From c287c4199109e82741535b8267af07fa0866c97b Mon Sep 17 00:00:00 2001 From: Charles Coleman Date: Thu, 27 Jun 2024 11:05:44 -0400 Subject: [PATCH] move keycloak to dev --- .../base/keycloak/keycloak-deployment.yaml | 67 --------- kubernetes/base/keycloak/kustomization.yaml | 7 - .../base/keycloak/keycloak-deployment.yaml | 106 ------------- .../prod/base/keycloak/keycloak-service.yaml | 12 -- .../overlays/prod/base/kustomization.yaml | 3 - .../keycloak/keycloak-deployment.yaml | 142 +++++++++++++++++- .../askem-dev}/keycloak/keycloak-service.yaml | 10 +- .../overlays/askem-dev/kustomization.yaml | 3 +- 8 files changed, 144 insertions(+), 206 deletions(-) delete mode 100755 kubernetes/base/keycloak/keycloak-deployment.yaml delete mode 100644 kubernetes/base/keycloak/kustomization.yaml delete mode 100755 kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml delete mode 100755 kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml rename kubernetes/{base => overlays/prod/overlays/askem-dev}/keycloak/keycloak-service.yaml (75%) diff --git a/kubernetes/base/keycloak/keycloak-deployment.yaml b/kubernetes/base/keycloak/keycloak-deployment.yaml deleted file mode 100755 index a7c1c867..00000000 --- a/kubernetes/base/keycloak/keycloak-deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: keycloak - labels: - software.uncharted.terarium/name: keycloak - software.uncharted.terarium/component: keycloak - software.uncharted.terarium/part-of: keycloak -spec: - replicas: 1 - selector: - matchLabels: - software.uncharted.terarium/name: keycloak - strategy: - type: Recreate - template: - metadata: - labels: - software.uncharted.terarium/name: keycloak - spec: - containers: - - name: keycloak - image: keycloak-image - imagePullPolicy: Always - env: - - name: KC_DB - value: postgres - args: - - start - ports: - - containerPort: 8080 - protocol: TCP - volumeMounts: - - name: theme-volume - mountPath: /opt/keycloak/themes/terarium - resources: {} - initContainers: - - name: keycloak-terarium-theme - image: terarium-login-theme-image - imagePullPolicy: Always - command: ['/bin/sh'] - args: ['-c', 'cp -r /terarium/* /shared'] - volumeMounts: - - name: theme-volume - mountPath: /shared - - name: init-keycloak - image: keycloak-image - imagePullPolicy: Always - args: - - import - - --dir - - /data - env: - - name: KC_DB - value: postgres - ports: - - containerPort: 8080 - protocol: TCP - resources: {} - restartPolicy: Always - imagePullSecrets: - - name: ghcr-cred - volumes: - - name: theme-volume - emptyDir: {} -status: {} diff --git a/kubernetes/base/keycloak/kustomization.yaml b/kubernetes/base/keycloak/kustomization.yaml deleted file mode 100644 index 231c0208..00000000 --- a/kubernetes/base/keycloak/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: terarium -resources: - - keycloak-deployment.yaml - - keycloak-service.yaml diff --git a/kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml b/kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml deleted file mode 100755 index 45bbfe89..00000000 --- a/kubernetes/overlays/prod/base/keycloak/keycloak-deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: keycloak -spec: - strategy: - type: RollingUpdate - template: - spec: - containers: - - name: keycloak - ports: - - containerPort: 8443 - protocol: TCP - env: - - name: PROXY_ADDRESS_FORWARDING - value: '"true"' - - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: keycloak-creds - key: admin_username - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-creds - key: admin_password - - name: KC_DB_URL_HOST - valueFrom: - secretKeyRef: - name: rds-creds - key: url - - name: KC_DB_USERNAME - valueFrom: - secretKeyRef: - name: rds-creds - key: username - - name: KC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: rds-creds - key: password - - name: KC_HOSTNAME_PORT - value: '443' - - name: KC_HOSTNAME_ADMIN_URL - value: https://localhost:8443 - - name: KC_HOSTNAME_PATH - value: /auth - - name: KC_HTTP_ENABLED - value: '"true"' - - name: KC_HOSTNAME_STRICT_HTTPS - value: '"false"' - - name: KC_HOSTNAME_STRICT - value: '"false"' - - name: KC_PROXY - value: reencrypt - - name: KC_HTTPS_CERTIFICATE_FILE - value: /certificates/cert.pem - - name: KC_HTTPS_CERTIFICATE_KEY_FILE - value: /certificates/key.pem - volumeMounts: - - name: certificates-volume - mountPath: /certificates - initContainers: - - name: init-keycloak - args: - - import - - --dir - - /data - - --override - - 'false' - env: - - name: PROXY_ADDRESS_FORWARDING - value: '"true"' - - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: keycloak-creds - key: admin_username - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak-creds - key: admin_password - - name: KC_DB_URL_HOST - valueFrom: - secretKeyRef: - name: rds-creds - key: url - - name: KC_DB_USERNAME - valueFrom: - secretKeyRef: - name: rds-creds - key: username - - name: KC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: rds-creds - key: password - volumes: - - name: certificates-volume - configMap: - name: keycloak-certificates - defaultMode: 0644 -status: {} diff --git a/kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml b/kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml deleted file mode 100755 index 5c8aa3e2..00000000 --- a/kubernetes/overlays/prod/base/keycloak/keycloak-service.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: keycloak -spec: - type: NodePort - ports: - - name: 443-keycloak-internal-tcp - port: 443 - protocol: TCP - targetPort: 8443 diff --git a/kubernetes/overlays/prod/base/kustomization.yaml b/kubernetes/overlays/prod/base/kustomization.yaml index d19d301a..a8008b34 100644 --- a/kubernetes/overlays/prod/base/kustomization.yaml +++ b/kubernetes/overlays/prod/base/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: terarium resources: - - ../../../base/keycloak - ../../../base/hmi/client - ../../../base/hmi/documentation - ../../../base/hmi/server @@ -28,8 +27,6 @@ patches: - path: hmi/server/hmi-server-service.yaml - path: hmi/server/spicedb-deployment.yaml - path: hmi/server/spicedb-service.yaml - - path: keycloak/keycloak-deployment.yaml - - path: keycloak/keycloak-service.yaml - path: services/beaker/beaker-deployment.yaml - path: services/data-service/data-service-graphdb-deployment.yaml - path: services/climate-data/climate-data-deployment.yaml diff --git a/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml b/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml index 86d923ac..12618733 100755 --- a/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml +++ b/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-deployment.yaml @@ -3,8 +3,21 @@ apiVersion: apps/v1 kind: Deployment metadata: name: keycloak + labels: + software.uncharted.terarium/component: keycloak + software.uncharted.terarium/name: keycloak + software.uncharted.terarium/part-of: keycloak spec: + replicas: 1 + selector: + matchLabels: + software.uncharted.terarium/name: keycloak + strategy: + type: RollingUpdate template: + metadata: + labels: + software.uncharted.terarium/name: keycloak spec: containers: - name: keycloak @@ -12,9 +25,9 @@ spec: - start env: - name: KC_HOSTNAME_URL - value: https://keycloak.dev.terarium.ai + value: 'https://keycloak.dev.terarium.ai' - name: KC_HOSTNAME_ADMIN_URL - value: https://keycloak.dev.terarium.ai + value: 'https://keycloak.dev.terarium.ai' - name: KC_DB_URL value: 'jdbc:postgresql://10.64.22.49:5432/keycloak' - name: PROXY_ADDRESS_FORWARDING @@ -25,15 +38,128 @@ spec: value: 'false' - name: KC_HOSTNAME_STRICT value: 'false' + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + key: admin_username + name: keycloak-creds + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: keycloak-creds + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + key: url + name: rds-creds + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rds-creds + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rds-creds + - name: KC_HOSTNAME_PORT + value: "443" + - name: