From c9ec56c3be3ad69d30a86b9cb94b08c912e13b3e Mon Sep 17 00:00:00 2001 From: Max Erenberg Date: Mon, 27 Dec 2021 20:27:43 -0500 Subject: [PATCH] add Keycloak --- keycloak.yaml | 113 ++++++++++++++++++++++++++++++++++++++++++ syscom-namespace.yaml | 4 ++ 2 files changed, 117 insertions(+) create mode 100644 keycloak.yaml create mode 100644 syscom-namespace.yaml diff --git a/keycloak.yaml b/keycloak.yaml new file mode 100644 index 0000000..1c6a3ed --- /dev/null +++ b/keycloak.yaml @@ -0,0 +1,113 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + namespace: syscom + name: keycloak-spi-pvc +spec: + storageClassName: cloudstack-storage + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Mi +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: syscom + name: keycloak-config +data: + DB_VENDOR: mysql + DB_ADDR: mariadb.cloud.csclub.uwaterloo.ca + DB_PORT: "3306" + DB_DATABASE: keycloak +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: syscom + name: keycloak + labels: + app: keycloak +spec: + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:16.1.0 + volumeMounts: + - mountPath: "/opt/jboss/keycloak/standalone/deployments" + name: keycloak-spi-pv + subPath: keycloak-spi + ports: + - name: http + containerPort: 8080 + env: + - name: PROXY_ADDRESS_FORWARDING + value: "true" + - name: DB_VENDOR + valueFrom: + configMapKeyRef: {"name": "keycloak-config", "key": "DB_VENDOR"} + - name: DB_ADDR + valueFrom: + configMapKeyRef: {"name": "keycloak-config", "key": "DB_ADDR"} + - name: DB_PORT + valueFrom: + configMapKeyRef: {"name": "keycloak-config", "key": "DB_PORT"} + - name: DB_DATABASE + valueFrom: + configMapKeyRef: {"name": "keycloak-config", "key": "DB_DATABASE"} + # e.g. kubectl -n syscom create secret generic keycloak-secret --from-literal=DB_USER=user ... + - name: DB_USER + valueFrom: + secretKeyRef: {"name": "keycloak-secret", "key": "DB_USER"} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: {"name": "keycloak-secret", "key": "DB_PASSWORD"} + - name: KEYCLOAK_USER + valueFrom: + secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_USER"} + - name: KEYCLOAK_PASSWORD + valueFrom: + secretKeyRef: {"name": "keycloak-secret", "key": "KEYCLOAK_PASSWORD"} + volumes: + - name: keycloak-spi-pv + persistentVolumeClaim: + claimName: keycloak-spi-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: keycloak-service + namespace: syscom +spec: + selector: + app: keycloak + ports: + - protocol: TCP + port: 8080 + targetPort: 8080 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak-ingress + namespace: syscom +spec: + rules: + - host: keycloak.csclub.uwaterloo.ca + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: keycloak-service + port: + number: 8080 diff --git a/syscom-namespace.yaml b/syscom-namespace.yaml new file mode 100644 index 0000000..1ea7327 --- /dev/null +++ b/syscom-namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: syscom