Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
314e2352 by Adam Heath
Options

Add gateway-api support to keycloak.

1 parent e8cd6a00
Inline Side-by-side
Showing 6 changed files with 114 additions and 56 deletions
1 ---
2 apiVersion: gateway.networking.k8s.io/v1beta1
3 kind: HTTPRoute
4 metadata:
5 name: kpg-keycloak
6 spec:
7 parentRefs:
8 - name: gateway
9 hostnames:
10 - "auth.local"
11 rules:
12 - matches:
13 - path:
14 type: PathPrefix
15 value: /
16 backendRefs:
17 - name: kpg-keycloak-service
18 port: 8080
19 ---
20
1 ---
2 apiVersion: networking.istio.io/v1beta1
3 kind: DestinationRule
4 metadata:
5 name: kpg-keycloak-originate-tls
6 spec:
7 host: kpg-keycloak
8 trafficPolicy:
9 portLevelSettings:
10 - port:
11 number: 8080
12 tls:
13 mode: DISABLE
14 credentialName: kpg-keycloak-crt
15 ---
16 apiVersion: cert-manager.io/v1
17 kind: Certificate
18 metadata:
19 name: kpg-keycloak-crt
20 spec:
21 secretName: kpg-keycloak-crt
22 dnsNames:
23 - auth.local
24 issuerRef:
25 name: ca-issuer
26 # We can reference ClusterIssuers by changing the kind here.
27 # The default value is Issuer (i.e. a locally namespaced Issuer)
28 kind: ClusterIssuer
29 group: cert-manager.io
30 ---
31 apiVersion: networking.istio.io/v1beta1
32 kind: VirtualService
33 metadata:
34 name: kpg-keycloak
35 spec:
36 hosts:
37 - auth.local
38 gateways:
39 - istio-system/cluster-local-gateway
40 http:
41 - route:
42 - destination:
43 port:
44 number: 8080
45 host: kpg-keycloak-service.default.svc.cluster.local
46 tls:
47 - match:
48 - sniHosts:
49 - auth.local
50 route:
51 - destination:
52 port:
53 number: 8443
54 host: kpg-keycloak-service.default.svc.cluster.local
55
...@@ -69,57 +69,4 @@ spec: ...@@ -69,57 +69,4 @@ spec:
69 hostname: INSECURE-DISABLE 69 hostname: INSECURE-DISABLE
70 tlsSecret: INSECURE-DISABLE 70 tlsSecret: INSECURE-DISABLE
71 --- 71 ---
72 apiVersion: cert-manager.io/v1
73 kind: Certificate
74 metadata:
75 name: kpg-keycloak-crt
76 spec:
77 secretName: kpg-keycloak-crt
78 dnsNames:
79 - auth.local
80 issuerRef:
81 name: ca-issuer
82 # We can reference ClusterIssuers by changing the kind here.
83 # The default value is Issuer (i.e. a locally namespaced Issuer)
84 kind: ClusterIssuer
85 group: cert-manager.io
86 ---
87 apiVersion: networking.istio.io/v1beta1
88 kind: DestinationRule
89 metadata:
90 name: kpg-keycloak-originate-tls
91 spec:
92 host: kpg-keycloak
93 trafficPolicy:
94 portLevelSettings:
95 - port:
96 number: 8080
97 tls:
98 mode: DISABLE
99 credentialName: kpg-keycloak-crt
100 ---
101 apiVersion: networking.istio.io/v1beta1
102 kind: VirtualService
103 metadata:
104 name: kpg-keycloak
105 spec:
106 hosts:
107 - auth.local
108 gateways:
109 - istio-system/cluster-local-gateway
110 http:
111 - route:
112 - destination:
113 port:
114 number: 8080
115 host: kpg-keycloak-service.default.svc.cluster.local
116 tls:
117 - match:
118 - sniHosts:
119 - auth.local
120 route:
121 - destination:
122 port:
123 number: 8443
124 host: kpg-keycloak-service.default.svc.cluster.local
125 72
......
...@@ -3,6 +3,8 @@ kind: Kustomization ...@@ -3,6 +3,8 @@ kind: Kustomization
3 3
4 resources: 4 resources:
5 - ./keycloak.yaml 5 - ./keycloak.yaml
6 - ./istio.yaml
7 - ./gateway-api.yaml
6 8
7 configMapGenerator: 9 configMapGenerator:
8 - name: kpg-keycloak-scripts 10 - name: kpg-keycloak-scripts
......
