Skip to content

Add keycloak with OLM #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
averevki wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add keycloak with OLM #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions base/keycloak-olm/deploy-keycloak-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
apiVersion: batch/v1
kind: Job
metadata:
name: deploy-keycloak-operator
spec:
template:
spec:
serviceAccountName: deploy-keycloak-operator
containers:
- name: deploy-keycloak-operator
image: docker.io/bitnami/kubectl:latest
command: ["/bin/bash", "-cx"]
args: ["./deploy-keycloak.sh"]
volumeMounts:
- name: keycloak-operator-resources
mountPath: deploy-keycloak.sh
subPath: deploy-keycloak.sh
- name: keycloak-operator-resources
mountPath: resources/keycloak.yaml
subPath: keycloak.yaml
- name: keycloak-operator-resources
mountPath: resources/keycloak-subscription.yaml
subPath: keycloak-subscription.yaml
- name: keycloak-operator-resources
mountPath: resources/load-balancer-service.yaml
subPath: load-balancer-service.yaml
- name: keycloak-operator-resources
mountPath: resources/operator-group.yaml.tpl
subPath: operator-group.yaml.tpl
volumes:
- name: keycloak-operator-resources
configMap:
name: keycloak-operator-resources
items:
- key: deploy-keycloak.sh
mode: 0750
path: deploy-keycloak.sh
- key: keycloak.yaml
path: keycloak.yaml
- key: keycloak-subscription.yaml
path: keycloak-subscription.yaml
- key: load-balancer-service.yaml
path: load-balancer-service.yaml
- key: operator-group.yaml.tpl
path: operator-group.yaml.tpl
restartPolicy: Never
44 changes: 44 additions & 0 deletions base/keycloak-olm/deploy-keycloak.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/bin/bash

set -exo pipefail
command -v envsubst

TIMEOUT_TIME="${TIMEOUT_TIME:=125}"
CTL="${CTL:=kubectl}"
RESOURCES="${BASH_SOURCE%/*}"/resources

NAMESPACE="${NAMESPACE:=tools}"

export NAMESPACE

function set_kubectl_context {
$CTL config set-cluster ctx --server=https://kubernetes.default --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
$CTL config set-credentials user --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
$CTL config set-context ctx --user=user --cluster=ctx
$CTL config use-context ctx
}

function deploy_keycloak {
# subscribe to the keycloak operator
<"${RESOURCES}"/operator-group.yaml.tpl envsubst | ${CTL} apply -n "${NAMESPACE}" -f -
$CTL apply -n "${NAMESPACE}" -f "${RESOURCES}"/keycloak-subscription.yaml
$CTL wait -n "${NAMESPACE}" --for=jsonpath=status.installPlanRef.name subscription keycloak-operator --timeout="$TIMEOUT_TIME"s
$CTL wait -n "${NAMESPACE}" installplan "$($CTL get -n "${NAMESPACE}" subscription keycloak-operator -o=jsonpath='{.status.installPlanRef.name}')" --for=condition=Installed --timeout="$TIMEOUT_TIME"s

# create Keycloak CRD and Keycloak service of load-balancer type
$CTL apply -n "${NAMESPACE}" -f "${RESOURCES}"/keycloak.yaml
$CTL apply -n "${NAMESPACE}" -f "${RESOURCES}"/load-balancer-service.yaml

# create secret named `credential-sso` from admin credentials for compatibility with how testsuite is working
timeout "$TIMEOUT_TIME" grep -qm1 '^secret/keycloak-initial-admin$' <($CTL get secret -w -n "${NAMESPACE}" -o name)
ADMIN_USERNAME="$($CTL get secret keycloak-initial-admin -o jsonpath='{.data.username}' | base64 -d)"
ADMIN_PASSWORD="$($CTL get secret keycloak-initial-admin -o jsonpath='{.data.password}' | base64 -d)"
$CTL create secret generic credential-sso --from-literal=ADMIN_USERNAME="${ADMIN_USERNAME}" --from-literal=ADMIN_PASSWORD="${ADMIN_PASSWORD}"
}

if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then # if running inside kubernetes pod
NAMESPACE="$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)"
set_kubectl_context
fi

deploy_keycloak
19 changes: 19 additions & 0 deletions base/keycloak-olm/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

commonLabels:
app: keycloak-operator-deployment

resources:
- rbac.yaml
- deploy-keycloak-job.yaml

configMapGenerator:
- name: keycloak-operator-resources
files:
- deploy-keycloak.sh
- resources/keycloak.yaml
- resources/keycloak-subscription.yaml
- resources/load-balancer-service.yaml
- resources/operator-group.yaml.tpl
17 changes: 17 additions & 0 deletions base/keycloak-olm/rbac.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: deploy-keycloak-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: deploy-keycloak-operator-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: deploy-keycloak-operator
11 changes: 11 additions & 0 deletions base/keycloak-olm/resources/keycloak-subscription.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: keycloak-operator
spec:
channel: fast
installPlanApproval: Automatic
name: keycloak-operator
source: community-operators
sourceNamespace: openshift-marketplace
18 changes: 18 additions & 0 deletions base/keycloak-olm/resources/keycloak.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
kind: Keycloak
apiVersion: k8s.keycloak.org/v2alpha1
metadata:
name: keycloak
labels:
app: sso
spec:
additionalOptions:
- name: KC_CACHE
value: local
hostname:
strict: false
ingress:
enabled: false
http:
httpEnabled: true
httpPort: 8080
15 changes: 15 additions & 0 deletions base/keycloak-olm/resources/load-balancer-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
apiVersion: v1
kind: Service
metadata:
name: keycloak-service-load-balancer
labels:
app: keycloak
spec:
selector:
app: keycloak
ports:
- name: http
port: 8080
protocol: TCP
type: LoadBalancer
8 changes: 8 additions & 0 deletions base/keycloak-olm/resources/operator-group.yaml.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: ${NAMESPACE}
spec:
targetNamespaces:
- ${NAMESPACE}