diff --git a/src/main/resources/cron.yaml b/src/main/resources/cron.yaml deleted file mode 100644 index 5f4669f..0000000 --- a/src/main/resources/cron.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: batch/v1 -kind: CronJob -metadata: - name: keycloak-cron - labels: - app.kubernetes.io/name: k8s-keycloak -spec: - schedule: "* */15 * * *" - successfulJobsHistoryLimit: 5 - failedJobsHistoryLimit: 5 - concurrencyPolicy: Replace - jobTemplate: - spec: - template: - spec: - volumes: - - name: config-volume - configMap: - name: keycloak - containers: - - image: domaindrivenarchitecture/keycloak - name: keycloak - env: - - name: MASTODON_BOT_CREDENTIALS - value: /credentials.edn - volumeMounts: - - name: config-volume - mountPath: /config.edn - subPath: config.edn - readOnly: true - - name: config-volume - mountPath: /credentials.edn - subPath: credentials.edn - readOnly: true - restartPolicy: Never - diff --git a/src/main/resources/deployment.yaml b/src/main/resources/deployment.yaml index 1189880..c803074 100644 --- a/src/main/resources/deployment.yaml +++ b/src/main/resources/deployment.yaml @@ -1,35 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak + labels: + app: keycloak +spec: + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + app: keycloak + type: LoadBalancer +--- apiVersion: apps/v1 kind: Deployment metadata: - name: k8s-keycloak + name: keycloak + namespace: default + labels: + app: keycloak spec: + replicas: 1 selector: matchLabels: - app.kubernetes.io/name: k8s-keycloak - strategy: - type: Recreate + app: keycloak template: metadata: labels: - app.kubernetes.io/name: k8s-keycloak + app: keycloak spec: - volumes: - - name: config-volume - configMap: - name: keycloak containers: - - image: domaindrivenarchitecture/keycloak - name: keycloak - env: - - name: MASTODON_BOT_CREDENTIALS - value: /credentials.edn - volumeMounts: - - name: config-volume - mountPath: /config.edn - subPath: config.edn - readOnly: true - - name: config-volume - mountPath: /credentials.edn - subPath: credentials.edn - readOnly: true - + - name: keycloak + image: quay.io/keycloak/keycloak:13.0.0 + env: + - name: KEYCLOAK_USER + value: "admin" + - name: KEYCLOAK_PASSWORD + value: "admin" + - name: PROXY_ADDRESS_FORWARDING + value: "true" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /auth/realms/master + port: 8080 diff --git a/src/main/resources/ingress.yml b/src/main/resources/ingress.yml new file mode 100644 index 0000000..342d631 --- /dev/null +++ b/src/main/resources/ingress.yml @@ -0,0 +1,39 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: keycloak-cert + namespace: default +spec: + secretName: keycloak-secret + commonName: fqdn + dnsNames: + - fqdn + issuerRef: + name: letsencrypt-staging-issuer + kind: ClusterIssuer +--- +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: ingress-cloud + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging-issuer + nginx.ingress.kubernetes.io/proxy-body-size: "256m" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/rewrite-target: / + nginx.ingress.kubernetes.io/proxy-connect-timeout: "300" + nginx.ingress.kubernetes.io/proxy-send-timeout: "300" + nginx.ingress.kubernetes.io/proxy-read-timeout: "300" + namespace: default +spec: + tls: + - hosts: + - fqdn + secretName: keycloak-secret + rules: + - host: fqdn + http: + paths: + - backend: + serviceName: keycloak + servicePort: 8080 \ No newline at end of file