add Keycloak

keycloak.yaml

@@ -0,0 +1,113 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  namespace: syscom
+  name: keycloak-spi-pvc
+spec:
+  storageClassName: cloudstack-storage
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Mi
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: syscom
+  name: keycloak-config
+data:
+  DB_VENDOR: mysql
+  DB_ADDR: mariadb.cloud.csclub.uwaterloo.ca
+  DB_PORT: "3306"
+  DB_DATABASE: keycloak
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: syscom
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  selector:
+    matchLabels:
+      app: keycloak
+  template:
+    metadata:
+      labels:
+        app: keycloak
+    spec:
+      containers:
+        - name: keycloak
+          image: quay.io/keycloak/keycloak:16.1.0
+          volumeMounts:
+            - mountPath: "/opt/jboss/keycloak/standalone/deployments"
+              name: keycloak-spi-pv
+              subPath: keycloak-spi
+          ports:
+            - name: http
+              containerPort: 8080
+          env:
+            - name: PROXY_ADDRESS_FORWARDING
+              value: "true"
+            - name: DB_VENDOR
+              valueFrom:
+                configMapKeyRef: {"name": "keycloak-config", "key": "DB_VENDOR"}
+            - name: DB_ADDR
+              valueFrom:
+                configMapKeyRef: {"name": "keycloak-config", "key": "DB_ADDR"}
+            - name: DB_PORT
+              valueFrom:
+                configMapKeyRef: {"name": "keycloak-config", "key": "DB_PORT"}
+            - name: DB_DATABASE
+              valueFrom:
+                configMapKeyRef: {"name": "keycloak-config", "key": "DB_DATABASE"}
+            # e.g. kubectl -n syscom create secret generic keycloak-secret --from-literal=DB_USER=user ...
+            - name: DB_USER
+              valueFrom:
+                secretKeyRef: {"name": "keycloak-secret", "key": "DB_USER"}
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef: {"name": "keycloak-secret", "key": "DB_PASSWORD"}
+            - name: KEYCLOAK_USER
+              valueFrom:
+                secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_USER"}
+            - name: KEYCLOAK_PASSWORD
+              valueFrom:
+                secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_PASSWORD"}
+      volumes:
+        - name: keycloak-spi-pv
+          persistentVolumeClaim:
+            claimName: keycloak-spi-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak-service
+  namespace: syscom
+spec:
+  selector:
+    app: keycloak
+  ports:
+  - protocol: TCP
+    port: 8080
+    targetPort: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak-ingress
+  namespace: syscom
+spec:
+  rules:
+  - host: keycloak.csclub.uwaterloo.ca
+    http:
+      paths:
+      - pathType: Prefix
+        path: /
+        backend:
+          service:
+            name: keycloak-service
+            port:
+              number: 8080

syscom-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: syscom