o-code
/
keycloak
9
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Первичная настройка, деплой KeyCloak
continuous-integration/drone/push Build encountered an error Details

This commit is contained in:
Пётр Гурин 2024-12-18 15:17:49 +03:00
parent 3eb2d31788
commit b645d81a51
10 changed files with 614 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
.drone.yml Normal file
View File

@ -0,0 +1,106 @@
kind: pipeline
name: default
type: docker
steps:
- name: create-helm-template
image: alpine/helm:3.12.3
commands:
- helm template keycloak-dev ./deploy/helm --namespace keycloak-dev --values ./deploy/helm/keycloak-dev-values.yaml > ./deploy/helm/k8s-keycloak-dev.yaml
depends_on:
- rebuild-cache
when:
branch:
- master
- name: deploy
image: ghcr.io/bh90210/dron8s:latest
settings:
yaml: ./deploy/helm/k8s-keycloak-dev.yaml
kubeconfig:
from_secret: kubeconfig
depends_on:
- create-helm-template
when:
branch:
- master
- name: notify-deploy-success
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_bot_token
to:
from_secret: telegram_chat_id
message: |
🚀 Деплой успешно отправлен!
Сборка #{{build.number}}
Репозиторий: {{repo.name}}
Ветка: {{commit.branch}}
when:
status: [ success ]
depends_on:
- deploy
- name: notify-deploy-failure
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_bot_token
to:
from_secret: telegram_chat_id
message: |
❌ Деплой не отправлен!
Сборка #{{build.number}}
Репозиторий: {{repo.name}}
Ветка: {{commit.branch}}
when:
status: [ failure ]
depends_on:
- deploy
- name: notify-build-status
image: appleboy/drone-telegram
settings:
token:
from_secret: telegram_bot_token
to:
from_secret: telegram_chat_id
message: |
{{#eq build.status "success"}}📣 Сборка #{{build.number}} завершилась со статусом: {{build.status}}!{{/eq}}
{{#eq build.status "failure"}}🧱 Сборка #{{build.number}} завершилась со статусом: {{build.status}}!{{/eq}}
Репозиторий: {{repo.name}}
Ветка: {{commit.branch}}
Автор: {{commit.author}}
Сообщение: {{commit.message}}
Подробнее: [Ссылка на сборку]({{build.link}})
when:
status: [ success, failure ]
depends_on:
- notify-deploy-success
- notify-deploy-failure
image_pull_secrets:
- dockerconfig
node:
node: 149.154.64.5
trigger:
event:
include:
- push
- tag
- pull_request
- rollback
volumes:
- name: out
temp: {}
- name: dockersock
host:
path: /var/run/docker.sock
- name: cache
host:
path: /tmp/.buildx-cache

41
build/docker-compose-local.yml Normal file
View File

@ -0,0 +1,41 @@
version: "3.8"
services:
postgres_keycloak:
container_name: postgres_keycloak
image: postgres:14
environment:
KEYCLOAK_DB_HOST: localhost
POSTGRES_USER: ${POSTGRES_USER:-postgres}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
POSTGRES_DB: keycloak_db
healthcheck:
test: "exit 0"
ports:
- "5433:5432"
volumes:
- ./pgdata_keycloak:/var/lib/postgresql/data
restart: unless-stopped
keycloak:
image: quay.io/keycloak/keycloak:legacy
container_name: keycloak
environment:
TZ: Europe/Moscow
DB_VENDOR: POSTGRES
DB_ADDR: postgres_keycloak
DB_DATABASE: keycloak_db
DB_USER: ${POSTGRES_USER:-postgres}
DB_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin_password
KEYCLOAK_PORT: 8080
KEYCLOAK_HOST: localhost
restart: unless-stopped
healthcheck:
test: "exit 0"
ports:
- "8484:8080"
depends_on:
postgres_keycloak:
condition: service_healthy

23
deploy/helm/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
deploy/helm/Chart.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v2
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: keycloak
version: 0.1.0

