Updated Kubezero-auth module using Bitnami for KeyCloak
This commit is contained in:
parent
1c5a1b2390
commit
6ac4810348
@ -2,8 +2,8 @@ apiVersion: v2
|
|||||||
name: kubezero-auth
|
name: kubezero-auth
|
||||||
description: KubeZero umbrella chart for all things Authentication and Identity management
|
description: KubeZero umbrella chart for all things Authentication and Identity management
|
||||||
type: application
|
type: application
|
||||||
version: 0.3.5
|
version: 0.4.0
|
||||||
appVersion: 21.1.1
|
appVersion: 22.0.1
|
||||||
home: https://kubezero.com
|
home: https://kubezero.com
|
||||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
keywords:
|
keywords:
|
||||||
@ -16,8 +16,8 @@ dependencies:
|
|||||||
- name: kubezero-lib
|
- name: kubezero-lib
|
||||||
version: ">= 0.1.6"
|
version: ">= 0.1.6"
|
||||||
repository: https://cdn.zero-downtime.net/charts/
|
repository: https://cdn.zero-downtime.net/charts/
|
||||||
- name: postgresql
|
- name: keycloak
|
||||||
version: 11.8.1
|
version: 16.1.2
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: "oci://registry-1.docker.io/bitnamicharts"
|
||||||
condition: postgresql.enabled
|
condition: keycloak.enabled
|
||||||
kubeVersion: ">= 1.25.0"
|
kubeVersion: ">= 1.26.0"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# kubezero-auth
|
# kubezero-auth
|
||||||
|
|
||||||
![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 21.1.1](https://img.shields.io/badge/AppVersion-21.1.1-informational?style=flat-square)
|
![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 22.0.1](https://img.shields.io/badge/AppVersion-22.0.1-informational?style=flat-square)
|
||||||
|
|
||||||
KubeZero umbrella chart for all things Authentication and Identity management
|
KubeZero umbrella chart for all things Authentication and Identity management
|
||||||
|
|
||||||
@ -14,40 +14,45 @@ KubeZero umbrella chart for all things Authentication and Identity management
|
|||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
Kubernetes: `>= 1.25.0`
|
Kubernetes: `>= 1.26.0`
|
||||||
|
|
||||||
| Repository | Name | Version |
|
| Repository | Name | Version |
|
||||||
|------------|------|---------|
|
|------------|------|---------|
|
||||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||||
| https://charts.bitnami.com/bitnami | postgresql | 11.8.1 |
|
| oci://registry-1.docker.io/bitnamicharts | keycloak | 16.1.2 |
|
||||||
|
|
||||||
# Keycloak
|
# Keycloak
|
||||||
|
|
||||||
## Operator
|
## Operator
|
||||||
|
|
||||||
|
https://www.keycloak.org/operator/installation
|
||||||
https://github.com/keycloak/keycloak/tree/main/operator
|
https://github.com/keycloak/keycloak/tree/main/operator
|
||||||
https://github.com/aerogear/keycloak-metrics-spi
|
https://github.com/aerogear/keycloak-metrics-spi
|
||||||
https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keycloak/templates
|
https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keycloak/templates
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
- https://github.com/bitnami/charts/tree/main/bitnami/keycloak
|
||||||
- Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak`
|
|
||||||
- custom image: `https://www.keycloak.org/server/containers`
|
|
||||||
|
|
||||||
## Values
|
## Values
|
||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
|
| keycloak.auth.adminUser | string | `"admin"` | |
|
||||||
|
| keycloak.auth.existingSecret | string | `"kubezero-auth"` | |
|
||||||
|
| keycloak.auth.passwordSecretKey | string | `"admin-password"` | |
|
||||||
| keycloak.enabled | bool | `false` | |
|
| keycloak.enabled | bool | `false` | |
|
||||||
| keycloak.istio.enabled | bool | `false` | |
|
| keycloak.istio.enabled | bool | `false` | |
|
||||||
| keycloak.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
| keycloak.istio.gateway | string | `"istio-ingress/private-ingressgateway"` | |
|
||||||
| keycloak.istio.url | string | `""` | |
|
| keycloak.istio.url | string | `""` | |
|
||||||
| keycloak.metrics.enabled | bool | `false` | |
|
| keycloak.metrics.enabled | bool | `false` | |
|
||||||
| keycloak.podDisruptionBudget.minAvailable | int | `1` | |
|
| keycloak.metrics.serviceMonitor.enabled | bool | `true` | |
|
||||||
| keycloak.replicas | int | `1` | |
|
| keycloak.pdb.create | bool | `false` | |
|
||||||
| postgresql.auth.database | string | `"keycloak"` | |
|
| keycloak.pdb.minAvailable | int | `1` | |
|
||||||
| postgresql.auth.existingSecret | string | `"kubezero-auth-postgresql"` | |
|
| keycloak.postgresql.auth.database | string | `"keycloak"` | |
|
||||||
| postgresql.auth.username | string | `"keycloak"` | |
|
| keycloak.postgresql.auth.existingSecret | string | `"kubezero-auth"` | |
