diff --git a/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-deployment.yaml index b18a3916..4a227a04 100755 --- a/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-deployment.yaml @@ -2,23 +2,160 @@ apiVersion: apps/v1 kind: Deployment metadata: + labels: + software.uncharted.terarium/component: keycloak + software.uncharted.terarium/name: keycloak + software.uncharted.terarium/part-of: keycloak name: keycloak spec: + replicas: 1 + selector: + matchLabels: + software.uncharted.terarium/name: keycloak + strategy: + type: RollingUpdate template: + metadata: + labels: + software.uncharted.terarium/name: keycloak spec: containers: - name: keycloak + args: + - start env: - name: KC_HOSTNAME_URL - value: https://keycloak.terarium.ai + value: 'https://keycloak.terarium.ai' - name: KC_HOSTNAME_ADMIN_URL - value: https://keycloak.terarium.ai + value: 'https://keycloak.terarium.ai' + - name: PROXY_ADDRESS_FORWARDING + value: '"true"' + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + key: admin_username + name: keycloak-creds + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: keycloak-creds + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + key: url + name: rds-creds + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rds-creds + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rds-creds + - name: KC_HOSTNAME_PORT + value: "443" + - name: KC_HOSTNAME_PATH + value: /auth + - name: KC_HTTP_ENABLED + value: '"true"' + - name: KC_HOSTNAME_STRICT_HTTPS + value: '"false"' + - name: KC_HOSTNAME_STRICT + value: '"false"' + - name: KC_PROXY + value: reencrypt + - name: KC_HTTPS_CERTIFICATE_FILE + value: /certificates/cert.pem + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /certificates/key.pem + - name: KC_DB + value: postgres + image: keycloak-image + imagePullPolicy: Always + ports: + - containerPort: 8443 + protocol: TCP + - containerPort: 8080 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /certificates + name: certificates-volume + - mountPath: /opt/keycloak/themes/terarium + name: theme-volume initContainers: - name: init-keycloak + args: + - import + - --dir + - /data + - --override + - "false" + env: + - name: PROXY_ADDRESS_FORWARDING + value: '"true"' + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + key: admin_username + name: keycloak-creds + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: keycloak-creds + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + key: url + name: rds-creds + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rds-creds + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rds-creds + - name: KC_DB + value: postgres + image: keycloak-image + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /data + name: realm-volume + - name: keycloak-terarium-theme + args: + - -c + - cp -r /terarium/* /shared + command: + - /bin/sh + image: terarium-login-theme-image + imagePullPolicy: Always volumeMounts: - - name: realm-volume - mountPath: /data + - mountPath: /shared + name: theme-volume + restartPolicy: Always + imagePullSecrets: + - name: ghcr-cred volumes: - - name: realm-volume - configMap: - name: keycloak-realm + - configMap: + name: keycloak-realm-68fgb6kfkk + name: realm-volume + - configMap: + defaultMode: 420 + name: keycloak-certificates-g85c5gdbb7 + name: certificates-volume + - emptyDir: {} + name: theme-volume +status: {} + diff --git a/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-service.yaml b/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-service.yaml new file mode 100755 index 00000000..af6df321 --- /dev/null +++ b/kubernetes/overlays/prod/overlays/askem-production/keycloak/keycloak-service.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + software.uncharted.terarium/component: keycloak + software.uncharted.terarium/name: keycloak + software.uncharted.terarium/part-of: keycloak + name: keycloak + namespace: terarium +spec: + ports: + - name: 443-keycloak-internal-tcp + port: 443 + protocol: TCP + targetPort: 8443 + - name: keycloak-svc-port + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + software.uncharted.terarium/name: keycloak + type: NodePort +status: + loadBalancer: {} diff --git a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml index e1864372..8029f124 100644 --- a/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-production/kustomization.yaml @@ -4,6 +4,8 @@ kind: Kustomization namespace: terarium resources: - ../../base + - keycloak/keycloak-deployment.yaml + - keycloak/keycloak-service.yaml - ingress/private-web-ingress.yaml - ingress/public-web-ingress.yaml - ingress/public-web-ssl-ingress.yaml