From 842d3121a431cffb87fd65c5e70b24f08b500afc Mon Sep 17 00:00:00 2001 From: Darkfella91 Date: Fri, 8 Nov 2024 23:37:48 +0200 Subject: [PATCH] test --- .../keycloak/keycloak/app/certificate.yaml | 15 - .../keycloak/keycloak/app/externalsecret.yaml | 42 --- .../keycloak/keycloak/app/helmrelease.yaml | 306 ------------------ .../keycloak/keycloak/app/kustomization.yaml | 8 - .../main/apps/keycloak/keycloak/ks.yaml | 23 -- .../main/apps/keycloak/kustomization.yaml | 9 - kubernetes/main/apps/keycloak/namespace.yaml | 5 - 7 files changed, 408 deletions(-) delete mode 100644 kubernetes/main/apps/keycloak/keycloak/app/certificate.yaml delete mode 100644 kubernetes/main/apps/keycloak/keycloak/app/externalsecret.yaml delete mode 100644 kubernetes/main/apps/keycloak/keycloak/app/helmrelease.yaml delete mode 100644 kubernetes/main/apps/keycloak/keycloak/app/kustomization.yaml delete mode 100644 kubernetes/main/apps/keycloak/keycloak/ks.yaml delete mode 100644 kubernetes/main/apps/keycloak/kustomization.yaml delete mode 100644 kubernetes/main/apps/keycloak/namespace.yaml diff --git a/kubernetes/main/apps/keycloak/keycloak/app/certificate.yaml b/kubernetes/main/apps/keycloak/keycloak/app/certificate.yaml deleted file mode 100644 index 20a9ea881..000000000 --- a/kubernetes/main/apps/keycloak/keycloak/app/certificate.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/cert-manager.io/certificate_v1.json -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: keycloak-tls -spec: - secretName: keycloak-tls - issuerRef: - name: zerossl-prod - kind: ClusterIssuer - commonName: auth.${PUBLIC_DOMAIN} - dnsNames: - - auth.${PUBLIC_DOMAIN} - - admin.auth.${PUBLIC_DOMAIN} diff --git a/kubernetes/main/apps/keycloak/keycloak/app/externalsecret.yaml b/kubernetes/main/apps/keycloak/keycloak/app/externalsecret.yaml deleted file mode 100644 index 83735eb78..000000000 --- a/kubernetes/main/apps/keycloak/keycloak/app/externalsecret.yaml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: &secret github-credentials -spec: - refreshInterval: 1h - secretStoreRef: - name: vault-backend - kind: ClusterSecretStore - target: - template: - type: kubernetes.io/dockerconfigjson - data: - .dockerconfigjson: '{"auths":{"{{ .registryHost }}":{"username":"{{ .registryName }}","password":"{{ .password }}","email":"{{ .registryName}}","auth":"{{ printf "%s:%s" .registryName .password | b64enc }}"}}}' - dataFrom: - - extract: - key: secrets/github-credentials ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: &secret keycloak-initdb-secret -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault-backend - target: - name: *secret - template: - engineVersion: v2 - data: - INIT_POSTGRES_DBNAME: keycloak - INIT_POSTGRES_HOST: postgres17-rw.database.svc.cluster.local - INIT_POSTGRES_USER: "{{ .KEYCLOAK_POSTGRES_USER }}" - INIT_POSTGRES_PASS: "{{ .KEYCLOAK_POSTGRES_PASS }}" - INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" - dataFrom: - - extract: - key: secrets/cloudnative-pg diff --git a/kubernetes/main/apps/keycloak/keycloak/app/helmrelease.yaml b/kubernetes/main/apps/keycloak/keycloak/app/helmrelease.yaml deleted file mode 100644 index 82c46c9a1..000000000 --- a/kubernetes/main/apps/keycloak/keycloak/app/helmrelease.yaml +++ /dev/null @@ -1,306 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app keycloak -spec: - interval: 30m - chart: - spec: - chart: keycloak - version: 18.4.4 - sourceRef: - kind: HelmRepository - name: codecentric - namespace: flux-system - maxHistory: 3 - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - extraInitContainers: | - - name: keycloak-initdb - image: "ghcr.io/onedr0p/postgres-init:16.4@sha256:e41c745b54485341e00efbd27556f0717623a119f0d5107e5ff831aa1322c76f" - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: keycloak-initdb-secret - - replicas: 1 - image: - repository: ghcr.io/darkfella91/keycloak - tag: latest - pullPolicy: IfNotPresent - - imagePullSecrets: - - name: github-credentials - - hostAliases: [] - - enableServiceLinks: true - - podManagementPolicy: Parallel - - updateStrategy: RollingUpdate - - restartPolicy: Always - serviceAccount: - create: true - name: "" - annotations: {} - labels: {} - imagePullSecrets: [] - - rbac: - create: true - rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - podSecurityContext: - fsGroup: 1000 - - securityContext: - runAsUser: 1000 - runAsNonRoot: true - - terminationGracePeriodSeconds: 60 - - clusterDomain: cluster.local - - command: [] - - args: - - start - - --optimized - - --verbose - - extraEnv: | - - name: KC_BOOTSTRAP_ADMIN_USERNAME - value: admin - - name: KC_BOOTSTRAP_ADMIN_PASSWORD - value: test - - name: JAVA_OPTS_APPEND - value: -Djgroups.dns.query=keycloak-headless.idp.svc.cluster.local - - extraEnvFrom: "" - - priorityClassName: "" - - nodeSelector: {} - - tolerations: [] - - podLabels: {} - - podAnnotations: {} - - livenessProbe: | - httpGet: - path: /auth/ - port: http - initialDelaySeconds: 0 - timeoutSeconds: 5 - - readinessProbe: | - httpGet: - path: /auth/realms/master - port: http - initialDelaySeconds: 30 - timeoutSeconds: 1 - - startupProbe: | - httpGet: - path: /auth/ - port: http - initialDelaySeconds: 30 - timeoutSeconds: 1 - failureThreshold: 60 - periodSeconds: 5 - - resources: - requests: - cpu: "500m" - memory: "1024Mi" - limits: - cpu: "500m" - memory: "1024Mi" - - startupScripts: - keycloak.cli: | - {{- .Files.Get "scripts/keycloak.cli" }} - - extraVolumes: | - - name: cert - type: secret - secretName: keycloak-tls - - extraVolumeMounts: | - - name: cert - mountPath: /etc/ssl/custom/certfile.pem - subPath: tls.crt - readOnly: true - - name: cert - mountPath: /etc/ssl/custom/keyfile.pem - subPath: tls.key - readOnly: true - - extraPorts: [] - - podDisruptionBudget: {} - - statefulsetAnnotations: {} - - statefulsetLabels: {} - - service: - annotations: {} - labels: {} - type: ClusterIP - loadBalancerIP: "" - httpPort: 80 - httpNodePort: null - httpsPort: 8443 - httpsNodePort: null - httpManagementPort: 9990 - httpManagementNodePort: null - loadBalancerSourceRanges: [] - externalTrafficPolicy: "Cluster" - sessionAffinity: "" - sessionAffinityConfig: {} - - ingress: - enabled: false - ingressClassName: "external" - servicePort: http - annotations: - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - rules: - - - host: 'auth.${PUBLIC_DOMAIN}' - paths: - - path: / - pathType: Prefix - tls: - - hosts: - - auth.${PUBLIC_DOMAIN} - secretName: "keycloak-tls" - - console: - enabled: false - ingressClassName: "internal" - annotations: {} - rules: - - - host: 'auth.${PUBLIC_DOMAIN}' - paths: - - path: /auth/admin/ - pathType: Prefix - tls: - - hosts: - - console.auth.${PUBLIC_DOMAIN} - secretName: "keycloak-console-tls" - - networkPolicy: - enabled: false - - pgchecker: - image: - repository: docker.io/busybox - tag: 1.32 - pullPolicy: IfNotPresent - securityContext: - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - resources: - requests: - cpu: "20m" - memory: "32Mi" - limits: - cpu: "20m" - memory: "32Mi" - - postgresql: - enabled: false - - serviceMonitor: - enabled: true - namespace: "" - namespaceSelector: {} - annotations: {} - labels: {} - interval: 10s - scrapeTimeout: 10s - path: /metrics - port: http-management - - extraServiceMonitor: - enabled: false - namespace: "" - namespaceSelector: {} - annotations: {} - labels: {} - interval: 10s - scrapeTimeout: 10s - path: /auth/realms/master/metrics - port: http - - prometheusRule: - enabled: true - annotations: {} - labels: {} - rules: - - alert: keycloak-IngressHigh5xxRate - annotations: - message: The percentage of 5xx errors for keycloak over the last 5 minutes is over 1%. - expr: | - ( - sum( - rate( - nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak",status=~"5[0-9]{2}"}[1m] - ) - ) - / - sum( - rate( - nginx_ingress_controller_response_duration_seconds_count{exported_namespace="mynamespace",ingress="mynamespace-keycloak"}[1m] - ) - ) - ) * 100 > 1 - for: 5m - labels: - severity: warning - - autoscaling: - enabled: false - labels: {} - minReplicas: 3 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 80 - behavior: - scaleDown: - stabilizationWindowSeconds: 300 - policies: - - type: Pods - value: 1 - periodSeconds: 300 diff --git a/kubernetes/main/apps/keycloak/keycloak/app/kustomization.yaml b/kubernetes/main/apps/keycloak/keycloak/app/kustomization.yaml deleted file mode 100644 index 493810fd6..000000000 --- a/kubernetes/main/apps/keycloak/keycloak/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./certificate.yaml - - ./externalsecret.yaml - - ./helmrelease.yaml diff --git a/kubernetes/main/apps/keycloak/keycloak/ks.yaml b/kubernetes/main/apps/keycloak/keycloak/ks.yaml deleted file mode 100644 index e7d24457c..000000000 --- a/kubernetes/main/apps/keycloak/keycloak/ks.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app keycloak - namespace: flux-system -spec: - dependsOn: - - name: external-secrets-stores - - name: cloudnative-pg-cluster - targetNamespace: idp - commonMetadata: - labels: - app.kubernetes.io/name: *app - path: ./kubernetes/main/apps/keycloak/keycloak/app - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - timeout: 5m diff --git a/kubernetes/main/apps/keycloak/kustomization.yaml b/kubernetes/main/apps/keycloak/kustomization.yaml deleted file mode 100644 index 08595c977..000000000 --- a/kubernetes/main/apps/keycloak/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - # Flux-Kustomizations - - ./keycloak/ks.yaml diff --git a/kubernetes/main/apps/keycloak/namespace.yaml b/kubernetes/main/apps/keycloak/namespace.yaml deleted file mode 100644 index 8c452403a..000000000 --- a/kubernetes/main/apps/keycloak/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: idp