From 8944f1847c33058a4dac3d6c15fd133ef8b5de95 Mon Sep 17 00:00:00 2001
From: Michael Thomson <michael@michaelthomson.dev>
Date: Thu, 3 Oct 2024 15:59:33 -0400
Subject: [PATCH] keycloak

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
---
 .../kustomization-keycloak.yaml               | 18 +++++++++++
 bootstrap/namespaces/namespace-keycloak.yaml  |  4 +++
 keycloak/dns-endpoint.yaml                    | 15 +++++++++
 keycloak/helmrelease-keycloak.yaml            | 31 +++++++++++++++++++
 4 files changed, 68 insertions(+)
 create mode 100644 bootstrap/kustomizations/kustomization-keycloak.yaml
 create mode 100644 bootstrap/namespaces/namespace-keycloak.yaml
 create mode 100644 keycloak/dns-endpoint.yaml
 create mode 100644 keycloak/helmrelease-keycloak.yaml

diff --git a/bootstrap/kustomizations/kustomization-keycloak.yaml b/bootstrap/kustomizations/kustomization-keycloak.yaml
new file mode 100644
index 0000000..2dd7b5f
--- /dev/null
+++ b/bootstrap/kustomizations/kustomization-keycloak.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: keycloak
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./keycloak
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta2
+      kind: HelmRelease
+      name: keycloak
+      namespace: keycloak
diff --git a/bootstrap/namespaces/namespace-keycloak.yaml b/bootstrap/namespaces/namespace-keycloak.yaml
new file mode 100644
index 0000000..80e7888
--- /dev/null
+++ b/bootstrap/namespaces/namespace-keycloak.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keycloak
diff --git a/keycloak/dns-endpoint.yaml b/keycloak/dns-endpoint.yaml
new file mode 100644
index 0000000..30af113
--- /dev/null
+++ b/keycloak/dns-endpoint.yaml
@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: keycloak.michaelthomson.dev
+  namespace: keycloak
+spec:
+  endpoints:
+  - dnsName: keycloak.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"
diff --git a/keycloak/helmrelease-keycloak.yaml b/keycloak/helmrelease-keycloak.yaml
new file mode 100644
index 0000000..8aa5da9
--- /dev/null
+++ b/keycloak/helmrelease-keycloak.yaml
@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: keycloak
+  namespace: keycloak
+spec:
+  chart:
+    spec:
+      chart: keycloak
+      version: 23.x
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: keycloak
+  values:
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      tls: true
+      extraHosts:
+        - name: keycloak.michaelthomson.dev
+          path: /
+      extraTls:
+        - hosts:
+            - keycloak.michaelthomson.dev
+          secretName: letsencrypt-wildcard-cert-michaelthomson.dev