Skip to content

Commit

Permalink
feat: add keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
@reinthal
reinthal committed Nov 29, 2024
1 parent 685e6e0 commit b29b882
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 2 deletions.
21 changes: 21 additions & 0 deletions infrastructure/supporting-infra/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# how to create keycloak-secret-sealed.yaml

```bash
echo "Input Keycloak Postgres Password:"
read PGPASSWORD
echo "Input Keycloak Admin Password:"
read ADMINPASSWORD
kubectl -n dagster create secret generic keycloak-secret -n keycloak \
--from-literal=keycloak-postgres-password="${PGPASSWORD}" \
--from-literal=keycloak-postgres-host='postgres.reinthal.me' \
--from-literal=keycloak-postgres-username='keycloak' \
--from-literal=keycloak-postgres-database='keycloak' \
--from-literal=keycloak-admin-password="${ADMINPASSWORD}" \
--dry-run=client \
-o yaml \
| tee keycloak-secret.yaml \
| kubeseal --format=yaml --cert=../../keys/pub-sealed-secrets.pem \
| tee keycloak-secret-sealed.yaml
unset PGPASSWORD
unset ADMINPASSWORD
```
19 changes: 19 additions & 0 deletions infrastructure/supporting-infra/keycloak-secret-sealed.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
spec:
encryptedData:
keycloak-admin-password: AgB4mSQ2Mn9kkDPso+kIluekLAwbKgcqTtH3uVzRF8X4ufSBN+lTDIxA2OgUhz42NsePCXV62MbY5AG0FDolmdkKmS240q+ys5a4TksRWcybqIQdPAcHmBLpTlP1aFqwGhobSEQc+5O577zsuib2Dv8zwIHznrXKvvDmwPbjxVoMsMi7V/8HchCtk/DxScadKT3x1AqMzmApU0jfxd9++iHnTDX/UHvAfCl8p6LL80d9xJ2z6M41Cu7SFcTVk3MDugShta50RUqr83hbcINDsn9ph+zaD8ajnCq3FVmiBCP85NLxml5L7RWJNQFWjbmdmyhqNN01s9YfJXPHhJ1y5pXjIkhinIThiwWnGMwaeeCk/mftHLxCCkSC6SFLfEl6AgOkI6Yan+SMiGeuKVWIIqZ69+fVJ7+Aum9fPGu5i34MVlhClRHQZI3CVFWonLZum76lV/7MsW3cq/Bb8fAULjzrZBt57vM1pAevjt0g9Ko6i7NpLdK4BA15DanG8HZdM6aq/N66PJ7vbdqcK0epJSieIErSLW3yM7BfhDgXc66ZHTLbOic5VFlXQzj39oQAi5lcvKVP1x+eEveEgBm+02rdgj5HSmSJc0JfbXGnLD/nGGgxZhr2fqrILT+PVREtRDUnkriufzVlZ1Rsr20O1jNgQl8ZYOeHs/+AIY1PDR8mJ+jQ55ZPMrxA+6QOwr2lrLpL4cTeueaklOnxkD+O5uM=
keycloak-postgres-database: AgCTNCaOB8vapizcC+C4UYuVJ/FqMgDC8KDu/NDp1UMuz9WokldHbW16xrEdEN3NOrHGj8SBr9gX0xZ75tZa5dwYIDf0BaDtbL9z0h7haJP6cCt41XdxbmBekjY8ZCkFdL/5kweYBE4c2YFAJ1vxvDV+N+2kUsYvFCkFT3j0l6yo/Is7XT0A0VRKOdfS3T3oSKkrd5RWtcmJ4wB9U7kJbdhj4eB6/yazfHdex/6iU/81BDtA460PkjgYg8iJyEFr6X9IB9jEJifxcO23Nsg+mmxnoDsCDntDEmn5uWpQ1bh1wdVSN8yEvFpFYrKiblI8O68rm+gFktYRvjbxyOm/kvi4Eyj6v4dFAKIkGmhdb3rqfr+ikA/JPkhv/4iIHyvpPYdIC8UtPwDp1+7GN23rE229M4B181y/6egIKgecMeaH6b50m70shRAPeZ5qVdeA9+71RwQPwhtHuYP2mDoh76j3sasQmRu1stVtHC9RUicaLmYnoTDGIjSbkYiei5cm6PJalM5uVfE2Jyw1lul1se1uF3pEuSuaxXvpNspo4VACMQon116HRoILqc2Vu6IeexUeD7GluC6wcyStP6zKfTOaKLHgxRsjO9V8n4bqcti8iWkcvtBNbKvOiHZGRS8hdWXVUF62TjpPVcbKzCW1lM2iDbBiNLUkQzULdwqACX37w700/6rpLNNHLqmkf1sZXqSE4ydZf41H3Q==
