Greenstand · dadiorchen · Jul 4, 2022 · Jul 4, 2022 · Jul 5, 2022 · Jul 5, 2022
diff --git a/ambassador/deployment.yaml b/ambassador/deployment.yaml
@@ -0,0 +1,105 @@
+---
+apiVersion: getambassador.io/v3alpha1
+kind: Listener
+metadata:
+  name: edge-stack-listener-8080
+  namespace: ambassador
+spec:
+  port: 8080
+  protocol: HTTP
+  securityModel: XFP
+  hostBinding:
+    namespace:
+      from: ALL
+---
+apiVersion: getambassador.io/v3alpha1
+kind: Listener
+metadata:
+  name: edge-stack-listener-8443
+  namespace: ambassador
+spec:
+  port: 8443
+  protocol: HTTPS
+  securityModel: XFP
+  hostBinding:
+    namespace:
+      from: ALL
+
+---
+#apiVersion: getambassador.io/v3alpha1
+#kind: Filter
+#metadata:
+#  name: keycloak-filter
+#  namespace: ambassador
+#spec:
+#  OAuth2:
+#    #authorizationURL: https://localhost/auth/realms/treetracker
+#    #authorizationURL: http://192.168.0.103/auth/realms/treetracker
+#    authorizationURL: https://test.dadiorxxx.com/auth/realms/master
+#    insecureTLS: true
+#    #authorizationURL: https://dev-k8s.treetracker.org/auth/realms/treetracker
+#    audience: ambassador
+#    clientID: ambassador
+#    secret: mANEOrGcmRsAx8tKX6Rky6WcDjdp3TXx
+#    protectedOrigins:
+#    - origin: https://test.dadiorxxx.com/backend
+#
+#---
+#apiVersion: getambassador.io/v3alpha1
+#kind: FilterPolicy
+#metadata:
+#  name: httpbin-policy
+#  namespace: ambassador
+#spec:
+#  rules:
+#    - host: "*"
+#      path: /backend/
+#      filters:
+#        - name: keycloak-filter ## Enter the Filter name from above
+#          arguments:
+#            scope:
+#            - "offline_access"
+
+#---
+#apiVersion: getambassador.io/v3alpha1
+#kind: AuthService
+#metadata:
+#  name: authentication
+#  namespace: ambassador
+#spec:
+#  auth_service: "treetracker-auth-service.default:80"
+#
+---
+apiVersion: getambassador.io/v3alpha1
+kind: Filter
+metadata:
+  name: "auth-filter"
+  namespace: "ambassador"
+spec:
+  External:
+    auth_service: "http://treetracker-auth-service.default.svc.cluster.local"
+    proto: http
+    tls: false
+
+---
+apiVersion: getambassador.io/v3alpha1
+kind: FilterPolicy
+metadata:
+  name: httpbin-policy
+  namespace: ambassador
+spec:
+  rules:
+    - host: "*"
+      path: /app/*
+      filters:
+        - name: auth-filter ## Enter the Filter name from above
+          arguments:
+            scope:
+             "offline_access"
+    - host: "*"
+      path: /api/*
+      filters:
+        - name: auth-filter ## Enter the Filter name from above
+          arguments:
+            scope:
+             "offline_access"
diff --git a/keycloak/README.md b/keycloak/README.md
@@ -0,0 +1,2 @@
+# Solr
+
diff --git a/keycloak/deployment/base/kustomization.yaml b/keycloak/deployment/base/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+- treetracker-keycloak-deployment.yml
+- treetracker-keycloak-service.yml
+- namespace.yaml
+- mapping.yaml
diff --git a/keycloak/deployment/base/mapping.yaml b/keycloak/deployment/base/mapping.yaml
@@ -0,0 +1,11 @@
+apiVersion: getambassador.io/v2
+kind: Mapping
+metadata:
+  name: treetracker-keycloak-mapping
+  namespace: keycloak
+spec:
+  hostname: "*"
+  prefix: /auth/
+  service: treetracker-keycloak-service
+  rewrite: /auth/
+  timeout_ms: 60000
diff --git a/keycloak/deployment/base/namespace.yaml b/keycloak/deployment/base/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keycloak
diff --git a/keycloak/deployment/base/treetracker-keycloak-deployment.yml b/keycloak/deployment/base/treetracker-keycloak-deployment.yml
@@ -0,0 +1,41 @@
+apiVersion: "apps/v1"
+kind: "Deployment"
+metadata:
+  name: "treetracker-keycloak"
+  namespace: "keycloak"
+  labels:
+    app: "treetracker-keycloak"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "treetracker-keycloak"
+  template:
+    metadata:
+      labels:
+        app: "treetracker-keycloak"
+    spec:
+      containers:
+      - name: "keycloak"
+        image: quay.io/keycloak/keycloak:17.0.1
+        args: ["start-dev"]
+        env:
+        - name: KEYCLOAK_ADMIN
+          value: "admin"
+        - name: KEYCLOAK_ADMIN_PASSWORD
+          value: "admin"
+        - name: KC_PROXY
+          value: "edge"
+        - name: KC_HTTP_RELATIVE_PATH
+          value: "/auth"
+            #- name: PROXY_ADDRESS_FORWARDING
+            #value: "true"
+            #- name: KC_HOSTNAME_PATH
+            #value: "auth"
+        - name: KC_LOG_LEVEL
+          value: "trace"
+        - name: KC_FEATURES
+          value: scripts,upload_scripts
+        ports:
+        - name: http
+          containerPort: 8080
diff --git a/keycloak/deployment/base/treetracker-keycloak-service.yml b/keycloak/deployment/base/treetracker-keycloak-service.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: treetracker-keycloak-service
+  annotations:
+  labels:
+    app: treetracker-keycloak
+    name: treetracker-keycloak-service
+  namespace: keycloak
+spec:
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: treetracker-keycloak
diff --git a/keycloak/deployment/overlays/development/kustomization.yaml b/keycloak/deployment/overlays/development/kustomization.yaml
@@ -0,0 +1,2 @@
+bases:
+  - ../../base