feat(doc): Improve Readme & sample

.github/workflows/build.yml

@@ -24,9 +24,12 @@ jobs:
                   registry: ghcr.io
                   username: ${{ github.actor }}
                   password: ${{ secrets.GITHUB_TOKEN }}
-            - name: Vet module
+            - name: Vet module minimum
               run: |
-                  timoni mod vet . -f test/minimum-values.cue
+                  timoni mod vet . -f samples/minimum/minimum-values.cue
+            - name: Vet module ha
+              run: |
+                  timoni mod vet . -f samples/ha/postgres-istio-values.cue
             - name: Push and Sign
               run: |
                   timoni mod push . \

README.md

@@ -1,15 +1,24 @@
-# keycloak
+# Keycloak Timoni module 
 
-A [timoni.sh](http://timoni.sh) module for deploying [keycloak](https://www.keycloak.org/) on Kubernetes clusters.
+[![Release](https://img.shields.io/github/v/release/yyvess/keycloak-timoni.svg)](https://github.com//yyvess/keycloak-timoni/releases)
+[![timoni.sh](https://img.shields.io/badge/timoni.sh-v0.18.0-7e56c2)](https://timoni.sh)
+[![kubernetes](https://img.shields.io/badge/kubernetes-v1.29.0-326CE5?logo=kubernetes&logoColor=white)](https://kubernetes.io)
+[![License](https://img.shields.io/github/license/nalum/cert-manager-module)](https://github.com/nalum/cert-manager-module/blob/main/LICENSE)
+
+* [Keycloak](https://www.keycloak.org/) is an Open Source Identity and Access Management
+* [Timoni.sh](http://timoni.sh) is an alternative of Helm chart based on [CUE](https://cuelang.org/)
+
+
+
+A [timoni.sh](http://timoni.sh) module for deploying [keycloak](https://www.keycloak.org/) to Kubernetes clusters.
 
-> [!IMPORTANT]
-> Note that module in under development and is still in its infancy.
-> Any feedback and PR are welcome
 
+> [!IMPORTANT]
+> Note that module is on beta, any feedback and PR are welcome
 
 ## Install
 
-To create an instance, create a file `my-values.cue` with the following content:
+To create a minimum instance, create a file `my-values.cue` with the following content:
 
 ```cue
 values: {
@@ -21,18 +30,18 @@ values: {
 		{name: "KC_LOG_LEVEL", value:       "INFO"},
 	]
 }
-
 ```
 
+
+
 And apply the values with:
 
 ```shell
 timoni -n keycloak apply keycloak oci://ghcr.io/yyvess/keycloak \
 --values ./my-values.cue
 ```
 
-By default, the server uses the dev-file database. This is the default database that the server will use to persist data and only exists for development use-cases. The dev-file database **is not suitable for production use-cases**, and must be replaced before deploying to production.
-
+By default, the server uses the **dev-file** database on an empty volume! The dev-file database **is not suitable for production use-cases**, and must be replaced with an others database type on production.
 
 ## Uninstall
 
@@ -44,4 +53,4 @@ timoni -n keycloak delete keycloak
 
 ## Configuration
 
-Look samples on test folder
+Some configuration examples can be found on [samples](samples) directory.

test/production-istio-values.cue → samples/ha/postgres-istio-values.cue

@@ -1,6 +1,8 @@
-// Note that this file must have no imports and all values must be concrete.
-
-// Unsecure Keycloak deployment in http with HA
+//
+// Keycloak HA deployment with Istio & Postgres database
+//
+// ! Requird a cluster with Cert manager, Istio & Zalando Postgres operator
+//
 
 @if(!debug)
 
@@ -49,15 +51,15 @@ values: {
 		username: {
 			valueFrom: {
 				secretKeyRef: {
-					name: "keycloakdb.credentials"
+					name: "keycloakdb-keycloak-owner-user.minimal-postgres.credentials"
 					key:  "username"
 				}
 			}
 		}
 		password: {
 			valueFrom: {
 				secretKeyRef: {
-					name: "keycloakdb.credentials"
+					name: "keycloakdb-keycloak-owner-user.minimal-postgres.credentials"
 					key:  "password"
 				}
 			}

samples/ha/postgres.yaml

@@ -0,0 +1,30 @@
+#####
+#
+# Deploy minimal postgres database
+#
+# kubectl apply -n postgres -f samples/ha/postgres.yaml
+#
+# Required Zalando Postgres operator installed on the cluster
+# https://github.com/zalando/postgres-operator?tab=readme-ov-file
+#
+
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+    name: minimal-postgres
+spec:
+    teamId: myorgs
+    spiloFSGroup: 103
+    spiloRunAsGroup: 103
+    spiloRunAsUser: 101
+    volume:
+        size: 1Gi
+    numberOfInstances: 1
+    preparedDatabases:
+        keycloakdb:
+            defaultUsers: false
+            schemas:
+                keycloak:
+                    defaultUsers: true
+    postgresql:
+        version: "15"

