Compare commits

..

4 commits

Author SHA1 Message Date
ce9d51e1cd [Skip-CI] Use ratelimit ingress 2024-08-27 16:31:52 +02:00
1d22c20da9 Add recommended key 2024-08-27 16:26:55 +02:00
861b43b4bf Add more todos 2024-08-27 16:26:42 +02:00
f98d4ab9b5 Get env from configmap and secret 2024-08-27 15:40:16 +02:00
5 changed files with 42 additions and 50 deletions

View file

@ -40,7 +40,7 @@
(postgres/generate-config config) (postgres/generate-config config)
[(kc/generate-service config) [(kc/generate-service config)
(kc/generate-deployment config)] (kc/generate-deployment config)]
(kc/generate-ingress config) (kc/generate-ratelimit-ingress config)
(when (contains? config :mon-cfg) (when (contains? config :mon-cfg)
(mon/generate-config)))))) (mon/generate-config))))))

View file

@ -26,14 +26,17 @@
(defmethod yaml/load-resource :keycloak [resource-name] (defmethod yaml/load-resource :keycloak [resource-name]
(get (inline-resources "keycloak") resource-name))) (get (inline-resources "keycloak") resource-name)))
(defn-spec generate-ingress cp/map-or-seq? (defn-spec generate-ratelimit-ingress seq?
[config config?] [config config?]
(ing/generate-ingress-and-cert (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
(merge (ing/generate-simple-ingress (merge
{:service-name "keycloak" {:service-name "forgejo-service"
:service-port 80 :service-port 3000
:fqdns [(:fqdn config)]} :fqdns [fqdn]
config))) :average-rate max-rate
:burst-rate max-concurrent-requests
:namespace namespace}
config))))
(defn-spec generate-secret cp/map-or-seq? (defn-spec generate-secret cp/map-or-seq?
[config config? [config config?
@ -52,7 +55,7 @@
(-> (->
(yaml/load-as-edn "keycloak/service.yaml") (yaml/load-as-edn "keycloak/service.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)))) (cm/replace-all-matching "NAMESPACE" namespace))))
; TODO: Fix test
(defn-spec generate-deployment cp/map-or-seq? (defn-spec generate-deployment cp/map-or-seq?
[config config?] [config config?]
(let [{:keys [fqdn namespace]} config] (let [{:keys [fqdn namespace]} config]

View file

@ -0,0 +1,20 @@
# TODO: Make generate-configmap function
apiVersion: v1
kind: ConfigMap
metadata:
name: keycloak-env
namespace: NAMESPACE
data:
KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt
KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key
KC_HOSTNAME: FQDN
KC_HOSTNAME_ADMIN: ADMIN_FQDN
KC_PROXY: edge
DB_VENDOR: POSTGRES
DB_ADDR: postgresql-service
DB_SCHEMA: public
DB_DATABASE: postgres
# TODO Do we need to enable http, as we are behind ingress?
# KC_HTTP_ENABLED: true
# TODO Maybe also enable load shedding
# KC_HTTP_MAX_QUEUED_REQUESTS: 2000

View file

@ -15,6 +15,7 @@ spec:
labels: labels:
app: keycloak app: keycloak
spec: spec:
# TODO: Add Resource allocations
containers: containers:
- name: keycloak - name: keycloak
image: quay.io/keycloak/keycloak:20.0.3 image: quay.io/keycloak/keycloak:20.0.3
@ -25,46 +26,11 @@ spec:
- name: keycloak-cert - name: keycloak-cert
mountPath: /etc/certs mountPath: /etc/certs
readOnly: true readOnly: true
env: envFrom:
- name: KC_HTTPS_CERTIFICATE_FILE - configMapRef:
value: /etc/certs/tls.crt name: keycloak-env
- name: KC_HTTPS_CERTIFICATE_KEY_FILE - secretRef:
value: /etc/certs/tls.key
- name: KC_HOSTNAME
value: FQDN
- name: KC_PROXY
value: edge
- name: DB_VENDOR
value: POSTGRES
- name: DB_ADDR
value: postgresql-service
- name: DB_SCHEMA
value: public
- name: DB_DATABASE
valueFrom:
configMapKeyRef:
name: postgres-config
key: postgres-db
- name: DB_USER
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-user
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-secret
key: postgres-password
- name: KEYCLOAK_ADMIN
valueFrom:
secretKeyRef:
name: keycloak-secret name: keycloak-secret
key: keycloak-user
- name: KEYCLOAK_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-secret
key: keycloak-password
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8080

View file

@ -1,3 +1,4 @@
# TODO: Update generate-secret function
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -5,5 +6,7 @@ metadata:
namespace: NAMESPACE namespace: NAMESPACE
type: Opaque type: Opaque
data: data:
keycloak-user: admin DB_USER: DBUSER
keycloak-password: admin DB_PASSWORD: DBPW
KEYCLOAK_ADMIN: ADMIN_USER
KEYCLOAK_ADMIN_PASSWORD: ADMIN_PASS