freezer/mareshq-gitops-legacy
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2025-08-23. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
mareshq-gitops-legacy/clusters/lychee/keycloak.yaml

254 lines
6.9 KiB
YAML
Raw Blame History

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: lychee-keycloak
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "10"
spec:
project: infrastructure
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
server: "https://172.16.152.1:6443"
namespace: mareshq-keycloak
source:
chart: keycloak
repoURL: https://charts.bitnami.com/bitnami
targetRevision: 16.1.1
helm:
releaseName: keycloak
# valuesObject:
# auth:
# adminUser: mareshqadmin
# existingSecret: keycloak-admin-password
# passwordSecretKey: password
# global:
# storageClass: hcloud-volumes
# replicaCount: 2
# pdb:
# create: true
# minAvailable: 1
# autoscaling:
# enabled: false
# resources:
# limits:
# cpu: 500m
# memory: 1Gi
# requests:
# cpu: 500m
# memory: 1Gi
# # Pods must be spread across nodes
# # See: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_affinities.tpl#L56-L106
# podAntiAffinityPreset: hard
# updateStrategy:
# type: RollingUpdate
# # See: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#maximum-unavailable-pods
# # rollingUpdate:
# # maxUnavailable: 1
# service:
# type: ClusterIP
# # http:
# # enable: false
# ingress:
# enabled: true
# hostname: sso.mareshq.com
# servicePort: https
# ingressClassName: nginx
# tls: true
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-prod
# # Allow self-signed certificates on the backend
# nginx.ingress.kubernetes.io/server-snippet: |
# proxy_ssl_verify off;
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/proxy-buffering: "on"
# nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
# nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
# tls:
# enabled: true
# autoGenerated: true
# production: true
# metrics:
# enabled: true
# serviceMonitor:
# enabled: false
# postgresql:
# enabled: false
# externalDatabase:
# existingSecret: keycloak-database
# existingSecretHostKey: host
# existingSecretPortKey: port
# existingSecretDatabaseKey: database
# existingSecretUserKey: username
# existingSecretPasswordKey: password
# startupProbe:
# # Keycloak should be ready to serve requests within 15 minutes
# enabled: true
# initialDelaySeconds: 180 # 3min
# periodSeconds: 10
# timeoutSeconds: 5
# failureThreshold: 80 # 12min
# successThreshold: 1
# # Custom theme installation and configuration
# initContainers:
# - name: theme-installer
# image: busybox:latest
# command:
# - /bin/sh
# - "-c"
# - |
# wget https://cdn.mareshq.com/keywind.tar.gz -O /tmp/keywind.tar.gz
# tar -xzvf /tmp/keywind.tar.gz -C /opt/bitnami/keycloak/themes
# volumeMounts:
# - mountPath: /opt/bitnami/keycloak/themes/keywind
# name: theme
# extraVolumes:
# - name: theme
# emptyDir: {}
# extraVolumeMounts:
# - name: theme
# mountPath: /opt/bitnami/keycloak/themes/keywind
values: |
auth:
adminUser: mareshqadmin
existingSecret: keycloak-admin-password
passwordSecretKey: password
global:
storageClass: hcloud-volumes
replicaCount: 2
pdb:
create: true
minAvailable: 1
autoscaling:
enabled: false
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
# Pods must be spread across nodes
# See: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_affinities.tpl#L56-L106
podAntiAffinityPreset: hard
updateStrategy:
type: RollingUpdate
# See: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#maximum-unavailable-pods
# rollingUpdate:
# maxUnavailable: 1
service:
type: ClusterIP
# http:
# enable: false
ingress:
enabled: true
hostname: sso.mareshq.com
servicePort: https
ingressClassName: nginx
tls: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
# Allow self-signed certificates on the backend
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_verify off;
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/proxy-buffering: "on"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
tls:
enabled: true
autoGenerated: true
production: true
metrics:
enabled: true
serviceMonitor:
enabled: false
postgresql:
enabled: false
externalDatabase:
existingSecret: keycloak-database
existingSecretHostKey: host
existingSecretPortKey: port
existingSecretDatabaseKey: database
existingSecretUserKey: username
existingSecretPasswordKey: password
startupProbe:
# Keycloak should be ready to serve requests within 15 minutes
enabled: true
initialDelaySeconds: 180 # 3min
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 80 # 12min
successThreshold: 1
# Custom theme installation and configuration
initContainers:
- name: theme-installer
image: busybox:latest
command:
- /bin/sh
- "-c"
- |
wget https://cdn.mareshq.com/keywind.tar.gz -O /tmp/keywind.tar.gz
tar -xzvf /tmp/keywind.tar.gz -C /opt/bitnami/keycloak/themes
volumeMounts:
- mountPath: /opt/bitnami/keycloak/themes/keywind
name: theme
extraVolumes:
- name: theme
emptyDir: {}
extraVolumeMounts:
- name: theme
mountPath: /opt/bitnami/keycloak/themes/keywind
View git blame Copy permalink