meissa/c4k-keycloak
6
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity

Use common ingress

Browse source 
update the rest of keycloak.cljc
This commit is contained in:
bom 2023-01-20 14:32:44 +01:00
parent c67aab1b56
commit 45507aade6
4 changed files with 42 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/main/cljc/dda/c4k_keycloak/core.cljc
View file

@ -12,8 +12,8 @@
(def config-defaults {:issuer :staging}) (def config-defaults {:issuer :staging})
(def config? (s/keys :req-un [::kc/fqdn] (def config? (s/keys :req-un [::fqdn]
:opt-un [::kc/issuer])) :opt-un [::issuer]))
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password])) (def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password]))

71
src/main/cljc/dda/c4k_keycloak/keycloak.cljc
View file

@ -1,43 +1,52 @@
(ns dda.c4k-keycloak.keycloak (ns dda.c4k-keycloak.keycloak
(:require (:require
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
#?(:cljs [shadow.resource :as rc])
#?(:clj [orchestra.core :refer [defn-spec]]
:cljs [orchestra.core :refer-macros [defn-spec]])
[dda.c4k-common.yaml :as yaml] [dda.c4k-common.yaml :as yaml]
[dda.c4k-common.common :as cm]
[dda.c4k-common.base64 :as b64] [dda.c4k-common.base64 :as b64]
[dda.c4k-common.common :as cm])) [dda.c4k-common.ingress :as ing]
[dda.c4k-common.predicate :as cp]))
(s/def ::keycloak-admin-user cm/bash-env-string?) (s/def ::fqdn cp/fqdn-string?)
(s/def ::keycloak-admin-password cm/bash-env-string?) (s/def ::issuer cp/letsencrypt-issuer?)
(s/def ::fqdn cm/fqdn-string?) (s/def ::keycloak-admin-user cp/bash-env-string?)
(s/def ::issuer cm/letsencrypt-issuer?) (s/def ::keycloak-admin-password cp/bash-env-string?)
(defn generate-secret [my-auth] (def config? (s/keys :req-un [::fqdn]
(let [{:keys [keycloak-admin-user keycloak-admin-password]} my-auth] :opt-un [::issuer]))
(def auth? (s/keys :req-un [::keycloak-admin-user ::keycloak-admin-password]))
#?(:cljs
(defmethod yaml/load-resource :keycloak [resource-name]
(case resource-name
"keycloak/deployment.yaml" (rc/inline "keycloak/deployment.yaml")
"keycloak/secret.yaml" (rc/inline "keycloak/secret.yaml")
"keycloak/service.yaml" (rc/inline "keycloak/service.yaml")
(throw (js/Error. "Undefined Resource!")))))
(defn-spec generate-ingress cp/map-or-seq?
[config config?]
(ing/generate-ingress-and-cert
(merge
{:service-name "keycloak"
:service-port 80
:fqdns [(:fqdn config)]}
config)))
(defn-spec generate-secret cp/map-or-seq?
[auth auth?]
(let [{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(-> (->
(yaml/from-string (yaml/load-resource "keycloak/secret.yaml")) (yaml/load-as-edn "keycloak/secret.yaml")
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user)) (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password))))) (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
(defn generate-deployment [] (defn-spec generate-service cp/map-or-seq? []
(yaml/from-string (yaml/load-resource "keycloak/deployment.yaml"))) (yaml/load-as-edn "keycloak/service.yaml"))
(defn generate-certificate [config] (defn-spec generate-deployment cp/map-or-seq? []
(let [{:keys [fqdn issuer] (yaml/load-as-edn "keycloak/deployment.yaml"))
:or {issuer :staging}} config
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
(->
(yaml/from-string (yaml/load-resource "keycloak/certificate.yaml"))
(assoc-in [:spec :commonName] fqdn)
(assoc-in [:spec :dnsNames] [fqdn])
(assoc-in [:spec :issuerRef :name] letsencrypt-issuer))))
(defn generate-ingress [config]
(let [{:keys [fqdn issuer]
:or {issuer :staging}} config
letsencrypt-issuer (str "letsencrypt-" (name issuer) "-issuer")]
(->
(yaml/from-string (yaml/load-resource "keycloak/ingress.yaml"))
(assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
(cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
(defn generate-service []
(yaml/from-string (yaml/load-resource "keycloak/service.yaml")))

13
src/main/resources/keycloak/certificate.yaml
View file

@ -1,13 +0,0 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: keycloak-cert
namespace: default
spec:
secretName: keycloak-secret
commonName: fqdn
dnsNames:
- fqdn
issuerRef:
name: letsencrypt-staging-issuer
kind: ClusterIssuer

25
src/main/resources/keycloak/ingress.yaml
View file

@ -1,25 +0,0 @@
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: ingress-cloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
nginx.ingress.kubernetes.io/proxy-body-size: "256m"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
namespace: default
spec:
tls:
- hosts:
- fqdn
secretName: keycloak-secret
rules:
- host: fqdn
http:
paths:
- backend:
serviceName: keycloak
servicePort: 8080