80
deploy/helm/keycloak-dev-values.yaml Normal file
View File

@ -0,0 +1,80 @@
namespace: keycloak-dev
image:
repository: quay.io/keycloak/keycloak
tag: legacy
pullPolicy: Always
service:
type: ClusterIP
port: 8080
targetPort: 8080
replicaCount: 1
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "51m"
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issue-temporary-certificate: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
ingress.kubernetes.io/ssl-redirect: "true"
tlsEnabled: true # New parameter to control TLS
hosts:
- host: sso.dev.essocode.ru
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: keycloak-tls
hosts:
- sso.dev.essocode.ru
secret:
enabled: true
name: keycloak-back-cred
data:
KEYCLOAK_FRONTEND_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
TZ: RXVyb3BlL01vc2Nvdw==
DB_VENDOR: UE9TVEdSRVM=
DB_ADDR: MjE3Ljc5LjIyLjQ2
DB_PORT: NTQzMg==
DB_DATABASE: a2V5Y2xvYWtfZGI=
DB_USER: cm9vdA==
DB_PASSWORD: cm9vdA==
KEYCLOAK_USER: YWRtaW4=
KEYCLOAK_PASSWORD: YWRtaW5fcGFzc3dvcmQ=
KEYCLOAK_PORT: ODA4MA==
KEYCLOAK_HOST: bG9jYWxob3N0
KC_HOSTNAME: c3NvLmRldi5lc3NvY29kZS5ydQ==
KC_HOSTNAME_ADMIN_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGgvYWRtaW4=
KC_HOSTNAME_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
KC_PROXY: ZWRnZQ==
env:
TZ: TZ
DB_VENDOR: DB_VENDOR
DB_ADDR: DB_ADDR
DB_PORT: DB_PORT
DB_DATABASE: DB_DATABASE
DB_USER: DB_USER
DB_PASSWORD: DB_PASSWORD
KEYCLOAK_USER: KEYCLOAK_USER
KEYCLOAK_PASSWORD: KEYCLOAK_PASSWORD
KEYCLOAK_PORT: KEYCLOAK_PORT
KEYCLOAK_HOST: KEYCLOAK_HOST
KEYCLOAK_FRONTEND_URL: KEYCLOAK_FRONTEND_URL
KC_HOSTNAME: KC_HOSTNAME
KC_HOSTNAME_URL: KC_HOSTNAME_URL
KC_HOSTNAME_ADMIN_URL: KC_HOSTNAME_ADMIN_URL
KC_PROXY: KC_PROXY
appName: keycloak
imagePullSecrets:
- registrypullsecret
resources: {}

108
deploy/helm/templates/deployment.yaml Normal file
View File

@ -0,0 +1,108 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.appName }}-deployment
namespace: {{ .Values.namespace }}
labels:
app: {{ .Values.appName }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ .Values.appName }}
template:
metadata:
labels:
app: {{ .Values.appName }}
spec:
containers:
- name: {{ .Values.appName }}-dev
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
ports:
- containerPort: {{ .Values.service.port }}
env:
- name: TZ
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.TZ }}
- name: DB_VENDOR
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_VENDOR }}
- name: DB_ADDR
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_ADDR }}
- name: DB_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_PORT }}
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_DATABASE }}
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_USER }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.DB_PASSWORD }}
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KEYCLOAK_USER }}
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KEYCLOAK_PASSWORD }}
- name: KEYCLOAK_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KEYCLOAK_PORT }}
- name: KEYCLOAK_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KEYCLOAK_HOST }}
- name: KEYCLOAK_FRONTEND_URL
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KEYCLOAK_FRONTEND_URL }}
- name: KC_HOSTNAME
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KC_HOSTNAME }}
- name: KC_HOSTNAME_URL
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KC_HOSTNAME_URL }}
- name: KC_HOSTNAME_ADMIN_URL
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KC_HOSTNAME_ADMIN_URL }}
- name: KC_PROXY
valueFrom:
secretKeyRef:
name: {{ .Values.secret.name }}
key: {{ .Values.env.KC_PROXY }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}

35
deploy/helm/templates/ingress.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.appName }}-ingress
namespace: {{ .Values.namespace }}
annotations:
{{- toYaml .Values.ingress.annotations | nindent 4 }}
spec:
ingressClassName: nginx
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $.Values.appName }}-service
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- if .Values.ingress.tlsEnabled }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}

