Keycloak deployment

keycloak/Dockerfile

@@ -0,0 +1,28 @@
+##FROM quay.io/keycloak/keycloak:latest as builder
+#FROM quay.io/keycloak/keycloak:22.0.4 as builder
+#
+## Copy the theme
+#COPY ./themes/treetracker /opt/keycloak/themes/treetracker
+#
+#RUN /opt/keycloak/bin/kc.sh build
+#
+#FROM quay.io/keycloak/keycloak:22.0.4
+#ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
+
+FROM quay.io/keycloak/keycloak:latest as builder
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+
+# Copy the theme
+COPY ./themes/treetracker /opt/keycloak/themes/treetracker
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:latest
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

keycloak/README.md

@@ -0,0 +1,8 @@
+# How to run it locally in a docker container
+
+```
+docker run -d --name mykeycloak -p 3001:8080 \
+        -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me \
+        mykeycloak:theme \
+        start-dev
+```

keycloak/keycloak.yaml

@@ -0,0 +1,126 @@
+apiVersion: k8s.keycloak.org/v2alpha1
+kind: Keycloak
+metadata:
+  name: example-kc
+spec:
+  instances: 1
+  image: dadiorchen/keycloak:1.1
+  db:
+    vendor: postgres
+    database: testdb
+    schema: keycloak
+    host: postgres-db
+    usernameSecret:
+      name: keycloak-db-secret
+      key: username
+    passwordSecret:
+      name: keycloak-db-secret
+      key: password
+        #  http:
+        #    tlsSecret: example-tls-secret
+        #hostname:
+        #hostname: example-kc-service.keycloak.svc.cluster.local
+  http:
+    httpEnabled: true
+  hostname:
+    strict: false
+    strictBackchannel: false
+  unsupported:
+    podTemplate:
+      spec:
+        containers:
+          - name: keycloak
+            env:
+              - name: KC_LOG_LEVEL
+                value: INFO
+              - name: KC_DB
+                value: postgres
+
+
+---
+# Ingress Nginx to expose Keycloak
+#apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak-ingress
+    #  annotations:
+    #    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  defaultBackend:
+    service:
+      name: example-kc-service
+      port:
+        number: 8080
+    #  rules:
+    #  - http:
+    #      paths:
+    #      - path: /
+    #        pathType: Prefix
+    #        backend:
+    #          service: 
+    #            name: example-kc-service 
+    #            port: 
+    #              number: 8080
+
+---
+## Nginx Ingress Controller
+#apiVersion: v1
+#kind: service
+#metadata:
+#  name: nginx-ingress-controller
+#spec:
+#  type: LoadBalancer
+#  ports:
+#    - port: 80
+#      targetPort: 80
+#      protocol: TCP
+#      name: http
+#    - port: 443
+#      targetPort: 443
+#      protocol: TCP
+#      name: https
+#  selector:
+#    app: nginx-ingress-controller
+#
+#---
+## Nginx Ingress Controller
+#apiVersion: apps/v1
+#kind: Deployment
+#metadata:
+#  name: nginx-ingress-controller
+#spec:
+#  replicas: 1
+#  selector:
+#    matchLabels:
+#      app: nginx-ingress-controller
+#  template:
+#    metadata:
+#      labels:
+#        app: nginx-ingress-controller
+#    spec:
+#      containers:
+#        - name: nginx-ingress-controller
+#          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.32.0
+#          args:
+#            - /nginx-ingress-controller
+#            - --publish-service=nginx-ingress-controller
+#            - --configmap=$(POD_NAMESPACE)/nginx-configuration
+#            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
+#            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
+#            - --annotations-prefix=nginx.ingress.kubernetes.io
+#          env:
+#            - name: POD_NAME
+#              valueFrom:
+#                fieldRef:
+#                  fieldPath: metadata.name
+#            - name: POD_NAMESPACE
+#              valueFrom:
+#                fieldRef:
+#                  fieldPath: metadata.namespace
+#          ports:
+#            - name: http
+#              containerPort: 80
+#            - name: https
+#              containerPort: 443

keycloak/test-db.yaml

@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgresql-db
+spec:
+  serviceName: postgresql-db-service
+  selector:
+    matchLabels:
+      app: postgresql-db
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: postgresql-db
+    spec:
+      containers:
+        - name: postgresql-db
+          image: postgres:latest
+          volumeMounts:
+            - mountPath: /data
+              name: cache-volume
+          env:
+            - name: POSTGRES_PASSWORD
+              value: testpassword
+            - name: PGDATA
+              value: /data/pgdata
+            - name: POSTGRES_DB
+              value: keycloak
+      volumes:
+        - name: cache-volume
+          emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-db
+spec:
+  selector:
+    app: postgresql-db
+  type: LoadBalancer
+  ports:
+  - port: 5432
+    targetPort: 5432

keycloak/test/README.md

@@ -0,0 +1,5 @@
+# The Keycloak client test
+
+To use the test, run `npx serve -l 3001` under current folder.
+
+Visit: http://localhost:3001