diff --git a/apps/hq/keycloak.yaml b/apps/hq/keycloak.yaml deleted file mode 100644 index ae06f0e..0000000 --- a/apps/hq/keycloak.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: keycloak - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "50" - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - ignoreDifferences: - - group: networking.k8s.io - kind: Ingress - jqPathExpressions: - - .spec.rules[].http.paths[] - project: hq - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true - destination: - server: "https://kubernetes.default.svc" - namespace: keycloak - source: - chart: keycloak - repoURL: registry-1.docker.io/bitnamicharts - targetRevision: 22.2.6 - helm: - releaseName: keycloak - values: | - auth: - adminUser: admin - existingSecret: keycloak-admin-password - passwordSecretKey: password - - global: - storageClass: hcloud-volumes - - replicaCount: 2 - - pdb: - create: true - minAvailable: 1 - - autoscaling: - enabled: false - - resources: - limits: - cpu: 500m - memory: 1Gi - requests: - cpu: 500m - memory: 1Gi - - # Pods must be spread across nodes - # See: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_affinities.tpl#L56-L106 - podAntiAffinityPreset: hard - - updateStrategy: - type: RollingUpdate - # See: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#maximum-unavailable-pods - # rollingUpdate: - # maxUnavailable: 1 - - service: - type: ClusterIP - - ingress: - enabled: true - hostname: sso.mareshq.com - servicePort: https - - ingressClassName: nginx - - tls: true - - annotations: - cert-manager.io/cluster-issuer: letsencrypt-dns-production - cert-manager.io/issue-temporary-certificate: "true" - # Allow self-signed certificates on the backend - nginx.ingress.kubernetes.io/server-snippet: | - proxy_ssl_verify off; - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/proxy-buffers-number: "4" - nginx.ingress.kubernetes.io/proxy-buffer-size: "16k" - - adminIngress: - enabled: true - ingressClassName: nginx - pathType: Prefix - hostname: keycloak.cthulhu.k8s.vxm.cz - servicePort: https - tls: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-dns-production - cert-manager.io/issue-temporary-certificate: "true" - # Allow self-signed certificates on the backend - nginx.ingress.kubernetes.io/server-snippet: | - proxy_ssl_verify off; - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - tls: - enabled: true - autoGenerated: true - - production: true - - # metrics: - # enabled: true - - # serviceMonitor: - # enabled: false - - postgresql: - enabled: false - - externalDatabase: - existingSecret: keycloak-database-credentials - existingSecretHostKey: host - existingSecretPortKey: port - existingSecretDatabaseKey: database - existingSecretUserKey: username - existingSecretPasswordKey: password - - startupProbe: - # Keycloak should be ready to serve requests within 15 minutes - enabled: true - initialDelaySeconds: 180 # 3min - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 80 # 12min - successThreshold: 1 - - containerSecurityContext: - readOnlyRootFilesystem: true - - # Custom theme installation and configuration - initContainers: - - name: theme-installer - image: busybox:latest - command: - - /bin/sh - - "-c" - - | - wget https://vojtechmares.github.io/cdn/keywind.tar.gz -O /tmp/keywind.tar.gz - tar -xzvf /tmp/keywind.tar.gz -C /opt/bitnami/keycloak/themes - - volumeMounts: - - mountPath: /opt/bitnami/keycloak/themes/keywind - name: theme - - extraVolumes: - - name: theme - emptyDir: {} - - extraVolumeMounts: - - name: theme - mountPath: /opt/bitnami/keycloak/themes/keywind