mob

src/main/resources/cron.yaml

@@ -1,36 +0,0 @@
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: keycloak-cron
-  labels:
-    app.kubernetes.io/name: k8s-keycloak
-spec:
-  schedule: "* */15 * * *"
-  successfulJobsHistoryLimit: 5
-  failedJobsHistoryLimit: 5
-  concurrencyPolicy: Replace
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          volumes:
-            - name: config-volume
-              configMap:
-                name: keycloak
-          containers:
-            - image: domaindrivenarchitecture/keycloak
-              name: keycloak
-              env:
-                - name: MASTODON_BOT_CREDENTIALS
-                  value: /credentials.edn
-              volumeMounts:
-                - name: config-volume
-                  mountPath: /config.edn
-                  subPath: config.edn
-                  readOnly: true
-                - name: config-volume
-                  mountPath: /credentials.edn
-                  subPath: credentials.edn
-                  readOnly: true
-          restartPolicy: Never
-        

src/main/resources/deployment.yaml

@@ -1,35 +1,49 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  labels:
+    app: keycloak
+spec:
+  ports:
+  - name: http
+    port: 8080
+    targetPort: 8080
+  selector:
+    app: keycloak
+  type: LoadBalancer
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: k8s-keycloak
+  name: keycloak
+  namespace: default
+  labels:
+    app: keycloak
 spec:
+  replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: k8s-keycloak
-  strategy:
-    type: Recreate
+      app: keycloak
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: k8s-keycloak
+        app: keycloak
     spec:
-      volumes:
-        - name: config-volume
-          configMap:
-            name: keycloak
       containers:
-        - image: domaindrivenarchitecture/keycloak
-          name: keycloak
-          env:
-            - name: MASTODON_BOT_CREDENTIALS
-              value: /credentials.edn
-          volumeMounts:
-            - name: config-volume
-              mountPath: /config.edn
-              subPath: config.edn
-              readOnly: true
-            - name: config-volume
-              mountPath: /credentials.edn
-              subPath: credentials.edn
-              readOnly: true
-      
+      - name: keycloak
+        image: quay.io/keycloak/keycloak:13.0.0
+        env:
+        - name: KEYCLOAK_USER
+          value: "admin"
+        - name: KEYCLOAK_PASSWORD
+          value: "admin"
+        - name: PROXY_ADDRESS_FORWARDING
+          value: "true"
+        ports:
+        - name: http
+          containerPort: 8080
+        readinessProbe:
+          httpGet:
+            path: /auth/realms/master
+            port: 8080

src/main/resources/ingress.yml

@@ -0,0 +1,39 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: keycloak-cert
+  namespace: default
+spec:
+  secretName: keycloak-secret
+  commonName: fqdn
+  dnsNames:
+  - fqdn
+  issuerRef:
+    name: letsencrypt-staging-issuer
+    kind: ClusterIssuer
+---
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: ingress-cloud
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
+    nginx.ingress.kubernetes.io/proxy-body-size: "256m"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+  namespace: default
+spec:
+  tls:
+  - hosts:
+    - fqdn
+    secretName: keycloak-secret
+  rules:
+    - host: fqdn
+      http:
+        paths:
+        - backend:
+            serviceName: keycloak
+            servicePort: 8080