keycloak

Signed-off-by: Michael Thomson <michael@michaelthomson.dev>
2026-02-04 13:09:53 +00:00 · 2024-10-03 15:59:33 -04:00
parent d3680147c4
commit 8944f1847c
4 changed files with 68 additions and 0 deletions
--- a/bootstrap/kustomizations/kustomization-keycloak.yaml
+++ b/bootstrap/kustomizations/kustomization-keycloak.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: keycloak
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./keycloak
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta2
+      kind: HelmRelease
+      name: keycloak
+      namespace: keycloak
--- a/bootstrap/namespaces/namespace-keycloak.yaml
+++ b/bootstrap/namespaces/namespace-keycloak.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keycloak
--- a/keycloak/dns-endpoint.yaml
+++ b/keycloak/dns-endpoint.yaml
@@ -0,0 +1,15 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: keycloak.michaelthomson.dev
+  namespace: keycloak
+spec:
+  endpoints:
+  - dnsName: keycloak.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+      - michaelthomson.ddns.net
+    providerSpecific:
+      - name: external-dns.alpha.kubernetes.io/cloudflare-proxied
+        value: "true"
--- a/keycloak/helmrelease-keycloak.yaml
+++ b/keycloak/helmrelease-keycloak.yaml
@@ -0,0 +1,31 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: keycloak
+  namespace: keycloak
+spec:
+  chart:
+    spec:
+      chart: keycloak
+      version: 23.x
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: keycloak
+  values:
+    ingress:
+      enabled: true
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      tls: true
+      extraHosts:
+        - name: keycloak.michaelthomson.dev
+          path: /
+      extraTls:
+        - hosts:
+            - keycloak.michaelthomson.dev
+          secretName: letsencrypt-wildcard-cert-michaelthomson.dev