meissa/c4k-keycloak
6
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity

Compare commits

base: meissa:89f010144263116cbc2eb88b9ace01aa4be0e695
Branches Tags
meissa:master
meissa:kc-upgrade-and-integration
meissa:investigate-spec-bug
meissa:refactorings
meissa:map_function
meissa:1.3.1
meissa:1.3.0
meissa:1.2.0
meissa:1.0.1
meissa:0.2.4
meissa:0.2.3
meissa:0.2.2
meissa:0.2.1
meissa:0.2.0
..
compare: meissa:ce9d51e1cdce8916745e51d7181f36128f3be040
Branches Tags
meissa:kc-upgrade-and-integration
meissa:investigate-spec-bug
meissa:master
meissa:refactorings
meissa:map_function
meissa:1.3.1
meissa:1.3.0
meissa:1.2.0
meissa:1.0.1
meissa:0.2.4
meissa:0.2.3
meissa:0.2.2
meissa:0.2.1
meissa:0.2.0

No commits in common. "89f010144263116cbc2eb88b9ace01aa4be0e695" and "ce9d51e1cdce8916745e51d7181f36128f3be040" have entirely different histories.
89f0101442 ... ce9d51e1cd

6 changed files with 83 additions and 60 deletions
Show stats Expand all files Collapse all files

7
src/main/cljc/dda/c4k_keycloak/core.cljc
View file

@ -19,9 +19,7 @@
:postgres-size :2gb
:db-name "keycloak"
:pv-storage-size-gb 30
:pvc-storage-class-name default-storage-class
:max-rate 100
:max-concurrent-requests 50})
:pvc-storage-class-name default-storage-class})
(def config? (s/keys :req-un [::kc/fqdn]
:opt-un [::kc/issuer
@ -40,8 +38,7 @@
(cm/concat-vec
(ns/generate config)
(postgres/generate-config config)
[(kc/generate-configmap config)
(kc/generate-service config)
[(kc/generate-service config)
(kc/generate-deployment config)]
(kc/generate-ratelimit-ingress config)
(when (contains? config :mon-cfg)

35
src/main/cljc/dda/c4k_keycloak/keycloak.cljc
View file

@ -16,11 +16,8 @@
(s/def ::keycloak-admin-user cp/bash-env-string?)
(s/def ::keycloak-admin-password cp/bash-env-string?)
(def config? (s/keys :req-un [::fqdn]
:opt-un [::issuer
::namespace
::max-rate
::burst-rate]))
(def config? (s/keys :req-un [::fqdn
::namespace]))
(def auth? (s/keys :req-un [::keycloak-admin-user
::keycloak-admin-password]))
@ -33,8 +30,8 @@
[config config?]
(let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
(ing/generate-simple-ingress (merge
{:service-name "keycloak"
:service-port 8080
{:service-name "forgejo-service"
:service-port 3000
:fqdns [fqdn]
:average-rate max-rate
:burst-rate max-concurrent-requests
@ -45,23 +42,12 @@
[config config?
auth auth?]
(let [{:keys [namespace]} config
{:keys [keycloak-admin-user keycloak-admin-password postgres-db-user postgres-db-password]} auth]
{:keys [keycloak-admin-user keycloak-admin-password]} auth]
(->
(yaml/load-as-edn "keycloak/secret.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user))
(cm/replace-all-matching "DBPW" (b64/encode postgres-db-password))
(cm/replace-all-matching "ADMIN_USER" (b64/encode keycloak-admin-user))
(cm/replace-all-matching "ADMIN_PASS" (b64/encode keycloak-admin-password)))))
(defn-spec generate-configmap cp/map-or-seq?
[config config?]
(let [{:keys [namespace fqdn]} config]
(->
(yaml/load-as-edn "keycloak/configmap.yaml")
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching "FQDN" fqdn)
(cm/replace-all-matching "ADMIN_FQDN" (str "control." fqdn))))) ; TODO Document this
(cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
(cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
(defn-spec generate-service cp/map-or-seq?
[config config?]
@ -69,11 +55,12 @@
(->
(yaml/load-as-edn "keycloak/service.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
; TODO: Fix test
(defn-spec generate-deployment cp/map-or-seq?
[config config?]
(let [{:keys [fqdn namespace]} config]
(->
(->
(yaml/load-as-edn "keycloak/deployment.yaml")
(cm/replace-all-matching "NAMESPACE" namespace))))
(cm/replace-all-matching "NAMESPACE" namespace)
(cm/replace-all-matching "FQDN" fqdn))))

8
src/main/resources/keycloak/configmap.yaml
View file

@ -1,3 +1,4 @@
# TODO: Make generate-configmap function
apiVersion: v1
kind: ConfigMap
metadata:
@ -9,9 +10,10 @@ data:
KC_HOSTNAME: FQDN
KC_HOSTNAME_ADMIN: ADMIN_FQDN
KC_PROXY: edge
KC_DB: postgres
KC_DB_URL_HOST: postgresql-service
KC_DB_URL_PORT: "5432"
DB_VENDOR: POSTGRES
DB_ADDR: postgresql-service
DB_SCHEMA: public
DB_DATABASE: postgres
# TODO Do we need to enable http, as we are behind ingress?
# KC_HTTP_ENABLED: true
# TODO Maybe also enable load shedding