keycloak-postgres-host: AgB2zjAeb7+YPpiLPRP3R7109jp80Fpi1jmDUpo/HSdEmtsMYLVvOiauWDPmXTnrGqkM+Ew9rVWq2/LX35O0pnETcPuZeh6R/lVLuY00CuU+q5XSpNdS8mZk1bo70JaAYx3cTZWvlqWzj+hPAE99BxQx6x0NgqWSbCpZLLlaWtKrykWL+GhmALkrgtF+hKQ3+HzSrHZ8sUw/zmxPty01f18H7Nme/4NHehacsrWbbGV1dehTgNGwp8rSQUa2b9I9URDouwRq/4yc9WVlZqwHLRdERZEJmBAUncUA3IEW+b5upFQ7cS1WJXFFmXNNu9aTgUoGe2KrgjRwbyEV7AzqXF1hKN1FiEdoNt/9OwrO0lxk8nrSOljxhJZoX4bJm+hRATA7IhbYC6xuEyXX5w+KJz2BN217YH/GhhegXqfwR7lG2Qvd4VujqCXRo65jQ6NLYrv1/fDOcsSz1hD025dGPsuiqi+/zQOkRWUjSHeCbHGYZosy8VSPcsMdbh4qekYkDjNqDtGhYTYZur3iuqWVEvHBEkkQ81vUzzkqKyVrJnbBd0GUorVHOnnRtPZoGHeO/MnRMhep757lKHy0M7IsuJWiUKJisl4FMFO0DuJsrBHlmw2FFHjNk5jcS6mpzux2b9A2EPRG72m6QDdUtahPeNPNR1fJJ4sWJUae5jc+jBVpzrNpMQuJC+CQTmRDTgFpZGUWCeR/vCR4gLpTdCWpyejA016SoA==
keycloak-postgres-password: AgCPY7wQn/Fu4mV3NfK6ln+Ve8/fJVHOTY8E8MBsggJL0jwM4EvO1nsIlX5REgXukaJEKJbjpqPyuYq2ry+O4vc0ShPmJbbjDDqz/Oy8CoutBNy6uYld1u2ssvzSQYcd7oZWdIFmW3eVrjgcifEt1a/dSMLc7rym4TtMuI8m96hWl5zurpQi6HdWJDcRMzbksuVtyBhaQt4/i0KLKYjv1M7qFOA8oiULrh+xH3idvdyRUepPxcaaFmiV/iat2x3NsWOeEosElRokUuCYz9nN28DqKMoW5T06YUt9ELDQ7MDdz8dNfgoH6e7Tph6DV/0W/OovOgRD0pUHXCynq2lOYcyvt5pUBsnRsIpSSwE3TMWYcpM0pW9yhicP+MxriyeadlV8u2zB/Hc2pDGlvo4TtKo2hC1RyXvP3a3pm7Jmbkamu/MCKO1BaGEIhR3uZFQ5PxFWR6Ixnm7n51wpAZxZscCXS0P72aArCLbkcVYv0sNySbri7vgLFfrCg6CGvjA1OiSALzUEzdqwbgP2MYhB1I/x5nsj4rqFVni5+QMfhvHcIexRon6w8OXbl9/ucTawBoCopCgxR/ZUHL4hbTVSMvNBsIiJDPold85FLdpGPAkswqjqS7OKILcuhslnBYMbc+qgaFjuRcyF6StK3lswobsTFST2JepeWHvSnal5hbpZ8557ETTtS+SYu6Aa6tMbP6Uj/CSS/YPSAvvxf5UtcWc=
keycloak-postgres-username: AgALucjeFogUuDj6gatRpE7h3HBVA4bJegPWVdgXHLZvFLlCP1jt+14QgPyxSAS9xn96bbzRm/sQZakJX7JMBw255Jo+Bw/9r4H17GJ6WwdWW4Zo1zaSVlK6vaYkarUGJ/szokUWs/rL0L75yJ03p4ZOFaqvWR9C5keQJZpKbk5WPVKo5U00EO9ktSJhNOOD82wXyVFSRyhOPgJROTlSgnnM3BqNjWteikSFfP/os/2Fk+1inEZgTsy9OB5cppZ9e7gZIWmRscUvTYntMB5uu7I3I4aJwaD+/I880Kwtu5AYXqFb+PGhQnT33nnPtd8vMyFesMf9nehq9pUIBAE+jPcuNy+qz00fcDiyeLm5LRTgUEdVnntqHwtE9att/CmWtqgrMkQnlIFBcQ/TfKTyyIrdMPIJnoM6naMwViV6i4tG/Mnf7/3KEj5cBdr5CwszTqnwvHsbul1dCp0LUGMTERM3zJQ/fXCj9c+T1gbsWbuAupJXPPasARoX/pKWrVHtayd/0q7+daIvLgs8M/1GeAmtMBuH0mQtQFpJTtDv3ZaMy+ZgALcmYb7d9UuuWERQk6VbF6ZvKHPFXR+yBq5ML2IMrqztS3O8LuvJXOTvYfXM0lI2jGzKd6ModpqsR9lBgrkKm7sG/ZbVK1lz7byhGh4fMMUWezPrWI1A9zBmDYbXOvdRY5/gSxpinPX44a+GLBe0V2gtv1HPkg==
