From 3ea0fb34bf3319a01c54c4729d6354165fd96e1a Mon Sep 17 00:00:00 2001
From: Helmut Hutzler <helmut.hutzler@th-nuernberg.de>
Date: Mon, 5 Dec 2022 17:21:56 +0000
Subject: [PATCH] Updated keycloak deployment
---
Keycloak/install-keycloak.sh | 1 +
Keycloak/kube-master-h1/Config_params.dat | 5 ++
Keycloak/kube-master-h1/deploy-keycloak.yaml | 66 ++++++++++++++++++++
Keycloak/kube-master-h1/ir-keycloak.yaml | 30 +++++++++
Keycloak/kube-master-h1/tls.crt | 22 +++++++
Keycloak/kube-master-h1/tls.key | 28 +++++++++
6 files changed, 152 insertions(+)
create mode 100644 Keycloak/kube-master-h1/Config_params.dat
create mode 100644 Keycloak/kube-master-h1/deploy-keycloak.yaml
create mode 100644 Keycloak/kube-master-h1/ir-keycloak.yaml
create mode 100644 Keycloak/kube-master-h1/tls.crt
create mode 100644 Keycloak/kube-master-h1/tls.key
diff --git a/Keycloak/install-keycloak.sh b/Keycloak/install-keycloak.sh
index b2fb805..41ef70a 100755
--- a/Keycloak/install-keycloak.sh
+++ b/Keycloak/install-keycloak.sh
@@ -42,6 +42,7 @@ kubectl -n ${NAME_SPACE} apply -f ir-keycloak.yaml
kubectl -n ${NAME_SPACE} describe ingressroute ingressroute-oidc-app
kubectl -n ${NAME_SPACE} get all
+sleep 5
echo "Attention: curl script below may fail as it takes some time until keycloak instance is ready just - rerun it should work for http and https ! "
echo "$ curl -v --insecure https://${INGRESS_HOST}/auth/"
echo "$ curl -v http://${INGRESS_HOST}/auth/"
diff --git a/Keycloak/kube-master-h1/Config_params.dat b/Keycloak/kube-master-h1/Config_params.dat
new file mode 100644
index 0000000..3af3ba6
--- /dev/null
+++ b/Keycloak/kube-master-h1/Config_params.dat
@@ -0,0 +1,5 @@
+Config Parmms:
+ Hostname : kube-master-h1
+ IngressRoute host : kube-master-h1.informatik.fh-nuernberg.de
+ TLS Cert : kube-master-h1-tls-cert
+ Namespace : myoidc-app-ns
diff --git a/Keycloak/kube-master-h1/deploy-keycloak.yaml b/Keycloak/kube-master-h1/deploy-keycloak.yaml
new file mode 100644
index 0000000..d236414
--- /dev/null
+++ b/Keycloak/kube-master-h1/deploy-keycloak.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ creationTimestamp: null
+ labels:
+ app: keycloak-oidc-deployment
+ name: keycloak-oidc-deployment
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: keycloak-oidc-deployment
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ app: keycloak-oidc-deployment
+ spec:
+ containers:
+ - image: quay.io/keycloak/keycloak:latest
+ args: ["start","--import-realm", "--http-port", "8280" ]
+ name: keycloak-oidc
+ env:
+ - name: KEYCLOAK_ADMIN
