Compare commits
21 commits
Author | SHA1 | Date | |
---|---|---|---|
d8ea3da5fd | |||
cd10a5673c | |||
f646ac81b7 | |||
e974711923 | |||
7c474c6d89 | |||
12e6f97519 | |||
ad82277e96 | |||
05039420bd | |||
d59f40a961 | |||
74beafdcfe | |||
fd8b1facb8 | |||
9f2ee663bd | |||
7ff6f20fce | |||
d2ca5b5442 | |||
2fba9ce1de | |||
b7a284a2dc | |||
f64f4f3ab5 | |||
1429ff0058 | |||
cfc679cd82 | |||
432d46e3e7 | |||
6199978a05 |
11 changed files with 72 additions and 58 deletions
|
@ -1,7 +1,7 @@
|
||||||
# convention 4 kubernetes: c4k-keycloak
|
# convention 4 kubernetes: c4k-keycloak
|
||||||
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master)
|
[![Clojars Project](https://img.shields.io/clojars/v/org.domaindrivenarchitecture/c4k-keycloak.svg)](https://clojars.org/org.domaindrivenarchitecture/c4k-keycloak) [![pipeline status](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/badges/master/pipeline.svg)](https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/commits/master)
|
||||||
|
|
||||||
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa-gmbh.de/img/community/Mastodon_Logotype.svg" width=20 alt="team@social.meissa-gmbh.de"> team@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@team) | [Website & Blog](https://domaindrivenarchitecture.org)
|
[<img src="https://domaindrivenarchitecture.org/img/delta-chat.svg" width=20 alt="DeltaChat"> chat over e-mail](mailto:buero@meissa-gmbh.de?subject=community-chat) | [<img src="https://meissa.de/images/parts/contact/mastodon36_hue9b2464f10b18e134322af482b9c915e_5501_filter_14705073121015236177.png" width=20 alt="M"> meissa@social.meissa-gmbh.de](https://social.meissa-gmbh.de/@meissa) | [Blog](https://domaindrivenarchitecture.org) | [Website](https://meissa.de)
|
||||||
|
|
||||||
## Purpose
|
## Purpose
|
||||||
|
|
||||||
|
@ -43,6 +43,6 @@ For more details about our repository model see: https://repo.prod.meissa.de/mei
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
Copyright © 2021 meissa GmbH
|
Copyright © 2024 meissa GmbH
|
||||||
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
|
Licensed under the [Apache License, Version 2.0](LICENSE) (the "License")
|
||||||
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)
|
Pls. find licenses of our subcomponents [here](doc/SUBCOMPONENT_LICENSE)
|
||||||
|
|
26
build.py
26
build.py
|
@ -23,8 +23,6 @@ def initialize(project):
|
||||||
"release_primary_build_file": "project.clj",
|
"release_primary_build_file": "project.clj",
|
||||||
"release_secondary_build_files": [
|
"release_secondary_build_files": [
|
||||||
"package.json",
|
"package.json",
|
||||||
"infrastructure/backup/build.py",
|
|
||||||
"infrastructure/federated/build.py",
|
|
||||||
],
|
],
|
||||||
"release_artifact_server_url": "https://repo.prod.meissa.de",
|
"release_artifact_server_url": "https://repo.prod.meissa.de",
|
||||||
"release_organisation": "meissa",
|
"release_organisation": "meissa",
|
||||||
|
@ -102,6 +100,12 @@ def package_frontend(project):
|
||||||
|
|
||||||
@task
|
@task
|
||||||
def package_uberjar(project):
|
def package_uberjar(project):
|
||||||
|
run("mkdir -p target/uberjar", shell=True, check=True)
|
||||||
|
run(
|
||||||
|
"lein uberjar",
|
||||||
|
shell=True,
|
||||||
|
check=True,
|
||||||
|
)
|
||||||
run(
|
run(
|
||||||
"sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
|
"sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/" + project.name + "-standalone.jar.sha256",
|
||||||
shell=True,
|
shell=True,
|
||||||
|
@ -128,13 +132,10 @@ def package_native(project):
|
||||||
"--no-server " +
|
"--no-server " +
|
||||||
"--no-fallback " +
|
"--no-fallback " +
|
||||||
"--features=clj_easy.graal_build_time.InitClojureClasses " +
|
"--features=clj_easy.graal_build_time.InitClojureClasses " +
|
||||||
"-jar target/uberjar/" + project.name + "-standalone.jar " +
|
f"-jar target/uberjar/{project.name}-standalone.jar " +
|
||||||
"-march=compatibility " +
|
|
||||||
"-H:+UnlockExperimentalVMOptions " +
|
|
||||||
"-H:IncludeResources=.*.yaml " +
|
"-H:IncludeResources=.*.yaml " +
|
||||||
"-H:IncludeResources=logback.xml " +