template:
metadata:
creationTimestamp: null
name: keycloak-secret
namespace: keycloak
93 changes: 93 additions & 0 deletions infrastructure/supporting-infra/keycloak.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
apiVersion: v1
kind: Namespace
metadata:
name: keycloak
labels:
toolkit.fluxcd.io/tenant: datadrivet-team
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: keycloak
namespace: flux-system
spec:
type: "oci"
interval: 5m0s
url: oci://registry-1.docker.io/bitnamicharts
---
apiVersion: helm.toolkit.fluxcd.io/v2beta2
kind: HelmRelease
metadata:
name: keycloak
namespace: flux-system
spec:
chart:
spec:
chart: keycloak
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: keycloak
namespace: flux-system
version: 18.7.1
install:
createNamespace: true
interval: 1m0s
releaseName: keycloak
targetNamespace: keycloak
values:
auth:
existingSecret: keycloak-secret
passwordSecretKey: keycloak-admin-password
adminUser: keycloak
postgresql:
enabled: false
externalDatabase:
database: keycloak
host: postgres.reinthal.me
port: 5432
user: keycloak
existingSecret: keycloak-secret
existingSecretPasswordKey: keycloak-postgres-password
extraEnvVars: []
extraStartupArgs: --features=preview --log-level=org.keycloak.events:debug
extraVolumeMounts: |
- name: extensions
mountPath: /opt/bitnami/keycloak/providers
extraVolumes: |
- name: extensions
emptyDir: {}
httpRelativePath: /auth/
ingress:
enabled: true
tls: true
hostname: auth.local.reinthal.cc
annotations:
cert-manager.io/cluster-issuer: letsencrypt

adminIngress:
enabled: true
tls: true
hostname: keycloak.local.reinthal.cc
annotations:
cert-manager.io/cluster-issuer: letsencrypt

initContainers: |
- name: realm-ext-provider
image: curlimages/curl
imagePullPolicy: IfNotPresent
command:
- sh
args:
- -c
- |
curl -L -f -S -o /extensions/onyxia-web.jar https://github.com/InseeFrLab/onyxia/releases/download/v8.4.5/keycloak-theme.jar
volumeMounts:
- name: extensions
mountPath: /extensions
production: true
proxy: edge
replicaCount: 2
tls:
autoGenerated: false
enabled: false
8 changes: 6 additions & 2 deletions infrastructure/supporting-infra/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- nfs.yaml

# keycloak
- keycloak.yaml
- keycloak-secret-sealed.yaml

# minio
#- minio.yaml
#- minio-tenant-config-secret-sealed.yaml
- minio.yaml
- minio-tenant-config-secret-sealed.yaml

0 comments on commit b29b882

Please sign in to comment.