+ value: admin
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ value: admin
+ - name: KEYCLOAK_IMPORT
+ value: /import/RBAC-realm.json
+ - name: KC_LOG_LEVEL
+ value: DEBUG
+ - name: KC_PROXY
+ value: edge
+ - name: KC_HTTP_RELATIVE_PATH
+ value: /auth
+ - name: KC_HOSTNAME_STRICT
+ value: "false"
+ - name: KC_HOSTNAME
+ value: kube-master-h1.informatik.fh-nuernberg.de
+ ports:
+ - name: http
+ containerPort: 8280
+ volumeMounts:
+ - name: keycloak-oidc-volume
+ mountPath: /opt/keycloak/data/import
+ resources: {}
+ volumes:
+ - name: keycloak-oidc-volume
+ configMap:
+ name: keycloak-oidc-configmap
+status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: keycloak-oidc-service
+spec:
+ type: LoadBalancer
+ selector:
+ app: keycloak-oidc-deployment
+ ports:
+ - protocol: TCP
+ port: 8285
+ targetPort: 8280
+ nodePort: 30444
diff --git a/Keycloak/kube-master-h1/ir-keycloak.yaml b/Keycloak/kube-master-h1/ir-keycloak.yaml
new file mode 100644
index 0000000..89252b9
--- /dev/null
+++ b/Keycloak/kube-master-h1/ir-keycloak.yaml
@@ -0,0 +1,30 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: ingressroute-oidc-app
+spec:
+ entryPoints:
+ - websecure
+ tls:
+ secretName: kube-master-h1-tls-cert
+ routes:
+ - match: Host(`kube-master-h1.informatik.fh-nuernberg.de`) && PathPrefix(`/auth/`)
+ kind: Rule
+ services:
+ - name: keycloak-oidc-service
+ port: 8285
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+ name: ingressroute-oidc-app-web
+spec:
+ entryPoints:
+ - web
+ routes:
+ - match: Host(`kube-master-h1.informatik.fh-nuernberg.de`) && PathPrefix(`/auth/`)
+ kind: Rule
+ services:
+ - name: keycloak-oidc-service
+ port: 8285
+
diff --git a/Keycloak/kube-master-h1/tls.crt b/Keycloak/kube-master-h1/tls.crt
new file mode 100644
index 0000000..4ba9261
--- /dev/null
+++ b/Keycloak/kube-master-h1/tls.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmzCCAoOgAwIBAgIUK8W2vnvm4YmFypR27Y1V0piUw9kwDQYJKoZIhvcNAQEL
+BQAwXTEyMDAGA1UEAwwpa3ViZS1tYXN0ZXItaDEuaW5mb3JtYXRpay5maC1udWVy
+bmJlcmcuZGUxJzAlBgkqhkiG9w0BCQEWGEhlbG11dC5IdXR6bGVyQGdtYWlsLmNv
+bTAeFw0yMjEyMDIxMTE4NDFaFw0yMzEyMDIxMTE4NDFaMF0xMjAwBgNVBAMMKWt1
+YmUtbWFzdGVyLWgxLmluZm9ybWF0aWsuZmgtbnVlcm5iZXJnLmRlMScwJQYJKoZI
+hvcNAQkBFhhIZWxtdXQuSHV0emxlckBnbWFpbC5jb20wggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCzXVjS+7xcIcWHipc37cV7h5hEp4tBxB85TrzzqnY3
+VZi40QcuqMIfDOcr/0w8GHSrILRQghaB02LrsV/SuVgGKuVCdRc2OxhF0lnS0PaU
+ou9CZcd4crYCO7dg6Vc7KtU7bitsVBGBeW4MA84bdMVojQRM5+UP2PS11/y4fO81
+7JBB8O95AaYn4FaCnoB2rm0vQWyrnpEDNIJYBfFc/qNu3hQeP00yRlg448P8Kpf5
