diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 8110d15..f2dd63b 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -29,3 +29,8 @@ updates: directory: "kubernetes/manifests/dragonfly/mainframe" schedule: interval: "monthly" + + - package-ecosystem: "docker" + directory: "kubernetes/manifests/keycloak" + schedule: + interval: "monthly" diff --git a/kubernetes/manifests/keycloak/README.md b/kubernetes/manifests/keycloak/README.md new file mode 100644 index 0000000..1b1e453 --- /dev/null +++ b/kubernetes/manifests/keycloak/README.md @@ -0,0 +1,22 @@ +# Keycloak + +[Keycloak](https://www.keycloak.org/) configuration + +## Secrets +This deployment expects a number of secrets and environment variables to exist in a secret called `keycloak-secrets`. + +Keycloak hostname configuration documentation: https://www.keycloak.org/server/hostname +Keycloak database configuration documentation: https://www.keycloak.org/server/db#_relevant_options + + +| Environment | Description | +|-----------------------------|------------------------------------| +| KEYCLOAK_ADMIN | Keycloak Admin Panel Username | +| KEYCLOAK_PASSWORD | Keycloak Admin Panel Password | +| KC_DB | Keycloak Database (e.g postgres) | +| KC_DB_URL_HOST | Keycloak database host | +| KC_DB_URL_PORT | Keycloak database port | +| KC_DB_USERNAME | Keycloak database username | +| KC_DB_PASSWORD | Keycloak database password | +| KC_DB_URL_DATABASE | Keycloak database name | +| KC_HOSTNAME | Keycloak hostname | diff --git a/kubernetes/manifests/keycloak/configmap.yaml b/kubernetes/manifests/keycloak/configmap.yaml new file mode 100644 index 0000000..e1bdfec --- /dev/null +++ b/kubernetes/manifests/keycloak/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: keycloak-config + namespace: keycloak + labels: + app: keycloak +data: + KC_PROXY_HEADERS: "xforwarded" + KC_SPI_X509CERT_LOOKUP_NGINX_SSL_CLIENT_CERT: "SSL_CLIENT_CERT" diff --git a/kubernetes/manifests/keycloak/deployment.yaml b/kubernetes/manifests/keycloak/deployment.yaml new file mode 100644 index 0000000..9a9a5a5 --- /dev/null +++ b/kubernetes/manifests/keycloak/deployment.yaml @@ -0,0 +1,33 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + namespace: keycloak + labels: + app: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:22.0 + args: ["start"] + envFrom: + - secretRef: + name: keycloak-secrets + - configMapRef: + name: keycloak-config + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /realms/master + port: 8080 diff --git a/kubernetes/manifests/keycloak/ingress.yaml b/kubernetes/manifests/keycloak/ingress.yaml new file mode 100644 index 0000000..2ca1f2b --- /dev/null +++ b/kubernetes/manifests/keycloak/ingress.yaml @@ -0,0 +1,23 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak + namespace: keycloak + annotations: + nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true" +spec: + ingressClassName: nginx + tls: + - hosts: + - keycloak.vipyrsec.com + rules: + - host: keycloak.vipyrsec.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak + port: + number: 8080 diff --git a/kubernetes/manifests/keycloak/namespace.yaml b/kubernetes/manifests/keycloak/namespace.yaml new file mode 100644 index 0000000..aef1b6d --- /dev/null +++ b/kubernetes/manifests/keycloak/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: keycloak diff --git a/kubernetes/manifests/keycloak/service.yaml b/kubernetes/manifests/keycloak/service.yaml new file mode 100644 index 0000000..bae46af --- /dev/null +++ b/kubernetes/manifests/keycloak/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak + namespace: keycloak + labels: + app: keycloak +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app: keycloak