diff --git a/kubernetes/kyak/apps/auth/keycloak/app/crds/kustomization.yaml b/kubernetes/kyak/apps/auth/keycloak/app/crds/kustomization.yaml new file mode 100644 index 0000000000..4bf305b25d --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/crds/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # renovate: datasource=github-releases depName=keycloak/keycloak-k8s-resources + - https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/25.0.4/kubernetes/keycloaks.k8s.keycloak.org-v1.yml + # renovate: datasource=github-releases depName=keycloak/keycloak-k8s-resources + - https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/25.0.4/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml diff --git a/kubernetes/kyak/apps/auth/keycloak/app/deployment.yaml b/kubernetes/kyak/apps/auth/keycloak/app/deployment.yaml new file mode 100644 index 0000000000..2b59944c9d --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/deployment.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.8.5 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2024-08-19 - 09:23:49 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: 25.0.4 + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator +spec: + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: keycloak-operator + template: + metadata: + annotations: + app.quarkus.io/quarkus-version: 3.8.5 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2024-08-19 - 09:23:49 +0000 + labels: + app.kubernetes.io/managed-by: quarkus + app.kubernetes.io/version: 25.0.4 + app.kubernetes.io/name: keycloak-operator + spec: + containers: + - env: + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: RELATED_IMAGE_KEYCLOAK + value: quay.io/keycloak/keycloak:25.0.4 + image: quay.io/keycloak/keycloak-operator:25.0.4 + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /q/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + name: keycloak-operator + ports: + - containerPort: 8080 + name: http + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /q/health/ready + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + startupProbe: + failureThreshold: 3 + httpGet: + path: /q/health/started + port: 8080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 + serviceAccountName: keycloak-operator diff --git a/kubernetes/kyak/apps/auth/keycloak/app/kustomization.yaml b/kubernetes/kyak/apps/auth/keycloak/app/kustomization.yaml new file mode 100644 index 0000000000..8cf3864411 --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./crds + - ./rbac.yaml + - ./service.yaml + - ./serviceaccount.yaml + - ./deployment.yaml diff --git a/kubernetes/kyak/apps/auth/keycloak/app/rbac.yaml b/kubernetes/kyak/apps/auth/keycloak/app/rbac.yaml new file mode 100644 index 0000000000..eeea496eef --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/rbac.yaml @@ -0,0 +1,260 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloak-operator-clusterrole +rules: + - apiGroups: + - config.openshift.io + resources: + - ingresses + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloakrealmimportcontroller-cluster-role +rules: + - apiGroups: + - k8s.keycloak.org + resources: + - keycloakrealmimports + - keycloakrealmimports/status + - keycloakrealmimports/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - patch + - update + - delete + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: keycloakcontroller-cluster-role +rules: + - apiGroups: + - k8s.keycloak.org + resources: + - keycloaks + - keycloaks/status + - keycloaks/finalizers + verbs: + - get + - list + - watch + - patch + - update + - create + - delete + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - patch + - update + - delete + - create + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - delete + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + name: keycloak-operator-clusterrole-binding +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloak-operator-clusterrole +subjects: + - kind: ServiceAccount + name: keycloak-operator + namespace: keycloak +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: keycloak-operator-role +rules: + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + - services + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + name: keycloak-operator-role-binding +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: keycloak-operator-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: keycloakrealmimportcontroller-role-binding +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloakrealmimportcontroller-cluster-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: keycloakcontroller-role-binding +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: keycloakcontroller-cluster-role +subjects: + - kind: ServiceAccount + name: keycloak-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: 25.0.4 + name: keycloak-operator-view +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: view +subjects: + - kind: ServiceAccount + name: keycloak-operator diff --git a/kubernetes/kyak/apps/auth/keycloak/app/service.yaml b/kubernetes/kyak/apps/auth/keycloak/app/service.yaml new file mode 100644 index 0000000000..24c7d57d09 --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/service.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.8.5 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2024-08-19 - 09:23:49 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: 25.0.4 + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: keycloak-operator + type: ClusterIP diff --git a/kubernetes/kyak/apps/auth/keycloak/app/serviceaccount.yaml b/kubernetes/kyak/apps/auth/keycloak/app/serviceaccount.yaml new file mode 100644 index 0000000000..fad9406f90 --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/app/serviceaccount.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + app.quarkus.io/quarkus-version: 3.8.5 + app.quarkus.io/vcs-uri: https://github.com/keycloak/keycloak.git + app.quarkus.io/build-timestamp: 2024-08-19 - 09:23:49 +0000 + labels: + app.kubernetes.io/name: keycloak-operator + app.kubernetes.io/version: 25.0.4 + app.kubernetes.io/managed-by: quarkus + name: keycloak-operator diff --git a/kubernetes/kyak/apps/auth/keycloak/ks.yaml b/kubernetes/kyak/apps/auth/keycloak/ks.yaml new file mode 100644 index 0000000000..49c442a76a --- /dev/null +++ b/kubernetes/kyak/apps/auth/keycloak/ks.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app keycloak + namespace: flux-system +spec: + targetNamespace: auth + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/kyak/apps/auth/keycloak/app + prune: true + sourceRef: + kind: GitRepository + name: home-kubernetes + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/kyak/apps/auth/kustomization.yaml b/kubernetes/kyak/apps/auth/kustomization.yaml index 4f9c3db479..5d5bb35289 100644 --- a/kubernetes/kyak/apps/auth/kustomization.yaml +++ b/kubernetes/kyak/apps/auth/kustomization.yaml @@ -5,5 +5,6 @@ kind: Kustomization resources: - ./namespace.yaml - ./authelia/ks.yaml + - ./keycloak/ks.yaml - ./lldap/ks.yaml - ./smtp-relay/ks.yaml