2
src/main/resources/keycloak/deployment.yaml
View file

@ -32,7 +32,7 @@ spec:
- secretRef:
name: keycloak-secret
ports:
- name: keycloak
- name: http
containerPort: 8080
volumes:
- name: keycloak-cert

5
src/main/resources/keycloak/secret.yaml
View file

@ -1,3 +1,4 @@
# TODO: Update generate-secret function
apiVersion: v1
kind: Secret
metadata:
@ -5,7 +6,7 @@ metadata:
namespace: NAMESPACE
type: Opaque
data:
KC_DB_USERNAME: DBUSER
KC_DB_PASSWORD: DBPW
DB_USER: DBUSER
DB_PASSWORD: DBPW
KEYCLOAK_ADMIN: ADMIN_USER
KEYCLOAK_ADMIN_PASSWORD: ADMIN_PASS

86
src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc
View file

@ -13,30 +13,66 @@
:metadata {:name "keycloak-secret", :namespace "keycloak"}
:type "Opaque"
:data
{:KC_DB_USERNAME "a2V5Y2xvYWs="
:KC_DB_PASSWORD "ZGItcGFzc3dvcmQ="
:KEYCLOAK_ADMIN "dXNlcg=="
:KEYCLOAK_ADMIN_PASSWORD "cGFzc3dvcmQ="}}
(cut/generate-secret {:namespace "keycloak" :fqdn "test.de"}
{:keycloak-admin-user "user" :keycloak-admin-password "password"
:postgres-db-user "keycloak"
:postgres-db-password "db-password"}))))
(deftest should-generate-configmap
(is (= {:apiVersion "v1",
:kind "ConfigMap",
:metadata {:name "keycloak-env", :namespace "keycloak"},
:data
{:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt",
:KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key",
:KC_HOSTNAME "test.de" ,
:KC_HOSTNAME_ADMIN "control.test.de",
:KC_PROXY "edge",
:KC_DB "postgres",
:KC_DB_URL_HOST "postgresql-service",
:KC_DB_URL_PORT 5432}}
(cut/generate-configmap {:namespace "keycloak" :fqdn "test.de"}))))
{:keycloak-user "dXNlcg=="
:keycloak-password "cGFzc3dvcmQ="}}
(cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
(deftest should-generate-deployment
(is (= {:name "keycloak", :namespace "keycloak", :labels {:app "keycloak"}}
(:metadata (cut/generate-deployment {:fqdn "example.com" :namespace "keycloak"})))))
(is (= {:apiVersion "apps/v1",
:kind "Deployment",
:metadata
{:name "keycloak", :namespace "keycloak", :labels {:app "keycloak"}},
:spec
{:replicas 1,
:selector {:matchLabels {:app "keycloak"}},
:template
{:metadata {:labels {:app "keycloak"}},
:spec
{:containers
[{:name "keycloak",
:image "quay.io/keycloak/keycloak:20.0.3",
:imagePullPolicy "IfNotPresent",
:args ["start"],
:volumeMounts
[{:name "keycloak-cert",
:mountPath "/etc/certs",
:readOnly true}],
:env
[{:name "KC_HTTPS_CERTIFICATE_FILE",
:value "/etc/certs/tls.crt"}
{:name "KC_HTTPS_CERTIFICATE_KEY_FILE",
:value "/etc/certs/tls.key"}
{:name "KC_HOSTNAME", :value "test.de"}
{:name "KC_PROXY", :value "edge"}
{:name "DB_VENDOR", :value "POSTGRES"}
{:name "DB_ADDR", :value "postgresql-service"}
{:name "DB_SCHEMA", :value "public"}
{:name "DB_DATABASE",
:valueFrom
{:configMapKeyRef
{:name "postgres-config", :key "postgres-db"}}}
{:name "DB_USER",
:valueFrom
{:secretKeyRef
{:name "postgres-secret", :key "postgres-user"}}}
{:name "DB_PASSWORD",
:valueFrom
{:secretKeyRef
{:name "postgres-secret", :key "postgres-password"}}}
{:name "KEYCLOAK_ADMIN",
:valueFrom
{:secretKeyRef
{:name "keycloak-secret", :key "keycloak-user"}}}
{:name "KEYCLOAK_ADMIN_PASSWORD",
:valueFrom
{:secretKeyRef
{:name "keycloak-secret", :key "keycloak-password"}}}],
:ports [{:name "http", :containerPort 8080}]}],
:volumes
[{:name "keycloak-cert",
:secret
{:secretName "keycloak",
:items
[{:key "tls.crt", :path "tls.crt"}
{:key "tls.key", :path "tls.key"}]}}]}}}}
(cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))