|
|
||||||
"-H:Log=registerResource:verbose " +
|
"-H:Log=registerResource:verbose " +
|
||||||
"-H:Name=target/graalvm/" + project.name + "",
|
f"-H:Name=target/graalvm/{project.name}",
|
||||||
shell=True,
|
shell=True,
|
||||||
check=True,
|
check=True,
|
||||||
)
|
)
|
||||||
|
@ -152,11 +153,7 @@ def package_native(project):
|
||||||
|
|
||||||
@task
|
@task
|
||||||
def inst(project):
|
def inst(project):
|
||||||
run(
|
package_uberjar(project)
|
||||||
"lein uberjar",
|
|
||||||
shell=True,
|
|
||||||
check=True,
|
|
||||||
)
|
|
||||||
package_native(project)
|
package_native(project)
|
||||||
run(
|
run(
|
||||||
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
|
"sudo install -m=755 target/uberjar/" + project.name + "-standalone.jar /usr/local/bin/" + project.name + "-standalone.jar",
|
||||||
|
@ -177,11 +174,6 @@ def upload_clj(project):
|
||||||
|
|
||||||
@task
|
@task
|
||||||
def lint(project):
|
def lint(project):
|
||||||
#run(
|
|
||||||
# "lein eastwood",
|
|
||||||
# shell=True,
|
|
||||||
# check=True,
|
|
||||||
#)
|
|
||||||
run(
|
run(
|
||||||
"lein ancient check",
|
"lein ancient check",
|
||||||
shell=True,
|
shell=True,
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"name": "c4k-keycloak",
|
"name": "c4k-keycloak",
|
||||||
"description": "Generate c4k yaml for a keycloak deployment.",
|
"description": "Generate c4k yaml for a keycloak deployment.",
|
||||||
"author": "meissa GmbH",
|
"author": "meissa GmbH",
|
||||||
"version": "1.2.0",
|
"version": "1.3.2-SNAPSHOT",
|
||||||
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme",
|
"homepage": "https://gitlab.com/domaindrivenarchitecture/c4k-keycloak#readme",
|
||||||
"repository": "https://www.npmjs.com/package/c4k-keycloak",
|
"repository": "https://www.npmjs.com/package/c4k-keycloak",
|
||||||
"license": "APACHE2",
|
"license": "APACHE2",
|
||||||
|
|
12
project.clj
12
project.clj
|
@ -1,11 +1,11 @@
|
||||||
(defproject org.domaindrivenarchitecture/c4k-keycloak "1.2.0"
|
(defproject org.domaindrivenarchitecture/c4k-keycloak "1.3.2-SNAPSHOT"
|
||||||
:description "keycloak c4k-installation package"
|
:description "keycloak c4k-installation package"
|
||||||
:url "https://domaindrivenarchitecture.org"
|
:url "https://domaindrivenarchitecture.org"
|
||||||
:license {:name "Apache License, Version 2.0"
|
:license {:name "Apache License, Version 2.0"
|
||||||
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
|
:url "https://www.apache.org/licenses/LICENSE-2.0.html"}
|
||||||
:dependencies [[org.clojure/clojure "1.11.3"]
|
:dependencies [[org.clojure/clojure "1.11.4"]
|
||||||
[org.clojure/tools.reader "1.4.2"]
|
[org.clojure/tools.reader "1.5.0"]
|
||||||
[org.domaindrivenarchitecture/c4k-common-clj "6.4.1"]]
|
[org.domaindrivenarchitecture/c4k-common-clj "8.0.0"]]
|
||||||
:target-path "target/%s/"
|
:target-path "target/%s/"
|
||||||
:source-paths ["src/main/cljc"
|
:source-paths ["src/main/cljc"
|
||||||
"src/main/clj"]
|
"src/main/clj"]
|
||||||
|
@ -22,9 +22,9 @@
|
||||||
:main dda.c4k-keycloak.uberjar
|
:main dda.c4k-keycloak.uberjar
|
||||||
:uberjar-name "c4k-keycloak-standalone.jar"
|
:uberjar-name "c4k-keycloak-standalone.jar"
|
||||||
:dependencies [[org.clojure/tools.cli "1.1.230"]
|
:dependencies [[org.clojure/tools.cli "1.1.230"]
|
||||||
[ch.qos.logback/logback-classic "1.5.6"
|
[ch.qos.logback/logback-classic "1.5.7"
|
||||||
:exclusions [com.sun.mail/javax.mail]]
|
:exclusions [com.sun.mail/javax.mail]]
|
||||||
[org.slf4j/jcl-over-slf4j "2.0.13"]
|
[org.slf4j/jcl-over-slf4j "2.0.16"]
|
||||||
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
|
[com.github.clj-easy/graal-build-time "1.0.5"]]}}
|
||||||
:release-tasks [["test"]
|
:release-tasks [["test"]
|
||||||
["vcs" "assert-committed"]
|
["vcs" "assert-committed"]
|
||||||
|
|
|
@ -7,10 +7,11 @@
|
||||||
(set! *warn-on-reflection* true)
|
(set! *warn-on-reflection* true)
|
||||||
|
|
||||||
(defn -main [& cmd-args]
|
(defn -main [& cmd-args]
|
||||||
(uberjar/main-common
|
(uberjar/main-cm
|
||||||
"c4k-keycloak"
|
"c4k-keycloak"
|
||||||
core/config?
