Blame - rapps/keycloak.yaml - local/oransc/nonrtric-prototyping

blob: d1d3d8eec28745fe75f63929d8addbefc2f440ca [file] [log] [blame]

ktimoney	3570d5a	2022-05-24 13:54:55 +0100	[diff] [blame]	1	#
				2	# ============LICENSE_START=======================================================
				3	# Copyright (C) 2022 Nordix Foundation.
				4	# ================================================================================
				5	# Licensed under the Apache License, Version 2.0 (the "License");
				6	# you may not use this file except in compliance with the License.
				7	# You may obtain a copy of the License at
				8	#
				9	# http://www.apache.org/licenses/LICENSE-2.0
				10	#
				11	# Unless required by applicable law or agreed to in writing, software
				12	# distributed under the License is distributed on an "AS IS" BASIS,
				13	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	# See the License for the specific language governing permissions and
				15	# limitations under the License.
				16	#
				17	# SPDX-License-Identifier: Apache-2.0
				18	# ============LICENSE_END=========================================================
				19	#
ktimoney	f27b513	2022-03-07 16:48:47 +0000	[diff] [blame]	20	apiVersion: v1
				21	kind: ServiceAccount
				22	metadata:
				23	name: keycloak
				24	namespace: default
				25	---
				26	apiVersion: v1
				27	kind: Service
				28	metadata:
				29	name: keycloak
				30	labels:
				31	app: keycloak
				32	spec:
				33	type: ExternalName
				34	externalName: keycloak.local
				35	ports:
				36	- name: http
				37	port: 8080
				38	targetPort: 8080
				39	nodePort: 31560
				40	- name: https
				41	port: 8443
				42	targetPort: 8443
				43	nodePort: 31561
				44	selector:
				45	app: keycloak
				46	type: LoadBalancer
				47	---
				48	apiVersion: apps/v1
				49	kind: Deployment
				50	metadata:
				51	name: keycloak
				52	namespace: default
				53	labels:
				54	app: keycloak
				55	spec:
				56	replicas: 1
				57	selector:
				58	matchLabels:
				59	app: keycloak
				60	template:
				61	metadata:
				62	labels:
				63	app: keycloak
				64	spec:
				65	initContainers:
				66	- name: init-postgres
				67	image: busybox
				68	imagePullPolicy: IfNotPresent
				69	command: ['sh', '-c', 'until nc -vz postgres 5432; do echo waiting for postgres db; sleep 2; done;']
				70	serviceAccountName: keycloak
				71	containers:
				72	- name: keycloak
				73	image: quay.io/keycloak/keycloak:latest
				74	imagePullPolicy: IfNotPresent
				75	env:
				76	- name: KEYCLOAK_USER
				77	value: "admin"
				78	- name: KEYCLOAK_PASSWORD
				79	value: "admin"
				80	- name: KEYCLOAK_HTTPS_PORT
				81	value: "8443"
				82	- name: PROXY_ADDRESS_FORWARDING
				83	value: "true"
				84	- name: MANAGEMENT_USER
				85	value: "wildfly-admin"
				86	- name: MANAGEMENT_PASSWORD
				87	value: "secret"
				88	- name: INGRESS_ENABLED
				89	value: "false"
				90	- name: DB_VENDOR
				91	value: "postgres"
				92	- name: DB_ADDR
				93	value: "postgres"
				94	- name: DB_PORT
				95	value: "5432"
				96	- name: DB_DATABASE
				97	value: "keycloak"
				98	- name: DB_USER
				99	value: "keycloak"
				100	- name : DB_PASSWORD
				101	value: "keycloak"
				102	- name : X509_CA_BUNDLE
				103	value: /etc/x509/https/rootCA.crt
				104	ports:
				105	- name: http
				106	containerPort: 8080
				107	- name: https
				108	containerPort: 8443
				109	readinessProbe:
				110	httpGet:
				111	path: /auth/realms/master
				112	port: 8080
				113	volumeMounts:
				114	- name: keycloak-certs
				115	mountPath: /etc/x509/https
ktimoney	3570d5a	2022-05-24 13:54:55 +0100	[diff] [blame]	116	- name: authz-js-policies
				117	mountPath: /opt/jboss/keycloak/standalone/deployments/authz-js-policies.jar
ktimoney	f27b513	2022-03-07 16:48:47 +0000	[diff] [blame]	118	volumes:
				119	- name: keycloak-certs
ktimoney	3570d5a	2022-05-24 13:54:55 +0100	[diff] [blame]	120	hostPath:
				121	path: /var/keycloak/certs
				122	type: Directory
				123	- name: authz-js-policies
				124	hostPath:
				125	path: /var/keycloak/deployments/authz-js-policies.jar
				126	type: File
ktimoney	f27b513	2022-03-07 16:48:47 +0000	[diff] [blame]	127	---
ktimoney	8ead72a	2022-04-12 15:10:10 +0100	[diff] [blame]	128	apiVersion: networking.istio.io/v1alpha3
				129	kind: Gateway
				130	metadata:
				131	name: kcgateway
				132	spec:
				133	selector:
				134	istio: ingressgateway # use istio default ingress gateway
				135	servers:
				136	- port:
				137	number: 443
				138	name: https
				139	protocol: HTTPS
				140	tls:
				141	mode: PASSTHROUGH
				142	hosts:
				143	- keycloak.est.tech
				144	- port:
				145	number: 80
				146	name: http
				147	protocol: HTTP
				148	hosts:
				149	- "*"
				150	---
				151	apiVersion: networking.istio.io/v1alpha3
				152	kind: VirtualService
				153	metadata:
				154	name: keycloak-tls-vs
				155	spec:
				156	hosts:
				157	- keycloak.est.tech
				158	gateways:
				159	- kcgateway
				160	tls:
				161	- match:
				162	- port: 443
				163	sniHosts:
				164	- keycloak.est.tech
				165	route:
				166	- destination:
				167	host: keycloak.default.svc.cluster.local
				168	port:
				169	number: 8443
				170	---
				171	apiVersion: networking.istio.io/v1beta1
				172	kind: VirtualService
				173	metadata:
				174	name: keycloak-vs
				175	spec:
				176	hosts:
				177	- "*"
				178	gateways:
				179	- kcgateway
				180	http:
				181	- name: "keycloak-routes"
				182	match:
				183	- uri:
				184	prefix: "/auth"
				185	route:
				186	- destination:
				187	port:
				188	number: 8080
				189	host: keycloak.default.svc.cluster.local
				190	---