Verified Commit d5d38ecb authored by Hugo's avatar Hugo
Browse files

improvements

parent dc53d6bb
# Keycloak on k8s
## Usage
### Quick start
```bash
$ kubectl apply -k https://git.indie.host/indiehost/tech/infrastructure/keycloak-kustomize.git
```
### Kustomization
```yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/instance: id-liiib-re
images:
- name: libresh/keycloak
newTag: v15
resources:
- https://git.indie.host/indiehost/tech/infrastructure/keycloak-kustomize.git
```
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: app
resources:
- statefulset.yaml
- service.yaml
- service-discovery.yaml
......@@ -4,9 +4,7 @@ metadata:
name: keycloak-discovery
spec:
clusterIP: None
selector:
app: keycloak
ports:
- port: 8080
protocol: TCP
targetPort: 8080
targetPort: http
......@@ -3,10 +3,8 @@ kind: Service
metadata:
name: keycloak
spec:
selector:
app: keycloak
ports:
- name: keycloak
- name: https
port: 8443
protocol: TCP
targetPort: 8443
targetPort: https
......@@ -2,19 +2,13 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: keycloak
labels:
app: keycloak
spec:
replicas: 2
selector:
matchLabels:
app: keycloak
selector: {}
serviceName: keycloak-discovery
template:
metadata:
name: keycloak
labels:
app: keycloak
spec:
containers:
- name: keycloak
......
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/component: db
resources:
- postgresql.yaml
......@@ -2,6 +2,8 @@ apiVersion: "acid.zalan.do/v1"
kind: postgresql
metadata:
name: pg-keycloak
labels:
app.kubernetes.io/component: db
spec:
teamId: "pg"
volume:
......
apiVersion: batch/v1
kind: Job
metadata:
labels:
application: spilo-logical-backup
job-name: keycloak-dump
name: keycloak-dump
spec:
backoffLimit: 6
completions: 1
parallelism: 1
selector:
matchLabels:
job-name: keycloak-dump
template:
metadata:
creationTimestamp: null
labels:
application: spilo-logical-backup
job-name: keycloak-dump
spec:
containers:
- command:
- /bin/sh
- -c
args:
- psql -h pg-keycloak -p 5432 -U keycloak -c "\l";
pg_dump -h pg-keycloak -p 5432 -U keycloak -Fc keycloak | pigz | aws s3 cp - s3://test-dumps/migrations/$(date +%m-%d-%Y).sql.gz --endpoint-url=https://minio.k7.indie.host --region=default
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloak.pg-keycloak.credentials.postgresql.acid.zalan.do
- name: AWS_S3_FORCE_PATH_STYLE
value: "true"
envFrom:
- secretRef:
name: test-dumps
image: registry.opensource.zalan.do/acid/logical-backup:v1.6.2
imagePullPolicy: IfNotPresent
name: logical-backup
restartPolicy: Never
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
commonLabels:
app.kubernetes.io/name: keycloak
app.kubernetes.io/part-of: keycloak
resources:
- pg.yaml
- statefulset.yaml
- service.yaml
- service-discovery.yaml
- ./db
- ./app
apiVersion: batch/v1
kind: Job
metadata:
labels:
application: spilo-logical-backup
job-name: keycloak-restore
name: keycloak-restore
spec:
backoffLimit: 6
completions: 1
parallelism: 1
selector:
matchLabels:
job-name: keycloak-restore
template:
metadata:
creationTimestamp: null
labels:
application: spilo-logical-backup
job-name: keycloak-restore
spec:
containers:
- command:
- /bin/sh
- -c
args:
- aws s3 cp s3://test-dumps/migrations/$(date +%m-%d-%Y).sql.gz - --endpoint-url=https://minio.k7.indie.host --region=default | unpigz | pg_restore -d keycloak -h pg-keycloak -p 5432 -U keycloak --clean --no-owner --role=keycloak
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
key: password
name: keycloak.pg-keycloak.credentials
- name: AWS_S3_FORCE_PATH_STYLE
value: "true"
envFrom:
- secretRef:
name: test-dumps
image: registry.opensource.zalan.do/acid/logical-backup:v1.6.2
imagePullPolicy: IfNotPresent
name: logical-backup
restartPolicy: Never
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment