-
Notifications
You must be signed in to change notification settings - Fork 0
/
run_kc_system.sh
executable file
·137 lines (92 loc) · 3.74 KB
/
run_kc_system.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/usr/bin/env bash
set +x
echo -e "===========================================\n"
echo -e "Deploying Keycloak and PostgreSQL-HA to k8s\n"
echo -e "===========================================\n"
namespace="hbr-keycloak"
certmgr_ns="cert-manager"
kc_admin_pwd="password" # change it!
# values.yaml
kc_values="keycloak-values.yaml"
pg_values="postgresql-values.yaml"
# output
ADD="[ADD] "
DEL="[DELETE] "
GEN="[GENERATE] "
DEP="[DEPLOY] "
CRE="[CREATE] "
WAI="[WAIT] "
if kubectl get namespaces | grep -q "$namespace"; then
echo -e "$DEL namespace $namespace\n"
kubectl delete ns "$namespace" >/dev/null 2>&1
fi
if kubectl get namespaces | grep -q "$certmgr_ns"; then
echo -e "$DEL namespace $certmgr_ns\n"
kubectl delete ns "$certmgr_ns" >/dev/null 2>&1
fi
echo -e "$CRE namespace $namespace\n"
kubectl create namespace "$namespace" >/dev/null 2>&1
echo -e "$ADD bitnami Helm repo and update it\n"
helm repo add bitnami https://charts.bitnami.com/bitnami >/dev/null 2>&1
helm repo update >/dev/null 2>&1
echo -e "$GEN Keycloak admin password and secret\n"
KEYCLOAK_ADMIN_PASSWORD=$(echo -n "$kc_admin_pwd")
kubectl create secret generic keycloak-admin-password \
--from-literal=password=$KEYCLOAK_ADMIN_PASSWORD \
-n hbr-keycloak >/dev/null 2>&1
echo -e "$GEN passwords and secrets for PostgreSQL, RepMgr, and PgPool admin\n"
POSTGRES_ADMIN_PASSWORD=$(openssl rand -hex 16 | base64 | tr -d '\n')
POSTGRES_USER_PASSWORD=$(openssl rand -hex 16 | base64 | tr -d '\n')
REPMGR_PASSWORD=$(openssl rand -hex 16 | base64 | tr -d '\n')
PGPOOL_ADMIN_PASSWORD=$(openssl rand -hex 16 | base64 | tr -d '\n')
kubectl create secret generic postgresql-secret \
--from-literal=password=$POSTGRES_USER_PASSWORD \
--from-literal=postgres-password=$POSTGRES_ADMIN_PASSWORD \
--from-literal=repmgr-password=$REPMGR_PASSWORD \
-n hbr-keycloak >/dev/null 2>&1
kubectl create secret generic pgpool-secret \
--from-literal=admin-password=$PGPOOL_ADMIN_PASSWORD \
-n hbr-keycloak >/dev/null 2>&1
echo -e "$DEP PostgreSQL with Helm and $pg_values\n"
helm install postgresql-ha bitnami/postgresql-ha \
--namespace hbr-keycloak \
-f "$pg_values" >/dev/null 2>&1
echo -n "$WAI PostgreSQL..."
kubectl wait --namespace "$namespace" \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=pgpool \
--timeout=90s >/dev/null 2>&1
printf "OK\n"
echo -e "\n$DEP Keycloak with Helm and $kc_values\n"
helm install keycloak bitnami/keycloak \
--namespace hbr-keycloak \
-f "$kc_values" >/dev/null 2>&1
echo -e "$CRE namespace $certmgr_ns\n"
kubectl create namespace "$certmgr_ns" >/dev/null 2>&1
echo -e "$ADD jetstack Helm repo and update it\n"
helm repo add jetstack https://charts.jetstack.io >/dev/null 2>&1
helm repo update >/dev/null 2>&1
echo -e "$DEP CRDs for cert-manager\n"
certmgr_crds="https://github.com/cert-manager/cert-manager/releases/download/v1.11.1/cert-manager.crds.yaml"
kubectl apply -f "$certmgr_crds" >/dev/null 2>&1
echo -e "$DEP cert-manager\n"
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--version v1.11.1 >/dev/null 2>&1
echo -e "$DEP ClusterIssuer into namespace $namespace\n"
kubectl apply -f cluster-issuer-selfsigned.yaml \
-n "$namespace" >/dev/null 2>&1
echo -e "$DEP self-signed certificate into namespace $namespace\n"
kubectl apply -f selfsigned-certificate.yaml \
-n "$namespace" >/dev/null 2>&1
echo -e "$DEP NGINX-Ingress\n"
kubectl apply -f keycloak-ingress-with-cert-manager.yaml \
-n hbr-keycloak >/dev/null 2>&1
echo -n "$WAI Keycloak..."
kubectl wait --namespace "$namespace" \
--for=condition=ready pod \
--selector=app.kubernetes.io/component=keycloak \
--timeout=90s >/dev/null 2>&1
printf "OK\n"
echo -e "\nKeycloak and PostgreSQL-HA are ready!\n"
set -x