added keycloak deployment with psql operator

2024-09-19 20:08:52 +02:00 · 2022-07-27 17:42:30 +02:00 · 2022-07-27 17:42:30 +02:00 · a5d6d222d3
parent dff188bbd2
commit a5d6d222d3
10 changed files with 1952 additions and 44 deletions
--- a/apps/keycloak/database.yaml
+++ b/apps/keycloak/database.yaml
@ -0,0 +1,36 @@
+---
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+  name: fcos-keycloak
+spec:
+  postgresVersion: 14
+  instances:
+    - replicas: 1
+      dataVolumeClaimSpec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: 1Gi
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 1
+              podAffinityTerm:
+                topologyKey: kubernetes.io/hostname
+                labelSelector:
+                  matchLabels:
+                    postgres-operator.crunchydata.com/cluster: keycloak-db
+                    postgres-operator.crunchydata.com/instance-set: "00"
+  backups:
+    pgbackrest:
+      repos:
+        - name: repo1
+          volume:
+            volumeClaimSpec:
+              accessModes:
+                - "ReadWriteOnce"
+              resources:
+                requests:
+                  storage: 1Gi
--- a/overlays/dev/apps/keycloak/instances.yaml
+++ b/overlays/dev/apps/keycloak/instances.yaml
@ -3,9 +3,14 @@ apiVersion: k8s.keycloak.org/v2alpha1
 kind: Keycloak
 metadata:
  name: fcos-keycloak
-  labels:
-    app: sso
 spec:
  instances: 1
  hostname: id.localhost
+  serverConfiguration:
+    - name: db
+      value: postgres
+    - name: db-url
+      secret:
+        name: fcos-keycloak-pguser-fcos-keycloak
+        key: jdbc-uri
  tlsSecret: INSECURE-DISABLE
--- a/apps/keycloak/kustomization.yaml
+++ b/apps/keycloak/kustomization.yaml
@ -1,5 +1,9 @@
 ---
+namespace: keycloak
 resources:
  - namespace.yaml
  - operatorgroup.yaml
  - subscription.yaml
+  - database.yaml
+  - instance.yaml
+  - realm.yaml
--- a/apps/keycloak/realm.yaml
+++ b/apps/keycloak/realm.yaml
--- a/apps/keycloak/subscription.yaml
+++ b/apps/keycloak/subscription.yaml
@ -10,3 +10,15 @@ spec:
  source: operatorhubio-catalog
  sourceNamespace: olm
  installPlanApproval: Automatic
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: postgresql
+  namespace: keycloak
+spec:
+  channel: v5
+  name: postgresql
+  source: operatorhubio-catalog
+  sourceNamespace: olm
+  installPlanApproval: Automatic
--- a/overlays/dev/apps/keycloak/kustomization.yaml
+++ b/overlays/dev/apps/keycloak/kustomization.yaml
@ -1,3 +0,0 @@
---
-resources:
-  - instances.yaml
--- a/overlays/dev/kustomization.yaml
+++ b/overlays/dev/kustomization.yaml
@ -1,7 +1,6 @@
 ---
 resources:
  - ../../base
-  - ./apps/keycloak
 patches:
  - target:
      kind: Ingress
--- a/overlays/prod/apps/gitea/ingress.yaml
+++ b/overlays/prod/apps/gitea/ingress.yaml
@ -1,25 +0,0 @@
---
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: gitea-server-ingress
-  namespace: gitea
-  annotations:
-    kubernetes.io/ingress.class: nginx
-    kubernetes.io/tls-acme: "true"
-spec:
-  rules:
-    - host: code.fabcity.hamburg
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: gitea-http
-                port:
-                  name: http
-  tls:
-    - hosts:
-        - code.fabcity.hamburg
-      secretName: gitea-secret-prod
--- a/overlays/prod/apps/keycloak/instances.yaml
+++ b/overlays/prod/apps/keycloak/instances.yaml
@ -1,11 +0,0 @@
---
-apiVersion: k8s.keycloak.org/v2alpha1
-kind: Keycloak
-metadata:
-  name: fcos-keycloak
-  labels:
-    app: sso
-spec:
-  instances: 2
-  hostname: id.fabcity.hamburg
-  tlsSecret: fcos-keycloak-tls-secret
--- a/overlays/prod/apps/keycloak/kustomization.yaml
+++ b/overlays/prod/apps/keycloak/kustomization.yaml
@ -1,3 +1,43 @@
 ---
-resources:
-  - instances.yaml
+patches:
+  - target:
+      kind: PostgresCluster
+      group: postgres-operator.crunchydata.com
+      version: v1beta1
+    patch: |-
+      - op: replace
+        path: /spec/instances
+        value:
+          - replicas: 2
+            dataVolumeClaimSpec:
+              accessModes:
+                - "ReadWriteOnce"
+              resources:
+                requests:
+                  storage: 1Gi
+            affinity:
+              podAntiAffinity:
+                preferredDuringSchedulingIgnoredDuringExecution:
+                  - weight: 1
+                    podAffinityTerm:
+                      topologyKey: kubernetes.io/hostname
+                      labelSelector:
+                        matchLabels:
+                          postgres-operator.crunchydata.com/cluster: keycloak-db
+                          postgres-operator.crunchydata.com/instance-set: "00"
+  - target:
+      kind: Keycloak
+      group: k8s.keycloak.org
+      version: v2alpha1
+    patch: |-
+      - op: replace
+        path: /spec/instances
+        value: 2
+  - target:
+      kind: Keycloak
+      group: k8s.keycloak.org
+      version: v2alpha1
+    patch: |-
+      - op: replace
+        path: /spec/hostname
+        value: id.fabcity-hamburg.de