|
||||||
| postgresql.enabled | bool | `false` | |
|
| keycloak.postgresql.auth.username | string | `"keycloak"` | |
|
||||||
| postgresql.primary.persistence.size | string | `"1Gi"` | |
|
| keycloak.postgresql.primary.persistence.size | string | `"1Gi"` | |
|
||||||
| postgresql.readReplicas.replicaCount | int | `0` | |
|
| keycloak.postgresql.readReplicas.replicaCount | int | `0` | |
|
||||||
|
| keycloak.production | bool | `true` | |
|
||||||
|
| keycloak.proxy | string | `"edge"` | |
|
||||||
|
| keycloak.replicaCount | int | `1` | |
|
||||||
|
@ -17,13 +17,12 @@
|
|||||||
|
|
||||||
## Operator
|
## Operator
|
||||||
|
|
||||||
|
https://www.keycloak.org/operator/installation
|
||||||
https://github.com/keycloak/keycloak/tree/main/operator
|
https://github.com/keycloak/keycloak/tree/main/operator
|
||||||
https://github.com/aerogear/keycloak-metrics-spi
|
https://github.com/aerogear/keycloak-metrics-spi
|
||||||
https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keycloak/templates
|
https://github.com/keycloak/keycloak-benchmark/tree/main/provision/minikube/keycloak/templates
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
|
- https://github.com/bitnami/charts/tree/main/bitnami/keycloak
|
||||||
- Codecentric Helm chart: `https://github.com/codecentric/helm-charts/tree/master/charts/keycloak`
|
|
||||||
- custom image: `https://www.keycloak.org/server/containers`
|
|
||||||
|
|
||||||
{{ template "chart.valuesSection" . }}
|
{{ template "chart.valuesSection" . }}
|
||||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -4,5 +4,6 @@ gzip: true
|
|||||||
# folder:
|
# folder:
|
||||||
dashboards:
|
dashboards:
|
||||||
- name: keycloak
|
- name: keycloak
|
||||||
url: https://grafana.com/api/dashboards/10441/revisions/2/download
|
# url: https://grafana.com/api/dashboards/10441/revisions/2/download
|
||||||
|
url: https://grafana.com/api/dashboards/17878/revisions/1/download
|
||||||
tags: ['Keycloak', 'Auth']
|
tags: ['Keycloak', 'Auth']
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
--- templates/keycloak/operator.yaml.orig 2022-05-11 12:46:15.860204871 +0200
|
|
||||||
+++ templates/keycloak/operator.yaml 2022-05-11 12:46:02.840068240 +0200
|
|
||||||
@@ -1,3 +1,4 @@
|
|
||||||
+{{- if .Values.keycloak.enabled }}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
@@ -233,3 +234,4 @@
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
|
||||||
serviceAccountName: keycloak-operator
|
|
||||||
+{{- end }}
|
|
File diff suppressed because one or more lines are too long
@ -2,7 +2,7 @@
|
|||||||
apiVersion: security.istio.io/v1beta1
|
apiVersion: security.istio.io/v1beta1
|
||||||
kind: AuthorizationPolicy
|
kind: AuthorizationPolicy
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ .Release.Name }}-deny-metrics-ipblocks
|
name: {{ .Release.Name }}-keycloak-deny-not-in-ipblocks
|
||||||
namespace: istio-system
|
namespace: istio-system
|
||||||
labels:
|
labels:
|
||||||
{{- include "kubezero-lib.labels" $ | nindent 4 }}
|
{{- include "kubezero-lib.labels" $ | nindent 4 }}
|
||||||
@ -12,6 +12,7 @@ spec:
|
|||||||
app: istio-ingressgateway
|
app: istio-ingressgateway
|
||||||
action: DENY
|
action: DENY
|
||||||
rules:
|
rules:
|
||||||
|
# block access to metrics via Ingress
|
||||||
- to:
|
- to:
|
||||||
- operation:
|
- operation:
|
||||||
hosts: ["{{ .Values.keycloak.istio.url }}"]
|
hosts: ["{{ .Values.keycloak.istio.url }}"]
|
||||||
|
@ -14,5 +14,5 @@ spec:
|
|||||||
http:
|
http:
|
||||||
- route:
|
- route:
|
||||||
- destination:
|
- destination:
|
||||||
host: {{ template "kubezero-lib.fullname" $ }}-service
|
host: {{ template "kubezero-lib.fullname" $ }}-keycloak
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -1,56 +0,0 @@
|
|||||||
{{- if .Values.keycloak.enabled }}
|
|
||||||
apiVersion: k8s.keycloak.org/v2alpha1
|
|
||||||
kind: Keycloak
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubezero-lib.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels:
|
|
||||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
instances: {{ .Values.keycloak.replicas }}
|
|
||||||
|
|
||||||
additionalOptions:
|
|
||||||
# Needs int casting thx to https://github.com/kubernetes-sigs/yaml/issues/45
|
|
||||||
{{- if lt (int .Values.keycloak.replicas) 2 }}
|
|
||||||
- name: cache
|
|
||||||
value: local
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.postgresql.enabled }}
|
|
||||||
- name: db
|
|
||||||
value: postgres
|
|
||||||
- name: db-url-host
|
|
||||||
value: {{ template "kubezero-lib.fullname" . }}-postgresql
|
|
||||||
- name: db-username
|
|
||||||
value: keycloak
|
|
||||||
- name: db-password
|
|
||||||
secret:
