diff --git a/src/main/cljc/dda/c4k_keycloak/core.cljc b/src/main/cljc/dda/c4k_keycloak/core.cljc index ccf2870..cb32c3d 100644 --- a/src/main/cljc/dda/c4k_keycloak/core.cljc +++ b/src/main/cljc/dda/c4k_keycloak/core.cljc @@ -42,10 +42,8 @@ (postgres/generate-config config) [(kc/generate-configmap config) (kc/generate-service config) - (kc/generate-service-management-interface config) (kc/generate-deployment config)] (kc/generate-ratelimit-ingress config) - (kc/generate-ratelimit-ingress-management-interface config) (when (contains? config :mon-cfg) (mon/generate-config)))))) diff --git a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc index 10a433b..8f3270f 100644 --- a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc +++ b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc @@ -43,18 +43,6 @@ :namespace namespace} config)))) -(defn-spec generate-ratelimit-ingress-management-interface seq? - [config config?] - (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config] - (ing/generate-simple-ingress (merge - {:service-name "keycloak-management-interface" - :service-port 80 - :fqdns [(str "control." fqdn)] - :average-rate max-rate - :burst-rate max-concurrent-requests - :namespace namespace} - config)))) - (defn-spec generate-secret cp/map-or-seq? [config config? auth auth?] @@ -74,8 +62,7 @@ (-> (yaml/load-as-edn "keycloak/configmap.yaml") (cm/replace-all-matching "NAMESPACE" namespace) - (cm/replace-all-matching "FQDN" fqdn) - (cm/replace-all-matching "ADMIN_FQDN" (str "control." fqdn))))) ; TODO Document this + (cm/replace-all-matching "FQDN" (str "https://" fqdn))))) (defn-spec generate-service cp/map-or-seq? [config config?] @@ -84,13 +71,6 @@ (yaml/load-as-edn "keycloak/service.yaml") (cm/replace-all-matching "NAMESPACE" namespace)))) -(defn-spec generate-service-management-interface cp/map-or-seq? - [config config?] - (let [{:keys [namespace]} config] - (-> - (yaml/load-as-edn "keycloak/service-management-interface.yaml") - (cm/replace-all-matching "NAMESPACE" namespace)))) - (defn-spec generate-deployment cp/map-or-seq? [config config?] (let [{:keys [fqdn namespace]} config] diff --git a/src/main/resources/keycloak/configmap.yaml b/src/main/resources/keycloak/configmap.yaml index 1ba884f..bc035a7 100644 --- a/src/main/resources/keycloak/configmap.yaml +++ b/src/main/resources/keycloak/configmap.yaml @@ -1,3 +1,5 @@ +# Hostname config: +# https://www.keycloak.org/server/hostname#_exposing_the_administration_console_on_a_separate_hostname apiVersion: v1 kind: ConfigMap metadata: @@ -6,8 +8,9 @@ metadata: data: KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key + # This is the hostname under which the keycloak is accessible on the internet + # This hostname actually needs to an url specifying a scheme from which a port is derived KC_HOSTNAME: FQDN - KC_HOSTNAME_ADMIN: ADMIN_FQDN KC_DB: postgres KC_DB_URL_HOST: postgresql-service KC_DB_URL_PORT: "5432" diff --git a/src/main/resources/keycloak/service-management-interface.yaml b/src/main/resources/keycloak/service-management-interface.yaml deleted file mode 100644 index 5927839..0000000 --- a/src/main/resources/keycloak/service-management-interface.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: keycloak-management-interface - labels: - service: keycloak-management-interface - namespace: NAMESPACE -spec: - ports: - - name: "http" - port: 80 - targetPort: 9000 - selector: - app: keycloak \ No newline at end of file diff --git a/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc b/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc index 4bd6001..46a1a23 100644 --- a/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc +++ b/src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc @@ -29,8 +29,7 @@ :data {:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt", :KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key", - :KC_HOSTNAME "test.de" , - :KC_HOSTNAME_ADMIN "control.test.de", + :KC_HOSTNAME "https://test.de" , :KC_DB "postgres", :KC_DB_URL_HOST "postgresql-service", :KC_DB_URL_PORT "5432",