|
core/config?
|
||||||
core/auth?
|
core/auth?
|
||||||
core/config-defaults
|
core/config-defaults
|
||||||
core/k8s-objects
|
core/config-objects
|
||||||
|
core/auth-objects
|
||||||
cmd-args))
|
cmd-args))
|
||||||
|
|
|
@ -13,34 +13,45 @@
|
||||||
|
|
||||||
(def default-storage-class :local-path)
|
(def default-storage-class :local-path)
|
||||||
|
|
||||||
(def config-defaults {:issuer "staging"})
|
(def config-defaults {:issuer "staging",
|
||||||
|
:namespace "keycloak"
|
||||||
|
:postgres-image "postgres:14"
|
||||||
|
:postgres-size :2gb
|
||||||
|
:db-name "keycloak"
|
||||||
|
:pv-storage-size-gb 30
|
||||||
|
:pvc-storage-class-name default-storage-class})
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::kc/fqdn]
|
(def config? (s/keys :req-un [::kc/fqdn]
|
||||||
:opt-un [::kc/issuer
|
:opt-un [::kc/issuer
|
||||||
::mon/mon-cfg]))
|
::mon/mon-cfg
|
||||||
|
::kc/namespace]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
|
(def auth? (s/keys :req-un [::kc/keycloak-admin-user ::kc/keycloak-admin-password
|
||||||
::postgres/postgres-db-user ::postgres/postgres-db-password]
|
::postgres/postgres-db-user ::postgres/postgres-db-password]
|
||||||
:opt-un [::mon/mon-auth]))
|
:opt-un [::mon/mon-auth]))
|
||||||
|
|
||||||
(defn-spec k8s-objects cp/map-or-seq?
|
(defn-spec config-objects cp/map-or-seq?
|
||||||
|
[config config?]
|
||||||
|
(map yaml/to-string
|
||||||
|
(filter
|
||||||
|
#(not (nil? %))
|
||||||
|
(cm/concat-vec
|
||||||
|
(ns/generate config)
|
||||||
|
(postgres/generate-config config)
|
||||||
|
[(kc/generate-service config)
|
||||||
|
(kc/generate-deployment config)]
|
||||||
|
(kc/generate-ingress config)
|
||||||
|
(when (contains? config :mon-cfg)
|
||||||
|
(mon/generate-config))))))
|
||||||
|
|
||||||
|
(defn-spec auth-objects cp/map-or-seq?
|
||||||
[config config?
|
[config config?
|
||||||
auth auth?]
|
auth auth?]
|
||||||
(map yaml/to-string
|
(map yaml/to-string
|
||||||
(filter
|
(filter
|
||||||
#(not (nil? %))
|
#(not (nil? %))
|
||||||
(cm/concat-vec
|
(cm/concat-vec
|
||||||
(ns/generate (merge {:namespace "keycloak"} config))
|
(postgres/generate-auth config auth)
|
||||||
(postgres/generate (merge {:postgres-image "postgres:14"
|
[(kc/generate-secret config auth)]
|
||||||
:postgres-size :2gb
|
(when (and (contains? auth :mon-auth) (contains? config :mon-cfg))
|
||||||
:db-name "keycloak"
|
(mon/generate-auth (:mon-cfg config) (:mon-auth auth)))))))
|
||||||
:pv-storage-size-gb 30
|
|
||||||
:pvc-storage-class-name default-storage-class
|
|
||||||
:namespace "keycloak"})
|
|
||||||
auth)
|
|
||||||
[(kc/generate-secret auth)
|
|
||||||
(kc/generate-service)
|
|
||||||
(kc/generate-deployment config)]
|
|
||||||
(kc/generate-ingress (merge {:namespace "keycloak"} config))
|
|
||||||
(when (:contains? config :mon-cfg)
|
|
||||||
(mon/generate (:mon-cfg config) (:mon-auth auth)))))))
|
|
||||||
|
|
|
@ -11,12 +11,14 @@
|
||||||
[dda.c4k-common.predicate :as cp]))
|
[dda.c4k-common.predicate :as cp]))
|
||||||
|
|
||||||
(s/def ::fqdn cp/fqdn-string?)
|
(s/def ::fqdn cp/fqdn-string?)