+0folE90e3EzK4rjz8s/hpOCFC0q0jVa3rimsoBMbGQA2d2xk1gGTAU+RWpHsicau
+ia4bjWEQY39jSiV5vnCCyb7DnhTW2jhRfaISeqzr/pivAgMBAAGjUzBRMB0GA1Ud
+DgQWBBS35Q1ZWI5Tud7NbSwLgAkY1+McijAfBgNVHSMEGDAWgBS35Q1ZWI5Tud7N
+bSwLgAkY1+McijAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBy
+weVaCI7oGUEu3UFjzxeYLGfnv7Qxi1Yl0n50SAD5FS56xwjUG1kWn7SUKtU8odZd
+JKOnWmw6KzyQbsLUGDJ/KO2kJ1O5DW7f93xS0WNsukUC9UmmS/c+0/idDP1EoE7q
+1eiZiTXUOhBhkBbrQXv9RT9y17BsB4vK5aIWfkh581AjDrkS7wObQ0Gedpbo3QMt
+zXCvo0/9ntoJ8XaGgfBGSxNhWBc9YRdFbUmgj0SZJaM9tmCnUFzBllVoF3z5dpTx
+LzldRtphVTkbEyaMIxNG1BZe5HR6715IGV5ofEX9ZuTA+ZMdFsPBiyHk2Zxg1D8z
+lCFSYLhxxXKQ0ASoqYsv
+-----END CERTIFICATE-----
diff --git a/Keycloak/kube-master-h1/tls.key b/Keycloak/kube-master-h1/tls.key
new file mode 100644
index 0000000..d835384
--- /dev/null
+++ b/Keycloak/kube-master-h1/tls.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzXVjS+7xcIcWH
+ipc37cV7h5hEp4tBxB85TrzzqnY3VZi40QcuqMIfDOcr/0w8GHSrILRQghaB02Lr
+sV/SuVgGKuVCdRc2OxhF0lnS0PaUou9CZcd4crYCO7dg6Vc7KtU7bitsVBGBeW4M
+A84bdMVojQRM5+UP2PS11/y4fO817JBB8O95AaYn4FaCnoB2rm0vQWyrnpEDNIJY
+BfFc/qNu3hQeP00yRlg448P8Kpf50folE90e3EzK4rjz8s/hpOCFC0q0jVa3rims
+oBMbGQA2d2xk1gGTAU+RWpHsicauia4bjWEQY39jSiV5vnCCyb7DnhTW2jhRfaIS
+eqzr/pivAgMBAAECggEAW+q9ZznMWGaSJJi4T9gQuPJO7PfzXFuWKLcaC8DSXh8G
+acfs51NiT6k8Gob1WWKq/zt+TDeuMw/SBLjcQ0/qNRbsb/czUv5LvRREJc4iXx90
+f1FLPIWEknZpzkcmBdM4fQFDTXtzkSdaZtvYVqertp11k7fO4iUrmri58Q1NRRM+
+SJeKFLkIoni5KF0lBYXUpwkLG4GrzSQodyFZubO/4Eb6mp1mrkfYosDFgQP3ur5h
+5CfE/MSeuXAsuZBb0CBKrWkU00y8LlKt0DdD5TIedyxkDYyc2qekg8DhXLG3gL3y
+oy/rOaZrQfHAkOTJ4eaP4vzsIGpQo8tqkHdOcqD5AQKBgQDs+7QohndGpyCEfL/j
+RKDg5oMxO4BTL9lq6bAkPZ33AOE0y+B27c6nd+jVONDUtHGVZfzsg3RfgUcseFZR
+ILc4zV0gzeeWGu5ee6btI93Ig/np4vW1AulYyviIhz5eVpPQtnB0dV2Td8BjqKsr
+lf2roTgy7/y+9t5uueYX2X7PgQKBgQDBwf8yppESCiv2gsybXG1gR+BfPnmMahzr
+DvrOOETY4jFx/v0J54Pux+AbeGsZIeqB68xBBwXQiQMNgpPdF87oXaNeVTjaufOt
+vx+r27LsUQvED5R/k/BszjkzzXhRTCRloUfGRonh0z7LRW/YeaJAgbH/1SWuXBPM
+Z91JMPaALwKBgDICc+RRa/5G6n/K65uEMgcD3g+XpN7pLBJ5uigLsLgdQWko1PeD
++6YvkbzdPoSEh6ulWBh5LSeyWliyFFUOeFvOSqbPjN2KVV8u7O0CMp1L7INE1+EY
++jE4s/XrxGeYEZ1rwpNw6Qxjqv/c6jJKdruvS/LD3ixWYF4xcLL7vN0BAoGAaG/l
+22pW1a9v5O651KAsQHJdqVjmcV4c+kJXw+ImkfTSDA0SXU1SGtnXnVb5+1EBs0fj
+D8X2R2IiqByTEOAtYahfT5CGFbeXdjaHnr3MIn7I5cQ0GdQnCq7ZvGdrC/8Lu1AE
+fQY2eefAeBaUY82kPDrsM+ay6dmtvkbZywK+S3cCgYAe19ntLr2Jt9nGldVH7hgE
+e9VW8ikT2UBWZvF4pmQ69gsRTrtqGXgb1jeO6AyaOHeolGjHctVIxUApu7tKgqfz
+n3AU/5i4YV9ednav0Msm40rePnsL1tJElazi6bR0o0QOFLKOLTm7lxtZ4KE5exkk
+tCoho4MWke4msocw7PcFrA==
+-----END PRIVATE KEY-----
--
GitLab