move keycloak to dev

DARPA-ASKEM · Jun 27, 2024 · c287c41 · c287c41
1 parent 60f2d54
commit c287c41
Show file tree

Hide file tree

Showing 8 changed files with 144 additions and 206 deletions.
diff --git a/kubernetes/base/keycloak/keycloak-deployment.yaml b/kubernetes/base/keycloak/keycloak-deployment.yaml
diff --git a/kubernetes/base/keycloak/kustomization.yaml b/kubernetes/base/keycloak/kustomization.yaml
diff --git a/kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml b/kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml
diff --git a/kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml b/kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml
diff --git a/kubernetes/overlays/prod/base/kustomization.yaml b/kubernetes/overlays/prod/base/kustomization.yaml
@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: terarium
 resources:
- - ../../../base/keycloak
  - ../../../base/hmi/client
  - ../../../base/hmi/documentation
  - ../../../base/hmi/server
@@ -28,8 +27,6 @@ patches:
  - path: hmi/server/hmi-server-service.yaml
  - path: hmi/server/spicedb-deployment.yaml
  - path: hmi/server/spicedb-service.yaml
- - path: keycloak/keycloak-deployment.yaml
- - path: keycloak/keycloak-service.yaml
  - path: services/beaker/beaker-deployment.yaml
  - path: services/data-service/data-service-graphdb-deployment.yaml
  - path: services/climate-data/climate-data-deployment.yaml

diff --git a/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml
@@ -3,18 +3,31 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: keycloak
+ labels:
+ software.uncharted.terarium/component: keycloak
+ software.uncharted.terarium/name: keycloak
+ software.uncharted.terarium/part-of: keycloak
 spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ software.uncharted.terarium/name: keycloak
+ strategy:
+ type: RollingUpdate
  template:
+ metadata:
+ labels:
+ software.uncharted.terarium/name: keycloak
  spec:
  containers:
  - name: keycloak
  args:
  - start
  env:
  - name: KC_HOSTNAME_URL
- value: https://keycloak.dev.terarium.ai
+ value: 'https://keycloak.dev.terarium.ai'
  - name: KC_HOSTNAME_ADMIN_URL
- value: https://keycloak.dev.terarium.ai
+ value: 'https://keycloak.dev.terarium.ai'
  - name: KC_DB_URL
  value: 'jdbc:postgresql://10.64.22.49:5432/keycloak'
  - name: PROXY_ADDRESS_FORWARDING
@@ -25,15 +38,128 @@ spec:
  value: 'false'
  - name: KC_HOSTNAME_STRICT
  value: 'false'
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ key: admin_username
+ name: keycloak-creds
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: admin_password
+ name: keycloak-creds
+ - name: KC_DB_URL_HOST
+ valueFrom:
+ secretKeyRef:
+ key: url
+ name: rds-creds
+ - name: KC_DB_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: username
+ name: rds-creds
+ - name: KC_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: rds-creds
+ - name: KC_HOSTNAME_PORT
+ value: "443"
+ - name: KC_HOSTNAME_PATH
+ value: /auth
+ - name: KC_PROXY
+ value: reencrypt
+ - name: KC_HTTPS_CERTIFICATE_FILE
+ value: /certificates/cert.pem
+ - name: KC_HTTPS_CERTIFICATE_KEY_FILE
+ value: /certificates/key.pem
+ - name: KC_DB
+ value: postgres
+ image: keycloak-image
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8443
+ protocol: TCP
+ - containerPort: 8080
+ protocol: TCP
+ resources: {}
+ volumeMounts:
+ - mountPath: /certificates
+ name: certificates-volume
+ - mountPath: /opt/keycloak/themes/terarium
+ name: theme-volume
  initContainers:
  - name: init-keycloak
+ args:
+ - import
+ - --dir
+ - /data
+ - --override
+ - "false"
  env:
  - name: KC_DB_URL
- value: 'jdbc:postgresql://10.64.22.49:5432/keycloak'
+ value: jdbc:postgresql://10.64.22.49:5432/keycloak
+ - name: PROXY_ADDRESS_FORWARDING
+ value: '"true"'
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ key: admin_username
+ name: keycloak-creds
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: admin_password
+ name: keycloak-creds
+ - name: KC_DB_URL_HOST
+ valueFrom:
+ secretKeyRef:
+ key: url
+ name: rds-creds
+ - name: KC_DB_USERNAME
+ valueFrom:
+ secretKeyRef:
+ key: username
+ name: rds-creds
+ - name: KC_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: password
+ name: rds-creds
+ - name: KC_DB
+ value: postgres
+ image: keycloak-image
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ resources: {}
+ volumeMounts:
+ - mountPath: /data
+ name: realm-volume
+ - name: keycloak-terarium-theme
+ args:
+ - -c
+ - cp -r /terarium/* /shared
+ command:
+ - /bin/sh
+ image: terarium-login-theme-image
+ imagePullPolicy: Always
  volumeMounts:
- - name: realm-volume
- mountPath: /data
+ - mountPath: /shared
+ name: theme-volume
+ restartPolicy: Always
+ imagePullSecrets:
+ - name: ghcr-cred
  volumes:
- - name: realm-volume
- configMap:
- name: keycloak-realm
+ - configMap:
+ name: keycloak-realm-b7t7fk9cbc
+ name: realm-volume
+ - configMap:
+ defaultMode: 420
+ name: keycloak-certificates-g85c5gdbb7
+ name: certificates-volume
+ - emptyDir: {}
+ name: theme-volume
+status: {}
+