|
|
||||||
name: {{ template "kubezero-lib.fullname" . }}-postgresql
|
|
||||||
key: password
|
|
||||||
{{- else }}
|
|
||||||
# Fallback to local file within the pod - dev ONLY !!
|
|
||||||
- name: db
|
|
||||||
value: dev-file
|
|
||||||
{{- end }}
|
|
||||||
- name: hostname-strict-https
|
|
||||||
value: "false"
|
|
||||||
- name: proxy
|
|
||||||
value: edge
|
|
||||||
- name: http-enabled
|
|
||||||
value: "true"
|
|
||||||
- name: log-console-output
|
|
||||||
value: json
|
|
||||||
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
http:
|
|
||||||
httpEnabled: true
|
|
||||||
|
|
||||||
# We use Istio Ingress to terminate TLS
|
|
||||||
# mTls down the road
|
|
||||||
hostname:
|
|
||||||
hostname: {{ default "keycloak" .Values.keycloak.istio.url }}
|
|
||||||
strict: false
|
|
||||||
strictBackchannel: false
|
|
||||||
{{- end }}
|
|
@ -1,237 +0,0 @@
|
|||||||
{{- if .Values.keycloak.enabled }}
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
name: keycloak-operator
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
name: keycloak-operator
|
|
||||||
spec:
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 80
|
|
||||||
targetPort: 8080
|
|
||||||
selector:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
type: ClusterIP
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: Role
|
|
||||||
metadata:
|
|
||||||
name: keycloak-operator-role
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- apps
|
|
||||||
- extensions
|
|
||||||
resources:
|
|
||||||
- statefulsets
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- secrets
|
|
||||||
- services
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
- apiGroups:
|
|
||||||
- batch
|
|
||||||
resources:
|
|
||||||
- jobs
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
- apiGroups:
|
|
||||||
- networking.k8s.io
|
|
||||||
resources:
|
|
||||||
- ingresses
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
name: keycloak-operator-role-binding
|
|
||||||
roleRef:
|
|
||||||
kind: Role
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
name: keycloak-operator-role
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: keycloak-operator
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: keycloak-operator-view
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
name: view
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: keycloak-operator
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: keycloakcontroller-role-binding
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
name: keycloakcontroller-cluster-role
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: keycloak-operator
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: RoleBinding
|
|
||||||
metadata:
|
|
||||||
name: keycloakrealmimportcontroller-role-binding
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
name: keycloakrealmimportcontroller-cluster-role
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: keycloak-operator
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: keycloakcontroller-cluster-role
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- k8s.keycloak.org
|
|
||||||
resources:
|
|
||||||
- keycloaks
|
|
||||||
- keycloaks/status
|
|
||||||
- keycloaks/finalizers
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: keycloakrealmimportcontroller-cluster-role
|
|
||||||
rules:
|
|
||||||
- apiGroups:
|
|
||||||
- k8s.keycloak.org
|
|
||||||
resources:
|
|
||||||
- keycloakrealmimports
|
|
||||||
- keycloakrealmimports/status
|
|
||||||
- keycloakrealmimports/finalizers
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- watch
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
---
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
name: keycloak-operator
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
annotations:
|
|
||||||
app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/name: keycloak-operator
|
|
||||||
app.kubernetes.io/version: 21.1.1
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- env:
|
|
||||||
- name: KUBERNETES_NAMESPACE
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
- name: OPERATOR_KEYCLOAK_IMAGE
|
|
||||||
value: quay.io/keycloak/keycloak:21.1.1
|
|
||||||
image: quay.io/keycloak/keycloak-operator:21.1.1
|
|
||||||
imagePullPolicy: Always
|
|
||||||
livenessProbe:
|
|
||||||
failureThreshold: 3
