Update port name

src/main/cljc/dda/c4k_keycloak/core.cljc

@@ -19,7 +19,9 @@
                       :postgres-size :2gb
                       :db-name "keycloak"
                       :pv-storage-size-gb 30
-                      :pvc-storage-class-name default-storage-class})
+                      :pvc-storage-class-name default-storage-class
+                      :max-rate 100
+                      :max-concurrent-requests 50})
 
 (def config? (s/keys :req-un [::kc/fqdn]
                      :opt-un [::kc/issuer
@@ -38,7 +40,8 @@
         (cm/concat-vec
          (ns/generate config)
          (postgres/generate-config config)
-         [(kc/generate-service config)
+         [(kc/generate-configmap config)
+          (kc/generate-service config)
           (kc/generate-deployment config)]
          (kc/generate-ratelimit-ingress config)
          (when (contains? config :mon-cfg)

src/main/cljc/dda/c4k_keycloak/keycloak.cljc

@@ -16,8 +16,11 @@
 (s/def ::keycloak-admin-user cp/bash-env-string?)
 (s/def ::keycloak-admin-password cp/bash-env-string?)
 
-(def config? (s/keys :req-un [::fqdn
+(def config? (s/keys :req-un [::fqdn]
-                              ::namespace]))
+                     :opt-un [::issuer
+                              ::namespace
+                              ::max-rate
+                              ::burst-rate]))
 
 (def auth? (s/keys :req-un [::keycloak-admin-user 
                             ::keycloak-admin-password]))
@@ -30,8 +33,8 @@
   [config config?]
   (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
     (ing/generate-simple-ingress (merge
-                                  {:service-name "forgejo-service"
+                                  {:service-name "keycloak"
-                                   :service-port 3000
+                                   :service-port 8080
                                    :fqdns [fqdn]
                                    :average-rate max-rate
                                    :burst-rate max-concurrent-requests
@@ -42,12 +45,23 @@
   [config config?
    auth auth?]
   (let [{:keys [namespace]} config
-        {:keys [keycloak-admin-user keycloak-admin-password]} auth]
+        {:keys [keycloak-admin-user keycloak-admin-password postgres-db-user postgres-db-password]} auth]
     (->
      (yaml/load-as-edn "keycloak/secret.yaml")
      (cm/replace-all-matching "NAMESPACE" namespace)
-     (cm/replace-key-value :keycloak-user (b64/encode keycloak-admin-user))
+     (cm/replace-all-matching "DBUSER" (b64/encode postgres-db-user))
-     (cm/replace-key-value :keycloak-password (b64/encode keycloak-admin-password)))))
+     (cm/replace-all-matching "DBPW" (b64/encode postgres-db-password))
+     (cm/replace-all-matching "ADMIN_USER" (b64/encode keycloak-admin-user))
+     (cm/replace-all-matching "ADMIN_PASS" (b64/encode keycloak-admin-password)))))
+
+(defn-spec generate-configmap cp/map-or-seq?
+  [config config?]
+  (let [{:keys [namespace fqdn]} config]
+    (->
+     (yaml/load-as-edn "keycloak/configmap.yaml")
+     (cm/replace-all-matching "NAMESPACE" namespace)
+     (cm/replace-all-matching "FQDN" fqdn)
+     (cm/replace-all-matching "ADMIN_FQDN" (str "control." fqdn))))) ; TODO Document this
 
 (defn-spec generate-service cp/map-or-seq? 
   [config config?]
@@ -55,12 +69,11 @@
     (->
      (yaml/load-as-edn "keycloak/service.yaml")
      (cm/replace-all-matching "NAMESPACE" namespace))))
-; TODO: Fix test
+
 (defn-spec generate-deployment cp/map-or-seq?
   [config config?]
   (let [{:keys [fqdn namespace]} config]
-    (-> 
+    (->
      (yaml/load-as-edn "keycloak/deployment.yaml")
-     (cm/replace-all-matching "NAMESPACE" namespace)
+     (cm/replace-all-matching "NAMESPACE" namespace))))
-     (cm/replace-all-matching "FQDN" fqdn))))
   

src/main/resources/keycloak/configmap.yaml

@@ -1,4 +1,3 @@
-# TODO: Make generate-configmap function
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -10,10 +9,9 @@ data:
   KC_HOSTNAME: FQDN
   KC_HOSTNAME_ADMIN: ADMIN_FQDN
   KC_PROXY: edge         
-  DB_VENDOR: POSTGRES
+  KC_DB: postgres
-  DB_ADDR: postgresql-service
+  KC_DB_URL_HOST: postgresql-service
-  DB_SCHEMA: public
+  KC_DB_URL_PORT: "5432"
-  DB_DATABASE: postgres
   # TODO Do we need to enable http, as we are behind ingress?
   # KC_HTTP_ENABLED: true
   # TODO Maybe also enable load shedding

src/main/resources/keycloak/deployment.yaml

@@ -32,7 +32,7 @@ spec:
           - secretRef:
               name: keycloak-secret
         ports:
-        - name: http
+        - name: keycloak
           containerPort: 8080
       volumes:
         - name: keycloak-cert

