-system/keycloak/deployment.yaml | 57 ---------------------- .../tyilnet/auth-system/keycloak/helm-chart.yaml | 52 ++++++++++++++++++++ .../tyilnet/auth-system/keycloak/ingress.yaml | 31 ------------ .../tyilnet/auth-system/keycloak/service.yaml | 22 --------- 4 files changed, 52 insertions(+), 110 deletions(-) delete mode 100644 data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml create mode 100644 data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml delete mode 100644 data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml delete mode 100644 data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml (limited to 'data.d') diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml deleted file mode 100644 index cb9c1ad..0000000 --- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: keycloak - namespace: auth-system - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system - template: - metadata: - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system - spec: - containers: - - name: keycloak - image: quay.io/keycloak/keycloak:21.0.2 - args: ["start-dev"] - env: - - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: keycloak-credentials - key: username - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-credentials - key: password - - name: KC_PROXY - value: "edge" - ports: - - name: http - containerPort: 8080 - readinessProbe: - httpGet: - path: /realms/master - port: 8080 - resources: - requests: - memory: 368Mi - limits: - memory: 512Mi -... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml new file mode 100644 index 0000000..28324a1 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/helm-chart.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: keycloak + namespace: auth-system +spec: + chart: oci://registry-1.docker.io/bitnamicharts/keycloak + valuesContent: |- + global: + storageClass: longhorn + clusterDomain: k3s.tyil.nl + externalDatabase: + existingSecret: keycloak-database + existingSecretHostKey: host + existingSecretPortKey: port + existingSecretUserKey: user + existingSecretDatabaseKey: database + existingSecretPasswordKey: password + extraEnvVars: + - name: KC_HOSTNAME_URL + value: "https://keycloak.tyil.nl" + - name: KC_HOSTNAME_ADMIN_URL + value: "https://keycloak.tyil.nl" + - name: KC_PROXY + value: "edge" + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1024Mi + ingress: + enabled: true + certManager: true + tls: + - secretName: tls-nl.tyil.keycloak + hosts: + - keycloak.tyil.nl + hostname: keycloak.tyil.nl + annotations: + cert-manager.io/cluster-issuer: "letsencrypt-production" + traefik.ingress.kubernetes.io/router.middlewares: kube-system-redirect-https@kubernetescrd + ingressClassName: traefik + metrics: + enabled: true + serviceMonitor: + enabled: true + postgresql: + enabled: false +... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml deleted file mode 100644 index 37bdee1..0000000 --- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/ingress.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: keycloak - namespace: auth-system - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system - annotations: - cert-manager.io/cluster-issuer: "letsencrypt-production" -spec: - ingressClassName: "traefik" - tls: - - hosts: - - keycloak.tyil.nl - secretName: tls-nl.tyil.keycloak - rules: - - host: keycloak.tyil.nl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: keycloak - port: - number: 80 -... diff --git a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml b/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml deleted file mode 100644 index 0ee669b..0000000 --- a/data.d/k3s-master/manifests.d/tyilnet/auth-system/keycloak/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: keycloak - namespace: auth-system - labels: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system -spec: - selector: - app.kubernetes.io/created-by: tyil - app.kubernetes.io/managed-by: manual - app.kubernetes.io/name: keycloak - app.kubernetes.io/part-of: auth-system - ports: - - name: http - port: 80 - targetPort: 8080 -... -- cgit v1.1