feat: new KubeZero Auth module, starting with Keycloak
This commit is contained in:
parent
b4493da39f
commit
5a5acb5bbc
19
charts/kubezero-auth/Chart.yaml
Normal file
19
charts/kubezero-auth/Chart.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-auth
|
||||
description: KubeZero umbrella chart for all things Authentication and Identity management
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: 18.0.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- keycloak
|
||||
maintainers:
|
||||
- name: Stefan Reimer
|
||||
email: stefan@zero-downtime.net
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.4"
|
||||
repository: https://cdn.zero-downtime.net/charts/
|
||||
kubeVersion: ">= 1.20.0"
|
33
charts/kubezero-auth/README.md
Normal file
33
charts/kubezero-auth/README.md
Normal file
@ -0,0 +1,33 @@
|
||||
# kubezero-auth
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 18.0.0](https://img.shields.io/badge/AppVersion-18.0.0-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things Authentication and Identity management
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Stefan Reimer | <stefan@zero-downtime.net> | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.20.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.4 |
|
||||
|
||||
# Keycloak
|
||||
|
||||
## Resources
|
||||
- Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak`
|
||||
- custom image: `https://www.keycloak.org/server/containers`
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| keycloak.enabled | bool | `false` | |
|
22
charts/kubezero-auth/README.md.gotmpl
Normal file
22
charts/kubezero-auth/README.md.gotmpl
Normal file
@ -0,0 +1,22 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
# Keycloak
|
||||
|
||||
## Resources
|
||||
- Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak`
|
||||
- custom image: `https://www.keycloak.org/server/containers`
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
2790
charts/kubezero-auth/crds/keycloak.yaml
Normal file
2790
charts/kubezero-auth/crds/keycloak.yaml
Normal file
File diff suppressed because it is too large
Load Diff
12
charts/kubezero-auth/keycloak.patch
Normal file
12
charts/kubezero-auth/keycloak.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- templates/keycloak-operator/all.yaml.orig 2022-05-11 12:46:15.860204871 +0200
|
||||
+++ templates/keycloak-operator/all.yaml 2022-05-11 12:46:02.840068240 +0200
|
||||
@@ -1,3 +1,4 @@
|
||||
+{{- if .Values.keycloak.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
@@ -233,3 +234,4 @@
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
serviceAccountName: keycloak-operator
|
||||
+{{- end }}
|
237
charts/kubezero-auth/templates/keycloak-operator/all.yaml
Normal file
237
charts/kubezero-auth/templates/keycloak-operator/all.yaml
Normal file
@ -0,0 +1,237 @@
|
||||
{{- if .Values.keycloak.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
annotations:
|
||||
app.quarkus.io/build-timestamp: 2022-04-21 - 08:45:16 +0000
|
||||
labels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
name: keycloak-operator
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
app.quarkus.io/build-timestamp: 2022-04-21 - 08:45:16 +0000
|
||||
labels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
name: keycloak-operator
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
type: ClusterIP
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: keycloak-operator-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
name: keycloak-operator-role-binding
|
||||
roleRef:
|
||||
kind: Role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: keycloak-operator-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: keycloak-operator
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: keycloak-operator-view
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: view
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: keycloak-operator
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: keycloakcontroller-role-binding
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: keycloakcontroller-cluster-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: keycloak-operator
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: keycloakrealmimportcontroller-role-binding
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
name: keycloakrealmimportcontroller-cluster-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: keycloak-operator
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: keycloakcontroller-cluster-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- k8s.keycloak.org
|
||||
resources:
|
||||
- keycloaks
|
||||
- keycloaks/status
|
||||
- keycloaks/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: keycloakrealmimportcontroller-cluster-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- k8s.keycloak.org
|
||||
resources:
|
||||
- keycloakrealmimports
|
||||
- keycloakrealmimports/status
|
||||
- keycloakrealmimports/finalizers
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- delete
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
annotations:
|
||||
app.quarkus.io/build-timestamp: 2022-04-21 - 08:45:16 +0000
|
||||
labels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
name: keycloak-operator
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
app.quarkus.io/build-timestamp: 2022-04-21 - 08:45:16 +0000
|
||||
labels:
|
||||
app.kubernetes.io/name: keycloak-operator
|
||||
app.kubernetes.io/version: 18.0.0
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: KUBERNETES_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: OPERATOR_KEYCLOAK_IMAGE
|
||||
value: quay.io/keycloak/keycloak:18.0.0
|
||||
image: quay.io/keycloak/keycloak-operator:18.0.0
|
||||
imagePullPolicy: Always
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /q/health/live
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 30
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
name: keycloak-operator
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /q/health/ready
|
||||
port: 8080
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 0
|
||||
periodSeconds: 30
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
serviceAccountName: keycloak-operator
|
||||
{{- end }}
|
15
charts/kubezero-auth/update.sh
Executable file
15
charts/kubezero-auth/update.sh
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
helm dep update
|
||||
|
||||
# Operator
|
||||
VERSION=$(yq eval '.appVersion' Chart.yaml)
|
||||
|
||||
wget -q -O crds/keycloak.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
|
||||
# No realm imports needed so far
|
||||
# wget -q -O crds/keycloak-realmimport.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml
|
||||
|
||||
wget -q -O templates/keycloak-operator/all.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/${VERSION}/kubernetes/kubernetes.yml
|
||||
|
||||
patch -i keycloak.patch -p0 --no-backup-if-mismatch
|
2
charts/kubezero-auth/values.yaml
Normal file
2
charts/kubezero-auth/values.yaml
Normal file
@ -0,0 +1,2 @@
|
||||
keycloak:
|
||||
enabled: false
|
Loading…
Reference in New Issue
Block a user