Skip to content

Commit

Permalink
move keycloak to prod
Browse files Browse the repository at this point in the history
  • Loading branch information
@bigglesandginger
bigglesandginger committed Jun 27, 2024
1 parent c287c41 commit 87d9cca
Show file tree
Hide file tree
Showing 3 changed files with 171 additions and 7 deletions.
151 changes: 144 additions & 7 deletions kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,160 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
software.uncharted.terarium/component: keycloak
software.uncharted.terarium/name: keycloak
software.uncharted.terarium/part-of: keycloak
name: keycloak
spec:
replicas: 1
selector:
matchLabels:
software.uncharted.terarium/name: keycloak
strategy:
type: RollingUpdate
template:
metadata:
labels:
software.uncharted.terarium/name: keycloak
spec:
containers:
- name: keycloak
args:
- start
env:
- name: KC_HOSTNAME_URL
value: https://keycloak.terarium.ai
value: 'https://keycloak.terarium.ai'
- name: KC_HOSTNAME_ADMIN_URL
value: https://keycloak.terarium.ai
value: 'https://keycloak.terarium.ai'
- name: PROXY_ADDRESS_FORWARDING
value: '"true"'
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
key: admin_username
name: keycloak-creds
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin_password
name: keycloak-creds
- name: KC_DB_URL_HOST
valueFrom:
secretKeyRef:
key: url
name: rds-creds
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rds-creds
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rds-creds
- name: KC_HOSTNAME_PORT
value: "443"
- name: KC_HOSTNAME_PATH
value: /auth
- name: KC_HTTP_ENABLED
value: '"true"'
- name: KC_HOSTNAME_STRICT_HTTPS
value: '"false"'
- name: KC_HOSTNAME_STRICT
value: '"false"'
- name: KC_PROXY
value: reencrypt
- name: KC_HTTPS_CERTIFICATE_FILE
value: /certificates/cert.pem
- name: KC_HTTPS_CERTIFICATE_KEY_FILE
value: /certificates/key.pem
- name: KC_DB
value: postgres
image: keycloak-image
imagePullPolicy: Always
ports:
- containerPort: 8443
protocol: TCP
- containerPort: 8080
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /certificates
name: certificates-volume
- mountPath: /opt/keycloak/themes/terarium
name: theme-volume
initContainers:
- name: init-keycloak
args:
- import
- --dir
- /data
- --override
- "false"
env:
- name: PROXY_ADDRESS_FORWARDING
value: '"true"'
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
key: admin_username
name: keycloak-creds
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: admin_password
name: keycloak-creds
- name: KC_DB_URL_HOST
valueFrom:
secretKeyRef:
key: url
name: rds-creds
- name: KC_DB_USERNAME
valueFrom:
secretKeyRef:
key: username
name: rds-creds
- name: KC_DB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: rds-creds
- name: KC_DB
value: postgres
image: keycloak-image
imagePullPolicy: Always
ports:
- containerPort: 8080
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /data
name: realm-volume
- name: keycloak-terarium-theme
args:
- -c
- cp -r /terarium/* /shared
command:
- /bin/sh
image: terarium-login-theme-image
imagePullPolicy: Always
volumeMounts:
- name: realm-volume
mountPath: /data
- mountPath: /shared
name: theme-volume
restartPolicy: Always
imagePullSecrets:
- name: ghcr-cred
volumes:
- name: realm-volume
configMap:
name: keycloak-realm
- configMap:
name: keycloak-realm-68fgb6kfkk
name: realm-volume
- configMap:
defaultMode: 420
name: keycloak-certificates-g85c5gdbb7
name: certificates-volume
- emptyDir: {}
name: theme-volume
status: {}

25 changes: 25 additions & 0 deletions kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
apiVersion: v1
kind: Service
metadata:
labels:
software.uncharted.terarium/component: keycloak
software.uncharted.terarium/name: keycloak
software.uncharted.terarium/part-of: keycloak
name: keycloak
namespace: terarium
spec:
ports:
- name: 443-keycloak-internal-tcp
port: 443
protocol: TCP
targetPort: 8443
- name: keycloak-svc-port
port: 8080
protocol: TCP
targetPort: 8080
selector:
software.uncharted.terarium/name: keycloak
type: NodePort
status:
loadBalancer: {}
2 changes: 2 additions & 0 deletions kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ kind: Kustomization
namespace: terarium
resources:
- ../../base
- keycloak/keycloak-deployment.yaml
- keycloak/keycloak-service.yaml
- ingress/private-web-ingress.yaml
- ingress/public-web-ingress.yaml
- ingress/public-web-ssl-ingress.yaml
Expand Down

0 comments on commit 87d9cca

Please sign in to comment.