...@@ -16,6 +16,11 @@ certificate: ...@@ -16,6 +16,11 @@ certificate:
16 hostName: auth.local 16 hostName: auth.local
17 issuerRef: ca-issuer 17 issuerRef: ca-issuer
18 virtualService: 18 virtualService:
19 enabled: true
19 hostName: auth.local 20 hostName: auth.local
20 gateway: istio-system/cluster-local-gateway 21 gateway: istio-system/cluster-local-gateway
21 issuerRef: ca-issuer 22 issuerRef: ca-issuer
23 gatewayAPI:
24 enabled: false
25 gateway: gateway
26 hostName: auth.local
......
...@@ -30,26 +30,56 @@ releases: ...@@ -30,26 +30,56 @@ releases:
30 needs: 30 needs:
31 - kpg-postgresql 31 - kpg-postgresql
32 strategicMergePatches: 32 strategicMergePatches:
33 {{- if not .Values.virtualService.enabled }}
34 - apiVersion: networking.istio.io/v1beta1
35 kind: VirtualService
36 metadata:
37 name: kpg-keycloak-originate-tls
38 namespace: {{ .Values.namespace }}
39 $patch: delete
40 {{- end }}
33 - apiVersion: cert-manager.io/v1 41 - apiVersion: cert-manager.io/v1
34 kind: Certificate 42 kind: Certificate
35 metadata: 43 metadata:
36 name: kpg-keycloak-crt 44 name: kpg-keycloak-crt
37 namespace: {{ .Values.namespace }} 45 namespace: {{ .Values.namespace }}
46 {{- if .Values.virtualService.enabled }}
38 spec: 47 spec:
39 dnsNames: 48 dnsNames:
40 - {{ .Values.certificate.hostName }} 49 - {{ .Values.certificate.hostName }}
41 issuerRef: 50 issuerRef:
42 name: {{ .Values.certificate.issuerRef }} 51 name: {{ .Values.certificate.issuerRef }}
52 {{- else }}
53 $patch: delete
54 {{- end }}
43 - apiVersion: networking.istio.io/v1beta1 55 - apiVersion: networking.istio.io/v1beta1
44 kind: VirtualService 56 kind: VirtualService
45 metadata: 57 metadata:
46 name: kpg-keycloak 58 name: kpg-keycloak
47 namespace: {{ .Values.namespace }} 59 namespace: {{ .Values.namespace }}
60 {{- if .Values.virtualService.enabled }}
48 spec: 61 spec:
49 hosts: 62 hosts:
50 - {{ .Values.virtualService.hostName }} 63 - {{ .Values.virtualService.hostName }}
51 gateways: 64 gateways:
52 - {{ .Values.virtualService.gateway }} 65 - {{ .Values.virtualService.gateway }}
66 {{- else }}
67 $patch: delete
68 {{- end }}
69 - apiVersion: gateway.networking.k8s.io/v1beta1
70 kind: HTTPRoute
71 metadata:
72 name: kpg-keycloak
73 namespace: {{ .Values.namespace }}
74 {{- if .Values.gatewayAPI.enabled }}
75 spec:
76 parentRefs:
77 - name: {{ .Values.gatewayAPI.gateway }}
78 hostnames:
79 - {{ .Values.gatewayAPI.hostName }}
80 {{- else }}
81 $patch: delete
82 {{- end }}
53 83
54 jsonPatches: 84 jsonPatches:
55 - target: 85 - target:
...@@ -62,6 +92,7 @@ releases: ...@@ -62,6 +92,7 @@ releases:
62 - op: replace 92 - op: replace
63 path: /spec/unsupported/podTemplate/spec/initContainers/0/image 93 path: /spec/unsupported/podTemplate/spec/initContainers/0/image
64 value: {{ .Values.postgresql.waitForPg.image }} 94 value: {{ .Values.postgresql.waitForPg.image }}
95 {{- if .Values.virtualService.enabled }}
65 - target: 96 - target:
66 kind: VirtualService 97 kind: VirtualService
67 name: kpg-keycloak 98 name: kpg-keycloak
...@@ -72,7 +103,5 @@ releases: ...@@ -72,7 +103,5 @@ releases:
72 - op: replace 103 - op: replace
73 path: /spec/tls/0/match/0/sniHosts/0 104 path: /spec/tls/0/match/0/sniHosts/0
74 value: {{ .Values.virtualService.hostName }} 105 value: {{ .Values.virtualService.hostName }}
75 # - op: replace 106 {{- end }}
76 # path: /spec/tls/0/match/0/sniHosts/0
77 # value: {{ .Values.virtualService.hostName }}
78 107
......