KC_HOSTNAME_PATH + value: /auth + - name: KC_PROXY + value: reencrypt + - name: KC_HTTPS_CERTIFICATE_FILE + value: /certificates/cert.pem + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /certificates/key.pem + - name: KC_DB + value: postgres + image: keycloak-image + imagePullPolicy: Always + ports: + - containerPort: 8443 + protocol: TCP + - containerPort: 8080 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /certificates + name: certificates-volume + - mountPath: /opt/keycloak/themes/terarium + name: theme-volume initContainers: - name: init-keycloak + args: + - import + - --dir + - /data + - --override + - "false" env: - name: KC_DB_URL - value: 'jdbc:postgresql://10.64.22.49:5432/keycloak' + value: jdbc:postgresql://10.64.22.49:5432/keycloak + - name: PROXY_ADDRESS_FORWARDING + value: '"true"' + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + key: admin_username + name: keycloak-creds + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: admin_password + name: keycloak-creds + - name: KC_DB_URL_HOST + valueFrom: + secretKeyRef: + key: url + name: rds-creds + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + key: username + name: rds-creds + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: rds-creds + - name: KC_DB + value: postgres + image: keycloak-image + imagePullPolicy: Always + ports: + - containerPort: 8080 + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /data + name: realm-volume + - name: keycloak-terarium-theme + args: + - -c + - cp -r /terarium/* /shared + command: + - /bin/sh + image: terarium-login-theme-image + imagePullPolicy: Always volumeMounts: - - name: realm-volume - mountPath: /data + - mountPath: /shared + name: theme-volume + restartPolicy: Always + imagePullSecrets: + - name: ghcr-cred volumes: - - name: realm-volume - configMap: - name: keycloak-realm + - configMap: + name: keycloak-realm-b7t7fk9cbc + name: realm-volume + - configMap: + defaultMode: 420 + name: keycloak-certificates-g85c5gdbb7 + name: certificates-volume + - emptyDir: {} + name: theme-volume +status: {} + diff --git a/kubernetes/base/keycloak/keycloak-service.yaml b/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-service.yaml similarity index 75% rename from kubernetes/base/keycloak/keycloak-service.yaml rename to kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-service.yaml index bddf96f4..af6df321 100755 --- a/kubernetes/base/keycloak/keycloak-service.yaml +++ b/kubernetes/overlays/prod/overlays/askem-dev/keycloak/keycloak-service.yaml @@ -2,18 +2,24 @@ apiVersion: v1 kind: Service metadata: - name: keycloak labels: - software.uncharted.terarium/name: keycloak software.uncharted.terarium/component: keycloak + software.uncharted.terarium/name: keycloak software.uncharted.terarium/part-of: keycloak + name: keycloak + namespace: terarium spec: ports: + - name: 443-keycloak-internal-tcp + port: 443 + protocol: TCP + targetPort: 8443 - name: keycloak-svc-port port: 8080 protocol: TCP targetPort: 8080 selector: software.uncharted.terarium/name: keycloak + type: NodePort status: loadBalancer: {} diff --git a/kubernetes/overlays/prod/overlays/askem-dev/kustomization.yaml b/kubernetes/overlays/prod/overlays/askem-dev/kustomization.yaml index 0bb7067f..936fdea8 100644 --- a/kubernetes/overlays/prod/overlays/askem-dev/kustomization.yaml +++ b/kubernetes/overlays/prod/overlays/askem-dev/kustomization.yaml @@ -5,6 +5,8 @@ namespace: terarium resources: - ../../base - check-latest + - keycloak/keycloak-deployment.yaml + - keycloak/keycloak-service.yaml - ingress/private-web-grpc-ingress.yaml - ingress/private-web-ingress.yaml - ingress/private-web-ssl-ingress.yaml @@ -24,7 +26,6 @@ resources: patches: - path: hmi/documentation/terarium-docs-service.yaml - path: hmi/server/hmi-server-deployment.yaml - - path: keycloak/keycloak-deployment.yaml - path: services/beaker/beaker-deployment.yaml - path: services/beaker/beaker-service.yaml - path: services/climate-data/climate-data-deployment.yaml