Revert to single service/ingress and no management interface

src/main/cljc/dda/c4k_keycloak/core.cljc

@@ -42,10 +42,8 @@
          (postgres/generate-config config)
          [(kc/generate-configmap config)
           (kc/generate-service config)
-          (kc/generate-service-management-interface config)
           (kc/generate-deployment config)]
          (kc/generate-ratelimit-ingress config)
-         (kc/generate-ratelimit-ingress-management-interface config)
          (when (contains? config :mon-cfg)
            (mon/generate-config))))))
 

src/main/cljc/dda/c4k_keycloak/keycloak.cljc

@@ -43,18 +43,6 @@
                                    :namespace namespace}
                                   config))))
 
-(defn-spec generate-ratelimit-ingress-management-interface seq?
-  [config config?]
-  (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
-    (ing/generate-simple-ingress (merge
-                                  {:service-name "keycloak-management-interface"
-                                   :service-port 80
-                                   :fqdns [(str "control." fqdn)]
-                                   :average-rate max-rate
-                                   :burst-rate max-concurrent-requests
-                                   :namespace namespace}
-                                  config))))
-
 (defn-spec generate-secret cp/map-or-seq?
   [config config?
    auth auth?]
@@ -74,8 +62,7 @@
     (->
      (yaml/load-as-edn "keycloak/configmap.yaml")
      (cm/replace-all-matching "NAMESPACE" namespace)
-     (cm/replace-all-matching "FQDN" fqdn)
+     (cm/replace-all-matching "FQDN" (str "https://" fqdn)))))
-     (cm/replace-all-matching "ADMIN_FQDN" (str "control." fqdn))))) ; TODO Document this
 
 (defn-spec generate-service cp/map-or-seq?
   [config config?]
@@ -84,13 +71,6 @@
      (yaml/load-as-edn "keycloak/service.yaml")
      (cm/replace-all-matching "NAMESPACE" namespace))))
 
-(defn-spec generate-service-management-interface cp/map-or-seq?
-  [config config?]
-  (let [{:keys [namespace]} config]
-    (->
-     (yaml/load-as-edn "keycloak/service-management-interface.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace))))
-
 (defn-spec generate-deployment cp/map-or-seq?
   [config config?]
   (let [{:keys [fqdn namespace]} config]

src/main/resources/keycloak/configmap.yaml

@@ -1,3 +1,5 @@
+# Hostname config:
+# https://www.keycloak.org/server/hostname#_exposing_the_administration_console_on_a_separate_hostname
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,8 +8,9 @@ metadata:
 data:
   KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt
   KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key
+  # This is the hostname under which the keycloak is accessible on the internet
+  # This hostname actually needs to an url specifying a scheme from which a port is derived
   KC_HOSTNAME: FQDN
-  KC_HOSTNAME_ADMIN: ADMIN_FQDN
   KC_DB: postgres
   KC_DB_URL_HOST: postgresql-service
   KC_DB_URL_PORT: "5432"

src/main/resources/keycloak/service-management-interface.yaml

@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: keycloak-management-interface
-  labels:
-    service: keycloak-management-interface
-  namespace: NAMESPACE
-spec:
-  ports:
-  - name: "http"
-    port: 80
-    targetPort: 9000
-  selector:
-    app: keycloak

src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc

@@ -29,8 +29,7 @@
           :data
           {:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt",
            :KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key",
-           :KC_HOSTNAME "test.de" ,
+           :KC_HOSTNAME "https://test.de" ,
-           :KC_HOSTNAME_ADMIN "control.test.de",
            :KC_DB "postgres",
            :KC_DB_URL_HOST "postgresql-service",
            :KC_DB_URL_PORT "5432",