|
|
||||||
httpGet:
|
|
||||||
path: /q/health/live
|
|
||||||
port: 8080
|
|
||||||
scheme: HTTP
|
|
||||||
initialDelaySeconds: 0
|
|
||||||
periodSeconds: 30
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
|
||||||
name: keycloak-operator
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
name: http
|
|
||||||
protocol: TCP
|
|
||||||
readinessProbe:
|
|
||||||
failureThreshold: 3
|
|
||||||
httpGet:
|
|
||||||
path: /q/health/ready
|
|
||||||
port: 8080
|
|
||||||
scheme: HTTP
|
|
||||||
initialDelaySeconds: 0
|
|
||||||
periodSeconds: 30
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
|
||||||
serviceAccountName: keycloak-operator
|
|
||||||
{{- end }}
|
|
@ -1,15 +0,0 @@
|
|||||||
{{- if and .Values.keycloak.podDisruptionBudget (gt (int .Values.keycloak.replicas) 1) }}
|
|
||||||
apiVersion: policy/v1
|
|
||||||
kind: PodDisruptionBudget
|
|
||||||
metadata:
|
|
||||||
name: {{ template "kubezero-lib.fullname" . }}
|
|
||||||
namespace: {{ .Release.Namespace }}
|
|
||||||
labels:
|
|
||||||
{{- include "kubezero-lib.labels" . | nindent 4 }}
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: keycloak
|
|
||||||
app.kubernetes.io/managed-by: keycloak-operator
|
|
||||||
{{- toYaml .Values.keycloak.podDisruptionBudget | nindent 2 }}
|
|
||||||
{{- end }}
|
|
@ -1,19 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# https://www.keycloak.org/operator/installation
|
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
helm dep update
|
. ../../scripts/lib-update.sh
|
||||||
|
|
||||||
# Operator
|
login_ecr_public
|
||||||
VERSION=$(yq eval '.appVersion' Chart.yaml)
|
update_helm
|
||||||
|
|
||||||
wget -O crds/keycloak.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/"${VERSION}"/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
|
|
||||||
wget -O crds/keycloak-realmimports.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/"${VERSION}"/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml
|
|
||||||
|
|
||||||
wget -O templates/keycloak/operator.yaml https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/"${VERSION}"/kubernetes/kubernetes.yml
|
|
||||||
patch -i keycloak.patch -p0 --no-backup-if-mismatch
|
|
||||||
|
|
||||||
# Fetch dashboards
|
# Fetch dashboards
|
||||||
../kubezero-metrics/sync_grafana_dashboards.py dashboards-keycloak.yaml templates/keycloak/grafana-dashboards.yaml
|
../kubezero-metrics/sync_grafana_dashboards.py dashboards-keycloak.yaml templates/keycloak/grafana-dashboards.yaml
|
||||||
|
|
||||||
|
update_docs
|
||||||
|
@ -1,29 +1,43 @@
|
|||||||
keycloak:
|
keycloak:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
replicas: 1
|
proxy: edge
|
||||||
podDisruptionBudget:
|
production: true
|
||||||
|
|
||||||
|
auth:
|
||||||
|
adminUser: admin
|
||||||
|
existingSecret: kubezero-auth
|
||||||
|
passwordSecretKey: admin-password
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
pdb:
|
||||||
|
create: false
|
||||||
minAvailable: 1
|
minAvailable: 1
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: false
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 512Mi
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
auth:
|
||||||
|
existingSecret: kubezero-auth
|
||||||
|
username: keycloak
|
||||||
|
database: keycloak
|
||||||
|
|
||||||
|
primary:
|
||||||
|
persistence:
|
||||||
|
size: 1Gi
|
||||||
|
|
||||||
|
readReplicas:
|
||||||
|
replicaCount: 0
|
||||||
|
|
||||||
istio:
|
istio:
|
||||||
enabled: false
|
enabled: false
|
||||||
gateway: istio-ingress/private-ingressgateway
|
gateway: istio-ingress/private-ingressgateway
|
||||||
url: ""
|
url: ""
|
||||||
|
|
||||||
metrics:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
postgresql:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
auth:
|
|
||||||
existingSecret: kubezero-auth-postgresql
|
|
||||||
username: keycloak
|
|
||||||
database: keycloak
|
|
||||||
|
|
||||||
primary:
|
|
||||||
persistence:
|
|
||||||
size: 1Gi
|
|
||||||
|
|
||||||
readReplicas:
|
|
||||||
replicaCount: 0
|
|
||||||
|
@ -105,7 +105,7 @@ kube-prometheus-stack:
|
|||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 512Mi
|
memory: 2Gi
|
||||||
cpu: 500m
|
cpu: 500m
|
||||||
limits:
|
limits:
|
||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
|
Loading…
Reference in New Issue
Block a user