keycloak

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 13:09:53 +00:00 · 2024-10-03 15:59:33 -04:00
parent d3680147c4
commit 8944f1847c
4 changed files with 68 additions and 0 deletions
--- a/bootstrap/kustomizations/kustomization-keycloak.yaml
+++ b/bootstrap/kustomizations/kustomization-keycloak.yaml
@@ -0,0 +1,18 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: keycloak
  namespace: flux-system
 spec:
  interval: 15m
  path: ./keycloak
  prune: true # remove any elements later removed from the above path
  timeout: 2m # if not set, this defaults to interval duration, which is 1h
  sourceRef:
    kind: GitRepository
    name: flux-system
  healthChecks:
    - apiVersion: helm.toolkit.fluxcd.io/v2beta2
      kind: HelmRelease
      name: keycloak
      namespace: keycloak
--- a/bootstrap/namespaces/namespace-keycloak.yaml
+++ b/bootstrap/namespaces/namespace-keycloak.yaml
@@ -0,0 +1,4 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: keycloak
--- a/keycloak/dns-endpoint.yaml
+++ b/keycloak/dns-endpoint.yaml
@@ -0,0 +1,15 @@
 apiVersion: externaldns.k8s.io/v1alpha1
 kind: DNSEndpoint
 metadata:
  name: keycloak.michaelthomson.dev
  namespace: keycloak
 spec:
  endpoints:
  - dnsName: keycloak.michaelthomson.dev
    recordTTL: 180
    recordType: CNAME
    targets:
      - michaelthomson.ddns.net
    providerSpecific:
      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
        value: "true"
--- a/keycloak/helmrelease-keycloak.yaml
+++ b/keycloak/helmrelease-keycloak.yaml
@@ -0,0 +1,31 @@
 apiVersion: helm.toolkit.fluxcd.io/v2beta2
 kind: HelmRelease
 metadata:
  name: keycloak
  namespace: keycloak
 spec:
  chart:
    spec:
      chart: keycloak
      version: 23.x
      sourceRef:
        kind: HelmRepository
        name: bitnami
        namespace: flux-system
  interval: 15m
  timeout: 5m
  releaseName: keycloak
  values:
    ingress:
      enabled: true
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
        traefik.ingress.kubernetes.io/router.tls: "true"
      tls: true
      extraHosts:
        - name: keycloak.michaelthomson.dev
          path: /
      extraTls:
        - hosts:
            - keycloak.michaelthomson.dev
          secretName: letsencrypt-wildcard-cert-michaelthomson.dev