src/main/resources/keycloak/secret.yaml

@@ -1,4 +1,3 @@
-# TODO: Update generate-secret function
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,7 +5,7 @@ metadata:
   namespace: NAMESPACE
 type: Opaque
 data:
-  DB_USER: DBUSER
+  KC_DB_USERNAME: DBUSER
-  DB_PASSWORD: DBPW
+  KC_DB_PASSWORD: DBPW
   KEYCLOAK_ADMIN: ADMIN_USER
   KEYCLOAK_ADMIN_PASSWORD: ADMIN_PASS

src/test/cljc/dda/c4k_keycloak/keycloak_test.cljc

@@ -13,66 +13,30 @@
           :metadata {:name "keycloak-secret", :namespace "keycloak"}
           :type "Opaque"
           :data
-          {:keycloak-user "dXNlcg=="
+          {:KC_DB_USERNAME "a2V5Y2xvYWs="
-           :keycloak-password "cGFzc3dvcmQ="}}
+           :KC_DB_PASSWORD "ZGItcGFzc3dvcmQ="
-         (cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} {:keycloak-admin-user "user" :keycloak-admin-password "password"}))))
+           :KEYCLOAK_ADMIN "dXNlcg=="
+           :KEYCLOAK_ADMIN_PASSWORD "cGFzc3dvcmQ="}}
+         (cut/generate-secret {:namespace "keycloak" :fqdn "test.de"} 
+                              {:keycloak-admin-user "user" :keycloak-admin-password "password"
+                               :postgres-db-user "keycloak"
+                               :postgres-db-password "db-password"}))))
+
+(deftest should-generate-configmap
+  (is (= {:apiVersion "v1",
+          :kind "ConfigMap",
+          :metadata {:name "keycloak-env", :namespace "keycloak"},
+          :data
+          {:KC_HTTPS_CERTIFICATE_FILE "/etc/certs/tls.crt",
+           :KC_HTTPS_CERTIFICATE_KEY_FILE "/etc/certs/tls.key",
+           :KC_HOSTNAME "test.de" ,
+           :KC_HOSTNAME_ADMIN "control.test.de",
+           :KC_PROXY "edge",
+           :KC_DB "postgres",
+           :KC_DB_URL_HOST "postgresql-service",
+           :KC_DB_URL_PORT 5432}}
+         (cut/generate-configmap {:namespace "keycloak" :fqdn "test.de"}))))
 
 (deftest should-generate-deployment
-  (is (= {:apiVersion "apps/v1",
+  (is (= {:name "keycloak", :namespace "keycloak", :labels {:app "keycloak"}}
-          :kind "Deployment",
+         (:metadata (cut/generate-deployment {:fqdn "example.com" :namespace "keycloak"})))))
-          :metadata
-          {:name "keycloak", :namespace "keycloak", :labels {:app "keycloak"}},
-          :spec
-          {:replicas 1,
-           :selector {:matchLabels {:app "keycloak"}},
-           :template
-           {:metadata {:labels {:app "keycloak"}},
-            :spec
-            {:containers
-             [{:name "keycloak",
-               :image "quay.io/keycloak/keycloak:20.0.3",
-               :imagePullPolicy "IfNotPresent",
-               :args ["start"],
-               :volumeMounts
-               [{:name "keycloak-cert",
-                 :mountPath "/etc/certs",
-                 :readOnly true}],
-               :env
-               [{:name "KC_HTTPS_CERTIFICATE_FILE",
-                 :value "/etc/certs/tls.crt"}
-                {:name "KC_HTTPS_CERTIFICATE_KEY_FILE",
-                 :value "/etc/certs/tls.key"}
-                {:name "KC_HOSTNAME", :value "test.de"}
-                {:name "KC_PROXY", :value "edge"}
-                {:name "DB_VENDOR", :value "POSTGRES"}
-                {:name "DB_ADDR", :value "postgresql-service"}
-                {:name "DB_SCHEMA", :value "public"}
-                {:name "DB_DATABASE",
-                 :valueFrom
-                 {:configMapKeyRef
-                  {:name "postgres-config", :key "postgres-db"}}}
-                {:name "DB_USER",
-                 :valueFrom
-                 {:secretKeyRef
-                  {:name "postgres-secret", :key "postgres-user"}}}
-                {:name "DB_PASSWORD",
-                 :valueFrom
-                 {:secretKeyRef
-                  {:name "postgres-secret", :key "postgres-password"}}}
-                {:name "KEYCLOAK_ADMIN",
-                 :valueFrom
-                 {:secretKeyRef
-                  {:name "keycloak-secret", :key "keycloak-user"}}}
-                {:name "KEYCLOAK_ADMIN_PASSWORD",
-                 :valueFrom
-                 {:secretKeyRef
-                  {:name "keycloak-secret", :key "keycloak-password"}}}],
-               :ports [{:name "http", :containerPort 8080}]}],
-             :volumes
-             [{:name "keycloak-cert",
-               :secret
-               {:secretName "keycloak",
-                :items
-                [{:key "tls.crt", :path "tls.crt"}
-                 {:key "tls.key", :path "tls.key"}]}}]}}}}
-         (cut/generate-deployment {:fqdn "test.de" :namespace "keycloak"}))))