(cluster/ayekan) add keycloak

Author: cbarria

fleet/lib/keycloak-pg/fleet.yaml

@@ -13,6 +13,17 @@ dependsOn:
       matchLabels:
         bundle: cnpg-system
 targetCustomizations:
+  - name: luan
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - ayekan
+    yaml:
+      overlays:
+        - generic
+        - ayekan
   - name: luan
     clusterSelector:
       matchExpressions:

fleet/lib/keycloak-pg/overlays/ayekan/service-keycloak-pg.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak-pg
+  labels:
+    cnpg.io/cluster: keycloak-pg
+  annotations:
+    metallb.universe.tf/loadBalancerIPs: 139.229.144.45
+spec:
+  ports:
+    - name: postgres
+      port: 5432
+      protocol: TCP
+  selector:
+    cnpg.io/cluster: keycloak-pg
+    role: primary
+  type: LoadBalancer

fleet/lib/keycloak-pre/externalsecret-keycloak-realm-master.yaml

@@ -0,0 +1,14 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: keycloak-realm-master
+  namespace: keycloak
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword
+  data:
+    - secretKey: realm-master.json
+      remoteRef:
+        key: realm-master.json
+        property: notesPlain

fleet/lib/keycloak/1

@@ -0,0 +1,63 @@
+---
+defaultNamespace: &name keycloak
+namespaceLabels:
+  lsst.io/discover: "true"
+labels:
+  bundle: *name
+helm:
+  chart: *name
+  releaseName: *name
+  repo: https://charts.bitnami.com/bitnami
+  version: 17.3.6
+  timeoutSeconds: 60
+  waitForJobs: true
+  valuesFiles:
+    - values.yaml
+dependsOn:
+  - selector:
+      matchLabels:
+        bundle: keycloak-pre
+  - selector:
+      matchLabels:
+        bundle: keycloak-pg
+targetCustomizations:
+  - name: ayekan
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - ayekan
+    helm:
+      valuesFiles:
+        - overlays/ayekan/values.yaml
+  - name: luan
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - luan
+    helm:
+      valuesFiles:
+        - overlays/luan/values.yaml
+  - name: pillan
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - pillan
+    helm:
+      valuesFiles:
+        - overlays/pillan/values.yaml
+  - name: yepun
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - yepun
+    helm:
+      valuesFiles:
+        - overlays/yepun/values.yaml

fleet/lib/keycloak/fleet.yaml

@@ -21,6 +21,16 @@ dependsOn:
       matchLabels:
         bundle: keycloak-pg
 targetCustomizations:
+  - name: ayekan
+    clusterSelector:
+      matchExpressions:
+        - key: management.cattle.io/cluster-display-name
+          operator: In
+          values:
+            - ayekan
+    helm:
+      valuesFiles:
+        - overlays/ayekan/values.yaml
   - name: luan
     clusterSelector:
       matchExpressions:

fleet/lib/keycloak/overlays/ayekan/values.yaml

@@ -0,0 +1,43 @@
+---
+replicaCount: 1
+
+resources:
+  limits:
+    cpu: 1000m
+    memory: 2Gi
+  requests:
+    cpu: 500m
+    memory: 1Gi
+
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/enable-hsts: false
+
+# extraVolumes:
+#   - name: keycloak-backup
+#     secret:
+#       secretName: keycloak-realm-master
+# 
+# extraVolumeMounts:
+#   - name: keycloak-backup
+#     mountPath: /mnt/keycloak-backup
+#     readOnly: true
+# 
+# extraEnvVars:
+#   - name: KC_CACHE
+#     value: local
+# 
+# keycloakConfigCli:
+#   enabled: true
+#   extraVolumes:
+#     - name: keycloak-backup
+#       secret:
+#         secretName: keycloak-realm-master
+#   extraVolumeMounts:
+#     - name: keycloak-backup
+#       mountPath: /mnt/keycloak-backup
+#       readOnly: true
+#   extraEnvVars:
+#     - name: IMPORT_FILES_LOCATIONS
+#       value: /mnt/keycloak-backup/realm-master.json

fleet/s/dev/c/ayekan/cnpg-system

@@ -0,0 +1 @@
+../../../../lib/cnpg-system

fleet/s/dev/c/ayekan/keycloak

@@ -0,0 +1 @@
+../../../../lib/keycloak

fleet/s/dev/c/ayekan/keycloak-pg

@@ -0,0 +1 @@
+../../../../lib/keycloak-pg

fleet/s/dev/c/ayekan/keycloak-pre

@@ -0,0 +1 @@
+../../../../lib/keycloak-pre