samples/minimum/minimum-values.cue

@@ -0,0 +1,18 @@
+//
+// Keycloak deployment minimum requirdement
+//
+// ! Not for prodution usage, Keycloak configuration is store on an empty directory
+//
+
+@if(!debug)
+
+package main
+
+// Defaults
+values: {
+
+	admin: {
+		password: {value: "admin"}
+	}
+
+}

test/certificate-values.cue

@@ -23,7 +23,7 @@ values: {
 	certificate: {
 		duration:    "2160h0m0s"
 		renewBefore: "360h0m0s"
-		subject: organizations: ["zelros.com"]
+		subject: organizations: ["myorg.com"]
 		privateKey: {
 			algorithm: "RSA"
 			encoding:  "PKCS1"

test/certificate.yaml

@@ -28,7 +28,7 @@ spec:
   secretName: keycloak-cert
   subject:
     organizations:
-    - zelros.com
+    - myorg.com
 ---
 apiVersion: v1
 immutable: true

test/minimum.yaml

@@ -1,111 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: test
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/component: web
-    app.kubernetes.io/managed-by: timoni
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 0.0.0-devel
-  name: keycloak-web
-  namespace: test
-spec:
-  ports:
-  - appProtocol: http
-    name: http
-    port: 8080
-    protocol: TCP
-    targetPort: http
-  selector:
-    app.kubernetes.io/name: keycloak
-  type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: timoni
-    app.kubernetes.io/name: keycloak
-    app.kubernetes.io/version: 0.0.0-devel
-  name: keycloak
-  namespace: test
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: keycloak
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: keycloak
-    spec:
-      containers:
-      - command:
-        - /opt/keycloak/bin/kc.sh
-        - start
-        env:
-        - name: KC_HEALTH_ENABLED
-          value: "true"
-        - name: KC_HTTP_ENABLED
-          value: "true"
-        - name: KC_CACHE
-          value: local
-        - name: KEYCLOAK_ADMIN
-          value: admin
-        - name: KEYCLOAK_ADMIN_PASSWORD
-          value: admin
-        image: quay.io/keycloak/keycloak:23.0@sha256:cff31dc6fbb0ab0b66176b990e6b9e262fa74a501abb9a4bfa4a529cbc8a526a
-        imagePullPolicy: IfNotPresent
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /health
-            port: http
-            scheme: HTTP
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        name: keycloak
-        ports:
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /health
-            port: http
-            scheme: HTTP
-          periodSeconds: 15
-          successThreshold: 1
-          timeoutSeconds: 10
-        resources:
-          requests:
-            cpu: 200m
-            memory: 768Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          privileged: false
-          readOnlyRootFilesystem: false
-          runAsNonRoot: true
-          seccompProfile:
-            type: RuntimeDefault
-        startupProbe:
-          failureThreshold: 30
-          httpGet:
-            path: /health
-            port: http
-            scheme: HTTP
-          initialDelaySeconds: 30
-          periodSeconds: 15
-        volumeMounts: []
-      serviceAccountName: default
-      volumes: []
----

test/production-istio.yaml → test/postgres-istio.yaml

@@ -288,12 +288,12 @@ spec:
           valueFrom:
             secretKeyRef:
               key: username
-              name: keycloakdb.credentials
+              name: keycloakdb-keycloak-owner-user.minimal-postgres.credentials
         - name: KC_DB_PASSWORD
           valueFrom:
             secretKeyRef:
               key: password
-              name: keycloakdb.credentials
+              name: keycloakdb-keycloak-owner-user.minimal-postgres.credentials
         - name: KC_PROXY
           value: edge
         - name: KC_HOSTNAME_STRICT

test/test.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 echo "minimum-values"
-timoni -n test build keycloak  ../ --values ../values.cue --values ./minimum-values.cue > ./minimum.yaml
+timoni -n test build keycloak  ../ --values ../values.cue --values ../samples/minimum/minimum-values.cue > ./minimum.yaml
 echo "http-values"
 timoni -n zel-test  build keycloak  ../ --values ../values.cue --values ./http-values.cue > ./http.yaml
 echo "sa-values"
@@ -18,4 +18,4 @@ timoni -n zel-test build keycloak  ../ --values ../values.cue --values ./ingress
 echo "virtual-service-values"
 timoni -n zel-test build keycloak  ../ --values ../values.cue --values ./virtualservice-values.cue > ./virtualservice.yaml
 echo "production-istio-values"
-timoni -n zel-test build keycloak  ../ --values ../values.cue --values ./production-istio-values.cue > ./production-istio.yaml
+timoni -n zel-test build keycloak  ../ --values ../values.cue --values ../samples/ha/postgres-istio-values.cue > ./postgres-istio.yaml

test/virtualservice-values.cue

@@ -19,7 +19,7 @@ values: {
 	virtualService: {
 		gateways: [{"istio-system/istio-ingressgateway"}]
 		hosts: [
-			"keycloak.dev.eu.zelros.com",
+			"keycloak.myorg.com",
 		]
 	}
 

test/virtualservice.yaml

@@ -39,7 +39,7 @@ spec:
   gateways:
   - istio-system/istio-ingressgateway
   hosts:
-  - keycloak.dev.eu.zelros.com
+  - keycloak.myorg.com
   http:
   - directResponse:
       status: 403