K8s cluster - keycloak
Why?
I quickly discovered that having numerous logins for your self hosted services is quite anoying. Keycloak comes to the rescue.
k8s config
keycloak (since I’m using arm64 I can’t use original keycloak image):
apiVersion: apps/v1
kind: Deployment
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: keycloak
template:
metadata:
labels:
app: keycloak
spec:
containers:
- name: keycloak
image: registry.gitlab.com/aivero/public/keycloak-docker-arm64:12.0.1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: http-management
containerPort: 9990
protocol: TCP
env:
- name: KEYCLOAK_USER
value: "admin"
- name: KEYCLOAK_PASSWORD
value: "REDACTED"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
- name: DB_VENDOR
value: "postgres"
- name: DB_ADDR
value: "postgres"
- name: DB_DATABASE
value: "keycloak"
- name: DB_USER
value: "keycloak"
- name: DB_PASSWORD
value: "REDACTED"
- name: JDBC_PARAMS
value: "serverTimezone=UTC"
---
apiVersion: v1
kind: Service
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
type: ClusterIP
selector:
app: keycloak
ports:
- name: http
port: 8080
protocol: TCP
targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
annotations:
cert-manager.io/cluster-issuer: kncyber
spec:
tls:
- secretName: kncyber-tls
hosts:
- "kncyber.pl"
- "*.kncyber.pl"
rules:
- host: keycloak.kncyber.pl
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
name: http
postgres:
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: keycloak
labels:
app: postgres
spec:
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:11
imagePullPolicy: IfNotPresent
ports:
- name: postgres
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: keycloak-pv
subPath: postgres
env:
- name: POSTGRES_USER
value: keycloak
- name: POSTGRES_PASSWORD
value: REDACTED
- name: POSTGRES_DB
value: keycloak
volumes:
- name: keycloak-pv
persistentVolumeClaim:
claimName: keycloak
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: keycloak
labels:
app: postgres
spec:
type: ClusterIP
selector:
app: postgres
ports:
- name: postgres
port: 5432
protocol: TCP
targetPort: postgres
pvc:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: keycloak
namespace: keycloak
labels:
app: keycloak
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
storageClassName: keycloak
volumeMode: Filesystem