25
deploy/helm/templates/secret.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ .Values.secret.name }}
namespace: {{ .Values.namespace }}
data:
TZ: {{ .Values.secret.data.TZ }}
DB_VENDOR: {{ .Values.secret.data.DB_VENDOR }}
DB_ADDR: {{ .Values.secret.data.DB_ADDR }}
DB_PORT: {{ .Values.secret.data.DB_PORT }}
DB_DATABASE: {{ .Values.secret.data.DB_DATABASE }}
DB_USER: {{ .Values.secret.data.DB_USER }}
DB_PASSWORD: {{ .Values.secret.data.DB_PASSWORD }}
KEYCLOAK_USER: {{ .Values.secret.data.KEYCLOAK_USER }}
KEYCLOAK_PASSWORD: {{ .Values.secret.data.KEYCLOAK_PASSWORD }}
KEYCLOAK_PORT: {{ .Values.secret.data.KEYCLOAK_PORT }}
KEYCLOAK_HOST: {{ .Values.secret.data.KEYCLOAK_HOST }}
KEYCLOAK_FRONTEND_URL: {{ .Values.secret.data.KEYCLOAK_FRONTEND_URL }}
KC_HOSTNAME: {{ .Values.secret.data.KC_HOSTNAME }}
KC_HOSTNAME_URL: {{ .Values.secret.data.KC_HOSTNAME_URL }}
KC_HOSTNAME_ADMIN_URL: {{ .Values.secret.data.KC_HOSTNAME_ADMIN_URL }}
KC_PROXY: {{ .Values.secret.data.KC_PROXY }}

12
deploy/helm/templates/service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.appName }}-service
namespace: {{ .Values.namespace }}
spec:
selector:
app: {{ .Values.appName }}
ports:
- name: http
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}

179
deploy/k8s-keycloak.yml.old Normal file
View File

@ -0,0 +1,179 @@
apiVersion: v1
kind: Namespace
metadata:
name: keycloak-dev
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: keycloak-back-cred
namespace: keycloak-dev
data:
KEYCLOAK_FRONTEND_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
TZ: RXVyb3BlL01vc2Nvdw==
DB_VENDOR: UE9TVEdSRVM=
DB_ADDR: MjE3Ljc5LjIyLjQ2
DB_PORT: NTQzMg==
DB_DATABASE: a2V5Y2xvYWtfZGI=
DB_USER: cm9vdA==
DB_PASSWORD: cm9vdA==
KEYCLOAK_USER: YWRtaW4=
KEYCLOAK_PASSWORD: YWRtaW5fcGFzc3dvcmQ=
KEYCLOAK_PORT: ODA4MA==
KEYCLOAK_HOST: bG9jYWxob3N0
KC_HOSTNAME: c3NvLmRldi5lc3NvY29kZS5ydQ==
KC_HOSTNAME_ADMIN_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGgvYWRtaW4=
KC_HOSTNAME_URL: aHR0cHM6Ly9zc28uZGV2LmVzc29jb2RlLnJ1L2F1dGg=
KC_PROXY: ZWRnZQ==
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: keycloak-dev
spec:
ports:
- port: 8080
targetPort: 8080
selector:
app: keycloak
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: keycloak-dev
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: quay.io/keycloak/keycloak:legacy
ports:
- containerPort: 8080
env:
- name: TZ
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: TZ
- name: DB_VENDOR
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_VENDOR
- name: DB_ADDR
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_ADDR
- name: DB_PORT
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_PORT
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_DATABASE
- name: DB_USER
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_USER
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: DB_PASSWORD
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: KEYCLOAK_USER
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: KEYCLOAK_PASSWORD
- name: KEYCLOAK_PORT
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: KEYCLOAK_PORT
- name: KEYCLOAK_HOST
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: KEYCLOAK_HOST
- name: KEYCLOAK_FRONTEND_URL
valueFrom:
secretKeyRef:
name: keycloak-back-cred
key: KEYCLOAK_FRONTEND_URL
- name: KC_HOSTNAME
valueFrom:
secretKeyRef:
key: KC_HOSTNAME
name: keycloak-back-cred
- name: KC_HOSTNAME_URL
valueFrom:
secretKeyRef:
key: KC_HOSTNAME_URL
name: keycloak-back-cred
- name: KC_HOSTNAME_ADMIN_URL
valueFrom:
secretKeyRef:
key: KC_HOSTNAME_ADMIN_URL
name: keycloak-back-cred
- name: KC_PROXY
valueFrom:
secretKeyRef:
key: KC_PROXY
name: keycloak-back-cred
imagePullPolicy: IfNotPresent
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
namespace: keycloak-dev
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issue-temporary-certificate: "true"
acme.cert-manager.io/http01-edit-in-place: "true"
ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/additional-headers: Content-Security-Policy
spec:
rules:
- host: sso.dev.essocode.ru
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: keycloak
port:
number: 8080
tls:
- hosts:
- sso.dev.essocode.ru
secretName: keycloak-tls