|
||||||
|
(s/def ::namespace string?)
|
||||||
(s/def ::issuer cp/letsencrypt-issuer?)
|
(s/def ::issuer cp/letsencrypt-issuer?)
|
||||||
(s/def ::keycloak-admin-user cp/bash-env-string?)
|
(s/def ::keycloak-admin-user cp/bash-env-string?)
|
||||||
(s/def ::keycloak-admin-password cp/bash-env-string?)
|
(s/def ::keycloak-admin-password cp/bash-env-string?)
|
||||||
|
|
||||||
(def config? (s/keys :req-un [::fqdn]
|
(def config? (s/keys :req-un [::fqdn]
|
||||||
:opt-un [::issuer]))
|
:opt-un [::issuer
|
||||||
|
::namespace]))
|
||||||
|
|
||||||
(def auth? (s/keys :req-un [::keycloak-admin-user
|
(def auth? (s/keys :req-un [::keycloak-admin-user
|
||||||
::keycloak-admin-password]))
|
::keycloak-admin-password]))
|
||||||
|
@ -35,20 +37,28 @@
|
||||||
config)))
|
config)))
|
||||||
|
|
||||||
(defn-spec generate-secret cp/map-or-seq?
|
(defn-spec generate-secret cp/map-or-seq?
|
||||||
[auth auth?]
|
[config config?
|
||||||
(let [{:keys [keycloak-admin-user keycloak-admin-password]} auth]
|
auth auth?]
|
||||||
|
(let [{:keys [namespace]} config
|
||||||
|
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "keycloak/secret.yaml")
|
(yaml/load-as-edn "keycloak/secret.yaml")
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
|
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
|
||||||
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
|
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
|
||||||
|
|
||||||
(defn-spec generate-service cp/map-or-seq? []
|
(defn-spec generate-service cp/map-or-seq?
|
||||||
(yaml/load-as-edn "keycloak/service.yaml"))
|
[config config?]
|
||||||
|
(let [{:keys [namespace]} config]
|
||||||
|
(->
|
||||||
|
(yaml/load-as-edn "keycloak/service.yaml")
|
||||||
|
(cm/replace-all-matching "NAMESPACE" namespace))))
|
||||||
|
|
||||||
(defn-spec generate-deployment cp/map-or-seq?
|
(defn-spec generate-deployment cp/map-or-seq?
|
||||||
[config config?]
|
[config config?]
|
||||||
(let [{:keys [fqdn]} config]
|
(let [{:keys [fqdn namespace]} config]
|
||||||
(->
|
(->
|
||||||
(yaml/load-as-edn "keycloak/deployment.yaml")
|
(yaml/load-as-edn "keycloak/deployment.yaml")
|
||||||
(cm/replace-all-matching-values-by-new-value "FQDN" fqdn))))
|
(cm/replace-all-matching "NAMESPACE" namespace)
|
||||||
|
(cm/replace-all-matching "FQDN" fqdn))))
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak
|
name: keycloak
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
labels:
|
labels:
|
||||||
app: keycloak
|
app: keycloak
|
||||||
spec:
|
spec:
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
metadata:
|
metadata:
|
||||||
name: keycloak-secret
|
name: keycloak-secret
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
type: Opaque
|
type: Opaque
|
||||||
data:
|
data:
|
||||||
keycloak-user: admin
|
keycloak-user: admin
|
||||||
|
|
|
@ -4,7 +4,7 @@ metadata:
|
||||||
name: keycloak
|
name: keycloak
|
||||||
labels:
|
labels:
|
||||||
service: keycloak
|
service: keycloak
|
||||||
namespace: keycloak
|
namespace: NAMESPACE
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: "http"
|
- name: "http"
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
:data
|
:data
|
||||||
{:keycloak-user "dXNlcg=="
|
{:keycloak-user "dXNlcg=="
|
||||||
:keycloak-password "cGFzc3dvcmQ="}}
|
:keycloak-password "cGFzc3dvcmQ="}}
|
||||||
(cut/generate-secret {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
|
(cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
|
||||||
|
|
||||||
(deftest should-generate-deployment
|
(deftest should-generate-deployment
|
||||||
(is (= {:apiVersion "apps/v1",
|
(is (= {:apiVersion "apps/v1",
|
||||||
|
@ -75,4 +75,4 @@
|
||||||
:items
|
:items
|
||||||
[{:key "tls.crt", :path "tls.crt"}
|
[{:key "tls.crt", :path "tls.crt"}
|
||||||
{:key "tls.key", :path "tls.key"}]}}]}}}}
|
{:key "tls.key", :path "tls.key"}]}}]}}}}
|
||||||
(cut/generate-deployment {:fqdn "test.de"}))))
|
(cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))
|
||||||
|
|
Loading…
Reference in a new issue