streams/streams-manifests
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Kustomize test and add cert issuer

Browse source
This commit is contained in:
Micke Nordin 2025-01-31 08:38:15 +01:00
parent 425aa9e8c5
commit 159ec7232e
Signed by: Micke
GPG key ID: 0DA0A7A5708FE257
6 changed files with 131 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
keycloak/base/keycloak-cert-issuer.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: noc@sunet.se
privateKeySecretRef:
name: letsencrypt
solvers:
- http01:
ingress:
class: nginx

2
keycloak/base/keycloak-ingress.yaml
View file

@ -3,6 +3,8 @@ kind: Ingress
metadata:
name: keycloak
namespace: keycloak
annotations:
cert-manager.io/issuer: "letsencrypt"
spec:
tls:
- hosts:

5
keycloak/base/kustomization.yaml
View file

@ -2,7 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: keycloak
resources:
- keycloak-pvc.yaml
- keycloak-cert-issuer.yaml
- keycloak-deployment.yaml
- keycloak-service.yaml
- keycloak-ingress.yaml
- keycloak-pvc.yaml
- keycloak-service.yaml

85
keycloak/overlays/test/keycloak-deployment.yaml Normal file
View file

@ -0,0 +1,85 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
# image: quay.io/keycloak/keycloak:23.0.1
image: quay.io/keycloak/keycloak:26.1
args:
- "start"
- "--hostname=https://keycloak-test.streams.sunet.se"
- "--hostname-admin=https://keycloak-test.streams.sunet.se"
- "--verbose"
env:
- name: KC_HTTP_ENABLED
value: "true"
- name: KC_HOSTNAME
value: "https://keycloak-test.streams.sunet.se"
- name: KC_HOSTNAME_ADMIN
value: "https://keycloak-test.streams.sunet.se"
- name: KC_HOSTNAME_STRICT
value: "false"
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: KEYCLOAK_USER
value: admin
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin-secret
key: password
- name: KEYCLOAK_ADMIN
value: "admin"
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-admin-secret
key: password
- name: KC_HEALTH_ENABLED
value: "true"
- name: KC_PROXY
value: "edge"
ports:
- name: http
containerPort: 8080
# - name: https
# containerPort: 8443
# readinessProbe:
# httpGet:
# path: /health/ready
# port: 9000
# initialDelaySeconds: 5 # Delay before the probe starts
# periodSeconds: 15
# timeoutSeconds: 3
# successThreshold: 1 # Number of successful probes to consider the pod ready
# failureThreshold: 5
volumeMounts:
# - mountPath: /opt/keycloak/data/h2/
# name: storage
- name: keycloak-tls-secret
mountPath: /etc/ssl/certs
readOnly: true
securityContext:
runAsUser: 1000
runAsGroup: 1000
volumes:
- name: storage
persistentVolumeClaim:
claimName: keycloak-pvc
- name: keycloak-tls-secret
secret:
secretName: keycloak-tls-secret

23
keycloak/overlays/test/keycloak-ingress.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
annotations:
cert-manager.io/issuer: "letsencrypt"
spec:
tls:
- hosts:
- keycloak-test.streams.sunet.se
secretName: keycloak-tls
rules:
- host: keycloak-test.streams.sunet.se
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8080

3
keycloak/overlays/test/kustomization.yaml
View file

@ -5,3 +5,6 @@ commonLabels:
env: test
resources:
- ../../base/
patches:
- path: keycloak-ingress.yml
- path: keycloak-deployment.yml