5 changed files with 50 additions and 42 deletions
--- a/src/main/cljc/dda/c4k_keycloak/core.cljc
+++ b/src/main/cljc/dda/c4k_keycloak/core.cljc
@ -40,7 +40,7 @@
         (postgres/generate-config config)
         [(kc/generate-service config)
          (kc/generate-deployment config)]
-         (kc/generate-ratelimit-ingress config)
+         (kc/generate-ingress config)
         (when (contains? config :mon-cfg)
           (mon/generate-config))))))

--- a/src/main/cljc/dda/c4k_keycloak/keycloak.cljc
+++ b/src/main/cljc/dda/c4k_keycloak/keycloak.cljc
@ -26,17 +26,14 @@
   (defmethod yaml/load-resource :keycloak [resource-name]
     (get (inline-resources "keycloak") resource-name)))

-(defn-spec generate-ratelimit-ingress seq?
+(defn-spec generate-ingress cp/map-or-seq?
  [config config?]
-  (let [{:keys [fqdn max-rate max-concurrent-requests namespace]} config]
-    (ing/generate-simple-ingress (merge
-                                  {:service-name "forgejo-service"
-                                   :service-port 3000
-                                   :fqdns [fqdn]
-                                   :average-rate max-rate
-                                   :burst-rate max-concurrent-requests
-                                   :namespace namespace}
-                                  config))))
+  (ing/generate-ingress-and-cert
+   (merge
+    {:service-name "keycloak"
+     :service-port 80
+     :fqdns [(:fqdn config)]}
+    config)))

 (defn-spec generate-secret cp/map-or-seq?
  [config config?
@ -55,7 +52,7 @@
    (->
     (yaml/load-as-edn "keycloak/service.yaml")
     (cm/replace-all-matching "NAMESPACE" namespace))))
-; TODO: Fix test
+
 (defn-spec generate-deployment cp/map-or-seq?
  [config config?]
  (let [{:keys [fqdn namespace]} config]
--- a/src/main/resources/keycloak/configmap.yaml
+++ b/src/main/resources/keycloak/configmap.yaml
@ -1,20 +0,0 @@
-# TODO: Make generate-configmap function
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: keycloak-env
-  namespace: NAMESPACE
-data:
-  KC_HTTPS_CERTIFICATE_FILE: /etc/certs/tls.crt
-  KC_HTTPS_CERTIFICATE_KEY_FILE: /etc/certs/tls.key
-  KC_HOSTNAME: FQDN
-  KC_HOSTNAME_ADMIN: ADMIN_FQDN
-  KC_PROXY: edge         
-  DB_VENDOR: POSTGRES
-  DB_ADDR: postgresql-service
-  DB_SCHEMA: public
-  DB_DATABASE: postgres
-  # TODO Do we need to enable http, as we are behind ingress?
-  # KC_HTTP_ENABLED: true
-  # TODO Maybe also enable load shedding
-  # KC_HTTP_MAX_QUEUED_REQUESTS: 2000
--- a/src/main/resources/keycloak/deployment.yaml
+++ b/src/main/resources/keycloak/deployment.yaml
@ -15,7 +15,6 @@ spec:
      labels:
        app: keycloak
    spec:
-      # TODO: Add Resource allocations
      containers:
      - name: keycloak
        image: quay.io/keycloak/keycloak:20.0.3
@ -26,11 +25,46 @@ spec:
        - name: keycloak-cert
          mountPath: /etc/certs
          readOnly: true
-        envFrom:
-          - configMapRef:
-              name: keycloak-env
-          - secretRef:
+        env:
+        - name: KC_HTTPS_CERTIFICATE_FILE
+          value: /etc/certs/tls.crt
+        - name: KC_HTTPS_CERTIFICATE_KEY_FILE
+          value: /etc/certs/tls.key
+        - name: KC_HOSTNAME
+          value: FQDN
+        - name: KC_PROXY
+          value: edge         
+        - name: DB_VENDOR
+          value: POSTGRES
+        - name: DB_ADDR
+          value: postgresql-service
+        - name: DB_SCHEMA
+          value: public
+        - name: DB_DATABASE
+          valueFrom:
+            configMapKeyRef:
+              name: postgres-config
+              key: postgres-db
+        - name: DB_USER
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-user
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secret
+              key: postgres-password
+        - name: KEYCLOAK_ADMIN
+          valueFrom:
+            secretKeyRef:
              name: keycloak-secret
+              key: keycloak-user
+        - name: KEYCLOAK_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: keycloak-secret
+              key: keycloak-password
        ports:
        - name: http
          containerPort: 8080
--- a/src/main/resources/keycloak/secret.yaml
+++ b/src/main/resources/keycloak/secret.yaml
@ -1,4 +1,3 @@
-# TODO: Update generate-secret function
 apiVersion: v1
 kind: Secret
 metadata:
@ -6,7 +5,5 @@ metadata:
  namespace: NAMESPACE
 type: Opaque
 data:
-  DB_USER: DBUSER
-  DB_PASSWORD: DBPW
-  KEYCLOAK_ADMIN: ADMIN_USER
-  KEYCLOAK_ADMIN_PASSWORD: ADMIN_PASS
+  keycloak-user: admin
+  keycloak-password: admin